Peter Bernstein’s acclaimed book Against the Odds: The Remarkable Story of Risk takes a comprehensive look into man’s efforts to understand and mitigate risks across history. Bernstein concludes that understanding risk underlies success in most every endeavor—from game theory to bridge building.
Now to the layman, perhaps supply management is a less dramatic example than the rest, but Bernstein’s research put a spotlight on what most in a procurement organization already know—that managing risk with your suppliers can be one of the most influential factors in the success or failure of an organization.
Fast forward another 15 years to today when technology has enabled customers, suppliers and partners to be more hyper-connected than ever before. As a result, the stakes for understanding and mitigating risk in supply management have never been greater, and in many ways, more challenging. The operating environment for business today is significantly different than it was just a few years ago as undetected risk or exposures can reverberate throughout the extended value chain. Global dispersement of the supply base has created new challenges, not least of which is managing development and performance of suppliers in emerging markets, and determining the extent of which to attempt to manage country-specific risks.
Regulatory pressures have also increased. There are many alphabet soups of regulatory requirements that mandate more active and robust management of your suppliers. Of course, non-compliance with regulations and laws can lead to revenue loss, penalties and litigation.
As businesses become more complex, companies become ever more reliant on their consultants, vendors and suppliers. Although it varies by industry, on average, suppliers and vendors account for 50 percent or more of the value of a company’s end products or services (Source: CAPS Research Cross-Industry Report of Standard Benchmarks). Accordingly, at least 50 percent of risk lays outside the walls of your business.
IBM recently hosted a roundtable discussion with chief procurement officers (CPOs) and other procurement professionals who pegged supplier risk as a top challenge that significantly increased over the past few years.
The definition of supplier risk management is also evolving and expanding to include practices that protect the business from an array of supplier- and partner-related events. The definition now often encompasses numerous operational, legal and financial objectives. Because the impact of supplier risk management goes far beyond sustainable supply, chief executive and financial officers (CEOs and CFOs) are also taking a greater interest in reducing this risk.
This places increased pressure on supply management professionals to improve their supplier risk management programs, and gear them to avoid supply disruptions and problems, while also improving supplier intelligence, collaboration and performance. To meet the new standards of successful supplier risk management, companies must evolve their strategies, and take a more holistic approach to identifying and mitigating risks—and elevate the people, processes and technologies involved in risk management.
Defining and Building a Stronger Program
Given the expanding definition and scope of risk management, the first essential task is setting the parameters for your risk management program. What are the core goals and objectives of the organization in identifying and mitigating risk? How can supply management contribute to the overall enterprise’s risk management agenda?
Technology and information services can be a starting point to identify sources of risk. For example, you can identify risk factors sourced from a specific supplier that may be in financial disarray, or from an entire geographic region that may be vulnerable to political conflicts or currency fluctuations. Or you can identify components of production that are either sole-sourced or come from very specialized suppliers, thus increasing the company’s dependence on them.
Ideally, the next step is risk prioritization: performing what-if analysis and quantifying the impact of supply risk for specific components and commodities. Armed with such analysis, you can prioritize actions on those suppliers that have the greatest potential impact on the business.
Once a consensus on the risks facing the business (risk map) is agreed upon, the organization must develop a risk model to assess the current state of those risks using defined risk indicators and measurements. These risk indicators allow the organization to draw inferences concerning the probability of an occurrence, and the expected scope and impact of the damage.
The risk model serves as the basis for all risk assessments. Indicators and measurements can draw from hard facts, such as the credit worthiness of a supplier drawn from credit reporting agencies, the volume delivered from a supplier drawn from enterprise resource planning (ERP) systems or key performance indicators (KPIs) drawn from a supplier management solution. Organizations necessarily rely on soft facts as well, such as projected replacement times for suppliers based on the on-boarding of alternative suppliers.
Once risk is mapped and modeled, best-in-class organizations carry out risk assessment for key scenarios and suppliers, which is used as benchmarking for monitoring and assessment—and informing priorities for proactive risk mitigation and supplier development. This risk assessment is then used to develop and identify risk indicators and thresholds, so the company can more readily monitor risk developments and changes. Ideally, as soon as a risk indicator changes, the probability of occurrence and the extent of damage are automatically recalculated. For this purpose, each indicator is assigned a value and a mathematical logic. The risk priority number is calculated by using an intersection of parameters for risk occurrence, probability and damage extent.
