Why AI isn’t ready to replace humans in third-party risk management
Editor’s note: This article first appeared in the November 16 issue of the Straight Talk newsletter. To subscribe and receive content like this each Sunday morning, click here.
In an age of unrelenting supply chain disruptions, the risk management realm is no longer defended by the company’s four walls. It now includes what happens beyond them, across suppliers, partners and ecosystems.
As Aravo’s Chief Customer Officer Dave Rusher noted in a recent Talking Supply Chain podcast episode, artificial intelligence can enhance that work but it can’t own it. (Listen to the episode here)
Rusher argues that managing third-party risk has become one of the most intense stress tests for enterprise AI.
“Every company depends on third parties, but the way each measures and manages risk is entirely different,” Rusher says. When you pair that with unstructured data flows, evolving regulations and global fragility, the traditional risk-management playbook simply doesn’t suffice, he points out.
While times are changing, Steven Adler, a partner with risk management advisory firm The Edmund Group, notes that “supplier risk intelligence provides early warning of disruptions like cyber breaches, litigation or M&A.” In a recent Supply Chain Management Review article, Adler noted that supplier risks matter just as much as internal ones. That line of thinking is the launching pad for a more strategic approach, he argued.
Risk thinking 2.0
Rusher kicked off the podcast discussion with a key insight: this isn’t a software problem, it’s a mindset problem.
“You can’t just point to the AI and say, ‘My agent made that decision.’ Companies still own their risk,” he warns.
Together, Rusher and Adler draw a line between automation and accountability, reminding leaders that AI may analyze risk, but humans still have to own it. The old way of reacting to disruptions and auditing what happened is no longer sufficient. Companies need to anticipate, model and proactively design their supply chain networks to minimize their risk. Adler reinforces this by writing that treating supplier supervision as a static checkbox is no longer tenable. Instead, intelligence should guide action.
“Supply chains don’t just depend on what happens inside your four walls, your suppliers’ risks (and opportunities) matter just as much,” he wrote.
This shift sets the tone for businesses. It reinforces the idea that to manage complexity, companies must embed continuous intelligence, cross-functional alignment and strategic leadership into the process.
Talent, tools and the real starting line
When it comes to implementing network design and risk oversight, Rusher emphasizes that tools alone won’t deliver value.
“AI helps codify all that messy, unstructured information and point it toward a common goal: identifying and resolving risk,” he says.
But to get there, you must begin with the right team. He points out that the most successful practitioners often come from planning or analytical backgrounds.
“Analysts learn the tech on the job; what they must bring is business context,” he says.
That means understanding how factories, warehouses, contracts and flows fit into the holistic supply network. That is something that software alone is unable to do. In other words, AI can help you see risk, but it takes people to understand its context and consequences.
Adler’s insight reinforces this theme: good supplier risk intelligence isn’t only about dashboards, it’s about translating signals into decisions. He argues that leading organizations turn risk-monitoring into “early warning” systems that trigger strategy rather than just issuing alerts. It’s a shift from monitoring to proactive decision-making.
From there, leadership plays a pivotal role.
“The characteristic that distinguishes successful teams is a direct line to the experienced leadership team,” Rusher says.
Without executive sponsorship, modeling efforts can lack focus, resourcing or strategic relevance. The game isn’t building a big team, it’s building a nimble one aligned to strategic leadership, capable of using intelligence to shape decisions.
Augmentation, not autonomy
Rusher says AI is framing risk work rather than replacing it.
“AI should help humans make better decisions, not replace them,” he says.
Rusher notes that while AI is ideal for synthesizing unstructured data across suppliers, contracts, audits and certificates, it still lacks the standardized context to fully automate decisions in sensitive areas. This nuance is critical because in third-party risk management, you’re dealing with diverse industries, variable data, and high stakes.
“There just isn’t enough standardization yet for AI to safely make those calls,” Rusher says when discussing autonomous agentic AI in supplier risk.
Risk management professionals, by their very nature, are cautious and conservative. The idea that AI will overcome these habits is naïve—it won’t. But it doesn’t mean that AI doesn’t have a role. Adler highlights how supplier-risk intelligence is evolving from detection to prediction. He emphasizes that organizations looking ahead will use these systems to anticipate risk “like cyber breaches, litigation or M&A.” That forecasting ability lies at the intersection of human judgment and machine insight where AI gives structure to the messy, humans interpret the implications, and leadership acts accordingly.
The idea that AI will replace human caution, Rusher says, is naïve. “Risk professionals are not ready to tell the CEO the AI didn’t see the risk,” he says. That doesn’t mean AI lacks value. It means its value is in partnership, not replacement.
Moving from reactive to strategic
The final lens of the conversation is future-oriented: risk teams must go beyond compliance and reaction to resilience and strategy. Rusher frames it this way: “Third-party risk management isn’t an IT project; it’s an ongoing strategy.” The goal is not merely surviving disruption but strategically positioning the supply chain for advantage.
Adler reinforces the emerging expectation that rather than simply plugging gaps, leading firms will embed supplier-risk intelligence as part of network design, enabling scenario modeling, what-if simulations and dynamic decision-making. In other words, risk intelligence becomes a core business capability—not a side process.
For supply chain executives, the message is clear: the next wave of value lies in incorporating AI and other tech with the key human calculations that have guided third-party risk management for generations.
AI isn’t about removing humans from risk management—it’s about amplifying their foresight. “Companies still own their risk,” Rusher says. They just don’t have to do it alone anymore.
SC
MR
link
