Supplier risk management

Supplier risk management (SRM) is an evolving discipline in operations management for manufacturers, retailers, financial services companies and government agencies where an organization is dependent on suppliers to achieve business objectives.

The complexity and globally outsourced nature of modern supply chains, combined with the practice of optimization techniques such as lean and just-in-time manufacturing in order to improve efficiency, has increased supply chain vulnerabilities to even minor supply disruptions. While these models have allowed companies to reduce overall costs and expand quickly into new markets, they also expose the company to the risk of a supplier bankruptcy, closing operations, data breach^[1] or being acquired. Among the several types of supply disruptions, most severe are those that have a relatively low probability of occurrence with a very high severity of impact when they do occur. While such risks cannot be eliminated, however, its severity can be reduced.

Objectives

To overcome these challenges, companies mitigate supply chain interruptions and reduce risk with strategies and tactics that address supplier-centric risk at multiple stages in the relationship:

• On boarding: Bringing suppliers into the operation with registration that includes:
  • A centralized supplier registration portal
  • Integration of third party performance, financial data and predictive indicators into the supplier profile
• Monitoring for stability beyond financial data, including:
  • Sanctioned countries,^[2] criminal and terrorists (i.e. Office of Foreign Assets Control) ties and operational performance
  • Visibility into potential disruptions caused by geopolitical threats, acts of nature, etc.
• Cultivating strategic supplier relationships for the long-term:
  • Leverage supplier scorecards for continuous improvement
  • Establish and use benchmarks for measuring supplier performance
  • Creating a system for collaboration and supplier development
• Establish control across the extended enterprise:
  • Create integrated supplier networks
  • Extend performance management benchmarks to second and third tier suppliers

Supplier risk in recession and recovery

In 2008–2009, manufacturers experienced the startling speed at which suppliers can move from stability to shutting down operations. The devastating impact of a crucial supplier failure has moved risk management from add-on service to mission-critical. With a new focus on risk management, manufacturers have seen value whether the economy is stagnant or thriving.

With a transparent, accessible and comprehensive set of supplier information, manufacturers have been able to monitor suppliers for behavioral changes which contribute to overall stability, including:

• Changes in the supplier's management team
• Environmental legislation violations
• Health and safety incidents
• Quality issues
• Noticeable lags in response time to inquiries
• Foreign asset violations

Changes in any of these conditions can be defined as parameters for raising an alert. For example, a financially stable supplier may in fact be about to lose it CEO to retirement – which may cause issues within the management team. Early visibility into that change gives the manufacturer time to ensure it does not affect customers negatively.

Based on the criticality of the supplier and the nature of the alert received, the manufacturer can then choose to take necessary action, such as calling or visiting the supplier, increasing monitoring, or moving towards terminating the relationship with the supplier and finding a replacement.

Benefits

Reducing supplier risk can:

• Give insight to manufacturers to create defensive and offensive strategies that turn risk into a competitive advantage.
• Help determine whether or not it is beneficial for a company to conduct a customer intervention and know in advance what the potential outcomes might be for an intervention.
• Improve competitive position in the market.
• Lower supplier costs.
• Position manufacturers to better address customer needs by addressing supplier vulnerabilities before they become apparent.
• Prevent loss of customer's trust due to data exposure or systems being hacked.

See also

• Third-party management
• Business intelligence
• Master data management
• Risk management
• Supplier performance management
• Supply-chain risk management
• Volume risk

References

1. "Third Party Vendors Could Be Your Greatest Cyber Risk - Preparis". www.preparis.com. Retrieved 2017-07-31.
2. Bureau of Industry and Security (2022-07-28). "Sanctioned Countries".

Further reading

• Understanding Risk: Avoiding Supply Chain Disruption, IndustryWeek, 11 May 2009