Supplier risk management is defined as the process of predicting and preparing for the probability of variables which may adversely or favorably affect the supply chain. Supplier risk management is not a new concept; however, the type of risk that can affect the supply chain and the way in which these risks are managed and mitigated has evolved significantly. The need for proactive and predictive management strategies is ever present in business today.
We've determined that a best-in-class supplier risk management process consists of four steps and manages risk throughout the lifecycle of a supplier. The four steps include certifying suppliers, monitoring external and internal risk levers, continual and repetitive analysis to determine how programs are affecting the business, and mitigating risk by planning for potential disruptions. These four steps encompass the entire lifecycle of a supplier and the sourcing process.
Step 1 — Certify
Integrate risk mitigation and dependency into the sourcing process.
Choosing a supplier has inherent risk. A strong sourcing process mitigates that risk, and incorporating risk into your current metrics can help ensure that suppliers coming into your organization can meet business requirements and will be able to successfully deliver their product or service:
- Know the marketplace — New suppliers and technology advancements bring opportunities to take risks that can be positive for a business. However, economic or environmental events can bring an industry to a halt. Established suppliers may be hurting due to the latest hurricane or recession. Marketplace due diligence will prepare you to find the right suppliers to go out to bid.
- Ask the right questions — When going out to bid for a product or service, asking the right questions in the RFx process can illicit the type of information you'll need to truly determine a supplier's health. The following are examples that should be considered of every potential supplier:
- Dependency ratio — What percentage of your business is the supplier's total revenue?
- Tier-two suppliers —You should consider if you have exposure to a tier-two supplier that may service multiple tier-one suppliers in your portfolio.
- Business requirements — Does the supplier have your organization named as an "also insured" on their insurance certificates?
- Legal — What suits, liens or judgments have been filed against a supplier and how could that affect their ability to provide service to your company?
- Governmental — Are they on the U.S. government's debarred list, do they have OSHA violations, do they have I-9 certifications and do background/drug checks for people working on your account?
- Trust but Verify — Certify your suppliers using your own criteria. Verify supplier information against a third-party source. Information providers such as Dun & Bradstreet can provide a more holistic view of the supplier's health, including payment information (whether they are paying their suppliers on time), legal information (status of suits, liens and judgments or criminal activity) as well as predictive indicators as to their financial health going forward.
Collect, aggregate and centralize all required information and documents for established suppliers.
Data integrity and visibility are important to every aspect of supply management. Having a centrally located database of supplier information and required documentation will not only increase efficiency, it can help maintain compliance and give your organization the visibility it needs to take action.
- If your data sit in multiple systems and you're working with various business units, there are products that accept data collected from various sources and append it to create the business intelligence needed.
- Aggregate supplier information and required documents in one system. A best-in-class approach to aggregating these data is to create an interactive supplier portal and allow suppliers to log in and supply the information themselves.