Having identified Supplier Management as the next solution after Spend Analysis, we quickly realized that identifying the right Supplier Management solution would be difficult as supplier management has as many aspects on its own as Source-to-Pay has. Not only do we have to decide which core capabilities in the CORNED QUIP mash are important to our organization, but we have to make sure that the solution covers the baseline requirements for each capability that is important.

In our last post, Part 16, we reviewed three (3) classic features of Supplier Management. Today we will look at the next three (3) in the hopes that when we provide you a list of vendors later in this series, you will have the basic information you need to properly evaluate the vendors that choose to return the RFP that you send to them. Let’s get to it.

Compliance Management. (GRC)

Supplier Compliance Management (SCM) address the compliance, and often the Governance-Regulatory_Risk-Compliance, aspects of the supply base in an effort to ensure compliance from the source. In today’s ultra-complicated global regulatory environment, it’s hard to keep on top of everything a company has to be in compliance with from a product and operational perspective, especially when it produces goods in one country, transports through intermediate countries (which require strict compliance with ALL local laws if you are not transporting through a FTZ), and then sells the product in ten other countries. This is where you either need a huge amount of manpower, or technology. Plus, while some violations amount to nothing more than a small fine (which is often cheaper than hiring the manpower to dot the i’s and cross the t’s), violating anti-trust, human trafficking, banned substance, or debarred/prohibited/banned companies can land an organization, and in some countries its C-Suite, in major trouble. For many companies, this is one of the most overlooked, but critical, elements of supplier management.

Integrated Regulatory Requirements & Guidance

The entire point of a compliance solution is to ensure that the suppliers are complying with appropriate government regulations to ensure that the organization doesn’t get in trouble for something a supplier did (which the organization can get in trouble for if the supplier has slavery or human trafficking in their supply chain, uses banned substances in the product, engages in bribery, and so on). The providers of the solution should be extremely familiar with the regulations in each country their solution supports, should encode all of the information that needs to be tracked and checked, and should capture all of the information needed to ensure the suppliers are being compliant with the necessary regulations, based upon the buyer’s geography, the supplier’s geography, and the products the supplier is making on behalf of its buyers.

Automated Tracking and Alerts on (Potential) Non-Compliance

A buyer doesn’t have time to log in to a system everyday to check what’s going on with current suppliers and current projects, nor should they have to manually update reports and status checks. The system should automatically be pulling in all necessary data for monitoring from both internal and external systems at the frequency those systems are updated (although more often then daily is typically not necessary if the system the data is being pulled from updates the public / available data more than once a day), updating the affected models and status checks at each pull, and immediately alerting the buyer through email, messaging service, and/or any internal project management system the buyer logs into daily (through an API integration) if a supplier is in non-compliance with a critical regulatory requirement (that could get the buying organization into hot water).

Custom Regulatory Requirement Support

No SCM solution is going to support every regulation out of the box, especially if it is both industry and locale specific to just one country that the majority of the provider’s client base doesn’t do business in. However, if your organization does business in that country and is subjected to that regulation, you need to ensure compliance, and you don’t want to use another tool to do so. Thus, it’s critical that the platform support the definition of additional regulations, the requirements that need to be tracked, the data that will indicate compliance or non-compliance, and where that data will come from. Then, the platform can be extended to meet all of the organization’s compliance needs.

Quality Management.

If all a company (like a retailer) is buying is commodity goods or fixed services, and one supplier can quickly be switched out for another, quality management may not be that important. However, if a company is reliant on selling custom, or customized, manufactured goods or systems, quality is critical. If the organization gets a reputation for selling products that don’t work, or if the warranty costs skyrocket, the company could be in serious financial trouble. Internal Supplier Quality Management (SQM), vs relying on a supplier or a third party, is critical.

