Given the supply risk fires that many companies are currently fighting, it might at first seem imprudent to draw any attention away from an organization's immediate, short-term requirements to identify at-risk suppliers and take evasive action to avoid disrupting the business. But in fact, taking both a long and short view when it comes to supply risk management is not only possible - it's a requirement to do either effectively. Those organizations that develop a holistic supplier management strategy not only are more likely to gain better insights into potential risk areas earlier than the competition - they're also more likely to reduce the probability of supplier financial and operational challenges disrupting their business in the first place.

But what is a holistic supplier risk management strategy and how can companies get from where they are today to where they need to go? At present, most companies are either ignoring supply risk in their broader supply base (i.e., the significant majority of their suppliers) or monitoring suppliers only on a periodic basis. For example, an industrial manufacturer purchasing either fabricated components or outsourcing IT support - the example holds for direct and indirect materials as well as services - might choose to investigate and assign a risk score to a supplier only at the point of initial qualification or on-boarding and then on a periodic basis (e.g., quarterly). But this approach leaves the company open to significant risk, increasing the lead times required to take action and exposing it to the possibility of a catastrophic supply chain failure with no notice.

To avoid these scenarios, it's important to not only begin the process of looking at supply risk in the initial qualification and on-boarding phase but to continually measure, monitor and evaluate both the health of the supplier and the health of the overall supply relationship on a constant basis. In practice, companies should start with a process that aims to provide complete supplier transparency by beginning with a supplier registration and certification process that captures key information from suppliers, ideally in a supplier self-service format to reduce the need for any additional procurement or supply chain resources.

They should then complement this registration process by validating that the supplier-provided information is accurate through third-party data checks and, if required, gather more information if any red flags arise. At the certification phase, companies can also enrich their existing sources of supplier data (e.g., specific supply risk scores, diversity information, etc.) to make better decisions for overall sourcing and selection. For example, an organization with concerns over a certain key supplier in this phase that comes out of an initial analysis might opt to develop a sourcing strategy that creates a split of business between multiple suppliers (rather than consolidating 80 percent to 100 percent of the spend with a single vendor) to create future options.

The next phase of a holistic supplier risk management strategy centers on monitoring as close to 100 percent of the supply base as possible on a real-time basis, a lofty and essential goal. But the only possible way to accomplish this feat without adding an army of resources is to automate the monitoring process using a combination of technology and internal/external content. Then, companies can roll this information into dashboards that enable the ability to drill down on information based on roles and needs. This monitoring cockpit should provide information on as near a real-time basis as possible, continually monitoring suppliers for changes to their profile information (e.g., a change in quality/performance levels of a declining financial risk score).

While it's essential to have insight to information before taking action, it's as important to be able to analyze this data in a timely and useful manner, concentrating focus on only the items that truly demand attention. Because of this, companies should focus the next phase of their holistic supplier risk management on in-depth analysis. To do this successfully, it becomes essential to combine third-party supplier intelligence with a company's own internal metrics and trending data gathered over a period of time. This can then allow an organization to develop in-depth analysis and strategy on a real-time basis. But the ultimate plan a company develops when supplier warning flags go up will only be as good as the data they have available to them to determine the best course of action. This is why it's critical to track and measure both qualitative supplier performance and other metrics in addition to relying on systems and third-party data.

Holistic supplier management does not stop with analysis. Organizations must successfully mitigate any potential risk factors that arise. The fourth and final phase of a holistic supplier risk management approach must include tools and process steps to automate and accelerate any specific path to action. This might include the ability to rapidly research and discover new suppliers in a particular category (either from an internal approved list or a third party-source) to start the process of transitioning spend. Or it might focus on detailed discovery, assessment and performance-tracking tools to measure a supplier's responsiveness to corrective-action requests and related development programs.

While we can all tell stories about times we've successfully fought and put out fires, wouldn't it be better to target them before the metaphorical blaze actual begins? By creating a holistic supply risk management program that addresses the entire lifecycle of a supplier relationships - and becomes part and parcel of the entire supplier management engagement process - companies can reduce the size of potential disruptions or even avoid them in the first place. And most important of all, they can maximize lead-time to take action when issues do arise.

For companies that are already addressing supply risk management today either at the front end of a sourcing process or through an ongoing management program, the good news is that organizations can leverage their existing programs as a foundation to monitor the entire supplier lifecycle rather than starting a program over again and writing off existing investments. In certain cases, this will require expanding the use of enabling technologies and internal and external information. For others it will require focusing on internal education as well as process and technology to help their organizations understand not only how to identify and manage supply risk, but also how to successfully mitigate and address it at the best stage in the process.

But regardless of the particular areas that a company might need to address, it's critical to keep one underlying philosophy in mind to get the most from any risk management program. And that's the importance of looking at supply risk as a lifecycle challenge rather than simply as an additional responsibility for either the procurement, finance or supply chain organization to address independently of a supplier relationship. Until a company makes this mental shift, no technology, process or expertise will be enough to help its efforts to get the most from supply risk management. 

Source: D & B Supply Management Solutions