Understanding Supplier Risk Management (Part #2)

Welcome to Part 2 of our Understanding Supplier Risk Management blog series, Mitigating Supplier Risk. In Part 1 we looked at identifying and assessing supplier risk. This week we will discuss mitigating risks across your supply network. 

Know Your Risk Appetite 

Organizations can have different attitudes to risk. Some are averse to risk. Many others will be willing to accept a degree of risk, depending on the potential benefits. Even in this case, the risk-reward calculations will vary between organizations. Some will be more tolerant of risk, or certain kinds of risk. This is known as the “risk appetite.” 

All suppliers introduce some risks to your business. It is not possible to have a supply chain that is free of all possible risks. Having a defined risk appetite helps organizations, and procurement leaders, know what risks are appropriate, and serve the company’s overall goals. 

However, supplier risk scoring allows you to align supplier base with your risk appetite. 

Supplier Risk Scoring 

External Risk Factors 

Supplier risk assessments use automated scorecards to evaluate multiple dimensions of risk. These assess external risk factors associated with your suppliers’ locations. These include:  

• Natural disasters and weather, including the potential for earthquakes, tsunamis; volcano eruptions, tornadoes, hurricanes, wildfires, flooding, and so forth. 
• Political violence, such as the likelihood of civil unrest, terrorism, and war. 
• Socio-political factors, including corruption, law enforcement, industrial action, and so on. 
• ESG and compliance risks, including workers’ rights, child labor, and threats to the environment. 
• Tax, economic, and legal issues, such as inflation, tax inconsistencies, contract enforcement regulations, and other such risks. 
• Operational risks, including transportation modes and lanes, customs procedures, and regulatory burdens. 
• Climate projection risks that forecast changes to tropical storms, river flooding, sea levels, heat, cold, drought and other climate changes through to 2100. 

Although the scores are automated, risks can be weighted according to your supply chain and business priorities. For example, if ESG is important to your business, these would be weighted accordingly.  

Internal Risk Factors 

You can also include internal metrics to the scoring, if you choose to. Many companies use the following criteria:  

• Scarcity and sourcing difficulty: The more challenging a material is to obtain, the greater the need for clear visibility into its supply chain. This is particularly true for materials that rely on a sole supplier or are single sourced. 
• Business criticality: Pay attention to the suppliers of materials that are tied to your top-performing, highest-profile, or most profitable products. 
• Sourcing cost: Materials with higher price points tend to receive greater scrutiny, given their direct effect on the cost of goods sold and overall margins. 
• Brand exposure: Some materials warrant elevated attention due to the sustainability concerns they carry, such as links to child labor, forced labor, or significant carbon emissions. 

Risk scoring allows you to compare these different kinds of risk and gives you an overall risk number. Think of a risk score like a credit score – it tells you how risky a supplier is and how much risk they are exposing you to –  and how likely they are to experience a disruption. 

Once you have your suppliers’ risk scores, it is time to decide if you need to mitigate potential risks before they become problems. 

Mitigating Supplier Risk 

Companies generally align their risk appetite with risk scores. If your supplier falls outside the risk scoring threshold, you may need to take action.  

It is important to bear in mind that just because a risk is present, it does not mean that you must do something about it. There are some risks that your company may decide to live with. This could be because the risk is relatively small, or that mitigating it would be too costly or unviable. 

Let’s say you have a supplier located near Mount Fuji in Japan. You know eruptions are a risk, since Mount Fuji is an active volcano. But since it has been more than three hundred years since the last eruption, you decide that this is a risk you can live with. Therefore, you can choose to weight this risk lower so that it does not impact the overall risk score as much. 

Risk scores are not static. They change over time. These changes are automatically captured and flagged for your attention. 

Continuing our example with our supplier near Mount Fuji. You receive an alert that the supplier’s risk score has changed and is no longer within your risk threshold. This is because they are now working with suppliers in regions known to use child labor.  

While your company was happy to accept the risks associated with a potential volcanic eruption, it is not willing to risk human rights abuses. 

There are a number of steps you can take before deciding whether you need to find an alternative supplier. 

Ask for more details

Send a comprehensive survey to learn how the supplier is handling the rising risk. You might accept a higher regional risk if the supplier maintains strong internal governance. 

Conduct an audit 

Sometimes, a survey falls short. You or a third party can perform an onsite audit. This helps you fully grasp the situation.

Start detailed, real-time tracking

High-risk suppliers demand a closer look. This could include mapping and monitoring the sub-tiers of such suppliers. This will give you early insights into potential problems. Catching minor signals helps you anticipate disruptions. For example, declining supplier delivery performance or quality can be an indicator of financial distress.  

Suggest preventive steps 

Your company can help your suppliers become more resilient. Smaller suppliers often appreciate this guidance. For example, you could help them create a sustainability framework, or work with them to increase their cyber security.

Increase inventory

Building buffer stock is a traditional way to handle potential shortages. This method works well but costs a lot. When possible, ask suppliers to store extra inventory at an alternate warehouse. They maintain their business volume, and you gain security.

Develop alternative sources

When extra inventory is not enough, you will need to find another supplier. This process requires both time and money. It also reduces your purchasing leverage with current partners. For medium-term threats like military conflicts, combine this approach with other tactics. Finding and approving new suppliers can take months or even several years. 

Terminate the relationship  

Sometimes, you must drop a supplier. They might present an unmanageable level of risk. A diverse supply chain gives you the flexibility to cut ties when necessary. You never want to feel trapped with a high-risk partner. 

Firefighters vs Fire Marshals  

Firefighters come in and, hopefully, save the day when something goes wrong. Fire marshals try to prevent fires in the first place. 

The same is true of mitigating supplier risk. By de-risking your supply chain where necessary, you reduce the potential threats you will be exposed to. As a result, your supply chain is more resilient. 

When you take a proactive approach to identifying and addressing supplier risk, you become a more dependable partner. That reliability can help you win new business, and prevent customer churn, in a competitive market. 

Curious to see how supplier risk management could work for your organization? Please contact Everstream Analytics for a demonstration.