Skip to main content

Supplier Risk Management

Business Problem

Supplier risk teams need structured workflows for questionnaires, evidence, incidents, remediation, sanctions, cyber reviews, insurance checks, and board reporting. A fragmented approach makes third-party risk hard to supervise.

Four-Step Application

This scenario works best as a four-step, human-in-the-loop application. The required object model already gives this scenario a strong delivery backbone for a four-step operating experience.

  • Mission metric focus: better on-time performance, lower exception costs, and higher operator productivity.
  • Human + AI pattern: Each step combines structured workflow data with chat assistance, background generation, document understanding, and accessible interaction patterns when they improve the experience.

Step 1. Capture demand and context

  • Goal: Make it easy for the user to start the Supplier Risk Management journey with complete, trusted context.
  • Required data: Supplier (supplier record), Relationship (business relationship), RiskAssessment (risk assessment), Questionnaire (supplier questionnaire), and EvidenceDocument (supporting evidence).
  • AI support: Use chat to guide intake, generate clearer prompts, create accessible summaries, and assist with voice or vision-led capture when a form alone is not the best experience. EAI can support structured intake, chat workflows, and document-centred capture today; richer native multimodal capture may still need workflow extensions or connected services.
  • Business impact: Improve completion rate, reduce first-touch effort, and raise customer or staff confidence in the UX from the very first interaction.
  • EAI delivery: Model the intake as tenant-isolated object types and resources, then use actions, chat workflows, and document indexing or classification to keep the initial record complete and usable.

Step 2. Prepare the decision

  • Goal: Turn the captured context into the next best action for Supplier Risk Management without forcing the human reviewer to assemble the case manually.
  • Required data: Issue (identified issue), Control (expected control), RemediationPlan (remediation plan), ReviewCycle (review cycle), and SanctionsCheck (sanctions screening).
  • AI support: Run background summarisation, extraction, classification, recommendation drafting, and answer generation so a reviewer sees a prepared case instead of raw fragments. EAI delivers the structured records and AI workflow hooks for this today; specialised scoring engines, external rules, or advanced reasoning controls may still need integration work.
  • Business impact: Reduce cycle time, improve quality and consistency, and protect the mission-critical metric before the case moves into execution.
  • EAI delivery: Link records across the scenario, persist decision state as resources, and use workflow actions plus chat assistance to keep humans in control while AI prepares the work.

Step 3. Execute and collaborate

  • Goal: Coordinate the actual work, handoffs, approvals, and user updates needed to deliver the service or outcome.
  • Required data: CyberAssessment (cyber review), FinancialHealthSignal (financial-risk signal), ESGMetric (ESG measurement), Incident (supplier incident), and Audit (supplier audit).
  • AI support: Draft replies, produce work packets, monitor exceptions in the background, and surface the next action for each operator. EAI can orchestrate tenant-isolated records, actions, chats, and document workflows today; deeper system-to-system automation may require additional connectors or workflow capability.
  • Business impact: Increase operator productivity, reduce rework across handoffs, and improve service consistency across the application journey.
  • EAI delivery: Use linked object types, actions, resource updates, and workflow-triggered AI assistance so the team can execute in one model instead of splitting work across disconnected tools.

Step 4. Resolve, explain, and improve

  • Goal: Close the loop with a clear outcome, an understandable explanation, and feedback that improves the next case.
  • Required data: AccessRequest (supplier access request), ContractClause (risk-related contract clause), InsuranceCertificate (insurance evidence), RenewalTrigger (renewal trigger), and BoardReport (board or executive report).
  • AI support: Generate outcome summaries, customer-friendly answers, compliance-ready notes, management insights, and accessible follow-up content. EAI can store outcome records and support answer generation today, while richer proactive agents, advanced analytics, or channel-specific accessibility features may need additional product capability.
  • Business impact: Increase trust, quality, and measurable business value through better on-time performance, lower exception costs, and higher operator productivity.
  • EAI delivery: Keep the full audit trail in structured resources, use AI workflows to explain outcomes, and feed the resulting signals into future product, service, and operational improvement work.

EAI Platform Support By Step

EAI provides the safe service boundary for Supplier Risk Management through Object Types, tenant-scoped resources, document processing, chat workflows, and CLI verification. For this scenario, the main records are Supplier, Relationship, RiskAssessment, Questionnaire, EvidenceDocument, and 17 more Object Types.