Support for at least one major PIP: Six Sigma, Kaizen, PDCA etc. (PIP: Process Improvement Paradigm)

Quality doesn’t just happen, it’s the result of a best-practice manufacturing process such as Six Sigma, Lean, Kaizen, or PDCA (Plan, Do, Check, Act). (There are more.) A good quality management platform will support at least one of these process improvement paradigms, and preferably support the PIP typically used by your organization and/or your preferred suppliers. (It should support multiple paradigms, but no one platform will do everything.) It should be easy to instantiate instances of the process and customize it for the project at hand.

Support for at least one major vertical specific Quality process: APQP, DFSS, 8D, etc.

In some verticals, and/or for some suppliers, you will need to use very specific quality-based manufacturing processes such as Advanced Quality Product Planning, Design for Six Sigma, or Eight Disciplines. These processes are used for particular products and need to be supported for the design, or analysis post-design / prototype manufacturing, to try and discover what didn’t work as planned. The processes should also be customizable for variances used by the organization.

Quality Specific Metric Based Tracking and Benchmarks

It should allow for the definition and tracking of metrics specific to quality, as well as the creation of organizational benchmarks by supplier and category, and pull in any necessary data from other systems — the user should not have to punch out to a performance management application just for this. If you can’t track quality improvements, or lack thereof, then you can’t actually manage quality.

Uncertainty Management. (Risk)

Supplier Uncertainty Management (SUM) is the next generation of a supplier risk management solution. Why uncertainty? Firstly, by the time you detect a “risk“, it could be too late. If you don’t see that iceberg until it’s too late to steer the ship, you’re going down. The key to success in risk management is to identify uncertainty, detect leading indicators, investigate, and, if necessary, initiate action early. And while you may get a lot of warnings that don’t require any (immediate action), it’s better than not getting that one warning that the one critical control chip that can only be made by that one supplier is not going to materialize in six weeks because the supplier’s plant was just shut down by a fire (that they decided against telling you about). In this situation, you’re going to need every single day you can get to identify substitute designs and chips you can order from other suppliers to create alternate, acceptable, products to fulfill your orders or risk losing customers. Secondly, SRM is already taken as an acronym. (Note that, over time, a good solution will allow you to adjust the thresholds and the warnings the solution produces so that the majority of alerts you get actually need some sort of [immediate] action.)

Low-Code/No-Code Open API Based Data Integration

The old age that you can’t manage what you can’t measure is true, and it’s doubly so where risk or uncertainty is involved. You need a lot of data, metrics on that data, benchmarks and historical trends to compare against to detect uncertainty before it becomes certain disruption. And it doesn’t matter how many data feeds are “out-of-the-box” because they will never, ever, cover everything you need now and definitely will never, ever, ever cover everything you will need as new regulations arise, new suppliers enter the picture, new software products enter your corporate ecosystem, new events happen in the world, and so forth. You need to be able to quickly and easily integrate the data you need when you need it, dynamically extending the schema as necessary to support it and altering the uncertainty detection models as needed to take the new data into account.

Built-In and Custom Metric-Based Risk Models

It’s hard to detect a potential issue before it occurs without a lot of data, and models that appropriately process that data to identify trends or patterns that have typically (with reasonably high probability) led to disruptions in the past when those trends or patterns emerged. And it’s harder still to create those models if you just don’t have the expertise in risk-based modelling. As a result, the platform should come with a number of standard, built-in, models for the industry you’re in relevant to you and your tier 1 suppliers. However, every organization’s situation is slightly different in terms of its geographic location, size, primary customer market, primary supply market, reliance on certain products or manufacturers, reliance on certain raw materials, and so on. So, while each company in an industry will generally face the same risks, the probability of a specific event occurring, or risk materializing, will be different. As a result, many of the models will need to be tweaked. Furthermore, if the company is introducing a new product type or line of business, that could come with unique risks, the organization may need a custom model built from scratch. Plus, as new regulatory requirements, good and bad, rear their ugly heads, it’s important to identify which suppliers could be at risk of not being able to meet them in time so that the organization can either proactively work with those suppliers to address the new regulatory requirements or find new suppliers. Flexible modelling is everything.

