Source-to-Pay+ Part 7: Multi-Tier Risk

In Part 1 we noted that Risk Management went much beyond Supplier Risk, and the primitive Supplier “Risk” Management application that is bundled in many S2P suites. Then, in Part 2, we noted that there are risks in every supply chain entity; with the people and materials used; and with the locales they operate in. In Part 3 we moved onto an overview of Corporate Risk, in Part 4 we took on Third Party Risk (in Part 4A and Part 4B), in Part 5 we laid the foundation for Supply Chain Risk (Generic), and then in Part 6 we addressed a major supply chain risk: in-transport.

As part of (generic) supply chain risk, we highlighted multi-tier risks that arise when multiple suppliers need to process materials, make sub-components, build components from those sub-components, and then assemble those components to make your product. When it takes 10,000 suppliers to make your product (which is the case with some complex electronics products), the risks are beyond what most minds can comprehend. Multi-tier risk management systems for direct supply chains must address a number of specific requirements outlined in Part 5.

Capability Description
Connections & Relationships It is incredibly important to keep track of all of the connections in the supply chain, not just the links that represent the paths of raw materials from the source into the products that your tier 1 suppliers supply you. You need to know who else your suppliers supply, any risks that poses to you (if your competitors have more influence and can steer the direction, process, and quality of the supplier); who supplies your suppliers, any risk that poses to them, and thus to you; who owns your suppliers, and any risk that creates to your organization in different countries of operations due to sanction lists; and who your suppliers contract out too, and any risks that may pose.

It is thus critical that a multi-tier supply chain risk management solution support connection graphs that can be re-oriented around any entity at any time for a quick inspection of risks posed by that entity and all entities it may in turn affect. It is also critical that the solution support drill-in at each entity for deep insights and analysis.

Bill-of-Materials The platform must support multi-level bill of materials (BoM) support. You can’t track the full supply chain if you can’t track the full product inputs all the way down to the raw material inputs for each component, sub-component, and primary part. You also need to be able to trace any product with an issue down to the supplier who made the part/sub-component/component with the issue.

The platform must make it easy to define, maintain, alter, and otherwise work with the bill of materials. It shall be easy to instantiate an instance for each supplier of a product and trace all the way down to the mine or fields the raw materials come from, or the recovery/recycling plants if the materials are being re-used in a sustainable fashion.

Manufacturing Visibility The visibility doesn’t stop at the BoM. It begins at the BoM. For each product you buy from each supplier, you need to track the supplier’s production capacity at the plant, as well as how that capacity is influenced by other products, and switchover time. (If you buy multiple products that use the same production line, then you can’t get full capacity of both.) It must be easy to see all manufacturing information related to a plant of a supplier, how many products it is associated with, and what tradeoffs are in effect when you order a specific product from a supplier.

The platform must be capable of calculating the units per hour/day/week, the switchover time, and how many units of each could be produced given a requirement for one product. (And the same must hold true for three or more different products/configurations.)

It’s critical that the platform allow for easy definition and manipulation of BoM instantiations, supplier plant nodes, manufacturing details, production line capability, and associated timings.

Public vs. Private Differentiation The platform must be able to maintain the distinction between public and private entities, specific to the countries the entities are located/headquartered in, as well as the different types of information the organization needs to keep on both from a risk perspective. In some countries, public entities are more rigorously regulated and in other countries, private entities could be more heavily regulated. The platform needs to allow a buying organization to ensure that the entities are acting appropriate to their type. Also, investments and sanctions can sometimes work differently depending on entity type.

The platform must be capable of tracking entity type, associate the entity with the relevant regulations and requirements based on the type, and alert the organization if anything changes with respect to the type or any change that could impact the type classification.

Predictive Sub-Tier Mapping A supplier may not always disclose it’s sub-tiers. In such a situation, the platform must predict which sub-tier suppliers are being used based on product type, raw material, raw material availability, available transport networks, and so on.

The platform must contain an adaptive algorithm that learns as new information becomes available, continuously updates its knowledge from market data feeds (import/export logs are often public information), and integrates with third party (commodity) markets that can predict changes over time.