With a bit of digging you can overcome the challenges of assessing supplier reliability

Anyone who sells a product or service understands that the twin objectives – low costs plus high profits – equal good business. This equation has become an integral part of our entrepreneurial skin. When we begin to think about supplier reliability, we run head-on into that long established equation.

Changes over the past decade have made it increasingly challenging to meet our basic business objectives. Significantly lower labor costs in less developed parts of the world, combined with the power of the global internet, have contributed to the allure of outsourcing critical services to locations at great physical distance from the purchasing firm and made it common practice. In the race to maintain competitiveness, manufacturing supply chains have grown greatly in length and complexity. Very rarely does a firm control all of the links in its supply chain.

In a world of rapidly multiplying risks from global warming and civil unrest in its many forms, proactive management of supply chain risk seems only prudent. Written contracts can be useful mechanisms to clarify relationships, costs, and penalties, but once you contract with a supplier outside of your home country, your options for enforcing such a contract may be limited at best. Imagine the repercussions if your firm’s failure to adequately control a supplier’s quality culminated in a widely publicized business disaster. Considerable damage to the firm’s reputation could result in both loss of revenue and long-term depression of stock price.

Quality control incidents are escalating. The use of lead paint on children’s toys and melamine contamination of pet food and milk-based products are two recent, glaring examples. Such quality problems can occur even within the US, as with the contaminated peanut paste scare in 2009. These incidents can result in customer boycotts of all of the firm’s products, and long-term loss of customer confidence. For some companies, reputations take a devastating hit when some remote link in the supply chain is found to be using child labor or other unfair labor practices in the production of the contracted goods.

This article addresses a supplier risk governance approach that will help your organization actively manage these risks. You will learn how to collect, aggregate, and analyze data that can help mitigate your organization’s thirdparty dependency risks.

Knowledge is Power

Without appropriate data, we can work only from vague impressions and gut feelings. Risk governance is no different from any other process in its data needs. And so this approach begins with the collection of all pertinent data, aggregates it in meaningful ways, and then analyzes it. Your main objectives here are to create knowledge about suppliers and the risks they impose on the purchasing organization, and to support managerial decision-making that takes into account all relevant factors.

Collecting the Data

1. Start by identifying your critical operations. This information should be available from your BIAs for each business function, possibly supported by additional interviews. Include any operation where anything more than a minor supplier incident can produce a material loss of revenue or a significant depression of stock value.

2. Locate all existing contracts with your primary suppliers. Take note of contracts that have few protections for the buyer of products or services.

3. Contact each supplier for more information about their operations: physical location(s) involved for your product or service, as well as the supplier’s subcontractors. What is each subcontractor’s business continuity capability?

4. If someone has conducted a risk assessment for this supplier, locate it. Note any past measures (such as dual-sourcing) or compensatory measures (a supplemental power supply) and assess their historical benefits and costs.

5. Locate all records documenting incidents with this supplier. Calculate the cumulative financial cost of these incidents for as many years as you have data.

6. Collect all insurance policies that might provide benefits to you in the event of an operational interruption.

7. If there is a written procedure for vetting third-party suppliers within your firm, locate it. If this procedure is not written down, talk to your purchasing and other contracting departments to find out what is the unwritten procedure.

8. In terms of historical and potential impact to the organization, prioritize all suppliers as either medium, high or critical. The financial values ascribed to each priority class will depend on the size of your organization and your degree of dependence on third-party suppliers.

If analyzing supplier dependency impacts is a new process for your organization, we recommend that you prototype this process by limiting your initial analysis to one or two clearly critical suppliers. This will allow you to minimize cost but still be able to demonstrate to your management the value of this process. As this process gains traction in your organization, you can then apply it to other critical suppliers, and adapt it to high and medium suppliers.

Analyzing the Data

Analysis and aggregation of the collected information is the next step to understanding the specifics of any supplier risk profile.

Presenting Your Results to Management

All of your work on data collection and analysis will be of little value if you don’t present it in terms that senior management can understand. This has been an ongoing problem with continuity and risk management efforts over the years, so take the time to carefully craft your results presentation.

Special Challenges with Offshore Suppliers

Any firm should be aware of the potential problems that may result from cultural differences at offshore suppliers, including the following:

• Immature civil law structures and jurisprudence may prevent the application of contractual terms.
• The more complex the supply chain, the more uncontrolled single points of failure. The greater the number of offshore transport pathways subject to sabotage, strike, or civil disturbance, the greater the risk of disruption.
• It is extremely difficult to counter culturally endemic corruption in an offshore location, and this can have serious impacts on product quality. Recent product contamination incidents have demonstrated how vulnerable manufacturers are to failures of offshore quality controls. Such incidents are likely to have both immediate and long-term serious financial consequences, and they are difficult and expensive to prevent.
• It is more expensive to audit suppliers in other countries because of distance, and because offshore suppliers may not respect audits or contracts as much as your own country does.

Ever mindful of the fundamental drivers of competitiveness, the challenge for the risk manager is to design and execute a universally applied supplier risk governance process. That process must decrease the probability of an incident and minimize its potential impact without significantly affecting the cost of the product or service. Ideally, governance of supply chain risk becomes an embedded part of proactive management and protects the longterm competitiveness and value of the organization.

The clash of cultures between the contracting firm and its offshore suppliers will continue to engender quality control risks, as recent cases so vividly indicate. Firms should factor those risks into the competitiveness equation: low costs plus high profits plus supplier reliability equals sustainable business.

About the Author
Kathleen Lucey is the President of the BCI-USA Chapter and runs Montague Risk Management, a specialized consulting firm. She lives in New York City and can be reached at [email protected].