Semantic and Sentimental News and Event Monitoring (Integration)

Not all relevant data for identifying uncertainty in the supply chain, or supply base, is numeric. Some of it is semantic, and contained in news stories about events that directly impact the supplier or indirectly impact its customers in other countries. If a flood takes out the local power station, it’s out of operation until the flood subsides and the power station is repaired. If that’s two weeks, and it takes the supplier two weeks to minimally repair its plant and start production again, the supplier is out for a month. If you were expecting your order in five weeks, it’s not happening. A border closure for political reasons will cut off your supply, and if you’re the only foreign customer in your country, the supplier may not be aware until it tries to ship. Semantic news and event monitoring is critical, either internal to the product or through a subscription service. Also, if sales are highly dependent on brand perception, semantic monitoring of social media is highly critical because if brand perception drops, sales will drop, and the organization will have to quickly reduce future orders or get stuck with excess inventory, which it will lose out on when it has to fire-sale that inventory to avoid (environmentally damaging) dumping.

Customizable Alerts and Triggers

The models need to be continuously re-run as relevant data enters the system (which should be daily) and the user alerted to a change that is significant or exceeds a threshold. Rush fans have known for forty (40) years that a distant early warning is key because that’s just the tip of the disaster iceberg. Moreover, the organization should be able to define it’s own thresholds and change tolerance as its experienced engineers and product managers will know when they should at least be taking a quick look behind the curtain to see if it’s just a temporary loop or the beginning of a downward spiral that needs to be intercepted and prevented.

In our next instalment, Part 18, we’ll move on to some of the newer, or at least broader, capabilities emerging in the Supplier Management landscape.

So, we’ve implemented e-Procurement, adopted Spend Analysis, and identified Supplier Management as the next Source-to-Pay solution to implement. But it has as many aspects on its own as Source-to-Pay has, so finding the right solution is going to be tough. First we have to decide which aspects of the CORNED QUIP, as identified in Part 15, the organization needs, and then we need to make sure that the solution has the necessary features for each aspect the organization needs. What are those features? Let’s take the aspects one by one, starting with some of the classic capabilities first.

Information Management.

Supplier Information Management (SIM) is where it all began back in the early 2000s. Some would even argue that it began with the formation and launch of Aravo, one of the first pure Supplier Management solutions, and possibly the last surviving great granddaddy in the Supplier Management space. (Aravo was among the first to get big name clients, including Google, using a pure-play SIM platform.)

Almost every Supplier Management solution does basic Supplier Information Management because you can’t really do any supplier management without tracking basic information. (However, these solutions are not all equal in terms of depth and breadth, and the degree of differentiation is quite large.) The core, and the point, of a SIM solution was the centralization of all supplier information for tracking, access, and reporting purposes, which, long ago, was seen as the foundation for management. As a result, the core capabilities required are both limited and fairly obvious:

Extensible Schema

If the schema is fixed or has very limited extensibility, it’s not a modern SIM solution — every S2P system can store the supplier information the S2P system needs to function in a fixed, or limited extensibility, schema. A modern SIM solution has to support unlimited extensibility so that an organization can use it as the supplier master data management (SMDM) solution.

Fuzzy Search

More technically, full reg-ex (regular expression) search across all data fields for partial/like matches as well as weighted rankings (using customized similarity models) for finding the right suppliers (with existing relationships) to meet buyers’ needs.

Customizable Approval Flows

Just like every S2P solution contains a fixed schema that captures the supplier information it needs to function, any that require supplier interaction have a basic onboarding flow. As such, a modern SIM solution needs to have customizable onboarding flows with customizable approval rules.

