Understanding Supplier Risk Management (Part #3)

Welcome to Part 3 of our blog series on Understanding Supplier Risk Management, Supplier Risk Monitoring. In Part 1 we looked at identifying and assessing risk; and Part 2 covered mitigating risk. Here we discuss the importance of ongoing supplier risk monitoring. Equally importantly, we will also cover how to avoid alert fatigue. 

Why You Need to Monitor Suppliers for Risk 

In Part 1 of our series, we discussed strategic and tactical risks. To recap, strategic risks are the vulnerabilities that are baked into your supplier network, while tactical risks are the day-to-day potential disruptions.  

We measure strategic risk using risk scorecards. Risk scoring gives you a number that allows you to see at a glance if a supplier is riskier or not than your overall supply base. It also helps you determine if a supplier falls within your “risk appetite”. In other words, your willingness to tolerate a certain amount of risk. 

Think of it this way: 

• Strategic Risk: Your supplier is located in a region prone to tropical storms
• Tactical Risk: A tropical cyclone has just formed and is tracking directly toward that supplier’s location

Strategic risk can change over time. Your supplier could build flood defenses, which would reduce their overall risk. They could also get acquired, suffer a cyberattack, or the region they are in could become embroiled in a civil war. As a result, this supplier’s strategic risk can change. 

Ongoing daily risk monitoring helps you to get ahead of potentially disruptive events. If you know your supplier is in the path of a storm, you can take action, such as requesting an expedited shipment. 

Get a First-Mover Advantage 

Some risks, like weather events, are highly predictable. Others, like chemical spills, are not. However, even unpredictable risks have knock-on effects that you are able to infer from risk alerts. 

Imagine your supplier normally ships goods to you from a particular port. Unfortunately, hackers have targeted the port, and all its IT infrastructure is down. While a cyberattack is not predictable, you could infer the ramifications of this event: 

• Goods moving through the port will slow to a crawl 
• Once the news of the attack becomes more widely known, shippers will likely divert their freight to nearby ports 
• This could cause spot prices to rise 
• Nearby ports could become congested 

An early warning into a disruptive event gives you a first mover advantage. Before others even know there is a problem, you have taken action. For example, you could request that your supplier books rail freight instead or send a portion of the order via air before prices spike. In a quickly evolving disruptive event that impacts many companies, minutes matter.  

Increase Supplier Resilience 

The best supplier relationships are mutually beneficial. Monitoring risks at Tier-2 or Tier-3 suppliers will give you significantly more time to work with your vendors to tackle problems together. 

Imagine there is a factory fire at a Tier-2 supplier that supplies goods to your Tier-1 supplier. Depending on how frequently the Tier-2 supplier delivers to your Tier-1, it could be weeks, or even a month, before your Tier-1 knows there is a problem. As from then, your Tier 1 supplier is only able to assess the impact on your orders.  

By sharing this information with your supplier, you can work together to mitigate the disruption. 

This transparency increases resilience and fosters trust across your supply chain. 

Curated Alerts to Avoid Alert Fatigue 

Ongoing supplier monitoring is not useful if you need to wade through irrelevant alerts. This “noise” creates alert fatigue. It is the supply chain equivalent of the boy who cried wolf. After too many false alarms you will be tempted to ignore or silence alerts. 

To avoid this happening, your alerts should be curated.  

Firstly, your solution should not send you multiple alerts about the same issue, unless there are updates. AI only monitoring tools will scrape multiple public sources and send the same information repeatedly. 

Instead, you need some human validation to review the event, add context and detail, and ensure it is relevant to supply chains. 

Secondly, alerts need to be filtered for your particular supply chain. Let’s say you work with a supplier of widgets. The supplier is headquartered in London and has 20 manufacturing sites across the UK, Europe, and Asia.  

Your supplier sends your widgets from their sites in Birmingham in the UK, and Poznan in Poland. 

Therefore, your alerts should be curated only for the two manufacturing sites that are relevant to you. Alerts about an earthquake impacting this supplier in Japan, or a flood at their facility in Belfast would be irrelevant noise. 

Thirdly, your alerts should be filtered to the issues that matter to your role and responsibilities. If your job is strictly the procurement of category X, you do not need or want alerts about supplier categories Y and Z. 

Finally, you should also be able to determine how frequently you want your alerts. For issues you deem critical, you will want to be notified as soon as possible. For less pressing concerns, you could choose to be notified weekly. 

Get Ahead of Supplier Risk Management 

Supplier risk management helps companies safeguard production, customer service levels, and profitability.  

It can also create value for your suppliers. By proactively monitoring sub-tier risk, you help them become more resilient partners. This, in turn, helps you both provide effective customer service in a competitive market. 

If you would like to see how supplier risk management could work for your organization, contact Everstream Analytics for a demonstration.