Approving suppliers often creates more risk, not less.
Most businesses do not intentionally build a broken supplier approval process.
It usually starts with good intentions. We need an approved supplier list for ISO, UVDB, RISQS, or general compliance. A spreadsheet appears. A few certificates are collected. Boxes are ticked. The list is declared complete.
Except the control is often an illusion.
When approval criteria are poorly defined, supplier lists become comfort blankets. They look reassuring but quietly mislead everyone who relies on them. Worse, they create unnecessary administration while providing a false sense of assurance.
The real problem begins with a deceptively simple question. What is a supplier?
The Definition Problem
In many organisations, supplier is a catch all label. It can include material suppliers, service providers, and subcontractors working on site, all treated broadly the same.
Some businesses do separate suppliers and subcontractors and apply different controls to each. Both approaches can work. Problems arise when the definition is unclear or inconsistently applied.
If subcontractors are treated like generic suppliers; then health, safety, and competence risks are under controlled.
If low risk suppliers are treated like subcontractors, the system becomes bloated and inefficient. Either way, confusion at the definition stage undermines everything that follows.
Approved often just means on the list
In theory, supplier approval should provide confidence in competence, compliance, and reliability. In practice, many systems exist mainly to satisfy a requirement rather than to manage risk.
When criteria are vague and categories are blurred, people rely on judgement calls.
The Accreditation Contradiction
Many organisations initially create supplier approval in preparation for external assessment and accreditation, yet rarely assess the accreditation bodies themselves.
We demand evidence because we do not trust suppliers by default, but we trust accreditation and assessment bodies by default without defined criteria. This creates a fragile chain of assurance.
Some checks can be meaningfully verified live online. Gas engineers can be checked via the Gas Safe Register. Waste carriers can be verified through SEPA or the Environment Agency’s online checks. Click here for more info on Block Chain Auditing.
Insurance is different. PDFs are accepted at face value. Authenticity is rarely challenged.
When contradictions appear, the whole exercise collapses.
If your supplier list contains contradictions, different standards for similar providers, unclear approval logic, or decisions no one can explain, then the list is not reducing risk.
Example 1
A common example is ISO certification. One supplier is approved solely because they hold ISO 9001, while another doing the same work is used without it. Either both suppliers meet defined performance criteria, or the ISO badge is irrelevant.
It goes further. Even where ISO certification is cited as the approval basis, many organisations don’t check (where applicable) whether it’s issued by a UKAS-accredited certification body. Often it’s little more than a logo or a certificate taken at face value. That exposes the truth: the “check” isn’t really part of the decision-making at all.
Example 2
Waste carriers. Almost every company uses one, yet many never check whether the carrier is actually licensed, even though this can be verified online in minutes. The irony is that waste carriers are sometimes listed as “approved suppliers”, despite not supplying a product or service that affects the organisation’s output in any traditional sense. They support a non-profit generating process.
Once you accept that logic, a bigger question appears.
If waste carriers require approval and periodic checks, what about other suppliers, such as cleaners accessing offices, building repairs , or fire extinguisher servicing companies maintaining safety equipment?
These suppliers may have no link to product quality, but they clearly affect legal compliance, safety, environmental risk, and business continuity.
If they sit outside your supplier assessment simply because “they’re not an end product/service related supplier”, the supplier list is already inconsistent, and that inconsistency usually means the process hasn’t been properly defined in the first place.
When approval criteria are inconsistent, unverified, or ignored in practice, the system isn’t controlling risk, it’s documenting assumptions.
A quick sanity check
- Do we have a definition of what a supplier is?
- What specifically makes a supplier approved, and is that same logic applied to others providing similar products and/or services?
- Are there organisations we actively use that are not on the supplier list, and if so, why?
- If ISO certification forms part of the approval, have we verified that it is relevant, current, and UKAS accredited?
The takeaway
Your supplier list starts lying the moment approved becomes vague.
At Accendo Consultants Ltd, we help organisations define supplier approval properly so it can be explained, defended, and trusted.
The aim is not more paperwork. It is approval logic you can explain, defend, and trust.
Find us on LinkedIn for practical insights and real-world guidance or visit accendo.org.uk to see how we help businesses simplify compliance and get it right first time.
