In modern supply chains, supplier risk is no longer limited to supply disruptions or quality lapses and also includes legal, financial, and brand risk, as evidenced by recent catastrophes which have caused unequalled harm of a preventable nature to pets and people alike. Nor is supply risk limited to products, as approximately 80% of the US economy is now driven by service industries. Risks need to be managed, as highlighted in a recent Supply Chain Management Review article on Coming to Grips with Supplier Risk.
Furthermore, they need to be managed counter-intuitively. According to the article, there are three situations where this is the case:
- Amount of Spend does not Matter
Many supply management organizations sort their suppliers by descending spend and focus their attention on the top 20% of suppliers that make up 80% of the spend. But low spend suppliers can be a source of significant risk as well. A cheap part in an expensive engine can cause the engine to fail. Data theft (enabled) by (the poor security practices of) a small IT provider can cause irreparable damage to a retailer’s brand, and lead to lawsuits. - Return on Risk Management can be Tough to Measure
There’s no measurable return until the risk materializes and you can quantify the avoided loss. Until then, it’s only possible to estimate the impact using a metric that takes the probability of the risk and the expected magnitude of the loss. - You Will NOT Be Fully Prepared for Some Risk Events
Even the most successful risk management programs only reduce the impact of a risk, they do not eliminate it.
So where do you start? As I hinted above, start by graphing the probability of occurrence vs. the expected impact of each risk. The greatest risks are those with a high probability of occurrence and a large expected impact.
The result of this first step is a prioritized list of risks that need to be addressed in the sourcing process, which starts with Supplier Qualification. In this phase, a supplier is researched to determine whether or not it has adequate controls in place to address the identified risks. If it does, requirements are laid out that a supplier has to agree to before it is allowed to participate in the negotiations.
The qualification phase should also involve the creation of centralized, systematic, and readily accessible records of suppliers, products, and verifiable certifications. This augments a supplier risk database that provides a searchable repository of supplier risk profiles, as well as documented audit trails to show that the risks have been assessed, that controls have been developed, and that the supplier has the necessary certifications.
After a supplier has been selected, risk management proceeds with supplier performance monitoring. This not only helps to ensure the strength and safety of the supply chain, but it also identifies potential risks in supplier performance and compliance and makes it easier to identify problems before they occur.
Supplier performance monitoring makes it possible to set baseline goals, to tie those to performance scores, and to create alerts if those goals are not met. It also means that companies can identify not just when a target is missed but whether key milestone dates are not met, which would flag an impending problem. Monitoring also allows suppliers to provide feedback to the supply management organization in order to enhance collaboration. Suppliers can monitor their own performance against company goals and objectives.
Once monitoring is in place, the next phase of risk management is collaboration which goes beyond simply identifying the symptoms of a problem to determine its root causes. This allows a company to reduce future risks and maximize the value of its relationship.
So what do you need to do? According to the SCMR article, you need to:
- Ensure the Right Focus
Focus on the big risks and the benefits of risk management. - Engage Stakeholders
This will help ensure you see the big picture. - Align Suppliers with Program Objectives
If your suppliers are not on board, your efforts will be wasted. - Capture Immediate Benefits
Early benefits enable buy-in. - Leverage Enabling Technologies
Enabling technologies, such as e-sourcing, contract management, and collaboration solutions can help improve a program’s efficiency and effectiveness.
In addition, be sure to keep the Supplier Risk Management Framework, as discussed in the iBX Purchasing Transformation Blog, in mind. It captures the basics you need to keep in mind when identifying risks, selecting partners, and implementing risk mitigation strategies.