Process stepWhat EAI providesCalling pattern
Step 1. Capture demand and contextTenant-scoped intake resources for Supplier (supplier record), Relationship (business relationship), RiskAssessment (risk assessment), Questionnaire (supplier questionnaire), and EvidenceDocument (supporting evidence). Object Type validation, starter forms, optional document intake, and chat-guided capture keep the first record complete.Define fields in src/eai.config/object-types.ts, run eai types validate and eai types seed, create initial Supplier records with useResources('Supplier') or eai resources create Supplier, and keep browser calls behind /api/eai/....
Step 2. Prepare the decisionLinked resource queries over Issue (identified issue), Control (expected control), RemediationPlan (remediation plan), ReviewCycle (review cycle), and SanctionsCheck (sanctions screening). Search, schema checks, document classification or RAG indexing, and chat summaries turn raw context into a prepared decision.Use useResources('Supplier') list/query/search patterns, verify shape with eai resources schema, use useDocuments().upload/classify/ragIndex, eai docs upload, eai docs classify, and eai docs index where supporting material exists, and send decision-support prompts through useChat(workflowId, 'chat') or eai chat send.
Step 3. Execute and collaborateResource updates and actions for CyberAssessment (cyber review), FinancialHealthSignal (financial-risk signal), ESGMetric (ESG measurement), Incident (supplier incident), and Audit (supplier audit). Status changes, assignments, notes, generated work packets, and chat support keep humans in control during execution.Model actions in the Object Type code, call client.resources.executeAction(type, id, action) or the app hook equivalent, update records through the app service layer, and verify with eai resources get/list/query.
Step 4. Resolve, explain, and improveOutcome resources for AccessRequest (supplier access request), ContractClause (risk-related contract clause), InsuranceCertificate (insurance evidence), RenewalTrigger (renewal trigger), and BoardReport (board or executive report). Audit-friendly links, indexed final documents, reporting snapshots, and answer generation make the result explainable and reusable.Persist outcomes as resources, index final material with eai docs index or useDocuments().ragIndex, send explanation prompts with useChat or eai chat stream, and use eai resources aggregate/search for reporting checks.

Prompt, Code, And Service Pattern Mapping

When this scenario is turned into code, eai-gofer should generate Object Type definitions and app calls from the process model instead of inventing direct backend calls.

Use this prompt shape when asking eai-gofer or another coding agent to implement the scenario:

Use the EAI App Template. Model Supplier Risk Management with Object Types for Supplier, Relationship, RiskAssessment, Questionnaire, EvidenceDocument. Use useResources for records and actions, useDocuments for uploads/classification/RAG where documents appear, useChat for workflow assistance, and verify with eai types/resources/docs/chat commands. Use eai publicapi only when no named command covers the required platform call.
Scenario artifactHow it maps to EAI service calls
Four-step processStep 1 becomes resource creation, Step 2 becomes resource query/search plus optional document or chat preparation, Step 3 becomes resource update/action calls, and Step 4 becomes outcome persistence plus explanation/reporting calls.
Object Type definitionseai types validate, eai types seed, and eai resources schema make the model available and checkable before UI work starts.
Properties and indexesFields become useResources payloads, filters, list views, and eai resources create/list/query/search checks. Indexed fields should support lookup and triage, not duplicate canonical records.
Links between Object TypesRelationships become linked-resource UI, timeline context, and audit trails that app code loads through resource queries rather than separate bespoke stores.
Actions and status fieldsWorkflow buttons and operator transitions call resource action/update helpers, then verify state with eai resources get/list/query.
Document and chat promptsPrompts should call the platform documents and chat patterns: useDocuments().upload/classify/ragIndex, eai docs upload, eai docs classify, and eai docs index for documents, and useChat, eai chat send, or eai chat stream for conversational assistance.

Required Object Model (22 object types)

This scenario needs more than 20 object types because it spans intake, delivery, exceptions, governance, and reporting.

Supplier Risk Intake

  • Supplier — supplier record
  • Relationship — business relationship
  • RiskAssessment — risk assessment
  • Questionnaire — supplier questionnaire
  • EvidenceDocument — supporting evidence
  • Issue — identified issue
  • Control — expected control
  • RemediationPlan — remediation plan

Monitoring and Review

  • ReviewCycle — review cycle
  • SanctionsCheck — sanctions screening
  • CyberAssessment — cyber review
  • FinancialHealthSignal — financial-risk signal
  • ESGMetric — ESG measurement
  • Incident — supplier incident
  • Audit — supplier audit
  • ApprovalDecision — risk approval decision

Access and Governance

  • AccessRequest — supplier access request
  • ContractClause — risk-related contract clause
  • InsuranceCertificate — insurance evidence
  • RenewalTrigger — renewal trigger
  • BoardReport — board or executive report
  • Escalation — escalated supplier risk item

Delivery Workflow

  1. Authenticate and choose the tenant you want to work in.

    eai login
    eai tenant select

  2. Pull environment values, validate the type definitions, and seed the model.

    eai env pull --include-secrets
    eai types validate
    eai types seed

  3. Verify that the full model is available for the active tenant before building UI and workflows.

    eai resources schema --format json
    eai verify calls --format json

  4. Load pilot data and exercise the operational workflows for the scenario.

AI and Document Opportunities

  • Classify supplier evidence into the relevant assessment and control objects.
  • Summarise open issues, remediation status, and renewal risk for governance reviews.
  • Generate exception watchlists from incidents, sanctions hits, and missed remediation milestones.

Why This Scenario Is High-Value

Third-party risk is only manageable when supplier controls, incidents, and renewal decisions are visible in one place. This scenario creates that operating model.