Don’t let a supply chain control your business
In the past 25 years, major original-equipment manufacturers around the world have shifted to the Japanese tiered approach to supply chains. They’ve radically reduced the number of suppliers that they directly manage and off-loaded responsibility for supervising the rest, along with the task of building major subsystems, to a handful of first-tier suppliers. The attractions for OEMs were faster new-product introductions, larger volume discounts, reductions in the capital and risks associated with developing and producing the subsystems, and the ability to spend less management time on overseeing the multitude of lower-tier suppliers and more on building core competencies.
A functioning supply chain is essential in today’s globally connected, complex economy. Any disruption could affect a company’s reputation with its customers or lead to significant losses in revenue and productivity. In a worst-case scenario, a single interruption within the thousands of suppliers a company works with could lead to bankruptcy.
For a recent example, recall the case of the Japanese earthquake and tsunami in 2011, which created a significant risk to automotive companies around the world who were dependent on this market for parts.
With such high stakes, why do so few companies have a proper supplier risk management program that mitigates interruptions and safeguards against the risks suppliers have in the business?
Perhaps, the risk management team is already burdened by other business risks. Or maybe the current supply chain evaluation process is deemed effective enough – though often incorrectly. Regardless, every business with suppliers needs to build a framework to assess the risk in their supply chain.
The supplier risk program framework
An effective supplier risk management framework starts with a three-step process involving supplier risk filtering, process integration and system integration.
Supplier risk filtering is just what it seems – the process of sorting and filtering suppliers based upon the risk profile of each supplier in order to allow for more effective management of the supply chain. Process integration moves beyond a standard risk model designed to assess a risk at one point in time by using a sustainable, integrated risk model that is leveraged on an ongoing basis and throughout the entire enterprise. The last step, system integration, automates risk processes to provide real-time supplier risk profiles throughout the procurement process.
Let’s walk through the first step, supplier risk filtering, to see how a large organization that contracts with thousands of suppliers in a given year can determine which suppliers to assess. NWCC takes a four-stage approach to Supplier Risk Filtering.
Stage 1: Segmentation
A segmentation model is used not only to assess risk but also to evaluate the supplier relationship and provide behavioural and attribute modelling. The model may segment the risks by size, operation, management, geography, etc.
Stage 2: Categorization
Companies need to develop an industry specific risk-based categorization model. This stage captures supplier categories unique to an industry and importantly, includes risk scoring of each category to allow for more effective monitoring of unique industry risks. Categorization allows for quicker identification of emerging market and industry risks specific to the type of service or product that is supplied.
Stage 3: Inherent risk assessment
Organizations must develop an inherent risk assessment framework that is given to suppliers to leverage their existing risk policies and design. This risk framework should include reporting templates and communicate your risk assessment outcomes to stakeholders. The result is a risk assessment model for suppliers tailored to the organization’s unique risk culture and reporting methodology. The objective is to have your suppliers bend to your risk management requirements.
Stage 4: Residual risk assessment
The inherent risk framework should be developed together with tools designed to reflect how your suppliers are assessed and what that assessment means to your work plan. This enables the company to evaluate the completeness and effectiveness of the risk mitigation (due diligence, supplier control and monitoring) activities and provide a valuable profile of your supplier base on a regular basis.
The four-step process filters suppliers based on the risk they pose to the company and provides for a reporting structure that can significantly improve the suppliers’ own risk management.
Supplier risk management is an evolving discipline and process designed to gain greater control over supplier risk and improve the efficiency and effectiveness of an organization’s supplier risk oversight. An integrated risk assessment (the integration of risk management into the procurement process and lifecycle) allows the organization to address supplier risk at the time the potential exposure is identified and avoid the burden of a time-consuming annual risk assessment. Most importantly, risk mitigation occurs in a timelier manner, thereby better protecting the company from unpleasant surprises.