Certificates of Insurance (COI): Collecting from Suppliers for Risk Mitigation • Does your company collect COIs annually from your suppliers? • What criteria do you use to determine from which suppliers to collect COIs annually? Are there industry benchmarks for this?

You should work closely with the person in charge of Risk Management in your company to better understand the types of risks that come with your supply base and your company's appetite for risk. Understanding the COI content and implications are also critical for procurement (for example: there is a significant difference between being a certificate holder and being named an additional insured). Depending on what you're sourcing, you might only need to renew the certificate once a year, but if you're buying CAPEX (equipment and services), you will likely need to request one every time you engage with your supplier as the coverage requirements might be different each time. There are companies and software that can help you with the collection and management of the COIs.

In my past (multiple industries) the effort expended on collecting COI's has been very much driven by the level of risk. For high liability risk suppliers that come on our site (e.g., construction), absolutely we would collect COI's annually. For a low risk supplier, such as an independent contractor working from home, we would request the COI at vendor setup but likely would not follow up for annual renewals. It really comes down to the level of risk you feel comfortable and the corresponding amount of effort you want to put into follow ups. I would suggest creating a simple risk matrix of probability of an event requiring insurance vs. expected payout / damages to identify those categories of spend that represent the highest risk and help you decide where you want to draw the line