Last year, right as tariffs started to bite, we asked a large organization: how badly would tariffs hit your business, and what is the plan? The answer stuck with us. Before making a single move, the company first had to make sense of 6 separate enterprise resource planning (ERP) systems. The data needed to see the organization’s risk was scattered across all 6 systems, and until that picture came together, shifting sourcing was off the table.
A version of that story comes up almost every week, and it points to why supply chain risk keeps driving organizational risk to new heights. The transparency comes together when disparate data turns into a clear view of risk, and that is how AI can support.
The problem has flipped
Ten years ago, the challenge was a lack of data. Organizations didn't know enough about their suppliers, sometimes not even tier 1 suppliers. That has reversed, and today most teams have too much data, with too little insight into what it means.
Information is collected when you onboard a supplier, hold audit reports going back 10, 15, even 20 years, subscribe to news feeds, and track regulatory updates and new ESG disclosures. That information creates noise but tells you very little about actual risk. The important part is how to make sense of what you already have.
This is the kind of work AI does well:
- Captures a larger dataset of suppliers for adverse signals than any human team could.
- Analyzes audit reports and self-assessments in minutes rather than months.
- Models scenarios so you can see which suppliers a price spike or a closed shipping lane would hit first.
Technology becomes the tool that lets a good process move faster.
Structure before software
AI only amplifies a good methodology. Point it at poor data spread across multiple systems with no shared framework, and it will help you do the wrong thing faster. Like people, AI needs full context to make good decisions. Give it a vague question and it will still give you an answer (just not a useful one).
Get a solid, repeatable process in place first, then layer AI on top. Map where your suppliers and your data sit. Agree what ""high risk"" means across procurement, legal, and sustainability, so everyone is working to the same definition. Decide what you will do about the risks you find. Once that foundation is in place, AI fits naturally on top of it.
“In one project, we helped a client rebuild its entire supplier onboarding process, agreed clear acceptance and denial criteria with every team, then had AI apply those criteria across dozens of suppliers at once. Work that would have taken one person several months now moves in a fraction of the time.” – Tony Pelli, Practice Director, Supply Chain Resilience
Make it your day-to-day, then keep refining
The biggest mistake we see is treating risk management as a one-off strategy, which always fails. These don't scale, and AI can't make a one-off faster. Embed risk into what procurement and sourcing already do, the same way you treat product specs, and you can push expert knowledge through the organization far quicker than before.
If AI works well for a process today, that does not mean it will work well forever. Acquire a company, grow by 200% in three years, launch new products, or start sourcing from a new country, and the context changes. If you don't feed that new context in, your AI process will drift out of date. Keep refining it.
Treat your risk program as a living thing that improves as the business changes and keep a human in the loop wherever a decision affects compliance, reputation, or how you serve customers. A computer can speed the work up, but it can't be held accountable for a management decision.
Three things you can do this week
You don't need a full program to start. Here is where to begin.
- Audit your current risk programs for fragmentation. How many separate supply chain risk initiatives are running right now, and where are the data and organizational silos?
- Map your highest-risk spend categories against several risk categories at once. Does the picture look different than you expected?
- Make a friend. Identify one stakeholder you don't currently work with, call them, and start aligning around a shared risk framework.
What good looks like
A mature supply chain risk management program gives you a single integrated view of risk across the organization, cross-functional ownership with clear accountability, and technology that serves the process rather than the other way around. On top of that sits continuous improvement, driven by real-world intelligence.
Supply chain risk will only get more complex as geopolitical tensions shift, and new regulations arrive. Get the structure right, and AI stops being a separate project and becomes part of how the work gets done faster.
Align functions and build enterprise-wide resilience with MESH, an intelligence-led framework for proactive risk management.
