Here’s one of the most consistent frustrations we've heard from the 200+ procurement leaders we’ve spoken to this year:
"Risk reviews live in a completely different workflow. Every time we want to move forward with a supplier, we get stuck waiting for someone else to weigh in."
— Sourcing Manager, Enterprise Financial Services Company
Risk leaders feel the tension too:
"Most of the requests we get are missing key information, which means we have to go back to procurement before we can even start our review. That back-and-forth slows everything down."
— Director of Third-Party Risk, Global Pharmaceutical Company
The Hidden Problem: Risk and Procurement Are Running on Different Clocks
Procurement has worked hard to modernize intake, approvals, and supplier onboarding, but risk processes have not kept pace. Cybersecurity reviews, legal reviews, regulatory checks, and ESG screenings are still managed in separate systems with separate owners and often with no shared view of timelines or priorities. Procurement ends up looking like the bottleneck even when they’re simply waiting on decisions from other teams. Stakeholders see the delay, but they rarely see where the work is actually stuck.
This is where operating model design becomes critical. Without clear ownership and integration across functions, procurement can never deliver at the speed the business expects. At RiseNow, we often see that the real blocker is not effort but structure. The way processes, roles, and systems are designed creates the drag.
When information is missing or requirements are unclear, the process slows even more. Risk teams end up chasing procurement for answers, and then procurement chases the business or suppliers, creating a cycle of delays that nobody fully owns.
What Leading Organizations Do Differently
The most successful organizations refuse to treat risk as a separate track. They design a single, shared flow that integrates risk from the start instead of bolting it on at the end.
They begin by bringing procurement, legal, compliance, and risk stakeholders together to align on decision thresholds, documentation requirements, and turnaround expectations. This allows reviews to start immediately rather than waiting for a separate handoff. They standardize playbooks so that the criteria for approval are consistent and predictable, which prevents every supplier from triggering a bespoke process. And they measure where work is waiting, and why. Cycle times are tracked, stuck requests are escalated, and leaders have visibility into which steps are creating the most friction.
Technology can support this, but only if it is configured to match the way work really flows. Too often, procurement has a modern platform while risk reviews are trapped in email or legacy systems. Leading organizations invest in system optimization, connecting their procurement suite with risk, legal, and compliance tools so information is captured once, shared instantly, and measured continuously.
Across one of RiseNow’s global manufacturing clients, nearly 40% of suppliers were sitting in risk review for more than 20 days. By building a shared intake process, standardizing requirements, and automating approvals for low-risk suppliers, they cut the wait time by more than half and improved overall supplier onboarding satisfaction scores.
This is also where new talent models (like RiseAgents) come in. Instead of relying on staff augmentation or BPO, RiseAgents provide future-ready human talent equipped with AI and integrated systems. They can deliver three to four times more output than a traditional analyst, create surge capacity exactly where bottlenecks occur, and give leaders visibility into risks before they stall the process.
Matt Stewart, CEO of RiseNow, frames it this way:
"Procurement is expected to keep pace with the business, which means risk has to keep pace too. When we work with clients, we focus on designing one end-to-end process that brings risk in from the start so nothing gets lost in the handoff."
Why This Matters
When procurement and risk move at different speeds, the business loses trust in both. Stakeholders either push for exceptions or bypass the process entirely, which creates even greater exposure. Aligning risk with procurement doesn’t just remove a bottleneck. It creates a single, transparent process that stakeholders can rely on.
For some organizations, that means rethinking the operating model. For others, it means optimizing the systems they already own. For many, it will also mean supplementing the team with RiseAgents who can accelerate reviews and manage complexity without creating new handoffs. In every case, the goal is the same: an end-to-end process that is faster, more resilient, and trusted by the business.
Next up in this series: what happens when the technology is running perfectly but the process still doesn't work.
