Supplier Due Diligence from A to Z

Wether your are a manufacturer, a trading company or a service provider, your suppliers are the backbone of your business. Imagine yourself having chosen the wrong cloud provider. Suddenly missing his Service Level Agreement (SLA). A huge Dead-end!

The pandemic situation and global economic challenges (Inflation, Energy,…) have even accelerated the needs for reliable and resilient suppliers.

This demonstrates easily how much knowing suppliers is  is crucial to sustaining business growth and risk mitigation

What is Supplier Due Diligence?

Due Diligence: this is mainly – but not only – referring to a process in buying. The process of examining all the material facts of a deal before purchasing our reaching (legal) commitment. In simple words: verifying the accuracy of a statement.

As an example from the past: upon buying a horse, you look thoroughly at the teeth to detect any illness not declared by the vendor.

This can be done self or via third parties, such as consulting companies. Here as example Deloitte and their definitions in the context of M&A.

Supplier Due Diligence: this is the process by which a company checks if its suppliers are legitimate, credible organizations that are compliant with local regulations. It ensures as well that certifications are up-to-date and compelling. Furthermore, it also gives strong insights on financial situation and business reliability. In some cases, it can go down to product quality

Thorough supplier due diligence ensure a fact-based decision on:

  • whether you should be doing business with a particular supplier.
  • whether you should take corrective measures in an existing business relationship

The process involves screening, verifying, onboarding, and monitoring your partners and their business.

Supplier due diligence is part of SRM (Supplier Relationship Management)

Supplier Relationship management is a proactive approach to managing suppliers. A small but important part of this process is:

  • Managing risks within a supply chain: identifying, assessing, monitoring, controlling and mitigating all possible risks.
  • Compliance: It also includes ensuring compliance with applicable laws and regulations.

Gap between needs and reality in supplier due diligence

You mitigate your risks and the likelihood of adverse events occurring. This will ultimately lead to increased profitability, streamline processes and improved customer satisfaction.

  • Is the supplier reliable?
  • Does the supplier have a good track record?
  • Has the supplier ever had any complaints made against it?
  • How long has the supplier been in business?
  • Do they have a positive track record?
  • Does this supplier have several activities?
  • Do they respect IP of others?
  • How long have they been here?
  • Have they been investigated before in a similar framework?
  • What is their background and shareholders?
  • What are the vendor capacities?
  • Is the supplier financially robust?
  • Does the supplier have the relevant licenses from authorities?

The need for Supplier Due Diligence

Due diligence is an essential part of risk mitigation in business. When you perform supplier due diligence, you are checking whether the supplier has the necessary resources, bandwidth, and expertise to deliver the required and committed deliverables.

Main reason why conducting a vendor due diligence:

  • To protect your brand and reputation
  • To make sure you are not paying for goods or services that are substandard
  • To avoid potential legal issues if you are dealing with a fraudster
  • To avoid liabilities for substandards products
  • To discard any risks associated with working with an unlicensed supplier
  • To increase chances of business continuity with reliable vendors

Protecting yourself from being held liable for non-compliance seems like a good thing? Then you need to consider your suppliers compliance with laws and regulations when selecting them. The most common examples are countries’ standards like the FDA in the USA. Would you like to sell food which is not FDA compliant? Well no… So better ensure your supply chain is compliant, else your own product won’t be.

Engaging in business while failing to comply with applicable laws and regulations, could lead to fines and penalties, which might impact your business up to stopping your activities.. Some of them are even legally considered as crimes.

Approaches to Supplier Due Diligence

Broadly, there are 3 types of approaches to conducting supplier due diligence:

Tiered approach: A tiered approach consists of baseline, intermediate and advanced checks. A baseline check is done on all of your vendors, irrespective of the size of the deal or the type of procurement. Intermediate and advanced checks encompass additional checks factoring in supplier dependency and procurement risks.

