Supplier Risk Assessment Agent

Agent Description:

This Supplier Risk Assessment streamlines the risk lifecycle by fetching multi-dimensional supplier data, calculating a definitive Risk Severity Score, and dynamically routing results based on a tiered classification system. Whether a supplier requires immediate crisis escalation or standard long-term monitoring, the agent ensures that the organizational response is proportionate to the detected risk.

Purpose and Components
  • Purpose: This agent is designed to perform end-to-end evaluations of vendors across financial, operational, and ESG (Environmental, Social, and Governance) risk pillars. It enables procurement teams to move beyond basic onboarding by quantifying supplier stability and providing automated mitigation guidance for informed decision-making.

    The agent improves supply chain resilience and compliance by:

    • Validating data across five key pillars: Financial, Operational, Geopolitical, Compliance, and ESG.

    • Computing a weighted Risk Severity Score (1–100) to eliminate subjective bias.

    • Categorizing suppliers into CRITICAL, MODERATE, or LOW risk tiers.

    • Automating the drafting of high-priority escalation memos for crisis management.

    • Generating continuous improvement plans and audit schedules for safe-tier vendors.

  • Components:

    • Risk Assessments Data Collector: Normalizes data from external sources and ensures all five risk pillars are present for analysis.

    • Comprehensive Risk Analyzer: The statistical engine that weighs priority factors (Financial and Compliance) to assign a Risk Tier.

    • Risk Triage Node: A logic gatekeeper that directs the supplier profile to specialized workflows based on their severity tag.

    • Mitigation & Escalation Strategist: Handles critical failures by drafting alerts for the CPO and generating immediate sourcing freezes.

    • Vendor Monitoring Agent: Manages standard compliance for low-to-mid risk suppliers by defining future audit cadences and clearance reports.

Supported Capabilities

  • External supplier risk data retrieval and normalization

  • Five-pillar validation (Financial, Operational, Geopolitical, Compliance, ESG)

  • Imputation of missing fields with "Data Unavailable" markers

  • Weighted Risk Severity Score calculation (1–100 scale)

  • Automated Risk Tiering (CRITICAL, MODERATE, LOW)

  • Crisis escalation memo generation for legal and CPO stakeholders

  • Actionable mitigation step design (e.g., sourcing freeze, secondary supplier identification)

  • Continuous Improvement Plan (CIP) generation for minor gaps

  • Automated audit cadence scheduling (6-month vs. 12-month)

LLM Used

  • OPENAI GPT_4O_MINI for the parent coordinator and all specialized risk assessment sub-agents.

    Note: To learn more about the LLM and to modify its behavior, refer to the Configuring LLM settings section.

Sub-Agents

1. Risk Assessments Data Collector

  • Role: Data Collector
  • Scope: Validates and structures raw supplier risk data for the analysis engine.
  • Description: Executes requests_get to fetch supplier data. Validates the presence of the five key risk pillars and normalizes the JSON into a structured format, marking missing metrics to ensure calculation consistency.

2. Comprehensive Risk Analyzer

  • Role: Risk Evaluator
  • Scope:Analyzes risk pillars and calculates a definitive Risk Severity Score.
  • Description:Weighs Financial Stability and Compliance & Ethics as priority factors to compute a score (1–100). Assigns a Risk_Tier tag (CRITICAL > 75, MODERATE 40–75, LOW < 40) with a brief logic justification.

3. Risk Triage Node

  • Role:Logic Gatekeeper
  • Scope:Routes supplier profiles to appropriate workflows based on Risk Tier.
  • Description:Inspects the assigned Risk_Tier tag and triggers the specialized response agent (Escalation Strategist vs. Vendor Monitoring) based on the severity of the findings.

4. Mitigation & Escalation Strategist

  • Role:Crisis Strategist
  • Scope:Drafts immediate mitigation plans and alerts for high-risk suppliers.
  • Description:Processes CRITICAL tier data to draft high-priority memos for the CPO and Legal teams. Highlights specific points of failure and generates 3 actionable mitigation steps, such as sourcing freezes.

5. Vendor Monitoring Agent

  • Role:Compliance Monitor
  • Scope:Generates compliance terms and audit schedules for safe or moderate suppliers.
  • Description:Drafts "Standard Vendor Clearance Reports" and targeted improvement plans for minor weaknesses. Recommends future audit cadences (6 or 12 months) based on the specific risk profile.
Tools Used:
  • GET Request Tool: Polls external JSON endpoints to retrieve multi-dimensional supplier risk datasets.
Note: For details on modifying the Tools, refer Tools Library section.
Agent Workflow Behavior Summary

  1. Input: The workflow starts with the Data Collector fetching a supplier profile.

  2. Analysis: The Risk Analyzer processes the five pillars; if a supplier shows "Active Compliance Violations," it likely triggers a score above 75.

  3. Triage: The Risk Triage Node evaluates the tag.

    • If Risk_Tier = CRITICAL: Sent to the Escalation Strategist for a CPO-level crisis memo.

    • If Risk_Tier = MODERATE/LOW: Sent to the Vendor Monitoring Agent for a standard clearance report.

  4. Final Output: Either a high-priority risk escalation alert or a scheduled audit plan for a safe vendor.

Sample Questions:

  • "Perform a risk assessment for Supplier ID #VND-9928."

  • "Evaluate our electronics suppliers and flag anyone with high geopolitical or financial risk."