HRDD risk assessment for supply chains

Male and female garment workers, Bangladesh

Human rights due diligence (HRDD) risk assessment is the process of identifying and prioritising the most severe risks to people across a company’s operations and supply chains. 

For many businesses, this is the most critical — and most challenging — step in due diligence. Without a clear understanding of where risks are highest, it is difficult to take effective action. 

This guide explains how to carry out a robust, risk-based assessment aligned with the UN Guiding Principles on Business and Human Rights (UNGPs), with a focus on practical application in supply chains. 

What is a human rights risk assessment? 

A human rights risk assessment identifies where a company’s activities may cause, contribute to, or be directly linked to harm to people. 

This includes risks in: 

  • Direct operations
  • Subsidiaries
  • Suppliers (across multiple tiers)
  • Business relationships 

The focus is on risks to people, not just risks to the business. 

This means prioritising issues based on: 

  • Severity of harm (scale, scope, and irremediability)
  • Likelihood of occurrence 

This is often referred to as identifying salient human rights risks

If you are new to HRDD, start here: 
What is human rights due diligence? 

Why risk assessment is central to HRDD 

Risk assessment underpins every other step of due diligence. 

It enables companies to: 

  • Focus resources where they are most needed
  • Design targeted prevention and mitigation strategies
  • Meet regulatory expectations for risk-based due diligence
  • Demonstrate credible, prioritised action 

Without it, due diligence efforts often become fragmented or overly reliant on generic tools such as audits. 

Step-by-step: how to conduct an HRDD risk assessment 

1. Map your operations and supply chains 

Start by building a clear picture of where your business operates and sources from. 

This includes: 

  • Key production countries
  • Supplier locations (Tier 1 and, where possible, beyond)
  • High-risk commodities or product categories
  • Labour-intensive stages of production 

Complete visibility is rarely achievable, particularly beyond Tier 1. The aim is to develop enough visibility to identify priority risk areas

2. Identify potential human rights risks 

Next, identify the types of risks that may occur across your operations and supply chains. 

Common supply chain risks include: 

  • Forced labour and modern slavery
  • Child labour
  • Unsafe working conditions
  • Excessive working hours
  • Restrictions on freedom of association
  • Discrimination and gender-based violence
  • Wage-related risks 

Use a combination of: 

  • Country and sector risk indices
  • Internal audit and compliance data
  • Supplier self-assessments
  • Civil society and trade union insights 

This stage should cast a wide net before narrowing focus. 

3. Prioritise salient risks 

Not all risks can be addressed at once. Prioritisation is essential. 

Under the UNGPs, companies should prioritise salient risks — those with the greatest potential impact on people. 

This involves assessing: 

  • Scale – how severe the harm could be
  • Scope – how many people could be affected
  • Irremediability – how difficult it would be to remedy the harm 

Likelihood is also relevant, but severity should take precedence. 

In practice: companies that try to treat all risks equally often struggle to make meaningful progress. 

4. Validate findings through stakeholder engagement 

Desk-based analysis has limits. 

To strengthen risk assessment: 

  • Engage workers directly, where possible
  • Consult trade unions and worker representatives
  • Draw on civil society expertise
  • Use grievance data to identify recurring issues 

Stakeholder engagement helps uncover risks that may not be visible through audits or data alone. 

5. Integrate findings into decision-making 

A risk assessment is only valuable if it informs action. 

Companies should use findings to: 

  • Prioritise supplier engagement
  • Allocate resources to high-risk areas
  • Adjust sourcing and procurement strategies
  • Inform training and capacity-building programmes 

This is where risk assessment connects directly to implementation. 

For next steps, see How to implement HRDD in your company 

Key challenges in supply chain risk assessment 

Limited visibility beyond Tier 1 
Many risks occur deeper in supply chains, where transparency is lower. 

Over-reliance on audits 
Audits can miss hidden or systemic issues, particularly where workers are reluctant to speak openly. 

Data gaps 
Reliable, up-to-date data may be difficult to obtain in some regions or sectors. 

Resource constraints 
Comprehensive mapping and engagement require time and investment. 

Recognising these challenges helps companies design more realistic and effective approaches. 

Good practice: what effective risk assessment looks like 

Stronger approaches to HRDD risk assessment typically: 

  • Use a risk-based, prioritised approach rather than a compliance checklist
  • Combine quantitative data with qualitative insight
  • Integrate worker voice and stakeholder input
  • Are regularly updated, not static
  • Are linked directly to action and decision-making 

Companies that embed these practices tend to produce more credible and actionable risk assessments. 

Linking risk assessment to supplier engagement 

Risk assessment should directly inform how companies work with suppliers. 

For example: 

  • High-risk suppliers may require deeper engagement and support
  • Lower-risk suppliers may be managed through lighter-touch approaches
  • Sector-wide risks may require collaboration with other companies 

This connection is critical. Without it, risk assessment remains theoretical. 

Explore this further: Supplier engagement and HRDD 

Getting started 

If you are developing or strengthening your approach: 

  1. Start with available data — do not wait for perfect visibility
  2. Focus on a small number of priority risk areas
  3. Combine internal data with external sources
  4. Engage stakeholders early
  5. Update your assessment regularly as new information emerges 

A practical, iterative approach is more effective than a one-off comprehensive exercise. 

Continue building your HRDD approach 

To go further: 
Human rights due diligence: a complete guide for business
How to implement HRDD in your company
Supplier engagement and HRDD 

These resources help translate risk assessment into practical action across your organisation. 

Moving from insight to action 

Risk assessment is the foundation of effective human rights due diligence. 

Companies that take a structured, risk-based approach — and connect it directly to decision-making — are better positioned to prevent harm, meet regulatory expectations, and improve outcomes for workers. 

The goal is not perfect visibility. It is clear prioritisation and informed action