Dependency Risk Analyzer
Maps business dependencies on suppliers, clients, platforms, and key personnel. Scores each dependency by concentration and impact severity, then identifies single points of failure that require mitigation.
Risk - Dependency Risk Analyzer.xlsx
Excel (.xlsx) — No macros — Works in Excel, Google Sheets, LibreOffice
What This Spreadsheet Solves
- Single-client or single-supplier concentration goes unmonitored
- Key-person dependencies create hidden operational risk
- Platform lock-in risk is not quantified until a disruption occurs
- No prioritized list of dependencies requiring diversification
- Revenue or cost impact of losing a critical dependency is unknown
Who This Is For
- Business owners assessing operational risk exposure
- Risk managers cataloging and prioritizing organizational dependencies
- Supply chain managers evaluating vendor concentration
- Board members reviewing strategic risk profiles
Inputs
- textDependency Name
- textDependency Type (Supplier/Client/Platform/Personnel)
- $Revenue or Cost Tied to Dependency
- #Substitution Difficulty (1-10)
- #Impact if Lost (1-10)
Outputs
- Dependency risk score per item
- Single point of failure (SPOF) map
- Concentration percentage by dependency type
- Prioritized diversification action list
- Total revenue/cost at risk from top 3 dependencies
How Calculations Work
Each dependency receives a risk score calculated as (revenue or cost share percentage) multiplied by (substitution difficulty) multiplied by (impact severity), normalized to a 0-100 scale. Dependencies scoring above the SPOF threshold are flagged as single points of failure. Concentration is measured by summing the revenue or cost percentage tied to each dependency type. The action list ranks dependencies by risk score descending, with recommended mitigation actions.
Example Use Case
Scenario: Five dependencies: primary client (42% of revenue, substitution 8, impact 9), main supplier (65% of materials, substitution 7, impact 8), AWS hosting (100% of infrastructure, substitution 6, impact 10), CTO (sole technical leader, substitution 9, impact 9), payment processor (100% of transactions, substitution 4, impact 10).
Result: SPOF flags: AWS hosting (score 88), payment processor (score 72), CTO (score 81). Client concentration: 42% revenue at risk. Supplier concentration: 65% of materials from one source. Top 3 dependencies put $680,000 annual revenue at risk. Priority action: cross-train a second technical lead and evaluate secondary hosting provider.
What You Get — 5 Sheets
Technical Details
Frequently Asked Questions
What score threshold defines a single point of failure?
Default SPOF threshold is 70 out of 100. Dependencies above this score have high concentration, are difficult to substitute, and would cause severe impact if lost. Adjust the threshold in CONFIG based on your risk tolerance.
How do I rate substitution difficulty?
Consider: how long would it take to find and onboard a replacement? 1 means instantly replaceable with many alternatives. 10 means months of transition with few or no alternatives.
Should I include internal dependencies like key employees?
Yes. Key-person risk is one of the most common and overlooked single points of failure. Rate them using the same criteria as external dependencies.
How often should the dependency map be updated?
Quarterly or after any significant change (new major client, supplier switch, key hire/departure). Dependencies shift as the business evolves.
What mitigation actions are typically recommended?
Common actions include: qualifying a secondary supplier, cross-training staff, diversifying the client base, implementing multi-cloud or multi-platform strategies, and documenting key-person knowledge.
Download Dependency Risk Analyzer
Ready to use immediately. Enter your data in the INPUT sheet, see results in OUTPUT.