Post by Craft.co

Two suppliers, both flagged for foreign ownership exposure, run through the same weighted scoring matrix your team has relied on for years. Supplier A comes out at 20/100 — moderate exposure, one small Chinese equity stake. Supplier B lands at 70/100 — heavier FOCI indicators across multiple data points. By every signal the model produces, Supplier B is the problem you need to solve. Except Supplier A holds a sole-source contract for critical government technology, and buried in their cap table is a golden share, a strategic equity stake conferring veto rights, board seats, and outsized governance control to a foreign investor. Supplier B, examined in context, turns out to be commodity hardware with passive investors and no IP exposure anywhere in the program. The score didn't fail because the weights were mis-calibrated or the methodology was outdated. It failed because every investigation surfaces new nuance the matrix wasn't built to hold — and the score always needs another weight added after the fact. You're not calibrating a model. You're chasing your own analysis with a scoring system that will never catch up. Bruce Jansa has been writing about what actually makes risk analysis defensible and actionable, and why the answer isn't a better scoring model. Check out his latest blog post here: https://lnkd.in/eqcuq_AY #supplychainrisk #governmentcontracting #riskmanagement