A Supplier Risk Assessment
Is a crucial process that ensures a supplier is legitimate and capable of delivering what they promise. This usually happens when a security risk assessment has not been conducted. This assessment includes seven levels of investigative depth, and the client specifies how many levels are required. The investigation goes beyond surface checks, as suppliers may seem credible and have positive references yet still win contracts worth millions, such as R5, R8, or R9 million, without proper scrutiny.
However,
These companies often fail to complete the work, are unable to fulfill their contractual obligations, or quote for one project but deliver something entirely different. For this reason, clients request our independent security risk assessments. The various levels of assessment form a rigorous vetting process that can be as in-depth as needed. We do verify the individuals involved and assess their skills, examine the contract, and review all relevant registration documents to ensure legitimacy and compliance.
We ensure that suppliers provide the correct answers to security-related questions. Our assessment goes beyond paperwork; we assess their core business, and often, we even visit their premises to verify their physical existence. You may be surprised to discover how many businesses either do not exist or lack a legitimate physical address.
This is the essence of a Supplier Risk Assessment.
Clients request these assessments to vet two to five suppliers in a tender or RFQ, ensuring they consider only legitimate, capable businesses.Clients want to ensure they are dealing with the right candidate, and that’s why independence in our process is so crucial. Here’s an example:In the most recent supplier vetting I conducted, the supplier secured the contract with impeccable paperwork. On the surface, everything looked good, yet the supplier turned out to be a computer shop tendering for a CCTV installation project. This illustrates why thorough vetting is essential.
As for independence, it’s important to clarify its meaning:
Alwinco is not affiliated with any company, ensuring that we conduct security risk assessments impartially and objectively. We remain independent, with no ties to any security company, manufacturer, or risk management firm. Alwinco is a stand-alone company acting as the referee, not the player. We do not sell, provide, or handle any security programs, hardware, or related services.
If a security company requests a risk assessment, we do not conduct it on their behalf.
Our assessments are solely conducted for our clients, and we operate independently, ensuring no conflicts of interest. If we assess a security company, we would also need to assess the client and the instructing person, which we do not. Our focus is solely on providing unbiased, independent assessments.
When a party commissions us to conduct a risk assessment, they expect the solutions provided to align with their portfolio. However, Alwinco is not that type of assessor. We conduct assessments independently.
Our focus is solely on assessing the client who requests our services.
When a security company hires an independent assessor to assess its client, the client must provide an official instruction letter, as the Act stipulates. This process ensures that the assessment remains impartial and in compliance with legal requirements. The permission letter can only be provided by the client to the security company that conducts the assessment. However, when a third party is involved, the permission letter often creates problems. This is why independence is crucial for a proper security risk assessment.
Over the past 20 years, this principle of independence has consistently proven to be key in ensuring the integrity and reliability of our assessments.
Written by Andre Mundell.
Our security risk assessment projects are focused on the Gauteng Region, which includes Sunny Side, Bedfordview, Midrand, and Rivonia. Additionally, we cover Bloemfontein, Chatsworths, and Bloubergstrand.