10 Questions You Should Ask Supply Chain Risk Management Solutions Providers

The past few years have been characterized by supply chain disruptions, from blocked or inaccessible waterways to raw material shortages and geopolitical upheavals. Given this, enterprises have been leveraging supply chain risk management solutions. SCRM software helps companies to avoid risk where possible or mitigate the costs of disruption when it is not.

Anyone investing in a supply chain risk solution will require certain core functionality from their provider. However, there is nuance beyond that as the biggest and most important differences lie behind the screen.

Below are 10 questions to ask when selecting your SCRM software provider. These will help you get the functionality and protection you need. Of course, these ten questions are not an exhaustive list. However, they do reflect the areas that are most often called out by analysts and supply chain risk experts.

1. Is your solution ‘end-to-end?’

Why it matters. Supply chain digitalization strategies should cover and connect all supply chain functions. The same is true for supply chain risk solutions.

An effective supply chain risk management strategy recognizes that risks in sourcing, planning, manufacturing and logistics directly impact each other.

A connected, standardized view of risk across all functions is necessary. However, to avoid “alert noise”, the solution needs to be tailored to different roles and regions.

2. What is your integration strategy and capabilities?

Why it matters. For supply chain risk analytics to be applicable to operations, the insights must be dynamic and embedded at the point where planning and execution decisions are being made.

It is therefore necessary for solution providers to have a ‘partnership mindset,’ investing in pre-built integrations with ERP, SRM, S&OP, TMS and other platforms. Ask for evidence of such partnerships and about a provider’s API strategy and capabilities.

3. Where does your data come from?

Why it matters. This is a common question but needs to have the right emphasis and drill-down. The focus here is to find a solution that has strong capabilities in data that is specific to supply chain risks – not risks more generally. Ask how they identify potential risks. These could include, but are not limited to:

• Weather and climate risk
• Financial instability
• Geopolitical risk
• Industrial fires and explosions
• Legal and compliance risks

Furthermore, the solution should be able to integrate risk data that is used across all industries and functions such as corporate financial health ratings.

The difference between a company that can integrate other companies’ data and one that relies only on its own proprietary supply chain risk data sources is an important one.

4. How good is your supply chain risk data?

Why it matters. Following on from the question above, it is not good enough to say “yes” or “no” to the question “do you monitor global events?” A provider with significant supply chain expertise will better understand the potential impact of different risk factors.

Success here relies upon the right mix of:

• Data science and AI to achieve real time risk identification
• Human expertise to verify the results and ensure relevance to each user
• Global supply chain intelligence coverage, across all time zones and local languages
• On-the-ground intelligence direct from in-country supply chain experts

5. What are your data science capabilities and how are they deployed?

Why it matters. The scale and complexity of supply chain risk analytics make AI necessary. However, this will only yield meaningful results if a company has the necessary scale and quality of training data, supply chain expertise to address the right use cases in the right way, and Big Data expertise to ensure scalability.

Success in supply chain risk management software is increasingly dependent on a significant investment in data science and applying it in the right way to challenges such as:

• Identifying, assessing and categorizing large volumes of event data
• Creating predictive risk scores across all risks
• Discovering unknown sub-tier suppliers
• Developing prescriptive insights

Related to this, another simple question to ask is, “Do you employ graph technology and how?” Discovering and dynamically monitoring sub-tier supplier risk is close to impossible without graph technology.

6. How secure will my data be?

Why it matters. There is data privacy strategy (collect only what you need, anonymize where you can, store in the right country, share only when necessary…) and data privacy execution.

The right list of questions will reveal insights into strategy, while diligence on execution risk is enabled by global standards such as SOC2 and should be considered table stakes.

7. How do you support your customers?

Why it matters. This is an open-ended question by design and somewhat subjective yet critical. This is because this purchase is much more complex than buying a software solution. It is a journey and every company’s supply chain is different.

Expertise in supply chain and supply chain risk management informs decisions on how best to implement and extract value from risk insights.

SCRM software providers must invest in skilled, multi-lingual, global [all time zones] customer support and risk intelligence teams.

Much of this comes down to a solution provider’s understanding of the importance of expert support and the ability and willingness to make the investment. This is definitely a question for conversations with reference clients.

8. How long have you been in business?

Why it matters. This tends to be a more important question for data-centric companies than those selling software without data and analytics.

The universal importance of experience, lessons learned, global operations, customer references, are critical. But you should not forget the importance of historical data. For example, years of detailed data on disruptive events and their impact on supply chain operations which, when organized and categorized correctly, is a critical part of training AI-powered predictive risk models.

9. What is your culture?

Why it matters. This is another open-ended question. Asking it this way is the first checkpoint to see whether or not every employee can answer this question – i.e. is the culture intentional and broad-based?

Only by being written down and shared internally and externally can a culture be lived and shared. Does this culture reflect a company that will be a strong long-term partner? Are they willing to be held accountable to their values?

One measure of culture is where investments are being made, and the type of talent being attracted and retained. In addition, this is another good question for reference clients.

10. What is your vision?

Why it matters. All companies should know where they are going. Nonetheless, this is a particularly important question in supply chain risk management. This is because of the variety and variance of global risks, the opportunities afforded by new technologies, and the importance of being able to map this vision to your own vision for digital transformation in your supply chain.

And, like so many of the questions above, it comes down to knowing that you are about to get a new partner, not just software.