Your Suppliers’ Risk Is Your Risk

In today’s global marketplace, your suppliers—whether Tier 1, 2, 3 or more—are an extension of your company and your brand

iStock 000075737483 XXXLarge 574302e1e212f

In today’s day and age, in which outsourcing can be the norm, and not only major global corporations stretch across the globe, but also potentially mid-market and mom-and-pop suppliers, supply chains are no longer insulated from risky external or environmental events. These risks can range from a natural disaster, such as the Japan earthquake and tsunami, to lax safety policies, in the case of the Bangladesh garment factory fires, to the regular ebb and flow of business, including when a supplier is acquired or goes out of business. These risks, in themselves, are not a new problem for supply chain, but as the supply chain grows more complex, so do the risks to supply, especially when visibility is blurred and there is no back-up plan in sight.

According to Charles Dominick, president and CPO at Next Level Purchasing Association, the reality is, “in many cases, an organization doesn’t own its supply chain. It chooses its Tier 1 supplier, who chooses its supplier [Tier 2], who chooses its supplier [Tier 3] and so on. In those cases, the failure of a Tier 1 supplier may necessitate its replacement, which, in effect, replaces the entire supply chain for the purchased product or service. Every organization should have a contingency plan covering every tier of the supply chain that answers the question: If this company drops off the face of the Earth tomorrow, who can step in? Of course, any good supply chain contingency plan goes much deeper than just answering that question. It addresses the lower tiers as well.”

Dominick continues, “Every company has a certain percentage chance that it could have an operational disruption of some sort. If a company that independently has a 97 percent chance of performing perfectly does business with a supplier that has a 97 percent chance of performing perfectly, the chance of something bad happening between the two of them is higher than either of the two of them individually. So, with every link in the supply chain, there is an increasing chance that a risk could come to fruition. The longer the supply chain, the higher the mathematical risk. Knowing the risks of a disruption to supply continuity, knowing the likelihood of those risks and developing an appropriate plan for mitigating those risks are the foundational aspects of supply risk management.”

Fallout from the Supply Chain Ignorance Bomb

An organization can’t prevent or avoid a risk if it doesn’t know whom its suppliers are, where they are located, and therefore, what its risks are. “We’re living in an increasingly connected and global world, and saw countless examples even over the past year of supply chain vulnerability,” says Brian Winshall, executive vice president of business development, AFN Logistics. “As supply chains become leaner and markets more competitive, the supply chain impact of these [risk] events can be profound. Basic mitigation strategies like safety inventory and excess capacity are inadequate. There’s a critical need for businesses to be on offense whereby they’re proactively collaborating with suppliers to avoid, or respond to, disruption in a quick and efficient manner. This creates a competitive advantage, increased speed to market, cost reductions and brand protection.”

Diane Palmquist, vice president of manufacturing industry solutions at GT Nexus, warns that if you don’t know your supply chain, you’re not only unprepared for the big disruptions, but also the tiniest disruptions, which can quickly escalate into a major bottleneck. She says, “Peugeot lost billions of dollars one year—they couldn’t make any vehicles—because of a little fastener that was made from a Tier 2 supplier in Italy.” Alternatively, sometimes it takes a major event for a company to sit up and take notice of suppliers of all tiers. She mentions that, when the Japanese tsunami happened in 2011, it was a wake-up call. There was even a New York Times story about General Motors (GM) going into a war room for months to determine its Tier 1 and 2 suppliers. Palmquist notes, “A big tsunami exacerbates the issue, but that issue already existed. It means that [GM] already didn’t know where it was getting its supply. It doesn’t have to be a big disruption that causes pain. That’s why, for just regular business continuity, day-to-day operations and execution, you have to know whom your suppliers are and whom your backups are.”

Winshall concurs, “Costly outages, delayed reaction time, lack of quality control and cost containment challenges are all major risks businesses become susceptible to when they’re not familiar with their entire supply base. The more collaborative and communicative you are with suppliers, the more you can mitigate risk. It’s a matter of maintaining control, and playing defense and offense at the same time.”

It’s also important to stress that, to many consumers, there is no difference between a brand and its suppliers. Essentially, therefore, your suppliers are an extension of your brand and organizations need to collaborate with suppliers to ensure their corporate social responsibilities are in line with what the organization preaches. “A landmark example of such risk was the 2013 Rana Plaza factory collapse in Bangladesh where rescuers found over 1,000 dead workers and apparel that was made for large, household-name retailers. Those retailers denied they authorized production of their garments at that unsafe facility, yet the production was being done there regardless. Though it dwarfs the pain experienced by the families of the victims, those retailers incurred damage to their brands. Other indiscretions can be exposed as well, including slave and child labor, environmental hazards and financial support for conflict minerals. If there is social irresponsibility in a company’s supply chain, it could ruin their brand if exposed. So, companies need to know their supply chains inside and out.”

Getting Down to the Nitty Gritty of Your Supply Chain Network

Palmquist suggests organizations map out their supply chain networks to determine their Tier 1, 2, 3 and more suppliers, but acknowledges that it’s not easy. One reason is that an organization’s supply chain network can change in the blink of an eye. However, even with rapid pace of the changing supply chain, most companies know where they generally source components and material from Tier 1 suppliers. From there, Palmquist advises collaborating with those Tier 1 suppliers to obtain a list of their suppliers, and so on and so forth.

However, she admits, “Often times, organizations may not know every single supplier of every single component, but they can get down to any critical components, and they need to know what those are and where that’s coming from. Once they map it out electronically, it becomes much easier. If they want to be able to link it, they should take that network for any specific product line or SKU, and look at that supplier network, and map it out and visualize it, so they can make changes. They can also tie that in with risk management software solutions that can be predictive in telling an organization where there’s political unrest or weather issues or something else going on. They can look at it across that supplier network to see where they need to maybe take some action.”

