Supply Chain ESG Risk Assessment
A structured assessment of the environmental, social, and governance risks that sit outside an organisation's own operations — in its suppliers, contractors, and procurement relationships — where regulatory obligations are growing, investor scrutiny is intensifying, and reputational exposure sits with the commissioning organisation regardless of what the contract says.
Your ESG programme is only as credible as its weakest supplier
Most organisations have reasonably good visibility of their own ESG performance. They have less visibility — and far more exposure — in the supply chain that sits behind their operations. The supplier disposing of hazardous waste illegally. The contractor using labour that does not meet minimum standards. The procurement relationship with a business whose governance practices create sanctions or corruption risk. These are not hypothetical concerns — they are the ESG failures that generate the enforcement actions, the investor exits, and the front-page coverage.
Regulatory frameworks are closing the gap. The EU Corporate Sustainability Due Diligence Directive (CSDDD) requires organisations to identify and address adverse human rights and environmental impacts across their value chains — not just within their own operations. CSRD requires value chain disclosure. Investors with Scope 3 commitments are increasingly scrutinising supplier emissions and ESG practices. The question is no longer whether supply chain ESG risk is the organisation's responsibility. It is how systematically and credibly the organisation is managing it.
Supply chain ESG risk is assessed differently from operational ESG. The organisation cannot audit every supplier, cannot obtain verified data from all of them, and cannot apply the same governance standards across every procurement relationship. What it can do — and what this assessment delivers — is a clear, risk-prioritised picture of where the material exposures are, which suppliers warrant deeper scrutiny, and what the policy and contractual framework needs to say to meet regulatory and investor obligations.
The brand on the product is the brand that carries the liability. What happens three tiers back in the supply chain is not invisible to regulators, investors, or the media — and it should not be invisible to the organisation whose name is on the final output.
Risk-based — depth matched to exposure, not to tier
Not every supplier requires the same depth of assessment. A Tier 1 supplier of commodity office supplies does not carry the same ESG risk profile as a Tier 2 manufacturer operating in a jurisdiction with weak labour regulation. Scoping every supplier to the same depth wastes budget on low-risk relationships and under-resources assessment of high-risk ones.
We scope supply chain assessments on a risk-based basis — beginning with a rapid risk segmentation of the supplier base to identify where material ESG exposure is most likely to sit, then directing assessment effort proportionately. The result is a programme that is as comprehensive as the risk profile requires and as cost-efficient as the budget allows. We are explicit with clients about what each scoping decision covers and what it leaves unassessed, so they can make informed decisions about depth and spend.
Risk segmentation (all suppliers)
A rapid, desk-based segmentation of the supplier base by ESG risk profile — using sector, geography, spend category, and contract type to identify which suppliers are likely to carry material E, S, or G risk. Produces a prioritised risk map without requiring supplier engagement at this stage.
Desktop assessment (high-risk suppliers)
Structured desk-based assessment of suppliers identified as high-risk — using publicly available information, regulatory databases, sanctions and watchlist screening, and sector ESG benchmarks. Identifies confirmed exposures and flags suppliers requiring deeper engagement.
Questionnaire & dialogue (priority suppliers)
Structured ESG questionnaires issued to priority suppliers — covering environmental compliance, labour and human rights practices, governance, and emissions data. Responses are reviewed, verified where possible, and scored against the assessment framework. Supplier engagement is proportionate to risk level and procurement leverage.
Deep dive (critical / highest-risk)
For the highest-risk suppliers in critical procurement categories — detailed assessment including document review, direct interview, and where justified, coordination of third-party on-site audit. Reserved for suppliers where the risk exposure warrants the investment.
What the assessment covers
Seven dimensions of supply chain ESG risk — assessed across the E, S, and G spectrum, not through a carbon lens alone.
Supplier ESG Risk Mapping & Tiering
Systematic mapping of the supplier base by ESG risk profile — segmented by spend category, sector, geography, and contract type. Risk tiering determines the depth of assessment applied to each supplier group and ensures assessment effort is directed where material exposure is most likely. The risk map is the foundation on which every subsequent workstream is built.
Environmental Compliance Assessment
Assessment of key suppliers' environmental compliance position — covering regulatory permits and licences, waste management practices, emissions management, water use, land contamination risk, and any environmental incidents or enforcement actions. Particular focus on suppliers operating in jurisdictions with weaker regulatory oversight, where self-reported compliance is least reliable.
Labour Practices & Human Rights Screening
Assessment of labour standards, working conditions, and human rights risk across the supply chain — covering forced and child labour, living wage compliance, health and safety standards, freedom of association, and the particular risks associated with specific geographies, sectors, and labour sourcing arrangements. Assessed against ILO Core Conventions and the UN Guiding Principles on Business and Human Rights.