Customizable Alerting

The platform should support configurable rule-based alerts that can be defined on any field, dimension, or derived dimension to alert a user when a threshold is reached or a value is detected, especially as a modern SIM solution should be the foundation for SMDM. This sounds vague, but the capability has to be very generic and flexible because neither a relationship, performance, compliance, or uncertainty solution will be able to detect everything on their own.
A relationship system that tracks active supplier relationships may not detect that a person just entered into the system as a rep is one that you dealt with in the past (at another supplier that consistently performed poor when you needed to interact with that rep). A performance solution will only detect performance for projects and suppliers actively being tracked, and may not be able to compare that to full historical benchmarks (or realize that the increase in performance correlated to a decrease in ESG activity). A compliance solution will detect compliance with regulations, but not necessarily with corporate goals designed to meet anticipated regulations, or how the compliance affects performance. The uncertainty solution will only be able to identify risks based on the integrated data sources and the integrated models, which won’t cover everything. Nor will it be useful to build risk models for situations that are currently irrelevant for the organization. However, the organization should be detecting whether it may need to build new, or augment, existing models — and that will often be if a value in the database exceeds a threshold. (E.g. The organization is not currently doing a detailed risk of financial failure predictions, but an OTD KPI dropping below a threshold is a signal to start, and that data is currently only tracked in the inventory management solution, and pushed to the SIM, serving as the SMDM, in the weekly cross-enterprise system synch.)

Relationship Management.

What’s the point of tracking information if you don’t do anything with it? The next major solution to hit the scene was Supplier Relationship Management (SRM), where the data was used to help manage the supplier relationship. The majority of modern supplier management solutions claim to be SRM platforms, even though they have wildly different definitions of what SRM is and wildly different functions. Most definitions considerably overlap with SIM and SPM, but we don’t agree with this. While such a system needs extensive data to be effective, and must track performance, it needs to focus on managing the relationship, not the data or the numbers.

A Supplier Relationship Management solution must provide functionality geared around managing and improving the supplier relationship. This must include functionality geared towards helping a buyer identify and implement best practices to manage and improve supplier performance and, in addition to functionality geared towards helping the supplier interact with the buyer, collaborate with the buyer to proactively identify and improve processes to improve future performance.

Synchronous and Asynchronous Messaging

In addition to the standard asynchronous messaging supported by every platform with collaborative elements, it must also support synchronous messaging and real-time discussion and collaboration through voice (with auto-transcript and storage) and screen-sharing and support saving, search, and semi-automatic/assisted work/change order creation from these sessions.

Collaborative Project and/or Product Plans

The system must allow for the collaborative creation of (improvement) project plans — with milestones, tasks, and owners — as well as checks, balances, notes, and sign-offs. If the solution is for direct/manufacturing, it should also support the creation, possibly through integration hooks to CAD/CAM systems, approval, and management of product (production) plans.

Integrated Best Practice Guides

A modern solution should contain a large library of standard improvement plans for common situations, as well as automated best-practice plan selection and guidance when key metrics (either computed internally or imported from an SPM solution) exceed threshholds or predictive metrics indicate likely problems. If the platform does not provide insight, at the end of the day, it’s no better than a SIM.

Performance Management.

At the end of the day, relationships are important, but you, as a buyer, get measured on performance, and you need that from your suppliers too. Relationship management should be the foundation for improved performance management. However, performance management is more than just relationship management. It’s measurable process, and product, management, and that’s the focus of a Supplier Performance Management (SPM) capability.

KPIs and Custom KPIs

Performance is all about improving KPIs, so it should be obvious that the platform should track KPIs. But not just a small set of standard “canned” KPIs! The platform should track standard, customized, and any specific KPIs you can think of to identify potential issues or opportunities for improvement. Just like there is no one set of reports that can uncover everything of relevance in a spend analytics project, there is no one set of KPIs that can guarantee everything is running smooth and that there are no opportunities for improvement. While the standard KPIs are critical, and display major issues that need to be addressed, you want to discover those KPIs that present leading indicators that allow you to sniff out, and deal with, a problem early (before it becomes significant enough to make a noticeable difference in a standard KPI).

Internal and External Benchmarks

KPIs are good, but only measuring against your own benchmarks only tells you how good each supplier is doing against the best supplier for your business, not the average performance other businesses in your industry get from their suppliers, or their best suppliers; you want those external benchmarks built from anonymized data for deeper insight from the KPIs you calculate.

