Initial and Ongoing Supplier Due Diligence
Companies usually complete some high-level initial supplier due diligence, but they may not go to the appropriate detail level. In addition, companies don’t always conduct ongoing supplier due diligence — or, again, not at the appropriate detail level.
The degree of supplier due diligence and frequency of assessment should be commensurate with the supplier tier and product criticality. For example, if a company spends a significant amount with a supplier, and that supplier provides critical products/services that directly impact that company’s revenue, then that supplier should be subject to a significantly more robust initial and ongoing due diligence program as compared to a supplier or category with much lower spend and/or little or no impact to a company’s revenue. In certain categories, there may be cases where even spending low amounts still requires a high amount of due diligence due to the overall risk associated with a given supplier. Some examples could include payment processing, hazardous waste and IT offshoring.
It is important to define the right set of indicators to get early intelligence on a supplier’s financial health. A common mistake is to rely exclusively on publicly available company financials. While necessary, that is not sufficient. The following are examples of items to monitor for a critical supplier or category:
Business continuity plan
Subcontractors to be utilized (if applicable)
Vendor management policy and program of subcontractors (if applicable)
Past and current references
Country risk assessment (if supplier is supporting you outside the US)
Product or plant closures
Requests for payment term adjustments
Deep discounting, etc.
In addition, when dealing with critical suppliers who have access to highly sensitive data (e.g., information technology, financial service operations, etc.), companies should also consider the following supplier due diligence items:
Physical security policy
Asset management policy
Background screening process
Information security policy
Information security breach history
Incident management program
Business continuity test results
Balanced Category Scorecards
A balanced category scorecard is an effective tool to get a holistic perspective on total value delivered. A category is a common grouping of suppliers by a particular product/service. By developing a scorecard with appropriate categories, a company can better understand the value its suppliers are delivering.
This can also help in identifying and mitigating risks. Some risks identified may be common within a category, while some may be impacting just one or two suppliers, and this technique allows companies to make a distinction between broader, emerging risk trends and supplier-specific risks. A balanced category scorecard should also highlight the amount of supplier diversification and concentration a company has across various categories, which can also help companies respond quicker to emerging risks and help drive toward greater value. Figure 2 (page 8) is an example of a balanced category scorecard.
Robust Supplier Performance Reporting and Issue Resolution
For a company’s key strategic suppliers, utilizing a robust supplier performance reporting and issue-resolution process is a critical component to help balance risks and rewards. Companies should consider utilizing a multistep reporting and issue resolution governance approach like the following example for key strategic suppliers:
Supplier daily report is developed and reviewed between supplier first-level management and company’s first-level management
Majority of key questions and tactical issues are resolved in the daily meetings