Source-to-Pay+ is Extensive (P17) … Time to Break Down the CORNED QUIP of Supplier Management, B-Side

Having identified Supplier Management as the next solution after Spend Analysis, we quickly realized that identifying the right Supplier Management solution would be difficult as supplier management has as many aspects on its own as Source-to-Pay has. Not only do we have to decide which core capabilities in the CORNED QUIP mash are important to our organization, but we have to make sure that the solution covers the baseline requirements for each capability that is important.

In our last post, Part 16, we reviewed three (3) classic features of Supplier Management. Today we will look at the next three (3) in the hopes that when we provide you a list of vendors later in this series, you will have the basic information you need to properly evaluate the vendors that choose to return the RFP that you send to them. Let’s get to it.

Compliance Management. (GRC)

Supplier Compliance Management (SCM) address the compliance, and often the Governance-Regulatory_Risk-Compliance, aspects of the supply base in an effort to ensure compliance from the source. In today’s ultra-complicated global regulatory environment, it’s hard to keep on top of everything a company has to be in compliance with from a product and operational perspective, especially when it produces goods in one country, transports through intermediate countries (which require strict compliance with ALL local laws if you are not transporting through a FTZ), and then sells the product in ten other countries. This is where you either need a huge amount of manpower, or technology. Plus, while some violations amount to nothing more than a small fine (which is often cheaper than hiring the manpower to dot the i’s and cross the t’s), violating anti-trust, human trafficking, banned substance, or debarred/prohibited/banned companies can land an organization, and in some countries its C-Suite, in major trouble. For many companies, this is one of the most overlooked, but critical, elements of supplier management.

Integrated Regulatory Requirements & Guidance
The entire point of a compliance solution is to ensure that the suppliers are complying with appropriate government regulations to ensure that the organization doesn’t get in trouble for something a supplier did (which the organization can get in trouble for if the supplier has slavery or human trafficking in their supply chain, uses banned substances in the product, engages in bribery, and so on). The providers of the solution should be extremely familiar with the regulations in each country their solution supports, should encode all of the information that needs to be tracked and checked, and should capture all of the information needed to ensure the suppliers are being compliant with the necessary regulations, based upon the buyer’s geography, the supplier’s geography, and the products the supplier is making on behalf of its buyers.
Automated Tracking and Alerts on (Potential) Non-Compliance
A buyer doesn’t have time to log in to a system everyday to check what’s going on with current suppliers and current projects, nor should they have to manually update reports and status checks. The system should automatically be pulling in all necessary data for monitoring from both internal and external systems at the frequency those systems are updated (although more often then daily is typically not necessary if the system the data is being pulled from updates the public / available data more than once a day), updating the affected models and status checks at each pull, and immediately alerting the buyer through email, messaging service, and/or any internal project management system the buyer logs into daily (through an API integration) if a supplier is in non-compliance with a critical regulatory requirement (that could get the buying organization into hot water).
Custom Regulatory Requirement Support
No SCM solution is going to support every regulation out of the box, especially if it is both industry and locale specific to just one country that the majority of the provider’s client base doesn’t do business in. However, if your organization does business in that country and is subjected to that regulation, you need to ensure compliance, and you don’t want to use another tool to do so. Thus, it’s critical that the platform support the definition of additional regulations, the requirements that need to be tracked, the data that will indicate compliance or non-compliance, and where that data will come from. Then, the platform can be extended to meet all of the organization’s compliance needs.

Quality Management.

If all a company (like a retailer) is buying is commodity goods or fixed services, and one supplier can quickly be switched out for another, quality management may not be that important. However, if a company is reliant on selling custom, or customized, manufactured goods or systems, quality is critical. If the organization gets a reputation for selling products that don’t work, or if the warranty costs skyrocket, the company could be in serious financial trouble. Internal Supplier Quality Management (SQM), vs relying on a supplier or a third party, is critical.

Support for at least one major PIP: Six Sigma, Kaizen, PDCA etc. (PIP: Process Improvement Paradigm)
Quality doesn’t just happen, it’s the result of a best-practice manufacturing process such as Six Sigma, Lean, Kaizen, or PDCA (Plan, Do, Check, Act). (There are more.) A good quality management platform will support at least one of these process improvement paradigms, and preferably support the PIP typically used by your organization and/or your preferred suppliers. (It should support multiple paradigms, but no one platform will do everything.) It should be easy to instantiate instances of the process and customize it for the project at hand.
Support for at least one major vertical specific Quality process: APQP, DFSS, 8D, etc.
In some verticals, and/or for some suppliers, you will need to use very specific quality-based manufacturing processes such as Advanced Quality Product Planning, Design for Six Sigma, or Eight Disciplines. These processes are used for particular products and need to be supported for the design, or analysis post-design / prototype manufacturing, to try and discover what didn’t work as planned. The processes should also be customizable for variances used by the organization.
Quality Specific Metric Based Tracking and Benchmarks
It should allow for the definition and tracking of metrics specific to quality, as well as the creation of organizational benchmarks by supplier and category, and pull in any necessary data from other systems — the user should not have to punch out to a performance management application just for this. If you can’t track quality improvements, or lack thereof, then you can’t actually manage quality.