Governance & Anti-Corruption Assessment
Assessment of governance risk in the supply chain — covering beneficial ownership transparency, sanctions and watchlist exposure, anti-corruption and anti-bribery compliance, and the governance characteristics of suppliers operating in high-corruption-risk jurisdictions. Governance risk in the supply chain creates direct regulatory exposure under anti-corruption legislation that extends liability to the commissioning organisation.
Scope 3 Emissions Screening
Identification of the supplier categories that contribute most materially to the organisation's Scope 3 emissions profile — using spend-based or activity-based proxy methods to estimate relative emissions significance. The screening establishes where Scope 3 emissions are concentrated in the supply chain and which supplier relationships should be prioritised for emissions reduction engagement.
Supplier ESG Questionnaire Design & Management
Design of fit-for-purpose ESG questionnaires for supplier engagement — structured around the specific risk dimensions relevant to each supplier tier and aligned to CSRD, CSDDD, and applicable reporting framework requirements. ARRC manages the questionnaire distribution, response review, scoring, and follow-up process on the client's behalf.
Supply Chain ESG Policy & Contractual Framework
Development or review of the organisation's supplier code of conduct, supply chain ESG policy, and the ESG obligations embedded in procurement contracts — ensuring the policy framework meets CSRD and CSDDD requirements, is enforceable through contract, and is communicated to suppliers in a way that is proportionate to their risk level and the organisation's procurement leverage.
The regulatory landscape is changing fast
Two European directives are fundamentally changing what organisations are required to do — and demonstrate — on supply chain ESG. Both apply beyond European borders to organisations with EU market exposure.
EU Corporate Sustainability Due Diligence Directive
The CSDDD requires large organisations to identify, prevent, mitigate, and account for adverse human rights and environmental impacts in their own operations and across their value chains — including direct suppliers (Tier 1) and, where there is plausible information of risk, indirect business relationships further upstream. Non-compliance carries significant penalties and civil liability. The CSDDD creates a legal due diligence obligation — not just a disclosure one — making supply chain ESG risk assessment a compliance necessity rather than a best-practice aspiration.
EU Corporate Sustainability Reporting Directive
CSRD requires disclosure of material ESG impacts, risks, and opportunities across the value chain — not just within the organisation's own boundaries. The double materiality assessment that underpins CSRD must consider value chain impacts, and the resulting ESRS disclosures cover supply chain environmental performance (ESRS E standards), social standards in the supply chain (ESRS S2), and governance of supply chain relationships. Organisations reporting under CSRD need a credible supply chain ESG assessment to support these disclosures.
UNGPs on Business & Human Rights
The UN Guiding Principles on Business and Human Rights — the global standard for human rights due diligence — require organisations to identify and address human rights risks in their operations and supply chains, communicate how they are addressed, and have a remediation process for adverse impacts. The UNGPs underpin both CSDDD and investor ESG frameworks and define the human rights due diligence standard that supply chain assessments must meet.
Scope 3 & supply chain ESG expectations
Institutional investors with net zero commitments are increasingly applying pressure on portfolio companies to address Scope 3 emissions — a significant proportion of which sits in purchased goods and services. ESG rating agencies (MSCI, Sustainalytics, CDP) explicitly assess supply chain ESG management. Organisations without a credible supply chain ESG programme are increasingly disadvantaged in investor engagement, ESG ratings, and access to green and sustainability-linked financing.
How the assessment works
A five-stage process — from supplier base mapping through risk-prioritised assessment to a policy framework and action plan the organisation can implement.
Supplier Base Mapping & Risk Segmentation
ARRC reviews the client's supplier base — spend data, procurement categories, geographies, and contract types — to build a risk segmentation map. Suppliers are grouped by ESG risk profile: high, medium, and low. The segmentation determines the depth of assessment applied to each group and establishes the overall programme scope and budget requirement. The risk map is agreed with the client before assessment work begins.
Desktop Assessment & Screening
Structured desktop assessment of high and medium-risk suppliers — using regulatory databases, sanctions and watchlist screening, environmental incident records, labour standards data, and sector ESG benchmarks. Desktop assessment identifies confirmed exposures, regulatory red flags, and the suppliers that require direct engagement to assess risk adequately. Screening is documented with evidence references for each finding.
Supplier Questionnaire & Engagement
Risk-proportionate ESG questionnaires issued to priority suppliers — covering environmental compliance, labour and human rights practices, governance, and emissions data relevant to their procurement category. ARRC designs the questionnaires, manages distribution, reviews responses for completeness and plausibility, scores against the assessment framework, and manages follow-up where responses are inadequate or raise further concerns.
