A bill of materials is usually treated as a shopping list: part numbers, quantities, reference designators. But if you look at a BOM through a supply chain lens rather than a design lens, it becomes a risk map — and most BOMs are carrying more risk than anyone realises until something goes wrong.
This post walks through how to audit a BOM for supply chain vulnerabilities before they become production emergencies. It’s the kind of analysis that takes an afternoon and can save you months of firefighting.
The Three Categories of BOM Risk
Supply chain risk on a BOM falls into three broad categories: availability risk (can you actually get the parts?), lifecycle risk (will you be able to get them in 12 months?), and concentration risk (are you overly dependent on a single source, supplier, or geography?).
Most procurement teams track availability — that’s what happens naturally when you try to buy parts. Fewer teams systematically track lifecycle and concentration risk, which is where the painful surprises come from.
Availability: Beyond “In Stock”
Checking stock levels on a distributor website gives you a snapshot, not a forecast. A part showing 10,000 units in stock today might be allocated next month if a large OEM places a blanket order. To assess availability risk properly, look at several factors together.
Stock depth vs your demand. If your annual usage is 5,000 units and the total market stock across major distributors is 8,000, you’re competing with every other buyer for a thin pool. That’s a risk even if the part shows “in stock” right now.
Lead time trends. A part with a 4-week lead time is in a very different position than one quoting 26 weeks. More importantly, look at the trend — is the lead time growing? That often signals tightening supply before stock levels visibly drop.
Number of stocking distributors. Parts stocked by five major distributors are inherently less risky than parts only available from one. If a part is only stocked by a single distributor, you’re one allocation event away from a problem.
Lifecycle: Read the Signals
Every component has a lifecycle: introduction, growth, maturity, decline, and end-of-life. The challenge is that manufacturers don’t always signal where a part is in this arc until the formal EOL notice, and by then your options are limited.
There are leading indicators you can watch. “Not Recommended for New Designs” (NRND) status is the clearest signal — the manufacturer is telling you this part has a limited future. Parts that have been in production for 15+ years without a refresh are statistically more likely to face EOL in the near term. Parts from manufacturer families that have been acquired or merged should also get extra scrutiny, as the acquiring company often rationalises overlapping product lines.
For each line on your BOM, check the lifecycle status on the manufacturer’s website or through your distributor. Flag anything that isn’t clearly “Active” and investigate further.
Concentration: The Single-Source Trap
Single-source parts are the ones that keep procurement managers awake at night, and for good reason. If there’s only one manufacturer in the world making a specific IC, any disruption to that manufacturer — factory fire, natural disaster, geopolitical issue, or strategic decision to exit the market — leaves you with no alternative.
Map each line on your BOM to the number of qualified manufacturers. Any part with only one manufacturer should be flagged. Parts with two manufacturers are better but still warrant attention — can you actually qualify and use both sources?
Geographic concentration matters too. If your BOM is heavily weighted toward parts made in a single region or country, you’re carrying geopolitical and logistical risk even if the parts themselves have multiple sources.
How to Do the Audit
Here’s a practical process you can run against any BOM in an afternoon:
Export your BOM to a spreadsheet. For each unique part number, add columns for: lifecycle status, number of manufacturers, distributor stock depth, current lead time, and an overall risk rating (green, amber, red).
Use distributor websites, manufacturer product pages, and parametric search tools to fill in the data. Automated tools can speed this up considerably — our BOM Risk Analysis tool, for example, checks DigiKey stock, pricing, lead times, and lifecycle status for a list of part numbers in one go.
Score each part: Green for active parts with healthy stock from multiple sources. Amber for parts showing early warning signs — long lead times, NRND status, low stock, or single-source. Red for parts that are already end-of-life, out of stock with long lead times, or sole-source with no qualified alternative.
The output is a prioritised action list. Red items need immediate attention — start sourcing alternatives or securing buffer stock now. Amber items go on a watch list with review dates. Green items can be left alone but should be rechecked periodically.
Make It a Habit
A BOM risk audit isn’t a one-time exercise. Supply chain conditions change constantly. Run the audit at least quarterly for active production BOMs, and any time you’re starting a new design. Build the risk columns into your standard BOM template so the data is maintained as a living document rather than a periodic snapshot.
The companies that handle supply chain disruptions best aren’t the ones with the most luck — they’re the ones who saw the risk early enough to act before it became a crisis.
Want to run a quick risk check on your BOM? Try our free BOM Risk Analysis tool — paste your part numbers and get instant availability, pricing, and lifecycle data. For any parts flagged as at-risk, request a quote from ICCorders and we’ll help you find what you need.