Now that we’ve carefully explained that you’re just not up to the task of preventing a black swan event, hopefully you have made risk management a priority. So, to help you understand, at a high level, what this is, we’re reprinting this classic post from 2010. Most of the articles out there get the basics wrong, but if you get them right, it’s not that hard to do a decent job (especially if you get a good platform to help you out). Enjoy!
Not only is supplier risk at the forefront of thought these days, but articles on it are at the forefront of online publications as well, including this recent article in Supply Chain Digest on the key drivers of successful supplier risk management. However, most of the articles miss the point.
For example, according to this article, the trick to successful supplier risk management is to:
- engage top-level management,
- segment suppliers based on relative risk,
- rigorously measure and manage risk,
- give category managers tools and training, and
- collaborate with key suppliers.
Which is all good advice that is fine and dandy, but it misses the point. Risk management is all about identify risks, identifying mitigations, monitoring risks, and executing mitigations at the appropriate time. Management support is important, but it doesn’t have anything to do with risk identification or mitigation. Segmentation is a good tactic as more attention needs to be placed on suppliers which represent more significant risks, but again it has nothing to do with risk identification or mitigation. The same goes for giving category managers tools and training. Collaboration is relevant only if the mitigation requires collaboration. In other words, in this list, the only key driver is the “rigorous management and mitigation of risk”.
The reality is that success depends on your ability to ADMIRE the situation. Specifically, the ability to:
- Ascertain the risks,
- Define the risks that could cause significant damage,
- Monitor those risks,
- Identify appropriate mitigations,
- React when signs of the risk begin to materialize, and
- Engage the supplier when collaboration is required to mitigate the risks and
- rinse and repeat
That’s it. But don’t forget the rinse and repeat. The biggest risks today are not the biggest risks tomorrow, so you always have to be actively engaged in risk management. Always. And since there are always more risks than you can actively address and mitigate, at any particular time you need to focus on the major ones (but still monitor for, and evaluate, the rest and as soon as they become likely or potentially costly, elevate the priority so that a mitigation plan is prepared in time).