Classifying supplier risks in emerging markets



The client had over 100,000 suppliers listed in their supplier master file and they wanted to work through that list and build a risk-based compliance programme to manage compliance risks.

The client had not previously conducted any supplier risk assessment and needed a risk-based approach to managing this project. The driver of the programme was mostly the UK Bribery Act to identify potential bribery risks in the supply chain.

The first problem was to sort through the supplier list and build a smaller list of certain suppliers in particular categories that might require a more thorough risk management process.

This process had to be documented and defensible as the client was under significant investigation with the DOJ and the UK SFO.



The project began with a risk roundtable: a facilitated meeting where members of the procurement, business, legal, finance, risk and compliance teams reviewed and discussed the supplier categories across the company for two days.

Over the next two weeks, via telephone, the team worked through a process of looking at each category of spend and assessing it for risk in the following areas:

  • corruption
  • human rights
  • conflict minerals
  • sanctions
  • CSR and product stewardship



About four weeks in total.


Why The Red Flag Group?

  • Industry Knowledge. We know our clients industry very well.  We know that in the mining sector, there are many parties involved in many operations and that many operations are separate and follow different processes.  We knew the client and the industry that made it easy for us to help define risk in the supply chain.

  • Knowledge on Risks. While the project started out looking at the risks associated with the UK Bribery Act and corruption risks, we ended up expanding the scope to be much broader and include several risk areas.  While it fell short of the 23 risk areas that be commonly look at, there were several risks that the client included as part of this initiative.

  • Good Business Experience. If you are going to do a project like this - you need to be pretty global and business focuses.  You need to be able to define a supplier with a set of risks within a few minutes or seconds.  You need to be street-smart, know your countries, know your risks and be up to date with the ever-changing market place concerning suppliers.




  • Risk-assessment methodology that showed the basis upon which we risk rated the suppliers
  • Risk-rating process on how we went though the process and how we documented the analysis


  • Pivot tables of suppliers that can easily be manipulated for adjustments in tolerance
  • Heat map of suppliers by country and supply code

Featured solutions