Skip to content
Pillar 4

Why supplier qualification is not enough

Supplier qualification decides who may supply; it does not verify what is in a given lot. Why component integrity is a per-delivery question, and where CILM adds a lot-level layer.

Procurement runs on a question with a settled answer: is this a company we can work with? Supplier qualification exists to answer it. It examines whether a firm is legally sound and financially stable, whether it holds a working quality-management system and the right certifications, and whether it is disciplined in how it stores parts, manages its own contractors, and resolves complaints. The output is a place on the approved-vendor list. That question is necessary, and no functioning procurement system operates without an answer to it.

It is not, however, the question that a delivery poses. When a lot arrives on the dock, the operative question is narrower and more physical: what is actually in this box, and can its identity, condition, and origin be supported well enough for the use intended? Qualification does not answer that, because it was never designed to. The two questions are related, but they are not the same, and the distance between them is where Component Integrity & Lifecycle Management (CILM) does its work.

Qualification grades the company, not the lot

A supplier audit asks the right things of a company: financial stability, a quality system, defined warehouse processes, control over subcontractors, a delivery record, a way of handling claims. Every one of those is worth knowing, and together they decide whether a supplier belongs on the list. None of them describes tomorrow’s shipment.

This is not a defect in the audit. It is the natural limit of what an audit examines. Qualification studies the organisation; lot verification studies the physical goods; they are different objects of analysis. A company can be financially solid and well run while one specific shipment has no clear origin story. Its certificates remain valid even if a lot was repackaged in transit. Its delivery metrics stay strong even if the paperwork covers only part of what is in the box.

The consequence is a rating that can hold steady while the risk carried by a single delivery rises. Dashboards report the company: financial health, on-time performance, certification, capacity. None of those indicators moves when one lot arrives with a broken provenance, and the failure, when it comes, does not appear at the company level. It appears in a specific physical component drawn from a specific lot.

A well-run supplier can still ship a compromised lot

The common assumption is that a reliable supplier yields a reliable part. In practice a supplier can act in good faith at every step and still deliver a problematic batch, because the batch is assembled under pressures that qualification does not see.

The mechanics are ordinary. A supplier facing an urgent order has an incentive to fulfil it and protect the margin on it; to close a shortfall, it may buy a few missing reels from a broker. The broker, whose incentive is to move stock, passes along documents it received from a prior owner. The prior owner’s storage conditions are unknown. Each move is standard commercial practice, and the resulting lot now carries a fractured origin that no single participant set out to create.

Consider an illustrative and hypothetical case drawn from the author’s series in Supply Chain Management Review. Several lots of multilayer ceramic capacitors clear standard incoming inspection. The documents look normal. The supplier’s risk score stays high and silent. Months later the field-return rate begins to climb, and when the parts are finally isolated they turn out not to be crude counterfeits at all. They are misrepresented goods: a lower commercial grade, refurbished units, or a lot whose storage history had already stressed the ceramic before assembly. Standard inspection catches obvious signals, a wrong label or a missing certificate; a part with a false backstory can read as normal until it fails downstream. Supplier qualification cannot recover that case, because the evidence needed to catch it was never at the company level. It was at the lot level.

Integrity is a property of the lot

Two shipments from the same trusted supplier can carry entirely different risk.

The first comes directly from the maker. Its origin is known, the route is clear, the packaging is original, and the storage conditions are documented. Traceability is intact. The second carries the same part number and the same supplier name, but its history is assembled rather than continuous: patched together from leftovers, routed through an intermediary, repackaged, and shipped with documents that in fact apply to only a fraction of the units. How it was stored is unknown.

The invoice shows one supplier. The evidentiary history of the two lots is not comparable. That is what it means to say integrity is a property of the lot rather than the supplier. A supplier has a legal status, a reputation, and a track record; a lot has an origin, a chain of custody, a physical condition, and its own specific paperwork. Confidence in a company lowers the baseline, but confidence does not generate facts about a particular reel of capacitors. The operative questions stay attached to the batch: where did it come from, was it kept whole, who held it before, was it repackaged, and do the documents match these physical parts.

