The Monthly Metric: Risk Management Evaluation Analytics

December 20, 2022
By Dan Zeiger

The coronavirus pandemic has prompted procurement organizations to reevaluate their risk mitigation strategies, especially in supplier relationship management and end-to-end supply chain visibility.

“We found we can no longer manage risk in a silo, sitting in a corner office or by just running a supplier’s finance numbers,” says Michael Van Keulen, CPO at Coupa, a San Mateo, California-based business spend management technology platform. “We were mostly running our supply chains under the assumption that the sky is blue and the sun is shining for the most part, and that came back to bite us.”

He continues, “So, companies realize they needed to look at risk in a whole new way, inviting suppliers to be a part of the solution.”

One of the most vital elements of such mitigation is risk assessment questionnaires, which help procurement organizations identify potential threats among suppliers and other third-party partners. Coupa has compiled two benchmarks for digitally administered questionnaires in its annual Business Spend Management (BSM) Benchmark Report — risk management evaluation (1) completion rate and (2) cycle time.

The metrics are a gauge of a procurement organization’s success in getting critical information from suppliers that are inundated with questionnaires and other disclosure requests. Questionnaires are not just part of the onboarding and contracting phases; they should be a regular (at least once a year) part of doing business, Van Keulen says.

“The more transparent a supplier is about its supply chain, ecosystem, contingencies and the like, the more I can collaborate with that supplier,” he says. “Ultimately, the best relationships are transparent and are not just transactional. Over the past two years, we’ve had many examples of companies that thrive even in a disruptive environment because they had those kinds of relationships.”

Meaning of the Metrics

The questionnaire metrics debuted in Coupa’s annual benchmark report last year, a sign of the growing importance of risk mitigation, Van Keulen says: “Not only because of COVID-19, but also a general sense that companies need to think about business spend management more holistically. The increased emphasis on contract management and sourcing, as well as risk, are a product of that.”

Risk management evaluation completion rate is the share of questionnaires an organization gets back from suppliers; the reading in Coupa’s 2022 BSM Benchmark Report is 82.6 percent. That number comes from the highest quartile among respondents, Van Keulen says, so a lower percentage should not automatically suggest low performance.

The same is true for risk management evaluation cycle time for suppliers or third parties to respond. That figure is 37.4 business hours.

Risk management evaluation completion rate currently is down from the 88.3 percent registered in 2021, but the cycle time improved compared to last year’s figure of 44.2 business hours. Since the metrics are still nascent, too much shouldn’t be read into a year-over-year comparison, as it could be statistical noise: “We need a ton more data,” Van Keulen says.

Van Keulen acknowledges “questionnaire fatigue” among suppliers, saying, “They can get bombarded with requests and have a big challenge in scaling that.” To increase the chances of a questionnaire being returned, a procurement organization must do more than treat it as a box-checking exercise.

 “Make the questionnaires as applicable to a specific supplier as possible,” Van Keulen says. “If you ask the right questions, you typically get just higher quality answers. Sending a general template is the worst thing you can do. Ask good, constructive questions that are really meaningful and applicable to their industry and their business. That way, you show that you understand their world and their business.”

Suppliers and Companies Share Risk

Other recommendations by Coupa researchers include providing a user-friendly platform for questionnaires that includes the ability to add questions and update information to (1) address uncertainties or (2) comply with changing regulations.

Among the subjects to inquire with a vendor: its own suppliers and risk management; financial information; data security; M&A activity and environmental, social and governance (ESG) standards. “I don’t think a lot of that is breaking news,” Van Keulen says, adding that organizations should ask about a supplier’s strategic objectives, but with a twist.

“I ask suppliers about their objectives over the next three years, the average length of a contract,” he says. “But I also ask what their objectives were three years ago. What were your goals in the past? What did you achieve? That gives me an idea on how it’s going to be like to do business with them.”

Van Keulen says he’s thankful the days of companies negotiating suppliers into submission are over; a collaborative relationship is the norm. Or at least it should be, he says, because a supplier’s risk is also a company’s risk.

In the Third-Party Risk Management Outlook 2022 report by professional services firm KPMG Global, 73 percent of surveyed organizations indicated that, in the last three years, they have experienced at least one significant disruption caused by a third party. Information risk is a heightened concern: According to research by The Wall Street Journal, of organizations that reported a third-party cybersecurity breach during the past 12 months, 62 percent indicated a supplier had been breached.

“It’s much more focused on a relationship,” Van Keulen says. “And risk assessments are a perfect example of where (procurement organizations) can turn it into competitive advantage. They can work with a supplier and say they’re seeing issues with risk but offer to work together on (resolving) them.

He concludes, “You’re never going to eliminate risk, which will always be a part of doing business. But you can manage and mitigate it. That’s our job.”

May Your Metrics Be Merry …

Once again, The Monthly Metric celebrates the holidays by measuring and recognizing our most valuable KPI: the level of insight from the subject matter experts we speak with — and learn from — each month. Much thanks to Van Keulen and this year’s other contributors:

  • Jim Fleming, CPSM, CPSD, Manager, Product Development and Innovation at Institute for Supply Management® (ISM®)
  • Our friends at CAPS Research, the Tempe, Arizona-based organization in strategic partnership with ISM and Arizona State University: Denis Wolowiecki, Executive Director, and Geoff Zwemke, Director of Product
  • Bob Mahlik, corporate vice president, global supply chain and procurement at Fortive, an Everett, Washington-based industrial technology company
  • Tracey Smith, MBA, MAS, CPSM, president of Numerical Insights LLC, a boutique analytics firm in Williamsville, New York
  • A research team at Boston Consulting Group, the global management consulting firm, and Kyra Whitten, vice president, sustainability at Flex, a global supply chain and manufacturing technology provider, whose published works were valuable resources.

In 2023, The Monthly Metric turns 7 years old. We wouldn’t have lasted this long without our guest experts’ wisdom and readers’ support. Happy holidays!

To suggest a metric to be covered, email me at

(Photo credit: iStock/Getty Images/Anyaberkut)

About the Author

Dan Zeiger

About the Author

Dan Zeiger is Senior Copy Editor/Writer for Inside Supply Management® magazine, covering topics, trends and issues relating to supply chain management.