Supplier Risk Management | Supplier Risk Assessment | EmpoweringCPO (2023)

Supplier Risk Management | Supplier Risk Assessment | EmpoweringCPO (1)

The supply chain is the backbone of any business and suppliers are the starting point. Any discrepancy at this pivotal point can damage, disrupt or bring to a standstill the entire chain. Thus, the significance of this critical component – supplier risk assessment – can’t be taken lightly nor the risk associated with it.

Risks associated with Supplier Failure

The risk a supplier disruption can pose can be multi-fold, widespread, huge, or minimal. The following risks can be attributed to the failure of a supplier:

  • Immediate revenue loss & liquidated damage claims
  • Interruption of production
  • Additional costs to resource
  • Delay(s) of major capital investment projects
  • Requirement for increased management time
  • Loss of customer goodwill
  • Reputational damage
  • Potential loss of any competitive advantage
  • Adverse stakeholder reactions like analyst downgrades

It’s a challenge in itself to identify & quantify, let alone abate the risk of suppliers. A strategy, a system is required to protect one’s organization from such a risk. Supplier Risk Management is a program that offers such a strategy.

What is Supplier Risk Management?

A program to mitigate risk will require research, analysis, and constant monitoring of suppliers based on their importance. It will identify risk, quantify it based on some attribute and provide for remedy or safeguards where required. Thus, Supplier Risk Management can be defined as a process of predicting and preparing for the probable variables that may adversely or favorably impact the supply chain.

Process Adopted: Mitigating the Risk

The following 4 steps are adopted in supplier risk assessment by EmpoweringCPO to help its clients identify supplier risk and protect against it:

Step 1: Collecting Data during the Sourcing Process and validating it by Third-Party Sources
  • This process requires integrating risk mitigation & management in the sourcing process by conducting marketplace due diligence, asking the right questions, collecting & documenting all information about suppliers, and verifying supplier information.
  • Regular updates of information collected to ensure working with current information

1) Integrating Risk Mitigation & Management in the Sourcing Process :

  • Marketplace Due Diligence: Knowing the marketplace can help in finding the right suppliers.
  • Ask the Right Questions: This can help us in finding lots of answers related to supplier risk. EmpoweringCPO has identified a list of such questions, some of which are:
    • What % of your business is the supplier’s total revenue? (dependency aspect)
    • Whether there is exposure to Tier 2 suppliers who service multiple Tier 1 suppliers? (supplier tier aspect)
    • Are we named under ‘also insured’ on the supplier’s insurance certificate? (a business requirement aspect)
    • What suits, liens, and judgments have been passed against the supplier and their impact on the supplier’s ability to cater to us? (legal aspect)
    • Are they on US Government’s ‘Debarred List? Do they have OSHA Violations? Do they have I-9 Certifications? Do they conduct background/drug checks for people working on your account? (governmental aspect)
  • Collecting & Documenting Supplier Information: Collection, aggregation, centralization, and documentation of collected information on suppliers are done continually, accurately, and systematically.

2) Information Maintenance:

The information collected above is regularly updated to ensure that work is being done with fresh information.

Step 2: Classifying Vendors as per Risk Type & Determining Information Source to Monitor
  • Firstly, those suppliers are identified that can impact the business most and are high on supplier risk. These are then categorized based on supplier criticality which is identified based on some factors.
  • Sources of information to be monitored are identified.
  • A repetitive process is established to monitor in real-time both external data & internal data.

1) Supplier Categorization based on Criticality

Suppliers are categorized based on their impact on your business and their risk by scores attributed by ECPO consultants along with a small group of stakeholders and client’s category managers:

Supplier Risk Management | Supplier Risk Assessment | EmpoweringCPO (2)

Thorough research is conducted for the vendors which are classified as critical and strategic. The objective is to collect as much information about these vendors as possible so as to help in predicting probable failures.

The criticality of each supplier is determined by posing some questions like:

  • What need does the supplier fulfill?
  • How essential is the supplier to the overall operation?
  • What is the fit of the supplier for the company’s plan regarding supplier diversity and sustainability?
  • What would happen if the company lose the supplier?
  • How can the supplier loss be handled?

Suppliers can face the following types of risks:

  • Financial
  • Environmental
  • Operational
  • Legal
  • Political
Supplier Risk Management | Supplier Risk Assessment | EmpoweringCPO (3)

Following are examples of some factors included in these types:

  • Changes in the supplier’s management team
  • EPA/OFAC violations
  • OSHA Incidents
  • Quality issues
  • Noticeable lags in inquiry response time

The categorization of these risks is explained in the table below in terms of 2 broad parameters – business impact & supply risk – each containing 6 factors. These are -:

Business ImpactSupply Risk
Total Cost (Spend volume)Financial health, Logistics, Inventory & Lead time
Impact on Customer ValueEntry barrier, Intellectual property
Impact on Product DifferentiationPressure from Substitute
Impact on Company PerformanceBargaining power
Impact on Safety and Governmental/Industrial RegulationsOff-shore supply
Impact on Status/RankingSupplier availability

2) Identifying Sources for Monitoring:

All those sources that would provide relevant information on suppliers are identified and monitored. These sources can be categorized as follows:

External Information

  • News feed
  • Government control lists
  • Court filings
  • Payment history
  • Earnings Report

Internal Information

  • Internal Surveys
  • Eternal Colleagues Survey
  • Supplier references

Internal information provides more subjective insight as compared to external information by leading to a better understanding of perception about the supplier in the marketplace.