Risk Assessment & Prioritisation
Integration of desktop findings and questionnaire responses into a structured risk assessment — rating each supplier relationship by ESG risk severity across E, S, and G dimensions. The risk register is prioritised by the combination of risk severity and procurement significance — ensuring that the organisation's most material supply chain ESG exposures are clearly identified and the recommended responses are proportionate.
Policy Framework & Action Plan
Development or revision of the supplier code of conduct, supply chain ESG policy, and procurement contract ESG clauses — aligned to CSDDD and CSRD requirements. Accompanied by a prioritised action plan: which supplier relationships require immediate remediation, which require enhanced monitoring, which require contractual strengthening, and which are candidates for transition out of the supply chain. The action plan is structured for immediate use by the procurement team.
What you receive
A complete supply chain ESG risk assessment package — designed for use by procurement, sustainability, legal, and board functions.
Supplier ESG Risk Map
A visual, tiered map of the supplier base by ESG risk profile — segmented by category, geography, and risk dimension. The primary tool for directing procurement team attention and making risk-proportionate engagement decisions on an ongoing basis.
Supply Chain ESG Risk Register
A structured, evidence-referenced risk register covering all material ESG exposures identified across the assessed supplier base — rated by severity across E, S, and G dimensions, prioritised by procurement significance, and accompanied by recommended response actions for each finding.
Scope 3 Emissions Screening Report
A category-level screening of Scope 3 emissions concentration in the supply chain — identifying the procurement categories that contribute most materially to the organisation's upstream emissions profile and the supplier engagement priorities for emissions reduction.
Supplier Code of Conduct & Policy Framework
An updated or newly developed supplier code of conduct, supply chain ESG policy, and procurement contract ESG clause library — structured to meet CSDDD and CSRD requirements, legally reviewed for enforceability, and calibrated to the organisation's procurement leverage with different supplier tiers.
Prioritised Action Plan
A sequenced action plan for the procurement team — identifying which supplier relationships require immediate remediation, enhanced monitoring, contractual strengthening, or transition planning, with clear ownership and timeline recommendations for each action.
Board & Disclosure Summary
A standalone board summary and disclosure-ready narrative — covering the assessment methodology, key findings, and the organisation's supply chain ESG management approach in the format required for CSRD value chain disclosures and investor ESG reporting.
When organisations commission this assessment
Five situations — from regulatory compliance to post-incident recovery — each requiring the same honest picture of what sits in the supply chain.
An ESG programme that is incomplete without supply chain coverage
An organisation that has invested in its own ESG performance but has not assessed its supply chain has built a programme with a structural gap. The supply chain is where the majority of most organisations' environmental and social impact actually sits — and where the most significant unmanaged ESG risk is typically found. Supply chain assessment is what makes the rest of the programme credible.
A supplier failure has created regulatory or reputational exposure
Where a supplier incident — an environmental violation, a labour standards failure, a corruption investigation, a modern slavery disclosure — has created direct exposure for the commissioning organisation. The immediate need is to understand the full extent of supply chain ESG risk, not just the incident that triggered the review. Post-incident assessments typically operate under significant time pressure and require a clear-headed risk picture quickly.
Scope 3 and supply chain ESG scrutiny from investors or lenders
Where an investor's ESG due diligence, a lender's sustainability-linked finance covenant, or a rating agency review has identified supply chain ESG management as a material gap. Demonstrating a credible, independently conducted supply chain assessment provides the evidence that investor and lender frameworks require and that self-reporting cannot supply.
EU Corporate Sustainability Due Diligence Directive obligations
Where the organisation is in scope for CSDDD — either directly as a large EU-established entity or indirectly through its EU market exposure — the directive requires a documented human rights and environmental due diligence process covering the value chain. A structured supply chain ESG assessment is the foundation of that compliance programme.
Value chain disclosure requirements under CSRD
Where the organisation is preparing CSRD disclosures, the ESRS require value chain information across environmental and social standards. A supply chain ESG assessment provides the evidence base for these disclosures — ensuring that what is reported reflects what has actually been assessed, rather than what the organisation assumes to be true about its supply chain.
Commission a supply chain ESG risk assessment
Whether you are building a supply chain ESG programme for the first time, responding to a regulatory or investor requirement, or recovering from a supplier incident — we will scope an assessment that is proportionate to your supply chain risk profile and your budget, and deliver a risk picture you can act on.
Initial conversations are obligation-free. We will discuss your supplier base, the regulatory context, and what a risk-based scoping looks like before any commitment is made.