Risk-based approach: Procurement and contracting are complex processes, and performing all types of diligence checks on vendors may not be feasible. A risk-based approach is a flexible method by which you can categorize your risks and then conduct appropriate checks focused on addressing those risks.

A mix of Risk-based and tiered approach, possibly third party certifications assessment:

  • you weight the supplier classified by your tiered approach with geographical risk, size risk, criticality: you prioritize in the most efficient way.
  • You may exempt some company which have already been assessed by third parties


Is Supplier Due Diligence the same as Supplier Audit?

Yes and no. And mainly a no.

  • Supplier Audit: is a recurring activity (yearly usually) to asses some aspects of the way the supplier is working. The main target is to engage in an action plan to improve suppliers. This is either focus on:
    • Supplier Audit (Social): working conditions, working regulations, social and environmental impacts of the business,…
    • Supplier Audit (Technical): process of production, product quality, Six Sigma,…
  • Supplier Due Diligence: one-time assessment for risks mitigation upon starting a business. The main target is to filter out suppliers before even working with them.

It is easy to understand that audits, especially the social audit, can be part of a due diligence. But they are merely overlapping. They have different targets.

Comprehensive Supplier Due Diligence Checklist

A comprehensive supplier onboarding checklist is the safety gate protecting your business. We’ve put together our experience of working into this easy checklist, which you can use as a primary filter. You need to refine it for any specificity of your business:

  1. Check the legitimacy of the website.
  2. Confirm company’s existence in contacting them per email
  3. Verify the company’s registration status and date of creation

since we all hoped this was a true company… now check in detail:

  1. Validity of licenses and registrations
  2. Insurance & Liabilities coverage.
  3. Bank account details.
  4. VAT / Registration number (depending on countries)
  5. Annual General report and financials (if a stock-exchange company)
  6. Complaint history and Customer feedback.
  7. Product warranty policy.
  8. Terms and conditions.
  9. Privacy policy.
  10. References on Website
  11. Cancellation/return policy.
  12. Delivery timelines.
  13. Countries of production
  14. Certification
  15. ….

And so on… You will find the full list to help you structure your onboarding system for download at the bottom of this article.

FAQs on Supplier Due Diligence

Should you outsource supplier due diligence? A clever idea?

Outsourcing vendor due diligence is an effective way to increase quality of the report in some areas of the due diligence (legal,…). Especially if you do not have resources and knowledge internally.

However, outsourcing does not guarantee that you will find all the relevant information about your potential suppliers. Third parties do not know your business as much as you do, and may not know how to look at specific risks beyond the obvious ones. Therefore, it is advisable to perform your own due diligence – or at least being deeply involved – before making any final decisions.

How does supplier due diligence help you mitigate legal liability?

By helping you select your suppliers among the one who complies with applicable law, Due diligence mitigates legal liability. This considerably reduces the risks of any potential legal action arising out of the use of their services.

In case of a long lasting relationship, you also do not have to worry whether they will leave you exposed to legal liability once they go bankrupt or get acquired by another business.

What are typical non-compliance issues from vendors?

  • Law and regulations:
    • local (country / State)
    • International (trade agreements, customs,..)
    • Tax
  • Business
    • Trade secrets misuse
    • Intellectual Property violation
  • Operations
    • Inadequate product/service information (content, language, child safety,…)
    • Missing certifications
  • Marketing: false advertising

What should I do when I find a red flag with a vendor?

A red flag is a compliance issue with regulations. If you find red flags your due diligence report regarding a vendor:

  • Inform in writing your supplier about situation
  • Request immediate action plan
  • Inform the authorities immediately if required (labor regulation, environment, customs,…)
  • Stop any transaction with them
  • Launch a mitigation plan with other suppliers.

Never forget: being aware of an issue with regulations such as for e.g. customs, compels you in most countries to inform the authorities. Else you are considered by law to be part of the issue, if failing in reporting such situations having prior knowledge of it.

Where do I download the supplier onboarding checklist?

Here is the document you will download, all at once! See our product page for a global overview.

Give your email, you will receive the link for download.

About Author