©2022 Serai Limited, all rights reserved.
Supply chains are a complex thing. Modern supply chains stretch around the globe, but the capability of offshoring to gain a competitive advantage also brings an elevated level of risk.
In the past decade, we've seen natural disasters, cybersecurity problems, data breaches, bankruptcies, and, of course, a pandemic prove highly disruptive to global supply chains.
Yet, while we cannot foresee or predict specific events, businesses can, and should, have robust risk mitigation and regulatory practices in place so they can manage risks in real-time. For example, if you accept that natural disasters will happen and that such an event may lead to a shortage in raw materials and extended lead times, you can have plans in place to minimise these potential risks.
The supply chain management process has never been more challenging. But at the same time, a little due diligence can go a long way to managing the risk factors that could disrupt your supply chain.
Why do businesses and public bodies find this a challenge, and what can you do to assess supplier risk and ensure that your supply base is robust and resilient?
Despite having access to things like automation tools and software that make conducting audits and managing risk levels more straightforward than ever, global businesses still find risk management among their most significant challenges. Why?
Modern supply chains may have thousands of stakeholders that contribute to the production of a single product. For this reason, some businesses don't even have a risk management program or worry about supply chain transparency. Instead, they write it off because it's too hard to do!
You need to conduct audits to identify and help you manage supplier risk, but what if certain risks represent a step into the unknown?
Say you identify supplier risks that you don't have the internal expertise to assist your suppliers in rectifying. You can't not track or acknowledge those risks, as that would leave your business open to accusations of negligence and potential legal action if things go wrong. Yet, because you lack the expertise, you need to rely on your suppliers to manage those risks effectively. In turn, mitigating these risks may be resource heavy and lead to you needing to help fund training or labour to ensure they're dealt with.
Ensure your business rises to the challenge, and don't turn a blind eye!
Even where businesses have built strong supplier relationships, suppliers may be reluctant to share data or grant access to systems. If you're looking to assess supplier financial risk but cannot gain access to vital documents, how else are you meant to measure their financial health?
Thankfully, you can address all these challenges if you have a robust risk management process.
The complexity of modern sourcing and procurement means that supplier risks are more likely and that you may only be able to exercise a limited amount of control over them.
It's also essential to recognise and plan how supplier risks may impact your business outside of operational supply chain disruption.
What are the different types of risks you face?
Below are some of the most significant supplier risks your business may need to deal with. How many of these came up in your last supplier risk assessment?
These risks all relate to transparency and supply chain sustainability:
When it comes to supplier risk management, the risks you face will broadly fall into two categories:
Thankfully, you don't need to be a hostage to fortune when it comes to unknown risks, and we'll explore how you can manage those later. The below process outlines how you can conduct supplier risk assessments where you're aware of the risks, control the level of risk, and work on actions to provide mitigation.
The most vital thing to realise with supplier risk management is that it isn't a "one and done" thing. For example, if you perform a supplier risk assessment on day one, then do no further audits for several years, you're leaving your business in a high-risk position.
Follow the below process to create a framework for completing risk assessments.
The most productive way to begin any risk assessment process is to map out the supply chains of all products or services you provide. The aim is to understand each node of your supply chain and the specific risks associated with them. Use our examples above as a checklist and detail how those specific risks apply to your supply chain.
For each supply chain your business relies upon, start to build a "risk register" so you know what you need to track. When identifying and documenting risks, note any aspects where risk is unknown or you have no data. You can flag these for further investigation to determine whether they're genuinely an unknown risk, or it's just a matter of your suppliers being more transparent.
Once you have created a risk register, you will need to create a supply chain risk management framework to apply when conducting your audits.
Your framework can be relatively straightforward, but you need to be consistent in assessing the risks to your supply chain and business operations. Consistency means you can prioritise actions by the level of risk and threat they pose to your business.
What your framework looks like and how you score it is up to you. An excellent way to keep your framework simple yet effective is to ask three questions about each risk:
Likewise, a simple approach to scoring might be something like:
This approach covers all bases by not just allowing you to risk assess your suppliers but your business's resilience and preparedness to address any issues.
Once you have established your risk management framework and conducted initial audits, having a process for ongoing and persistent analysis is vital. Not only does continuous monitoring effectively act as an early warning system for potential issues in your supply chain, but it can also improve your supplier relationships as you know where to place your mitigation efforts.
The emergence of digital supply chain visibility software in recent years means that measuring and monitoring risks is more straightforward than ever. For example, using our visibility tool, you can quickly identify and watch all the potential risks present in your supply chain. Furthermore, you can customise the metrics you're looking at and measuring to suit your needs and risk tolerance and get updates in real-time. The latter can be especially effective if you're monitoring fast-changing elements such as the weather, and a hurricane or typhoon is potentially going to disrupt operations at a supplier's factory, for example.
As well as monitoring risks on an ongoing basis, it is also best practice to ensure you have a governance mechanism in place to help you review supply chain risks. For example, geopolitical events or evolving situations like climate change might pose a different level of risk three years from when you first set up your risk assessment process. As such, the way you monitor and measure specific risks may need to change.
An intelligent approach to supply chain governance is for your business to have internal "champions" who manage each node of your supply chain. Each individual would then work with your suppliers to provide ongoing support and follow up when risk levels change, or mitigation is needed.
Within your business, create a "governance board" comprising all the individuals responsible for different nodes of your supply chain. Your governance board can meet periodically to review the risk ratings associated with your supply chain and update your business's risk profile and outlook. These actions would then feed into your procurement and sourcing teams, who will always have the latest standards from which they can develop questionnaires and other materials for onboarding potential new suppliers and vendors.
A risk being invisible or not yet apparent isn't an excuse to be unprepared for it. Granted, you cannot possibly prepare your business for every potential scenario in granular detail. However, you still need to be ready to react to previously unforeseen risks when they rear their head.
Remember, once you know about these risks, you can go through your risk assessment process as outlined above and ensure you're measuring them moving forward. However, having a plan for managing unknown risks will minimise short-term disruption and give you a competitive advantage over businesses that lack your level of preparedness.
Here are two vital steps that will help you.
While a resilient supply chain can deal with known risks, doing the work to build supply chain resilience will, by nature, ensure that you're in a solid position to deal with any new or previously unknown risks as quickly as possible.
When creating business continuity plans around your suppliers and supply chain operations, consider how actionable they would be in the face of an as yet unidentified risk. Ideally, the short-term mitigation actions you take will be transferable across different types of risk and scenarios, making it easy for you to train your teams on what to do in the event of disruptions.
Having a risk-aware culture across your business will help you deliver excellence in your supplier risk assessments and help your supplier relationships. Strong supplier relationships mean better outcomes for you and them - you get the results you want while the supplier becomes an attractive partner for other businesses.
The keys to developing and living a risk-aware culture are:
Yes, although you should find that assessing vendor risk is more manageable if your vendors have a robust supplier risk assessment process in place themselves. Rather than conducting a full risk assessment on vendors as if they were suppliers, you can check that your vendors have a similarly robust risk assessment process to you and ask to see the data.
Remember that the same risks will be present as if your vendor was a supplier, so you may need to consider who your alternative vendor or vendors are if the one in question cannot fulfil orders, for example.
If you have a robust risk assessment process and supply chain management framework, you will see better outcomes across procurement and sourcing operations, which in turn will filter through your entire business.
On top of this, better supply chain risk management processes will give your business a competitive advantage against those companies that haven't conducted audits and planned to the same level as you. So while they're suffering stock shortages because of a natural disaster in South America, for example, you have pivoted to a supplier in Asia that was on standby for such an event.