The Death of Scorecards

For years, companies have relied on aggregated supplier scorecards as if they were a proxy for risk. A high rating suggests a company is well managed, sustainable, and "low risk," so why is it that we are increasingly seeing highly scored companies cause major disruptions across global supply chains? 

Imagine the following: a major supplier in your network is hit by a flood, geopolitical disruption, or regulatory shutdown. On paper, the supplier is scored highly. They have completed the questionnaires, published policies, and meet the required reporting standards to be considered `sustainable´. Yet within days, critical components stop being shipped, production schedules are delayed, and revenue is affected. 

The score remains high, but the business suffers. Why? 

Because a scorecard is an assessment of documented ESG management maturity, not a direct measurement of operational risk or real-world resilience under stress. 

Recent tensions around the Strait of Hormuz illustrate this clearly. Even the possibility of disruption at a major shipping chokepoint can send shockwaves through energy, chemicals, manufacturing, and logistics, regardless of how mature suppliers appear on paper. Over the last decade, boards and C-suites have been buying into a false sense of security through scorecarding. In fact, EcoVadis reported last year that over $2.5 trillion in global spend is now filtered through sustainability scorecards, yet independent analyses still show that supply-chain disruptions cost businesses trillions globally. 

We are investing more than ever in supplier scorecards, but scorecards alone are not reducing operational exposure. 

The macro picture is clear: widespread use of sustainability scorecards has not prevented major supply disruptions, or their significant financial impact.  

The problem is that a scorecard shows only whether a company appears compliant at a static moment in time and does not tie that compliance to the question that matters most to boards, procurement leaders, and lenders: If a disruption hits my supply chain tomorrow, what is the financial impact on my business? Because when a disruption does occur, the consequences are immediate and tangible: lost revenue, inventory shortages, expedited logistics costs, contract penalties, and higher financing costs (to name a few).

And a shift is slowly coming.  Regulators such as the European Central Bank and the European Banking Authority now require banks to integrate climate and environmental risks directly into credit assessments. They are looking for evidence that companies understand where risk sits, how it could disrupt operations, and what the financial consequences would be. In Deutsche Bank's non-financial report, it states: "Non-financial risks have become an integral part of our risk management. If we do not systematically address the threats posed by climate change, environmental degradation, and social issues, we face not only reputational damage but also very real financial and legal consequences."

And it is not just Deutsche Bank. Boards and lenders are increasingly recognizing that non-financial risk translates directly into financial consequences. 

Reading between the lines, the direction is clear: ESG is no longer a reporting exercise. It is a risk intelligence challenge. 

So, what needs to change? Companies need to start looking at non-financial data through the lens of risk intelligence and then translate those non-financial signals into financial impact. They need systems that can map supplier relationships, continuously monitor evolving risks and link disruptions to products, operations and costs – and provide evidence that the underlying data is accurate and defensible. The question procurement should be asking is no longer, "What is this supplier's rating?" but, "If this supplier fails, what will happen to my business tomorrow?" 

Don't get me wrong. I am not saying ESG scorecards are useless. They provided a much-needed starting point in a very complex topic that has shifted rapidly over the last decade. But they were never designed to predict disruption or quantify business exposure.  In a world of increasing climate, geopolitical, and supply-chain volatility, a score is only a snapshot. 

What organizations need is visibility into how risk moves through their ecosystem and how quickly it can affect revenue, financing, and valuation. 

Because an A-rating does not protect your P&L.