3) Real-time Monitoring:

Information collected from both external & internal information is monitored continuously in real-time so as to identify potential supplier failure and manage it proactively.

Step 3: Continue & Repetitive Analysis to Trend the Information & Identify Potential Failure
  • Analyze data collected in the above steps based on several parameters.
  • Trending the analyzed information over time to get a bigger picture of supplier performance over a period of time.

1) Analysing Collected Data:

The data collected from steps 1 & 2 are morphed into actionable intelligence by analyzing the data on the following parameters:

  • Corporate Linkage: This provides information on the number of business units a particular vendor caters to, the vendor’s tier & whether its tier is a supplier for the company’s other suppliers too, and whether the vendor’s parent is also a parent for other suppliers.
  • Diversity: It tells you how diverse the supplier is – by-products, number of clients, client business, and so on.
  • Finance Risks:This refers to the financial position and profitability of the suppliers – liabilities, solvency, revenue & profit growth, etc.
  • Spend Analysis: The amount that you spend on suppliers should be analyzed by category, business unit, region, and country. Regions supplier ship to, suppliers that supply the supplier and the linkage of suppliers at different tiers need to be identified.
  • Supplier Performance: This deals with the quality, timeliness, accuracy, etc., as measures of supplier performance.

2) Trending the Analyzed Information:

A bigger picture of supplier performance and its conformance with accepted behavior thresholds is gleaned by repeating analysis and trending the obtained information month-over-month, quarter-over-quarter. For example, how the vendor performs during holiday rush days, etc.

Step 4: Preparing Mitigation Plans, Documenting Competitive Suppliers, Continually Researching for New Suppliers, and Initiating their Approval Process
  • It includes continual supplier risk assessment and quantifying the risk of supplier failure in terms of probable impact.
  • Risk mitigation plans are developed in terms of identifying other less risky suppliers or accessing supplier(s) easily in case of supplier failure. Regular update of these plans is required so as to remain relevant.

This step requires the following tasks to be performed

  • Continued assessment of the strengths and weaknesses of suppliers is done. Those who are more vital to business and of high risk need to be assessed more frequently, others less.
  • Effective systems are developed to identify and monitor supplier failure risk.
  • The impact of global crises or disasters on the supply chain should also be factored in while monitoring and evaluating vendors.
  • The impact of a possible supply failure shall be quantified in terms of what it costs the business to enable you to weigh his gains/losses from a vendor.
  • Agreements with suppliers should specifically state that you have a right to obtain information from the supplier and verify his status.
  • Discussions on supplier risk shall be conducted regularly by bringing together procurement, finance, and operations to monitor and review ‘at risk’ suppliers.
  • Develop mitigation plans to face the event of supplier failure in case it happens. This involves the following tasks:
    • Proactively prepare for potentially damaging supplier disruptions by having alternate sourcing strategies at hand.
    • Develop supplier contingency plans by documenting competitive suppliers and continually searching for new suppliers.
    • Refresh contingency plans quarterly to keep them fresh and relevant.

Deliverables – What will EmpoweringCPO Deliver?

  • EmpoweringCPO will adopt the above-listed process and a dashboard will be prepared to visually represent the critical factors and ‘at risk’ suppliers, a visual summary of the position of supplier(s) risk will be presented.

Supplier Risk Management | Supplier Risk Assessment | EmpoweringCPO (4)

  • The client is presented with contingency plans – multiple, if possible. EmpoweringCPO will also provide alternate supplier information.
  • The visuals & contingency plans will be updated regularly to ensure relevance.

Learn more about EmpoweringCPO, a Supplier Risk Management offering

Contact us today

Top Articles
Latest Posts
Article information

Author: Edmund Hettinger DC

Last Updated: 12/23/2022

Views: 5868

Rating: 4.8 / 5 (78 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Edmund Hettinger DC

Birthday: 1994-08-17

Address: 2033 Gerhold Pine, Port Jocelyn, VA 12101-5654

Phone: +8524399971620

Job: Central Manufacturing Supervisor

Hobby: Jogging, Metalworking, Tai chi, Shopping, Puzzles, Rock climbing, Crocheting

Introduction: My name is Edmund Hettinger DC, I am a adventurous, colorful, gifted, determined, precious, open, colorful person who loves writing and wants to share my knowledge and understanding with you.