The structural blind spot

Qualification is strong on the things that change slowly: legal standing, finances, the competence of staff. Its blind spot is structural rather than accidental, and it falls on the variables that change from one delivery to the next.

A supplier audit is periodic; deliveries are continuous. In the interval between two audits a supplier can change how it sources, merge inventory across orders, move to a different warehouse, or accept paperwork that reads correctly but covers half a shipment. None of that necessarily raises an alert in a qualification system, because qualification is not sampling the stream of lots; it is sampling the company at intervals. The gap between the two cadences is permanent, and it is exactly the interval in which a misrepresented lot passes unremarked.

Origin is not the point of detection

There is a second disconnect, and it is the one most systems are not built to see: the place where a suspect part enters a supply chain is almost never the place where it is caught.

A suspect component can enter through an intermediary, sit in a warehouse, clear a routine incoming inspection, reach a production line, and reveal itself only once the finished product is in service. The organisation that finally detects the problem is rarely the one that introduced it. Reporting data makes the pattern visible. According to ERAI’s 2025 data, most reports come from the parties that actually examine the physical lot: independent distributors (48.26%) and third-party test laboratories (32.17%) together account for roughly four in five, while original component and equipment manufacturers together account for under five per cent (4.02% and 0.94%). That distribution does not show where problems begin. It shows where someone tested the lot. The same data records 61.39% of reports as international against 38.61% United States-based, consistent with goods that cross several hands before they arrive.

An authorised channel lowers risk without removing verification

Authorised channels are valuable precisely because they keep a clean line of sight back to the original maker. That value is real, and it is also frequently overread into a licence to skip lot verification.

Availability through an authorised channel is not the same as assurance. ERAI’s 2025 data shows that counterfeiters do not confine themselves to rare or obsolete parts: obsolete devices were the largest reported group (60.02%), but active components, including parts readily available through authorised channels, still made up 36.15%. When a lot arrives without traceability to the maker, verification and authentication testing are the expected response, and SAE AS6171 sets out test methods for that situation (see the publisher for scope). This does not displace supplier qualification. It answers a different question: what to do when the paper trail thins.

The psychology of transferred trust

Relying on supplier qualification alone produces a predictable failure mode, and it is behavioural before it is technical.

Consider an illustrative and hypothetical pattern. A supplier has worked with the buyer for years, with a clean record, competent management, and orderly documentation, and now a lot is needed urgently. At receiving, the familiar name lowers the level of vigilance almost automatically. The team checks marking, quantity, appearance, and the main documents, but it does not separate the lot from the general flow, does not attempt to reconstruct its history, and does not ask where the supplier obtained this particular stock. Later it emerges that the supplier closed the shortage through a side channel, or merged units from several leftover lots, or did not itself know that part of the lot had been stored and repackaged in an unknown place.

The root failure here is not technical. It is the transfer of past experience with a company onto a new and unverified lot, a human judgement standing in for evidence about the hardware. Stated plainly: when a receiving function begins to check its own confidence in the supplier rather than the goods in front of it, inspection stops being a regulated professional procedure and becomes a formality.

What lot verification actually asks

If qualification examines the company, lot verification examines the delivery, and it does so through a set of questions that are specific to the batch and therefore invisible to an audit. The questions are not exotic. They are the ones a qualification record has no place to hold.

The first concerns origin: where did this particular lot come from, and can the route from the maker to the dock be reconstructed rather than assumed. The second concerns custody: who held the goods before this supplier, and whether any intermediary handled or repackaged them. The third concerns composition: whether the shipment is a single lot or several lots merged, since a merged shipment can pass a small sample while carrying a different population elsewhere in the box. The fourth concerns the parts themselves: whether any date code, grade, or marking was altered, and whether the physical condition is consistent with the claimed history of new or unused goods. The fifth concerns storage: how long the parts were held and under what conditions, since a genuine part degraded by moisture or heat is a reliability problem even where no fraud exists. The sixth concerns documents: not whether a certificate is present, but whether the full set of documents describes one realistic lot and matches the physical goods in front of the inspector.