Easy Data Ingestion

Product quality is going to be in the quality / PLM system. OTD (On-Time Delivery) is going to require promised dates from the contract/PO system and receipt dates from the inventory system, etc. It’s going to be critical to get lots of data from related systems to make the maximum use of the supplier performance management module.

Performance Improvement Management

Once you detect an issue from a KPI or a benchmark, you need to do something about it. It might be as simple as contacting a supplier to find out that the root cause was force majeure and outside of their control (a flood prevented transport for three days) or just the result of a miscommunication or it might be that the supplier is repeatedly delivering defective units and there is obviously an issue with their quality control. In the latter case, you will need to start a supplier development project, and the platform should allow you to define it, track it, and, hopefully, manage the interactions (possibly through the relationship management functionality).

In our next post, we’ll move onto the next set of the more classic capabilities: Compliance, Quality, and Uncertainty Management when we flip it to the B-Side in Part 17.

That’s right, Supplier Management is a CORNED QUIP! And we’ll explain what we mean shortly, but first … how did we get here?

When we started this series back in Part 1, we noted that Source-to-Pay is extensive, your organization needed all of it, but your organization couldn’t implement it all at once. So we needed to give you advice on where to start, which, after a careful analysis, needed to be e-Procurement. Next came spend analysis because, in the hands of the right analyst, if your organization wasn’t sure what module was the next most valuable, spend analysis would help the organization identify which modules would likely bring the most (relative) value (based upon the opportunities spend analysis identified). Often, there will be a clear winner, and your organization will know what module to start implementing tomorrow, but sometimes there won’t be. So what’s the answer then? When you are dependent on suppliers, there is no value beyond the supplier. Thus, in this situation, Supplier Management comes next.

But why is Supplier Management a CORNED QUIP? A good solution preserves and maintains the data, like a good cure, but the marketing from most of the vendors with these solutions is more entertaining than enlightening (as they seem to prefer wit to wisdom). This, of course, is not at all helpful when there are literally ten (10) different types, or at least aspects, of supplier management solutions on the marketplace, no one vendor addresses all of the aspects in their solution, and, in many cases, doesn’t even address more than a couple of these aspects. Furthermore, depending on your organizational needs and the platforms your organization currently has in place, some capabilities will be much more important to your organization than other capabilities. Moreover, sometimes certain capabilities in a supplier management solution, already present in solutions already implemented by the organization, will be downright useless as these aspects will, thus, be completely redundant. So, if a vendor is just selling “Supplier Management” or “Supplier Lifecycle Management”, which theoretically includes every core type of capability (even though not a single solution on the market today comes close to materializing all the capabilities), how do you know what they are selling?

Just what might that vendor be selling when they are trying to sell you Supplier Management? One or more management aspects of the CORNED QUIP (but likely not all of those aspects, as every cure is different, and every message witty in its own way, but not exactly enlightening).

What are these ten (10), core, aspects of modern supplier management? (Which dictate the core capabilities that such a solution should offer.)

• C: Compliance (+ Government + Regulatory)
• O: Orchestration (or Onboarding + Multi-Tier/Multi-Supplier capability)
• R: Relationship
• N: Network
• E: Enablement (+ Engagement)
• D: Discovery
• Q: Quality
• U: Uncertainty (+ Risk)
• I: Information
• P: Performance

Now, before we continue, we know you’re saying “what about ESG” and “what about diversity“? Well, at least as of today, most of these providers are data services that you use to augment your central supplier records (in your Supplier Master Data Management [SMDM] Solution, which could be your SXM or could be the ERP that the SXM extracts data from), and not standalone SXM products, so we will tackle those separately at some point in the future (especially since diversity is literally just data enrichment on a supplier record in any current solution).

Thus, now that we know what we are implementing, our next step is to decide how to evaluate the solution. Thus, in our next post, we’ll begin to break down the ten core aspects of the CORNED QUIP and define not only what they mean, but what capabilities are critical to the cure.

On to the A-Side in Part 16.