As supply chains become more complex and buyers are being held increasingly accountable for their actions, the need to protect against supplier risk is more pressing than ever.
According to McKinsey & Company’s 2010 Global Survey on the challenges ahead for supply chains, two-thirds of respondents say that risk has increased in the past three years, and nearly the same share see risk continuing to rise. Interestingly, respondents in developed Asian countries reported more concern than those in any other region, with 82 per cent saying their companies’ supply chain risk will increase in the next five years.
Although supply chain risk may arise from a wide range of circumstances, the risks buyers face in relation to their suppliers is one of the most significant and is growing rapidly.
Over the last few years, the nature of supplier risk has changed greatly. Whereas buyers were once able to protect themselves from the misdeeds of errant suppliers by contract, attitudes have changed significantly and a buyer must now be able to demonstrate that they have in place rigorous processes for checking compliance. Regulation has increasingly moved towards making compliance the obligation of the buyer and less so the obligation of the supplier.
However, it is not just in respect to legislative compliance that buyers need be concerned. Public opinion and consumer power hold sway over a brand’s value and attitudes over such issues as the use of child labour will not differentiate between a wayward supplier and an unaware buyer or brand owner. Investigative journalism and the power of the internet have changed the nature of the game and raised the stakes.
Given this greater burden of responsibility that buyers now have to contend with, it is worth considering the sources of supplier risk that buyers are increasingly exposed to.
Key sources of supplier risk
1. Supplier failure. This is where a supplier goes out of business, is acquired or is unable to raise the necessary finance to fund the servicing of the contract.
2. Quality or service failure. Where a supplier fails to deliver to the quality or timescale required.
3. Risk to reputation. Where a supplier delivers, but does so in a way that damages a buyer’s reputation, particularly in respect to breaches of corporate social responsibility (CSR).
4. Exposure to litigation. This may arise from a supplier’s non-compliance with legal requirements such as health & safety, environmental breaches or a lack of up-to-date insurance cover.
Having determined the main categories of supplier risk it is necessary to establish what sort of information is necessary in order to reduce these risks.
Over the last three years the risk from a supplier going bankrupt has increased dramatically. Visibility of information relating to the financial health of a supplier is critical to alleviating this risk. The sort of information required is forward-looking financial data that is not only up-to-date at the time of awarding the contract, but is also available and current during the entire life of the contract.
When looking at a supplier’s financial health a buyer should not only be concerned with financial data in numeric terms, but should also be looking at the financial controls that are in place. Several sources of research demonstrate that there is a very close linkage between companies with poor financial controls and those that are highly vulnerable to financial distress.
A supplier in a weak financial situation is often liable to takeover, and if this happens halfway through a project, that company may either want to renegotiate the contract, or may not have the same interest in the work.
Quality or service failure
Supplier performance has two characteristics. One is statistical performance which can be measured from ERP solutions. The other is more subjective, relating to how cooperative the supplier was: How good was their management of the project? How effective were they at sending details? Was the overall perception that this was a job well done?
Risk to reputation
The reputation of a company or its brands can be severely damaged by the actions of its suppliers. There have been numerous high-profile cases where the use of child labour at a supplier or a lower-tier supplier has been exposed by the press, resulting in embarrassment and reputational damage to the buyer. Exposure to this risk has been exacerbated by the trend towards global sourcing.
The problem is in assessing which suppliers present a greater risk. No supplier is going to state that it uses child labour in a questionnaire. You may feel good having asked the question, but it certainly does not protect you, the buyer, from reputational damage.
When collecting information, look at your risk profile and assess what sort of information you are going to collect and how you are going to validate that data. You need to ensure that you are collecting sufficient information at the first stage to allow a risk assessment. From that risk assessment you can then focus your resource and validation on the highest risk areas until you are confident that you have enough information to protect yourself.
Ethical audits of suppliers are necessary for reducing exposure to this potentially highly damaging source of risk. Undertaking a proper ethical and social audit is a highly skilled activity requiring knowledge of the process, of CSR issues and of good auditing priorities.
Exposure to litigation
A supplier’s failure to comply with health & safety practices and legislative requirements can have significant ramifications, not only in terms of damage to reputation, but also in terms of cost and exposure to possible litigation. Conducting regular audits of suppliers, and having detailed and up-to-date information on suppliers, is the only way of mitigating this risk.
With high risk suppliers, a desk-based audit is not good enough. On-site assessments are required to ensure that suppliers are doing what they say they are going to do.
In some cases, a buyer may wish to protect themselves by ensuring that a supplier is insured. If the supplier says it is insured, the buyer needs to know that the insurance is valid; that it covers the areas of activity the buyer is likely to purchase from the supplier; and that coverage is being maintained during the course of the contract.
Gathering and assessing information
The only way buyers can reduce their exposure to supplier risk is through the appropriate gathering and assessment of verified supplier information and then having the right processes in place to monitor suppliers on a continuous basis. The best practice approach is to collect enough information to allow the buyer to define the level of risk presented by their supplier base and to then categorise the risks. By doing this the buyer can focus resource on closely monitoring those suppliers of the highest risk.
When gathering information suppliers should be asked to initially complete a questionnaire and the questionnaire should be flexible enough to reflect the risk that is appropriate to the supplier.
The four stages of risk assessment
1. Ask the supplier to provide data
2. Classify the information in accordance to risk
3. Define the medium and high risk areas
4. Put in place a validation or verification programme. This could mean an on-site audit to verify the information. In some cases there may be published sources that are sufficient.
Mitigating supplier risk is all about having access to accurate, validated, and verified data. That data should be presented as useful information that can be easily viewed, understood, and acted upon. But, essential to the ongoing maintenance of a low-risk supply chain is the monitoring of suppliers on a continuous basis and for that you need well maintained records, updated on a regular basis. Only by having systems that deliver this level of visibility, across an industry, can the risks presented by a supplier be fully understood and mitigated against.
Colin Maund is chairman of supplier management service provider, Achilles Group, which identifies, qualifies, monitors and evaluates suppliers on behalf of major organisations worldwide. www.achilles.com