How to Build Lines of Defense in Supplier Risk Management

Most large companies and global conglomerates today have mature risk management protocols to control losses and protect their reputation. These are complex operations that need attention even prior to commencing any procurement activity and must be managed in a continuous and evolving cycle.

However, there is still a dearth of supplier risk management efforts when we look at the vast quantum of global commerce. Most companies have a poor risk assessment system. Even if they have some active procurement risk management operations, they are largely unprepared for the unpredictable nature of numerous risks from both internal and external events and influences.

Understanding the nuances of comprehensive risk assessment

There are two broad areas where risks may affect a company:

(a) Risks to supply: These factors could affect the inventory, manufacturing, production, or distribution process. While these risks do have financial implications down the line, they can have a critical impact on the supply chain. Some of these risks could co-relate to reputation management since compliance and safety policies of a third- or fourth-party vendor could also impact a company’s branding.

(b) Risks to cost: Many of these factors are unpredictable, and some are even considered unavoidable. A pandemic or a natural disaster or a political upheaval are risks that cannot be controlled but will have a direct financial impact on a company operating in that region. However, certain risks to cost like quality management and supplier validation procedures must be seen through with a constant effort for improvement.

The 4 accelerants that influence procurement risk management

Since procurement operations are lifeblood to a company, risk management solutions should be effective across the entire length of this function.

Risk assessment should begin with the initial demand list, and the procurement team must analyze each item and category against an extensive checklist of possible risks. This is the only way to ensure that risk management issues have been given due diligence.

With such a wide range of factors that can be deemed as risks in procurement, it is best simplified down to the four most important accelerants that make modern supplier risk management so complicated:

1. Accountability:

With the scale of public information and accessibility via the internet, consumers are extremely aware about the companies and brands that they interact with and purchase from. This makes a company much more accountable for every distinct activity within its supply chain. In some instances, the impact of one risk realizing itself may start snowballing or escalating into a major financial loss.

2. Globalization:

Procurement risk management has become much more complex and diverse because modern supply chains are increasingly global in nature. The stakeholders need to be aware of the several statutory risks within each category while also keeping an eye on specific regional factors like social, geographical, and political influences that may introduce new risks or magnify existing risks.

3. Leaner operations:

Lean operations help cut costs during procurement, but they also reduce the buffers and check that responsible stakeholders need to defend against certain known risks. One fundamental example of such conflict between lean manufacturing and supplier risk management is that fewer vendors exponentially increase the risk of shortages and delivery failure, but cyclically increase profits for the company.

4. New risks:

The most prominent new risks concerning third-party risk management have to do with data security and integrity. Europe’s General Data Protection Regulation is an example of how vital data integrity and security are for businesses.

However, new risks may also account for unpredictable factors like natural disasters, cyberattacks or changes to the regional laws and regulations, which cannot be predicted or prepared for adequately.

The critical lines of defense in supplier risk management

The unpredictable nature of supplier risk management makes evaluating and preparing for certain risk factors almost impossible. While procurement risk management is imperative, the resources are rather limited, and the manpower requirements are substantial.

Risk assessment is a continuous process that requires validation. While technology can help identify risks and find the response or solution, a person needs to take executionary responsibility.

Procurement teams need to have a proactive, “take-charge” attitude towards risk mitigation. Both internal procurement teams and external consultants need to better distribute the many responsibilities and take ownership of risks at different stages of the supply chain. However, consistent success with risk management efforts is only possible if these teams have the right technology resources to process and utilize data in an efficient way.

Governance and cycles of procurement risk management

A systematic governance of risk management operations is the only way for a company to manage risks at the global level. This starts with risk assessment and due diligence towards all the statutory and known risk factors within that category and follows through with a broader risk assessment of regional and geo-political factors.

However, there is no final stage to supplier risk management; because the process must be continuous, and as dynamic as the wide scope of risks in any industry.

The latest digital supply chain risk management solutions with AI attributes may be able to easily flag risks that need attention but cannot act decisively upon the problem.

It is important for the stakeholders, and ultimately the company’s decision-makers, to understand the many risks in procurement and dedicate adequate resources towards effective risk assessment and continuous management. In the recurrent effort to overcome the challenges of globalization and growing competition, proactive supplier risk management is both the shield and the sword for a company.

In-house supplier risk management units and external procurement partners

Every company needs to invest sufficient in-house manpower and resources towards procurement risk management. Risk ownership and acceptance must be controlled directly by internal stakeholders.

However, outsourcing certain aspects of the cumulative risk management effort to a capable procurement partner helps a client company save some vital in-house resources while gradually expanding its risk management capabilities.

Procurement partners provide both reliable market intelligence as well as the vital technology resources necessary to process and analyze such great volumes of master data. Procurement partners with intelligent data processing capabilities can provide strategic consultancy and managed services. Additionally, they provide critical support services such as regular supplier relationship management (SRM), and double validation for documents.

Since all contemporary risk management solutions operate on digital platforms, it becomes easy for internal SRM units to coordinate with external procurement risk management experts. This creates a multi-tier validation system whereby every relevant purchase order, contract, and critical procurement documentation can be reviewed and validated at multiple touchpoints. It also becomes easier to track the source of a problem and creates a long (digital) trail which safeguards against fraud and corruption.

Building stronger supplier relationships

While supplier risk management is more predictable than risks from unforeseen factors, it is more complicated to assess and manage. This is because of two primary challenges:

(a) The supplier needs to have an extensive sequence of documentation, licenses, and mandatory insurance coverage according to their industry and specific production operations. These extensive documentation and verification processes require continuous risk assessment. Many supplies and services may involve fourth- or fifth-party vendors, which further complicates compliance management operations.

(b) While larger companies and procurement partners may have necessary SMEs and sufficient manpower resources to follow the constant changes in regulations and documentation mandates, smaller enterprises typically cannot keep up. Therefore, goods and services from local vendors present the highest risk in procurement yet create the lean supply chain deemed vital for cost reduction.

To ensure third-party compliance and reduce the magnitude of risks from these extensive supply chains, procurement experts typically apply the best practices of SRM. By interacting with suppliers on a regular basis regarding factors like regulatory changes and improvements to quality, even the largest global supply chains can be managed efficiently. This also helps develop the industry holistically, since the interaction between suppliers and their clients helps better define new risk parameters within each sector.

Read the second installment of the series: Decoding the Best Practices in Third-Party Risk Management.