Five Ways to Manage Supplier Risks

By John Bugalla and Kristina Narvaez. F

Supplier risks are becoming more challenging because of the inherent difficulty in achieving supply-chain visibility.

As companies develop business relationships around the world into more complexsupply chains, protecting these essential links from disruption is becoming harder to manage.

Thus growing number of organizations are developing enterprise risk management (ERM) frameworks and other holistic risk management approaches to response to an increasingly uncertain global business environment. Developing ERM programs make it easier for companies to focus on the root causes rather than on the symptoms of disruption in their business operations and thus prevent such disruptions over the long term. Via such approaches, companies can actively anticipate, track, and manage the various types of risks in their supply chain.

Given the complexity of managing third-party risks across different business units, many companies are turning to predictive analytics to gain a better and more comprehensive view of long, complex supply chain and distribution networks.  There are many challenges in doing business with suppliers in unfamiliar markets, each with its own unique array of threats. Problem areas can include language barriers, unstable local politics, geographical issues and vastly different legal systems.

Supplier risks are also becoming more challenging because of the inherent difficulty in achieving supply-chain visibility in a setting where suppliers are arranged in multiple tiers. Indeed, many companies don’t have the ability or the will to map even their first-tier suppliers. That can leave them blind to risks buried deep in their supply chains and extremely vulnerable to a failure of a tier-two or tier-three supplier. Consider, for example, the lessons Mattel learned beginning in August 2007 when it recalled 967,000 toys because a supplier in China that the company had worked with for 15 years had been using lead-based paint. At the time, Mattel required the factories it contracted with to use paint and other materials provided by certified suppliers.

Mattel executives said then that they did not know if the contract manufacturer substituted paint from a non-certified supplier or if a certified supplier caused the problem. One of the company’s solutions for better quality management was to reduce the amount of toys it made through contract factories. About 50 percent of Mattel’s revenue came from toys made in 11 factories it owned and operated. The other half came from toys that it outsourced to up to 50 manufacturers in China. Those toys tended to be short-term products that featured characters from movies and television shows rather than Barbie dolls and other long-term Mattel brands.

In light of this recall, other organizations like Nickelodeon and Sesame Street decided to introduce a third-party monitor to assess all the companies that made toys under their brands, including Mattel. In the summer of 2007, the Toy Industry Associationworked with the Consumer Product Safety Commission to introduce new regulations to require more stringent safety checks.

Companies with successful risk management strategies use a variety of tools to manage specific threats to adverse supplier events, and collective action like taken by the Toy Industry Association can be one of them. In addition,  those that use data-driven tools are significantly more likely than those that do not to successfully manage their supplier risks.  Of course, it’s important that there’s a process in place for proper aggregation of risk information throughout the organization. And that should be a process in which the use of advanced data tools enhances, rather than displaces, management’s judgment.

Advanced analytics and “Big Data” are set to play as big a role in risk management as it has in other aspects of business management. The new, sophisticated, data-driven techniques will make ERM more efficient, freeing managers and executives to focus more on the task of rationalizing risk across the company. Data is a supporting element of a high-performance, cross-functional organization, but managers must integrate what the data’s saying into their companies’ workflow and culture for it to be effective.

What if your company can’t invest in advanced analytics? Here are some basic risk practices that can be implemented to better control supplier risks in your organization:

1)  Assess the risk landscape. Use tiered risk assessments that establish the likelihood and impact of a risk event from suppliers. Develop risk mitigation strategies for each supplier tier and a risk governance model that establishes roles and responsibilities for executives and employees.

2) Deploy comprehensive supplier reviews. Periodically review risk control practices of existing suppliers and a verification process to qualify new suppliers.

3) Deploy risk metrics. Create Key Risk Indicators that you can use to alert your company to problems in the supply chain.

4)  Report on risks internally. Set up a process to monitor risks in your supply chain, collect the information about the risks and report on them.

5) Improve continuously. Assess your risk monitoring and governance frequently and close gaps in those systems.

Company boards are expecting more proactive efforts in developing a holistic view of supply-chain risks. The presence of effective ERM programs can help assure those directors that disruptions are being kept to the barest minimum.

John Bugalla is a principal with ermINSIGHTS and Kristina Narvaez is president and CEO of ERM Strategies LLC.