Supplier Management: Procurement’s Strategic Risk Management Opportunity

The key is sophisticated risk segmentation and constant reassessment, with the supplier base divided into risk tiers.

Jon Kirby
Jon Kirby

An increasingly large share of companies’ cost base rests with suppliers, in some cases as much as 70 percent. Given suppliers’ importance, it’s not hard to understand the role strategic sourcing plays in driving companies’ revenue. Perhaps less well understood is procurement’s role in helping manage supplier risk.

Companies and their supply chains are impacted by risks that can emanate from several areas, including:

  • Operational risk, arising in the event of a disaster or supply contingencies.
  • Information security risk, attributable to data, physical and network security, and the use of public cloud technologies.
  • Reputation risk due to non-performance, third-party frauds and negative brand perception.
  • Geographical risk due to volatile political or economic climates.
  • Regulatory risk, arising due to non-compliance to regulations, such as anti-bribery and anti-corruption laws.
  • Socio, ethical and environmental risk, attributable to employee health and safety, and a lack of business ethics.
  • Financial risk emanating from financial instability and a lack of creditworthiness.
  • Strategic risk due to poor planning and an ineffective business strategy.

So how can procurement help mitigate risks and give senior executives greater confidence that their supply chain is in order? The key is more sophisticated risk segmentation and constant reassessment, with the supplier base divided into distinct risk tiers, not necessarily dictated by size. In fact, a company’s largest suppliers (by spend) may not pose the largest business risk.

Putting a rigorous supplier risk structure in place requires companies to start with the following focus areas:

  • Understanding the financial health of suppliers.
  • Deploying systems and processes to regularly evaluate and monitor important suppliers.
  • Embedding risk evaluation into supplier onboarding.

Are Suppliers Financially Sound?

Determining the financial health of a supplier should be a key component of the selection process, as well as ongoing relationship management. To better assess a supplier’s financial condition, procurement should focus on the following areas:

  • Key financial information, such as profitability, revenue growth, liquidity, cash flow and the debt-to-equity ratio.
  • Any ongoing legal matters involving collections.
  • Management and employee turnover.
  • Quality of service and delinquencies.
  • The ability (or inability) to produce timely and accurate financial information.
  • Requests for special payment arrangements or advance payments.
  • Changes in the suppliers’ financial services relationships.

The evaluation of these financial parameters must be made part of a continuous supplier risk management program. Moreover, for companies with hundreds or thousands of suppliers, it can be challenging, if not impossible, to monitor each one consistently. This is why supplier segmentation is critical.

Putting an Ongoing Third-Party Risk Segmentation Structure in Place

Fortunately, new technologies and developments in design thinking are helping companies overcome many of the hurdles they face in supplier segmentation. Today, by using a lean digital approach that combines digital technologies with a focus on the end customer, procurement can be more agile, better able to align risk priorities to actual business outcomes, enhance visibility to better anticipate suppliers’ financial warning signs and focus their attention on the right parts of the process.

Carrying out risk segmentation can be a complex process. Multiple product or service categories, siloed organizations with complex data structures, and the very nature of global operations can make it a daunting undertaking. But by applying a lean digital approach to risk segmentation, organizations can employ greater rigor in their risk assessments. The two-phase process follows these guidelines:

Step 1: Segment clients based on supplier characteristics, such as:

  • Supplier category. A supplier providing IT services or handling corporate payroll may pose a more significant risk than one that delivers office supplies or janitorial services.
  • Supplier location. A supplier located in a developing country with a history of political instability or unreliable transportation infrastructure is likely to present greater risk than one in a developed nation.
  • Nature of the supplier relationship. How critical is the supplier to the business? Does it provide a product component that is hard to obtain or key to production? Is the supplier a long-term partner? Does the relationship extend across multiple products or parts of the organization, or is the relationship tightly focused on a single area?

Step 2: Consider broader risk factors, and score suppliers as low, medium or high risk based on risk dimensions:

  • Evaluate and layer in additional risk factors. Considerations such as anti-bribery, political risk, corruption, cybersecurity and data protection should be mapped to the category or type of product or service that the supplier is delivering.
  • Institute a scoring methodology. A scoring process should be initiated that takes into consideration category and supplier location, and then connects it to an applicable risk dimension. Scoring methodology should also consider weightages across various risk dimensions as applicable to a particular category or type of product or service so that the final output is a comprehensive risk score—which can then be used to segment suppliers into low-, medium- and high-risk buckets.

In addition to adopting a more thorough and precise risk segmentation program, there are other actions that organizations can take to mitigate risk. These include maintaining a list of qualified suppliers that can serve as alternate sources of supply in case of an adverse risk event, and adopting a multi-supplier strategy that employs either several suppliers in multiple geographies, or a single supplier with the structure and capacity to ship from multiple locations.

It is critical that the rigor of supplier risk assessment is integrated into companies’ supplier onboarding processes. Clear guidelines should be published for all potential suppliers to understand that assessment, validation and approval are mandatory steps prior to securing approved supplier status. This requires robust process management across procurement, finance and business users to ensure adherence and compliance.

With regulatory bodies around the world showing a heightened interest in supplier risk management, the ability to assess vendors and partners is not just a matter of efficiency—it’s an imperative. Having data-driven processes and consistent procurement standards in place gives organizations the ability to protect themselves, better understand and report on their operational risks, and ultimately be more efficient, nimble and effective.

Jon Kirby is the senior vice president and source-to-pay (S2P) practice lead at Genpact. He has over 20 years of executive experience within FTSE 30/Fortune 50 companies delivering transformational results and building strong organizational capability. He has deep knowledge of creating significant shareholder value, has delivered over $8 billion in cost reduction, and created strong supply networks and strategic outsourcing relationships, as well as strategic shared services. Kirby has led complex remediation, restructuring and exits from poorly performing contracts, and joint ventures minimizing liabilities and risk exposure.

Latest