In highly developed risk management programs, risk assessments are continuously carried out for all suppliers, at varying degrees, and automated in a technology solution. Advanced programs and systems can accommodate risk assessments by various evaluators, particularly if the supplier delivers to different organizations of your company. Developed programs also draw indicators from ERP and other systems, and integrate them into risk assessments. This is best done automatically to account for real-time developments.
A best-in-class risk monitoring model is one that is highly automated and proactive. At a minimum, an organization should have a system to initiate alerts if a certain trigger is met. An alert signals that the risks and indicators have changed or reached a defined threshold value. Some systems recognize the risk status based on a risk priority number and signals a need for action. Developed programs have risk priorities defined and associated corrective action plans that allow staff to initiate the proper actions to avoid, reduce, transfer or compensate the risk.
More advanced programs look to extend that model to monitor risk with downstream suppliers, often including those organizations’ sub-tier supply base. Advanced technologies allow for visual illustration of company hierarchies to intuitively show risk between suppliers and affiliates. Moreover, these solutions offer meaningful analyses and illustrations, such as risk graphs, time sequence analyses, and portfolio or industry analysis.
Risk management should inform follow-up activities in supplier management as well. Contingency plans ideally should be defined beforehand and implemented directly upon the occurrence of a defined risk. Such preparation allows for prompt response to risks and minimizes the impact.
Continuous improvement for both the supply management organization and suppliers is the hallmark of success in supplier risk management. When a company fosters a risk management culture and works with its core supply base over time to identify improvement opportunities and metrics, it not only reduces the company’s risk profile—it delivers broader value to the organization.
From a Sea of Data to Actionable Supplier Intelligence
Historically, companies most commonly used manual processes and spreadsheets to manage these tasks. Those further ahead automatically pull data from ERP or other systems to support this process. Today, companies with more developed supply management programs use e-sourcing and contract solutions, and the data derived from those solutions, to further support their risk management programs.
However, according to an Inside Counsel survey and market data from the Aberdeen Group, only about half of Global 2000 companies have implemented a contract management solution, only one out of five companies use supplier scorecard tools and only about one in six companies apply sourcing solutions specifically to their risk management programs. Fewer still use dedicated supplier risk or supplier lifecycle management solutions.
What limits these companies from undertaking this holistic approach? At the typical Global 2000 company with more than 20,000 suppliers, the challenge of supplier risk management is the collection, control and application of information. With a large and global supply base, and supplier data scattered across disparate and diverse systems, most companies are overwhelmed with managing data and applying it to their processes.
Best-in-class organizations have a defined supplier risk management technology roadmap that ensures the organization is empowered with the data and intelligence needed to make informed business decisions. This allows them to anticipate, mitigate and manage risks on a global scale. This may explain why supplier intelligence is one of the fastest growing areas of technology spending. Analysts estimate that investments in supplier intelligence technology may grow three times faster than any other procurement technologies through 2015.
With an accurate and robust supplier intelligence platform, companies gain visibility into potential supplier risks, the ability to mitigate risks before they develop by leveraging intelligence and risk modeling, and the establishment of plans to react quickly and flexibly in the event of a supplier disruption to reduce its impact. They are also better able to address other objectives, including supplier compliance to supplier performance management.
But even with all the data in the world at your fingertips, something like managing supplier risk can be a Herculean task. That is why companies are beginning to explore predictive analytics. Analytics is one of the key common denominators used to enhance thinking, methodology and practices to solve some of the most complex challenges facing organizations. Specifically, advanced analytics can help organizations predict what may happen in the future so that they can make smarter decisions and improve business outcomes. You may never be able to take risk completely off the table, but you can go a long way towards mitigating it by combining comprehensive risk management models, supplier intelligence and predictive analytics. The application of these technologies are nearly limitless, from risk modeling and projecting spending trends to demand management and analyzing volatility within the supply chain.
Matthew McGovern is the market segment manager of IBM Procurement and Contract Management Solutions. He is responsible for product marketing of IBM’s Emptoris Source to Contract solutions, a suite of supply and contract management solutions. He focuses on contract management solutions and extending solution coverage to include the entire source-to-contract process.