It’s a massive job to pull your supplier risk management strategies together and integrate them into your sourcing and procurement processes. Why? Because just like the complex array of wiring, plumbing, floors, and walls required to construct a sound building, you need expert alignment of multiple systems and stakeholders to create a comprehensive supplier risk strategy that lets you:
- Harvest holistic risk insights to understand and manage your supply base
- Set workflows and metrics to foster business continuity and avoid major disruptions to your daily operations
- Address the ever-important issues of ethical supply chain management and sustainability in today’s economy
- Deploy secure technology solutions that incorporate these building blocks seamlessly
Putting everything together, it becomes increasingly clear that you need a blueprint for building a comprehensive vendor risk management program. Where do you begin?
When you construct a building, you must first determine the overall design; think of your supply base as a structure like this. Your supplier risk solution needs capabilities to govern three key levels of risk management process scenarios.
1. The top floor represents a relatively small percentage of your supply base
Between 5% and 10% of mission-critical suppliers must be watched like a hawk. For example, if you’re a hardware manufacturer making network routers, an inexpensive barcode label on a piece of hardware might be a small cost item on your bill of materials (BOM). But if it’s missing or incorrect, the finished product cannot be shipped and will have to be written off in your inventory. Your label supplier needs to be carefully managed, so it’s important to have preventive remediation for the risk factors that could cause these types of errors.
2. The middle floor represents 25% to 30% of suppliers
These are suppliers you’re mandated to watch so you can meet legal or compliance requirements (especially if you work in a bank, insurance company, or any highly regulated industry). Regulatory complexities usually mean that vendor risk assessment and resolution require a longer cycle time – up to 6 to 9 months – and you must have clear answers during multiple layers of audits leading to repeated inquiries that can cause supplier fatigue. An intelligent supplier risk management solution should quickly give you the insights required to identify and mitigate risks, reducing this extended cycle time and enabling you to qualify and source more effectively while enhancing supplier relationships by reducing fatigue.
3. The ground floor represents the largest percentage of your supply base
The 60% of non-mission-critical suppliers don’t typically require extra scrutiny. However, you still need to monitor them for basic issues and supplier performance risks that could impact your operation or brand reputation – for example, ad-hoc issues like cybersecurity, identity theft, or slave labor – and a way to rapidly address and resolve any problems that arise.
Risk taxonomy represents another critical component to incorporate in your blueprint. You’ll need an effective way to monitor the following types of risks:
- Regulatory and compliance issues including sanctions and watch lists, bribery and corruption, legal matters, and IT security
- Environmental and social issues including human rights, labor, health and safety, and sustainability
- Financial issues including bankruptcy, insolvency, mergers and acquisitions, divestiture, and credit rating downgrades
- Operational issues such as natural disasters and accidents, plant disruption or shutdown, and labor problems
From the initial foundation to the finishing touches, a good supplier risk management solution should synthesize the resources you need to effectively manage all these areas: the mission-critical issues that could halt your core business, ethical and regulatory concerns that have major legal impact, and real-time monitoring of non-critical issues that could affect your brand and business continuity. With these combined capabilities, you can conserve procurement cost, time, and labor by focusing on right-sized and right-timed risk assessments along with monitoring and mitigation for your supply base, making your risk management “building” sound, resilient, and ready.
To learn more, read the SAP Ariba supplier management e-book.