Risk Intelligence

How NodeVault scores supply chain risk

NodeVault uses a six-factor weighted composite model to produce a single, defensible risk score (0–100) for every node in your supply chain. Here is exactly how it works — every weight, every benchmark, every data source.

The formula

Composite Risk Score (0–100)

Operational Risk × 0.25

Country Risk × 0.20

Geopolitical Risk × 0.15

Single Source × 0.20 (binary)

Lead Time Buffer × 0.10

Performance Deficit× 0.10

= Score (0–100) → Grade (1–5)

Each factor is normalised to its maximum contribution, then summed. The result is a continuous 0–100 score that drives a five-level grade. The score updates automatically as you fill in node data — you can watch individual factors change in real time in the Risk tab of any node.

The weights reflect two principles from supply chain risk literature: single-source dependency is weighted equally to operational risk because it makes every other risk factor irrelevant when a disruption occurs — a reliable supplier with no backup is still a single point of failure. And lead time is weighted as a risk amplifier, not a standalone risk — it determines how long your organisation is exposed when any other factor triggers a disruption.

Factor breakdown

Click into each factor to understand exactly what you are scoring and why.

⚙

Operational Risk

25 pts max

Your direct assessment of this supplier's operational reliability — quality consistency, on-time delivery history, management stability, and capacity resilience.

Source: Internal procurement assessment

Very Low — Highly reliable. Consistent quality, >97% OTD, strong management, ample capacity buffer.

Low — Minor concerns. Occasional delays, quality within spec, processes well-documented.

Medium — Notable issues. Periodic quality escapes or delivery misses requiring active management.

High — Significant problems. Recurring quality failures, unreliable delivery, capacity constraints.

Critical — Severe. Active quality holds, repeated missed shipments, management instability.

🌐

Country Risk

20 pts max

The political stability, rule of law, regulatory predictability, and infrastructure quality of the country where this node operates. Based on World Bank Governance Indicators.

Source: World Bank Worldwide Governance Indicators (WGI)

Very Low — USA, Germany, Japan, Netherlands — mature institutions, rule of law, excellent infrastructure.

Low — Poland, Czech Republic, South Korea, Malaysia — stable with minor institutional friction.

Medium — China, Mexico, India, Thailand — capable but with regulatory unpredictability or governance gaps.

Elevated — Vietnam, Bangladesh, Turkey — developing governance, higher regulatory change risk.

High — Countries with active conflict, sanctions, or severe institutional breakdown.

⚡

Geopolitical Risk

15 pts max

Trade tension, sanctions exposure, export restriction risk, and military conflict proximity specific to this node's location and the goods it produces.

Source: US OFAC sanctions lists, BIS Export Control Classification, Kearney Reshoring Index

None — Allied nation, no trade friction, no sanctions risk, no conflict proximity.

Low — Minor diplomatic friction. No sanctions exposure. Stable trade relationship.

Moderate — Active trade tensions (tariffs, restrictions). No direct sanctions but sector scrutiny.

High — Sanctions risk on goods or sector. Export license requirements. Diplomatic deterioration.

Critical — Active conflict zone, primary sanctions target, or near-total trade restriction risk.

⚑

Single Source Dependency

20 pts max

Whether a qualified alternative supplier exists. Single-source dependency is the largest binary risk factor — when this supplier fails, there is no fallback. It carries the same weight as operational risk.

Source: Procurement qualification records

Diversified — Two or more qualified suppliers. Volume can shift within weeks.

Yes

Single Source — No qualified alternative. Full 20 points applied to composite score.

⏱

Lead Time Buffer Risk

10 pts max

Long lead times amplify every other risk factor — they reduce your ability to respond to disruptions and require larger inventory buffers. Scaled from 0 (≤7 days) to full 10 points (90+ days).

Source: Logistics data and supplier lead time commitments

0-7d

No risk — Local or near-sourced. Disruptions can be recovered quickly.

8-30d

Low — Regional supply. 1-2 weeks to respond to a disruption.

31-60d

Medium — Intercontinental. A disruption requires 1-2 months to resolve.

61-90d

High — Long ocean or complex logistics. 2-3 month exposure window.

90d+

Maximum — Full 10 pts. Disruptions take a quarter or more to resolve.

📦

Performance Deficit

10 pts max

Measured against industry benchmarks: 95% OTD and 99% quality score. Suppliers below benchmark are penalised proportionally. A supplier at 75% OTD contributes the full 10 points.

Source: Supplier scorecards, ERP delivery data

≥95% OTD, ≥99% quality

No penalty — At or above benchmark. Zero points added.

90-95% OTD

Minor — Moderate OTD miss. 1-2 pts added.

<90% OTD or <97% quality

Significant — Notable performance gap. 5-8 pts added.

<80% OTD or <95% quality

Maximum — Poor performance. Full 10 pts applied.

Grade thresholds

Composite scores map to five grades. Thresholds are calibrated so that a node with no special risk factors scores in the Low band, and a single-source node in a high-risk country with poor performance reaches Critical automatically.

0-20

score

Very Low

Well-diversified, stable, high-performing. Standard monitoring cadence.

21-40

score

Low

Minor concerns, manageable exposure. Quarterly review recommended.

41-58

score

Medium

Notable risks present. Active mitigation plan recommended.

59-74

score

High

Significant exposure. Immediate mitigation action required.

75-100

score

Critical

Unacceptable risk. Executive escalation and urgent intervention required.

Worked example

TSMC (Taiwan Semiconductor) — the highest-risk node in our example supply chain.

TSMC — Advanced Semiconductors, Taiwan

Operational Risk

4 / 5

19/25

(4-1)/4 × 25 = 18.75 → 19

Country Risk

4 / 5

15/20

(4-1)/4 × 20 = 15

Geopolitical Risk

5 / 5

15/15

(5-1)/4 × 15 = 15

Single Source

Yes

20/20

Binary yes = 20

Lead Time Buffer

90 days

10/10

90/90 × 10 = 10

Performance Deficit

97.2% OTD

0/10

Above 95% benchmark = 0

Composite Score79 / 100

GradeCritical

Note: Even with excellent OTD (97.2%), the combination of Taiwan geopolitical exposure, single-source status, 90-day lead time, and high country risk drives this node to Critical. This is the correct result — operational performance does not offset structural risk.

Important caveats

This is a screening tool, not a credit rating.

The composite score is designed to surface nodes that need attention and prioritise your mitigation efforts. It does not replace a formal supplier audit, financial due diligence, or legal risk assessment.

Operational risk is self-assessed.

The single largest factor (25%) is your own 1-5 scoring. The model is only as good as the data you put in. We recommend documenting your rationale for each score in the Notes field.

Currency is not normalised across nodes.

Annual spend figures are stored in local currency. The analytics panel totals are approximate until we add FX conversion — treat spend totals as directional, not exact.

The weights are reasonable defaults, not universal truths.

Different industries weight these factors differently. An automotive OEM will weight lead time more heavily than a software company. The model gives you the right factors — calibrate the weights to your context.

See it in action

Load the pre-built global electronics example to see composite risk scores calculated live across a 16-node, 15-route supply chain.

Open the Map →