Supplier Risk Assessment – What Are You Looking for?
Your suppliers are the key to your success, but how do you make sure they are the best suppliers you could be partnering with? What kind of risk do they bring to the relationship and is it manageable or could it prevent you from meeting your business commitments? Is your supply chain resilient enough to withstand major or even minor risks? How are you performing as a supplier?
A supplier risk assessment is a routine practice companies conduct to better understand their suppliers, the risks they may pose, and how the suppliers address those risks. There is no such thing as no risk when it comes to suppliers. Every company has its vulnerabilities, both internal and external, and not everything is predictable. We learned that the hard way with COVID-19.
The point of supplier risk assessments is not to weed out suppliers that pose any risk; it is to compare suppliers’ risks with your company’s risk thresholds to determine whether the suppliers are meeting expectations within an acceptable level of risk.
Of course, some assessments result in a company having to let a supplier go because they pose too great of a risk and there is no manageable way to lower that risk. As many companies can attest, having a diverse supply chain allows for greater adaptability should you decide to sever a supplier relationship. The last thing you want is to be forced to stay with a supplier that poses severe risk to your business only because you lack another supplier to take their place.
Categories of Risk
There are dozens of risks in the supply chain and any one of them can spell disaster for your suppliers and your company. The supply chain is highly interconnected, and unless a supplier has the systems and processes in place to mitigate risks before they cause disruption, you will be feeling the consequences at some point. PWC divides supply chain risks into five categories:
- Social, ethical & environmental (health and safety, waste, ethical practices, etc.)
- Financial (raw materials prices, accuracy of billing, labor costs, etc.)
- Operational (quality standards, logistics, delivery performance and lead times, etc.)
- Continuity (natural hazards, poor management, supplier financial failure, etc.)
- Strategic (reputational/brand, compliance, market changes, etc.)
These are just a few of the possible supply chain risks, highlighting the challenge to continually monitor suppliers. PWC says of supplier risk assessment and management, “It’s not about playing defense – it’s also about playing offense – finding competitive advantage by shaping supply chain resilience strategy focused on disruption avoidance.” Developing this kind of supply chain is a continual endeavor, requiring constant monitoring, communication, and analyzing.
Supplier risk assessment has never been simple because it is such a complex web of relationships. Every supplier has its own supplier network. Even if you have only a handful of direct suppliers to manage, your risk remains high because your suppliers rely on other suppliers that add risk to the mix. How do you know if your suppliers are conducting their own supplier risk assessments? One hiccup above stream can greatly impact your ability to deliver your products to your end customer.
McKinsey says, “The private sector continues to seek a uniform and proven methodology for assessing and monitoring risk in a way that truly minimizes business disruptions.” They note three main culprits, including supply-base transparency being near impossible to achieve, particularly because so many suppliers are involved in every product. Also, the scope and scale of risk is challenging because companies struggle to understand the probability and severity of many risks. Finally, it says proprietary data restrictions impede progress.
Whether risks are predictable or not, supply chain stakeholders must be able to have insight into their own risks first and foremost, as well as speed response to those risks. Understanding the probability and severity of identified risks is key to utilizing resources in the right way. For instance, not all risks require an emergent response. But how does a company know, for instance, if a predicted hurricane path will delay a shipment or damage freight? Is it possible to have more confidence about risks when you only know something is a risk?
Predictive Intelligence to Manage Risk
Because of so much supply chain uncertainty, companies are looking to intelligent software to make risk predictions more automated and accurate. Of course, there is no single product that looks at every possible risk in the five categories PWC references, but there are purposely-built software solutions that help with specific risks, such as those associated with shipping and logistics. These solutions often integrate with other applications that give the organization a big-picture view of all suppliers and associated risk.
Companies need more than basic data in their supplier risk assessments. They need comprehensive, real-time data that is presented in a way that makes sense so they can make decisions faster. The longer it takes leaders to gather and analyze data, the longer the threat has to do damage and the less effective mitigation strategies will be. One of the most effective ways to understand risk is with risk scoring.
Risk scoring quantifies supplier risk assessment by assigning it a number, making it easier for stakeholders to visualize risk in comparison with other risks. The first step for an organization to bring context to their scoring system is to define risk based on probability (how likely is the event) and impact (what could happen if the event occurs?). The goal is to reduce the probability or the impact to a reasonable level.
Once you have mapped your supplier network, you determine your risk KPIs around each supplier, either utilizing the software to gather data or entering risks manually that you have identified. You then tailor your organization’s risk appetite for each KPI, setting your organization’s threshold for risk scores. Once you apply this model to all of your suppliers, the software scores them and will alert you anytime a risk score approaches that threshold. A real-time dashboard also gives you and other leaders an instant snapshot of all of the risks and scores, allowing you to see a big-picture view of the probability and impact of all risks across your supplier network.
Supplier Risk Assessment Scores Use Cases
Risk scores make it possible to see which suppliers tend to ship late, causing issues in your just-in-time commitments, for instance. Another use case example is to determine how at risk your company is if it is solely dependent upon another supplier for required material. If that supplier is deemed risky and your products depend on that material, any event would have a high impact on your organization’s revenue. This reveals a vulnerability that you can now address before an event occurs.
What if you have a supplier in a Gulf Coast state and they receive a high-risk score based on the probability of a hurricane flooding their warehouse or manufacturing facility? The high score may not necessarily mean you need to find another supplier, a time-consuming and expensive task. Instead, the scoring system gives you data you can share with them to discuss their flood protection strategy and mitigation plans. From there, you can determine whether their efforts reduce their risk score, giving you a greater comfort level.
Supplier risk assessment is proactive risk management and reactive risk management. The risk assessment is proactive, conducted before the actual risk happens, such as ordering more products from your supplier because you know they close down a week before any predicted hurricane. It is also reactive. When your supplier is hit with a hurricane and you know they are in a flood area, you have already spoken to them about their flood protection and mitigation strategies and know you will not be impacted.
Using a scoring model in your supplier risk assessment will bring clarity and speed decisions. With time being a top priority, the faster you can identify and analyze risks, the faster you can make decisions on how to protect your supply chain by choosing suppliers that take risk as seriously as you do.