None of these can be resolved by knowing that a supplier is financially sound and certified. Each is a property of the shipment, established from the evidence attached to it, and the depth of the check is set by what that evidence leaves open rather than by the supplier’s standing. A lot with intact traceability to the maker leaves few of these questions open; a lot assembled from open-market stock leaves most of them open, and the verification effort scales accordingly.

Where CILM fits

The argument running through the author’s Supply Chain Management Review series comes down to separating two decisions that most systems merge. Can we do business with this company, and can this specific lot be trusted? The first is answered well by existing tools. The second is answered barely, and it is where reliability failures actually originate.

CILM does not propose scrapping supplier qualification. Qualification is an admission filter: it decides who may supply, and it remains an essential baseline. CILM adds a control at the level of the individual lot, reading its origin, custody, any mixing or repackaging, its storage, and whether the physical part matches its documents. How deeply a lot is examined then follows the evidence attached to that shipment rather than the name on the invoice. This is why the contribution is best understood as an additional layer, not a replacement: the two mechanisms answer different questions, and a functioning production system needs both.

Information gain

The explicit separation of supplier risk (a periodic, company-level question) from component integrity (a per-lot question), and the point that where a suspect part enters a chain is almost never where it is detected — argued from the author's Supply Chain Management Review series rather than restated from vendor-management guidance.

Author contribution

The author's own SCMR case of misrepresented MLCC lots that cleared standard incoming inspection and surfaced only as field returns, and the transferred-trust failure mode observed at receiving since 1998, framed as lot-level verification added to, not replacing, supplier qualification.

Claims and sources

  • According to ERAI's 2025 data, most reports come from parties that examine the physical lot: independent distributors accounted for 48.26% and third-party test laboratories for 32.17%, while original component manufacturers (4.02%) and original equipment manufacturers (0.94%) together accounted for under 5%.

    Verified Source: ERAI 2025 Annual Report
  • In ERAI's 2025 data, 61.39% of reports originated internationally and 38.61% from the United States.

    Verified Source: ERAI 2025 Annual Report
  • In ERAI's 2025 data, obsolete parts were the largest reported group (60.02%), while active components, including parts readily available through authorised channels, made up 36.15%.

    Verified Source: ERAI 2025 Annual Report

FAQ

Does a qualified supplier guarantee a good lot?

No. Qualification establishes that a company is sound enough to work with. It does not establish the origin, condition, or consistency of a particular delivery, which is where a reliability failure actually appears.

If a supplier is on the approved list, why re-examine every lot?

Because the approved list is a judgement about the company, renewed periodically, while lots arrive continuously. Between two audits a supplier can change how it sources, merge inventory, or repackage goods, and none of that necessarily registers in a qualification record.

What can a lot carry that supplier qualification cannot see?

Its specific origin, its intermediate owners, whether several lots were merged, whether it was repackaged or remarked, how long and under what conditions it was stored, and whether its documents describe the physical goods actually in the box.

Does buying through an authorised channel remove the need for verification?

It lowers risk by preserving traceability to the maker, but it does not remove verification. ERAI's 2025 data shows active parts available through authorised channels are still reported, so availability is not the same as assurance.

What is the difference between supplier risk and component integrity?

Supplier risk is a company-level question reviewed on a schedule. Component integrity is a lot-level question posed by each delivery. Most control systems answer the first well and the second barely.

Where does CILM sit relative to supplier qualification?

Qualification is an admission filter that decides who may supply. CILM adds a control at the level of the individual lot. It is an additional layer, not a replacement; a working system needs both.

References