Let me tell you about the moment everything changed for me.
I’m looking at a spreadsheet. The supplier’s financials are solid. Quality scores are green. Delivery performance is above threshold. Everything says we’re fine.
Six weeks later, they stop shipping. No warning. Just silence.
And I’m standing in front of a plant manager who trusted my assessment, trying to explain why his production line is down.
That conversation broke something in me. In the best possible way.
Here’s what I realized.
I wasn’t measuring risk. I was measuring the past. And the past is a terrible predictor of the future.
Think about it. Annual reports tell you where a company was twelve months ago. Quality scores tell you what happened last quarter. Delivery metrics show you what already arrived.
None of that tells you what’s coming.
The supplier in Eastern Europe that failed us? Their financials were fine. Their quality was fine. Everything was fine—until it wasn’t.
What I missed were the signals hiding in plain sight. The contracts they were quietly renegotiating with our competitors. The equipment maintenance they were deferring. The key account manager who had just updated his LinkedIn profile.
These things don’t show up in scorecards.
So I started asking a different question. Not “how is this supplier doing?” but “what would have to be true for this supplier to fail us?”
That question changed everything.
The system I built
Over the next few years, working on automotive programs worth billions for BMW and Mercedes-Benz, I built something I called Headwinds.
It wasn’t a better scorecard. It was a different way of seeing.
The name came from a conversation with a colleague. I was talking about how pilots think about risk—not just current conditions, but what’s coming. Headwinds you can see. Headwinds you can’t. The ones that slow you down versus the ones that push you off course entirely.
That’s what I was trying to build. A system that could sense headwinds before they hit.
And here’s what I learned: the signals that matter most are the ones nobody is measuring.
Let me explain what I mean.
It’s not about the snapshot. It’s about the direction.
Everyone looks at supplier financials. But they look at them wrong.
They pull the annual report. Calculate some ratios. Assign a score. Done.
Here’s the thing. A supplier with thin margins but improving cash flow is completely different from one with comfortable margins but deteriorating receivables.
The first one is fighting and winning. The second one is coasting toward trouble.
I stopped asking “where are they?” and started asking “where are they going?”
Velocity matters more than position.
I learned this the hard way with a supplier in Southern Germany. Beautiful facility. Strong brand. Decades of history. Their financials looked rock solid—healthy margins, low debt, good credit rating.
But when I started tracking the trajectory, the picture changed. Cash conversion cycle lengthening quarter over quarter. Working capital getting squeezed even as revenue grew. Payment terms with their own suppliers stretching from 30 days to 45 to 60.
None of the traditional metrics caught this. The ratios still looked fine. But the direction was unmistakable.
I started diversifying my sourcing six months before they announced restructuring.
I tracked cash conversion cycles over eight quarters. Working capital changes relative to revenue. Payment patterns with their suppliers—because yes, you can find this if you look. Debt covenant headroom and how it was trending.
This alone caught problems six to nine months earlier than traditional screening.
Six to nine months. That’s the difference between having options and having none.
Financial health and operational resilience are different things
A supplier can be financially healthy and still fail you.
Their single production line goes down. Their key engineer leaves. Their logistics partner collapses.
These are different questions.
I remember visiting a supplier in Asia. Financially strong. Growing fast. Impressive operation. But as I walked the floor, I noticed something. One machine. One very specialized machine. And when I asked what happens if it breaks, the plant manager smiled nervously and said they’d figure it out.
That’s not a plan. That’s hope.
So I started mapping what I called “operational depth.” Not just capacity utilization, but what happens to us specifically if they hit their limits. Where do we sit in their priority stack when things get tight?
This matters more than people realize. When capacity is constrained, suppliers make choices. They prioritize their biggest customers, their most profitable products, their strategic relationships. If you’re not in one of those categories, you’re vulnerable—no matter what your contract says.
Every supplier has single points of failure. Equipment. People. Processes. Their own suppliers. The question isn’t whether they exist—they always do. The question is whether you know what they are.
I started asking directly. What’s your backup if this line goes down? Who else can run this process? What happens if your logistics partner fails? How long to recover?
And here’s the uncomfortable part.
