Supplier Risk Management in Action: The London Workshop Notes

From Information to Action: A Workshop for Procurement and Supplier Risk Leaders

The London leg of my Supplier Risk Management Workshop series, (this time sponsored by apexanalytix ), brought together an energetic group of procurement and supplier risk professionals for an afternoon of deep discussion, shared experiences, and practical exploration.

This in-person session — titled “From Information to Action” — was designed for procurement and supplier risk leaders looking to move beyond static assessments toward continuous, intelligence-driven supplier risk management. Together, we examined how to align supplier risk programs with enterprise objectives, embed continuous monitoring, and demonstrate measurable ROI — both commercially and strategically.

The workshop emphasized that supplier risk management is not just about compliance — it is about resilience, performance, and integrity across the extended enterprise.

Opening the Conversation: What Keeps You Up at Night?

As always, we began with an open discussion on what currently keeps attendees awake at night when it comes to third-party and supplier risk. The responses painted a vivid picture of the complex landscape organizations are navigating. Participants identified a long list of challenges that span operational, strategic, and ethical dimensions:

• Cyber risk and the growing frequency of supply chain attacks
• Resilience — ensuring continuity and replacement options when suppliers are disrupted
• Supplier engagement and reducing assessment fatigue
• Non-compliance with sustainability and ESG requirements
• Visibility deep into multi-tier supply chains
• External shocks such as extreme weather, geopolitical instability, and trade tariffs
• Supplier offboarding and the risks of residual access or data exposure
• Continuous monitoring rather than annual assessments
• Financial viability and concentration risk
• Fragmentation and silos across departments and tools
• Supplier misuse — vendors performing unapproved services or tasks
• Tick-box compliance culture versus genuine risk insight
• Fraud and sanctions screening
• Holistic visibility — achieving a single source of truth for supplier risk across categories
• User adoption challenges of tools and systems
• Aligning supplier data with spend and performance metrics

The shared conclusion: while supplier risk management has matured significantly, the complexity and velocity of risk continue to outpace organizational coordination.

Interactive Micro-Simulations: Risk in Motion

One of the most powerful aspects of the workshop came from a set of micro-simulations developed and facilitated through Iluminr. These short, high-impact exercises allowed participants to experience crisis decision-making firsthand — and reflect on the implications for their own supplier ecosystems.

Simulation 1: Geopolitical Shock — China Invades Taiwan

The first scenario asked attendees to imagine a sudden geopolitical crisis — China’s invasion of Taiwan — and assess the consequences across People, Brand and Reputation, Operations, and Financials.

The discussion was sobering. Which reminds me, a major global brand, in the context of this scenario topic, shared that they had already table-topped this very scenario — concluding that their organization would be “out of business within two weeks.” The exercise underscored the critical importance of supply chain resilience and contingency planning, particularly where single-country dependencies exist for essential technology and materials.

Simulation 2: Modern Slavery and Cyber Extortion

The second exercise unfolded as a two-part storyline.

• Part One: A modern slavery (forced labor) incident was discovered at a critical technology outsourcer.
• Part Two: A ransomware attack by a hacktivist group demanded the company sever ties with the implicated supplier — or face a public data leak.

This scenario provoked intense dialogue about ethical accountability, multi-dimensional risk escalation, and communication under duress. Participants explored how ESG compliance failures can intersect with cyber risk, reputation management, and crisis governance — often creating cascading consequences.

From Assessment to Action: Building an Agile, Intelligent Program

Throughout the afternoon, I guided the group through a best-practice framework for supplier and third-party risk management. The discussion centered on the need to transform fragmented processes into unified, adaptive systems that enable both oversight and agility.

Key themes included:

• Clarifying risk goals and linking them to organizational performance and strategy
• Identifying the right data — from internal sources to external intelligence — to inform action
• Communicating risk information in a way that resonates with stakeholders across procurement, risk, and finance
• Embedding continuous monitoring and assessment directly into supplier workflows
• Balancing assurance and engagement to prevent assessment fatigue
• Measuring risk and resilience at multiple levels — service, facility, and supplier — and aggregating into a single holistic score

The conversations made clear that many organizations are striving to evolve from reactive compliance to proactive supplier intelligence — integrating ESG, financial, cyber, and operational risk into a unified lens.

A Collaborative and Engaged Audience

The London workshop reflected the best of in-person engagement — a dynamic exchange of ideas among leaders facing similar challenges yet from diverse industries and geographies. Participants were candid, inquisitive, and deeply invested in finding better ways to safeguard their organizations while enabling strategic supplier relationships.

There was a shared recognition that supplier risk management is no longer a procurement exercise alone — it is a strategic imperative that touches every corner of the enterprise.

Thanks to ApexAnalytix for sponsoring and supporting this important dialogue, and to all participants for contributing their insights and experiences.

Looking Ahead

As global supply chains grow more interconnected — and more fragile — supplier risk management must evolve into a continuous, data-driven capability. The discussions in London reaffirmed that the future of third-party risk management lies in collaboration, integration, and intelligence.