Sonal Sinha, vice president of industry solutions at MetricStream, confirms that analyzing what an organization’s supply chain universe contains can be a very daunting task. Not only are companies growing organically, but also inorganically through a deluge of mergers and acquisitions. Add to that the global nature of commerce and supply chains, and the increasing participation of suppliers from less advanced countries that may not have sophisticated tracking mechanisms or systems in that equation, and the once-clear waters muddy very quickly indeed.

Sinha recommends using a risk-based approach, whether based on an organization’s payment history or highest revenue product, to identify suppliers, “so not trying to boil the ocean to get 100 percent of all suppliers. There's a good chance that, if you paid a supplier in the last couple of years, they're active. A second step would also be to take a look at the highest revenue product you're selling. If you have 200 products in your portfolio, but 10 of those 200 make up 80 percent of your revenue, then focusing on those 10 products and the suppliers supplying components for those products can be a really great way to start gathering information on your highest risk suppliers.”

Biju Mohan, vice president of consulting at GEP, agrees that organizations should identify high-risk suppliers based on financial impact to the business, but he also adds the “time to recover for the business in case of a disruption. There needs to be a constant assessment of strategies—including back-up options, inventory management, rapid response manufacturing, etc.—that can be put in place to manage any risks with these suppliers. Increasingly, it is important to start evaluating the risk impact of a supplier change as part of this process.” Mohan continues, “Familiarize yourself with the suppliers. Knowing and measuring the potential financial impact and time to recover from risks driven by suppliers can help an organization manage their risk profile and take corrective/predictive actions as needed.”

Risk-Ranking Your Supply Chain Universe

Many organizations are getting into the habit of assigning risk profiles to suppliers, based on different metrics, because of the complexity of the supply chain network. These key performance indicators (KPIs) and risk indicators vary by company, goals, supplier geography, etc. In this case, there is not necessarily a one-size-fits-all methodology. Sinha says that, when it comes to business continuity risk, some companies may assess factory location, export markets, geopolitical forces, and finance and credit ratings, to name a few.

According to Winshall, organizations can take supply chain mapping a step even further to incorporate risk, “Companies can geo-code suppliers utilizing service-area mapping technology, and can then apply risk indices for things like corruption, political instability, logistics performance, climate risk and more. In doing this, businesses know how a commodity or product may be impacted at the time of an event, like a natural disaster or a labor strike. Organizations that don’t have this technology may not be alerted for days or weeks, and a slow reaction can cause irreversible damage and financial loss.”

Dominick concludes, “Supply chain leaders need to think about creating a supply chain culture that applies to all of their suppliers at every tier. Having multi-tier visibility into one’s supply chain is a product of creating a culture that promotes a spirit of collaboration, information sharing and transparency. That type of culture needs to start with a C-level relationship between an organization and its strategic suppliers, and replicated at each tier of the supply chain. When the ‘let’s be a successful supply chain’ mantra is more than lip service, then it should not be a stretch to imagine C-level executives from companies at each tier of that supply chain in the same room at the same time.”

Six Steps to Prepare for the Trade Facilitation and Trade Enforcement Act

By Mickey North Rizza

President Obama signed a new trade law that bans imported goods made through slave labor. The Trade Facilitation and Trade Enforcement Act eliminates a loophole in the Tariff Act of 1930 allowing the import of slave-made goods when demand for a product exceeded domestic supply. Now companies all over the world have to dig deeper into their supply chains to ensure slavery and human trafficking does not exist.

The new provisions affect any company that does business internationally and with foreign supply partners. Ramifications for noncompliance include trade restrictions and barriers, and negative media attention and public perception. With parent companies now legally responsible for the actions of their supply base, businesses need to take proactive measures so their entire supply chain is slave- and child labor-free.

Step 1: Understand the Law and Where You’re at Risk

The first step is to map your supply chain to see where you are prone to risk. Take a look at the U.S. Department of Labor’s list of goods expected to be made with forced labor and compare it with your supply base. This is not an all-inclusive list, but understanding where you may be vulnerable can help you wrap your mind around where problems may arise. Start at the top of your supply chain and work your way down across the rest of the tiers, including manufacturers, importers, exporters and trading companies.

Step Two: Work with the C-Suite to Ensure Alignment

Secure the executive team’s support as you develop a supply chain or supplier risk management plan tied to your enterprise risk strategy. Work with the C-suite to map out the impact any noncompliance with the new law may have on your business and be prepared with a disaster plan that protects the entire organization.

Step Three: Preparedness Is the Best Form of Risk Management

The seemingly simple process of identifying alternate suppliers in the event of a disruption is now more complicated with the new law. There is more criteria to consider when vetting a secondary source, so companies need to take a deep look into the supply base now to avoid issues down the road.

Step Four: Leverage Technology for Enhanced Visibility and Tracking

Companies need procurement systems in which suppliers can onboard all of their information themselves. This makes suppliers accountable for their own supply base, sharing information that may indicate noncompliance throughout the tiers.

Step Five: Set Up a Regular Auditing Program

Routine and surprise audits are critical for staying abreast of what’s going on in your supply base. If red flags surface, you need to conduct audits more often and remedy the issues quickly.

Step Six: Stay on Top of the Laws

Work with your legal function to understand the policies and processes required when you run into issues with noncompliant suppliers. Outlining current processes, the compliance and noncompliance criteria, and tying the new law into your practices can help you understand what needs to change. Changing ahead of the laws gives you time to do your due diligence and implement best practices.

Mickey North Rizza is vice president of strategic services at BravoSolution. To read the full article, please visit