Most procurement teams never ask these questions because they’re afraid of what they’ll hear. They don’t want to know. Because knowing creates obligation. Knowing means you have to do something about it.
Ask anyway.
The answers won’t always be reassuring. But the suppliers who can answer clearly—who have actually thought about these scenarios—are fundamentally different from the ones who can’t.
The world changed. I had to change with it.
In 2019, geopolitical risk felt academic. Something consultants talked about at conferences. By 2022, it was the difference between running production and shutting down lines.
I don’t need to tell you what happened. You lived it. The semiconductor crisis. The logistics chaos. The sudden discovery that your supply chain runs through places you’d never really thought about.
I started tracking things I’d never tracked before. Not just where my Tier 1 suppliers are located—that’s easy. Where their Tier 2 and Tier 3 suppliers are. That’s where the semiconductor crisis came from. That’s where the next crisis will come from too.
One of my suppliers had perfect redundancy on paper. Two manufacturing sites in two different countries. Looked great in the risk assessment. Except both sites sourced a critical component from the same sub-supplier in the same province in China. When that province locked down, both sites stopped.
Redundancy that isn’t actually redundant. I see this constantly.
Regulations tightening. Trade relationships shifting. Political stability changing. Environmental requirements evolving. Labor laws transforming.
None of this shows up in financial statements. Not until it’s too late.
I built a monitoring layer. Not expensive tools—just disciplined attention to the right news sources, regulatory announcements, and policy shifts for the regions and industries where my suppliers operate. Someone has to be paying attention. Someone has to be connecting the dots.
This part of my system has become more important every single year. I don’t expect that trend to reverse.
The hardest thing to measure is the thing that matters most
Relationship quality.
You can have a financially healthy, operationally resilient supplier in a stable geography. And still be at risk.
Because you’re not important to them.
This isn’t about how nice the meetings are. It’s about power. Priority. Alignment.
What percentage of their revenue are you? Growing or shrinking? How do they allocate capacity when it’s constrained? What’s their strategic direction—and do you fit into it?
I’ve seen this play out so many times. A supplier who was perfectly reliable for years suddenly starts missing commitments. Quality slips. Communication gets slower. The quarterly business reviews feel different—more transactional, less invested.
What happened? Usually one of two things. Either they landed a bigger customer who now gets priority. Or their strategy shifted and your category is no longer where they’re investing.
Neither of these shows up in traditional risk metrics. But both change everything about your relationship.
Here’s a simple test. How quickly do they return your calls when you have a problem?
Sounds trivial. It isn’t.
When a supplier starts taking longer to respond, starts sending more junior people to meetings, starts pushing back on requests they used to accommodate—pay attention. Those are signals. They mean something.
I started measuring this systematically. Response times. Seniority of contacts. Flexibility on requests. Willingness to share information. It felt soft at first. But over time, these indicators predicted problems more accurately than the hard metrics.
The suppliers who hurt you worst are rarely the ones who can’t deliver. They’re the ones who choose not to.
You have to understand the market, not just the supplier
Your supplier doesn’t exist in isolation. They exist in an industry. With competitors. With capacity cycles. With technology shifts.
Understanding that context changes everything.
I started monitoring industry capacity trends and investment cycles. Who’s building new plants? Who’s shutting lines down? Where is the industry in its capital expenditure cycle?
I tracked competitor behavior. Are they locking up supply with long-term agreements? Are they qualifying new suppliers I should know about? Are they moving volume in ways that affect my shared suppliers?
I watched for technology transitions. Is your supplier’s core capability becoming obsolete? Are new entrants disrupting the market with different approaches? Is there M&A activity that could change ownership or strategy overnight?
The insight that saved me the most came from noticing a competitor quietly signing long-term agreements with shared suppliers. Nothing dramatic. Just a pattern of announcements over a few months. By the time it would have shown up in my delivery problems, I had already qualified alternatives.
I wasn’t smarter. I was just paying attention to the right things.
Connecting signals to action
Here’s where most risk systems fail. Not in detecting signals. In acting on them.
I’ve watched teams build beautiful dashboards. Sophisticated scoring models. Elegant visualizations of risk across the supply base.
And then nothing happens.
The point isn’t to know your risk levels. It’s to act on them.
