runbookify
← All plans
Procurement & Purchasing / Supplier Performance, Risk & Compliance

Supplier Risk Watchlist & Monitoring

Build your own supplier risk register that scores every vendor, ranks a high/medium/low watchlist, tracks mitigation actions, and reminds you to re-review on schedule - with a human approving each rating.

BeginnerAn afternoonBuilds onNext.js (App Router) on VercelSupabase (Postgres, Storage, Auth + RLS)Resend (email alerts & digests)
What you'll build

A logged-in risk register that imports suppliers, computes a weighted risk score, ranks a watchlist, routes each rating through an owner's approval, schedules re-reviews, and exports a clean CSV plus a summary email.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.

Before you start

  • A free Vercel account
  • A free Supabase account
  • A free Resend account (for re-review reminders and the summary email)
  • A supplier list with risk inputs in a Google Sheet or CSV (financial flags, sole-source yes/no, region, spend, criticality)

The problem this kills

Right now your supplier risk picture lives in your head, a stale spreadsheet, and a few worried email threads. Nobody can answer the simple question fast: which suppliers are risky, and why? When a single-source vendor that also happens to be your biggest spend has a quality miss or a financial wobble, it becomes a fire drill instead of something you saw coming.

The hard part was never the math. It's having one consolidated, trustworthy place where every supplier carries a risk score, a documented reason, an owner, a mitigation plan, and a date for the next review - and where a person, not a guess, signed off on each rating.

What you'll build

A small web app your team logs into that turns a messy supplier list into a living risk watchlist:

  • Import your suppliers and their risk inputs from a Google Sheet or CSV.
  • Compute a weighted risk score from likelihood and impact factors (financial health, single-source dependency, geographic/geo-political concentration, lead time, compliance gaps, spend, criticality).
  • Rank every supplier into a high / medium / low watchlist - with single-source-plus-high-spend flagged as top priority.
  • Route each supplier's rating and mitigation plan to a risk owner who reviews and approves before it's recorded.
  • Schedule periodic re-reviews and send reminder emails when one comes due.
  • Show a risk dashboard, export a clean CSV, and send a summary email of the current watchlist.

What's inside the Implementation Plan

The plan is a complete, paste-and-go runbook. Crucially, it opens by interviewing you about your business - your current process, your systems and spreadsheets, the exact field names and supplier ID conventions in your data, your typical and peak supplier counts, your scoring philosophy, and your messy edge cases. It then reflects a short tailored spec back to you for a thumbs-up before a single line is built, so you get a tool shaped around how you actually work - not a generic template.

Inside you'll find:

  • The discovery interview that tailors the data model and scoring weights to your business.
  • A step-by-step build, each step ending with a ready-to-copy prompt you paste into your AI agent.
  • A configurable weighted scoring engine (likelihood x impact) you can tune without touching code.
  • The owner approval workflow, the re-review scheduler, the dashboard, the CSV export, and the summary email.
  • A no-API fallback so you can build the whole thing today from a Sheet or CSV - no integration to your ERP required.

The governance it includes (this is the point)

This isn't a spreadsheet with extra steps. Governance is built in from the start:

  • Login so only your team can use the tool.
  • Row-level security so people only ever see their own organization's data.
  • A human-in-the-loop approval gate - the tool drafts a risk rating and mitigation plan, the risk owner reviews and approves, and only then is it recorded as the current rating.
  • Scheduled re-reviews so ratings can't quietly go stale - reminders fire when a review comes due.
  • A complete audit trail - who scored, who approved, what changed, and when - with full review history per supplier.
  • Duplicate guards keyed on supplier ID, so one current risk record exists per supplier even when you re-import.

Who it's for

Procurement leads and risk owners who have no consolidated view of which suppliers are risky and why - and who want one reliable watchlist they can actually defend to leadership, an auditor, or the board.

You've got this. Paste the first prompt and let the interview tailor it to your business.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.