Uncertainty Management. (Risk)

Supplier Uncertainty Management (SUM) is the next generation of a supplier risk management solution. Why uncertainty? Firstly, by the time you detect a “risk“, it could be too late. If you don’t see that iceberg until it’s too late to steer the ship, you’re going down. The key to success in risk management is to identify uncertainty, detect leading indicators, investigate, and, if necessary, initiate action early. And while you may get a lot of warnings that don’t require any (immediate action), it’s better than not getting that one warning that the one critical control chip that can only be made by that one supplier is not going to materialize in six weeks because the supplier’s plant was just shut down by a fire (that they decided against telling you about). In this situation, you’re going to need every single day you can get to identify substitute designs and chips you can order from other suppliers to create alternate, acceptable, products to fulfill your orders or risk losing customers. Secondly, SRM is already taken as an acronym. (Note that, over time, a good solution will allow you to adjust the thresholds and the warnings the solution produces so that the majority of alerts you get actually need some sort of [immediate] action.)

Low-Code/No-Code Open API Based Data Integration
The old age that you can’t manage what you can’t measure is true, and it’s doubly so where risk or uncertainty is involved. You need a lot of data, metrics on that data, benchmarks and historical trends to compare against to detect uncertainty before it becomes certain disruption. And it doesn’t matter how many data feeds are “out-of-the-box” because they will never, ever, cover everything you need now and definitely will never, ever, ever cover everything you will need as new regulations arise, new suppliers enter the picture, new software products enter your corporate ecosystem, new events happen in the world, and so forth. You need to be able to quickly and easily integrate the data you need when you need it, dynamically extending the schema as necessary to support it and altering the uncertainty detection models as needed to take the new data into account.
Built-In and Custom Metric-Based Risk Models
It’s hard to detect a potential issue before it occurs without a lot of data, and models that appropriately process that data to identify trends or patterns that have typically (with reasonably high probability) led to disruptions in the past when those trends or patterns emerged. And it’s harder still to create those models if you just don’t have the expertise in risk-based modelling. As a result, the platform should come with a number of standard, built-in, models for the industry you’re in relevant to you and your tier 1 suppliers. However, every organization’s situation is slightly different in terms of its geographic location, size, primary customer market, primary supply market, reliance on certain products or manufacturers, reliance on certain raw materials, and so on. So, while each company in an industry will generally face the same risks, the probability of a specific event occurring, or risk materializing, will be different. As a result, many of the models will need to be tweaked. Furthermore, if the company is introducing a new product type or line of business, that could come with unique risks, the organization may need a custom model built from scratch. Plus, as new regulatory requirements, good and bad, rear their ugly heads, it’s important to identify which suppliers could be at risk of not being able to meet them in time so that the organization can either proactively work with those suppliers to address the new regulatory requirements or find new suppliers. Flexible modelling is everything.
Semantic and Sentimental News and Event Monitoring (Integration)
Not all relevant data for identifying uncertainty in the supply chain, or supply base, is numeric. Some of it is semantic, and contained in news stories about events that directly impact the supplier or indirectly impact its customers in other countries. If a flood takes out the local power station, it’s out of operation until the flood subsides and the power station is repaired. If that’s two weeks, and it takes the supplier two weeks to minimally repair its plant and start production again, the supplier is out for a month. If you were expecting your order in five weeks, it’s not happening. A border closure for political reasons will cut off your supply, and if you’re the only foreign customer in your country, the supplier may not be aware until it tries to ship. Semantic news and event monitoring is critical, either internal to the product or through a subscription service. Also, if sales are highly dependent on brand perception, semantic monitoring of social media is highly critical because if brand perception drops, sales will drop, and the organization will have to quickly reduce future orders or get stuck with excess inventory, which it will lose out on when it has to fire-sale that inventory to avoid (environmentally damaging) dumping.
Customizable Alerts and Triggers
The models need to be continuously re-run as relevant data enters the system (which should be daily) and the user alerted to a change that is significant or exceeds a threshold. Rush fans have known for forty (40) years that a distant early warning is key because that’s just the tip of the disaster iceberg. Moreover, the organization should be able to define it’s own thresholds and change tolerance as its experienced engineers and product managers will know when they should at least be taking a quick look behind the curtain to see if it’s just a temporary loop or the beginning of a downward spiral that needs to be intercepted and prevented.

In our next instalment, Part 18, we’ll move on to some of the newer, or at least broader, capabilities emerging in the Supplier Management landscape.