The importance of reducing the impact of supplier risk in the global supply chain
Supplier risk is not a new concept. We continually face supplier risk in both personal and business environments: when we invest in the stock market, await the next version of a smartphone, or even when we purchase groceries. For most organisations, reducing the impact of supplier risk on their respective supply chains is a key priority.
However, many risk-reduction programmes, supply chain and operational improvements, new enterprise resource planning (ERP) solutions, and business intelligence projects have had limited impact on supplier risk.
According to a recent global study by KPMG, fewer than 19% of companies believe they have attained a "leading practice" level of supplier risk management. In fact, many companies have suffered significant harm: reputational and brand damage, delays in the launch of new services or products, inability to source critical materials, disruption of supply, regulatory and environmental health and safety penalties, and many related adverse impacts. For many of these companies, effective supplier risk management is difficult to achieve.
Often companies lack a comprehensive view of their third-party and partner relationships and the impact that suppliers can have on the organisation. It's difficult for many companies to obtain the data needed to assess supplier risk. Even though some data, such as company credit ratings, is easily available, supplier regulatory compliance information, supplier production capacity and their own risk programmes can be difficult to obtain. Companies also struggle to correctly review and analyse the data to predict risk.
In order to establish an effective supplier risk management programme, companies need to understand and overcome these challenges, say Len Prokopets and Byron Tatsumi of KPMG. In their article "6 Steps to Integrated Supplier Risk Management" on Spendmatters.com, they outlined an operating model for risk management, which we summarise below:
Step 1. An enterprise view of third parties: For many companies, an integrated, up-to-date view of enterprise relationships with suppliers and other third parties is not readily available. It is important to analyse for each supplier the respective spending and contractual terms on an ongoing basis.
Continually review and update information on active suppliers to ensure a mutually exclusive and collectively exhaustive view of the supply base. In addition, consider other key relationships such as upstream suppliers, distributors and other dependencies.
Step 2. Segment supplier risk: Companies should identify suppliers that drive the greatest level of risk. Which suppliers pose the greatest risk to the organisation's major product launches, growth plans or projects? Which suppliers can disrupt ongoing operations if their deliveries are interrupted? Which suppliers pose the greatest risk to the organisation's reputation and brand, regulatory compliance and ability to meet environment, health and safety plans?
Step 3. Have the right supplier risk data: Companies should consider many different types of data, from a variety of sources, in order to gain an understanding of risk. This could include ensuring supplier compliance with economic and trade sanctions, supplier financial health, business continuity plans and test results, information security plans, breach notification plan, vendor management plans (for those that have subcontractors to support your needs), internal business integrity, and compliance. For example, some data (capacity, compliance, etc) is not routinely captured, nor is it readily available from a single reliable source.
Step 4. Ongoing data collection: Collecting the data means enrolling suppliers in the programme and managing and assembling a large volume of different data elements comprising both internal and external information.
Step 5. Understand risk data: Supplier risk management works best when it is predictive and related to the type and magnitude of business impact that it can drive. Understanding risk in the context of the business activities and earnings streams that they threaten is vital for setting priorities and for mobilising the appropriate response.
This step requires a well-thought-out framework and an analytical model for supplier risk analysis. It also requires a way to link supplier risks to the products and services and earnings that they may affect. Investing in the technology for analysing risk is an important enabler.
Step 6. Know how to follow up on supplier risk: The organisation's key actions for risk mitigation should be identified and formalised to enable structured, repeatable and coordinated execution across the enterprise. Guidelines should include specific action plans with repeatable triggers, procedures, roles, responsibilities and measures. This entails clear definition of triggers, cross-functional execution steps and workflows, roles and metrics, and other elements. Undertaken correctly, this will allow an organisation to address risk more quickly, efficiently and effectively.
Summary: Companies need to establish programmes that go beyond monitoring. Structured risk responses are rarely planned proactively, leaving various functions to scramble to address risk reactively when it is identified.
Processes and policies, organisation and governance, data, architecture and tools, service delivery models, people and talent management, and performance management should all be aligned in support of risk management capabilities.
The Link is coordinated by Barry Elliott and Chris Catto-Smith as an interactive forum for industry professionals. We welcome all input, questions, feedback and news at: BJElliott@ABf1Consulting.com, email@example.com