So I built response protocols directly into the system. When a supplier crosses a financial threshold, what meeting gets scheduled? When relationship signals deteriorate, who gets notified? When geopolitical exposure increases, what decisions need to be made?
I defined these responses in advance. When I was calm. When I had time to think clearly. Not later, when I was scrambling.
The responses weren’t always dramatic. Sometimes it was just a conversation—reaching out to a supplier to understand what I was seeing. Often they could explain it. Sometimes that explanation was reassuring. Sometimes it wasn’t.
But the conversation itself mattered. It showed I was paying attention. It gave them a chance to surface concerns they might not have raised otherwise. It strengthened the relationship even when the news wasn’t great.
Now here’s what you actually do with all this
I could give you a 90-day implementation plan. Thirty days for foundation, thirty for calibration, thirty for integration.
But that’s not really the point.
The point is this: start with your fifteen or twenty suppliers where a failure would actually hurt. Not all of them. Just the critical ones. The ones where you’d have to make hard calls if something went wrong.
For each one, ask the questions I’ve described. Financial trajectory—not snapshot. Operational depth. Geopolitical exposure. Relationship quality. Market context.
You’ll have gaps. That’s fine. Document what you don’t know. Those gaps are themselves information. A supplier who won’t share basic operational information is telling you something important.
Test your model against history. Look at supplier problems you’ve experienced. Did your framework predict them? If not, what signals did you miss? Adjust and refine.
Then do something most teams never do: connect the signals to action. Decide now, when you’re calm, what you’ll do when different risk levels are reached. Not later, when you’re scrambling.
The trap everyone falls into
I’ve watched teams build beautiful dashboards and never use them to make decisions.
If a month passes and your risk system hasn’t triggered any action, something is wrong. Either your thresholds are too high, or you’re not actually using the system.
Watch out for false precision. A risk score of 73.4 isn’t more accurate than “elevated concern.” The decimal implies certainty that doesn’t exist. Use ranges and categories. Accept the ambiguity.
Watch out for complexity creep. The temptation is always to add more signals, more dimensions, more data. Resist it. Every additional input is something to maintain, calibrate, and explain. Start simple. Add complexity only when it clearly improves prediction.
Most teams do the opposite. They build something elaborate, get overwhelmed maintaining it, and abandon the whole thing. A simple system that runs every week beats a sophisticated system that runs once a quarter.
And watch out for ignoring the soft signals. The hard data is easier to collect and defend than relationship quality indicators. But those soft signals often matter more. Don’t let measurability drive out importance.
Where this connects to everything else
If you’re thinking about how AI is changing procurement, risk forecasting is one of the areas where it genuinely helps. Processing signals at scale that humans would miss. Identifying patterns across hundreds of suppliers that no analyst could track manually.
If you’re working on building procurement skills for the next decade, this kind of thinking is foundational. Seeing around corners. Anticipating instead of reacting. That’s what separates strategic procurement from purchasing.
And if you’re interested in how AI and human judgment work together, supplier risk is a perfect example. The best systems combine algorithmic signal processing with human relationship intelligence. Neither alone is enough. The machine catches patterns. The human understands context.
What I still get wrong
I should be honest with you.
Even with all this, I still miss things. Every procurement leader does.
The model catches the risks it’s designed to catch. It misses the ones nobody imagined. The supplier whose founder has a health crisis. The regulation that passes faster than anyone predicted. The competitor who acquires a key supplier and deprioritizes your business overnight. The pandemic that shuts down global logistics.
You can’t predict everything. You can’t prepare for everything. Some risks are genuinely unforeseeable.
But here’s what I’ve learned. Most supply chain failures aren’t caused by unforeseeable events. They’re caused by foreseeable events that nobody was watching for. Signals that were visible but ignored. Questions that could have been asked but weren’t.
Risk management doesn’t eliminate uncertainty.
It changes the odds.
That plant manager I mentioned at the beginning? Years later, I told him about what I’d built. About Headwinds. About why.
He nodded. Said something I’ve never forgotten.
“The risk wasn’t that you were wrong about that supplier. The risk was that you had no way to know you might be wrong.”
That’s what a system gives you.
Not certainty.
The awareness that certainty was never available in the first place.