|
||||||
Supplier
and Service Provider Risk Management By John J. Brown, Risk Management Professional Today’s physical supply
chains are complex. The journey from raw materials to finished product can be
very long, spanning thousands of miles domestically as well as internationally
and teeming with risks along the way. Highly competitive markets, disruptive
advances in technology, regulatory developments, and shifting consumer
preferences mean that today’s supply chains must be agile, adaptive, and
responsive. Evolving business models can
amplify supply chain risks and introduce new ones. This is no more evident than
in the complex network of suppliers and service providers that companies
increasingly rely on. Managing the risks with Tier 1 suppliers and service
providers is challenging enough. Moving to Tier 2 and beyond becomes
exponentially more difficult. Supplier and Service Provider Risk Management Framework A pragmatic supplier and
service provider risk management framework, described in this article, helps
companies manage risks. The heart of the framework is a five-stage program, covering
the life-cycle from initial selection to termination. These steps are described
next. Initiate: Document
the business need to establish a new supplier or service provider and identify
candidate suppliers. Due Diligence and Selection: Incorporate
risks inherent in the raw material, intermediate product or component, or service
to be provided; then, conduct due diligence on candidate suppliers to
understand their ability to meet quality and safety requirements as well as their
financial stability and reputation; finally, select an appropriate supplier
using the combined inherent and supplier risk scores. Contract and On-board: Define
and document, within the contract, parameters to be met, including service-level
agreements (SLAs), specifications, exception procedures, and nonconformance
actions; then, ensure that the supplier understands its obligations and how to
fulfill them. Ongoing Monitoring: Establish
risk-based frequencies to revalidate due-diligence results, conduct audits or
assessments, and monitor conformance to contract terms and SLAs, taking
appropriate actions as required based on assessment results. Termination and Off-board:
Whether due to normal expiration of the contract life or termination for cause,
ensure that internal systems are updated to prevent access to information
technology systems and to deauthorize the supplier’s use of these systems. Foundational and Operational Aspects: Employ
several supporting elements that can help companies achieve an effective and
efficient program. A company culture that reinforces supply chain risk
management, coupled with governance, policies, and standards, can provide the
foundation for an effective program. Similarly, documented processes and
procedures—coupled with tools and technology, including metrics and reporting—can
help companies achieve an efficient and effective program. Tools
and Technology to Support a Program Managing the data required to
efficiently operate a supplier and service provider risk management program is
daunting. Spreadsheets are unlikely to stand up to the needs of managing the
data, and a technology solution should be selected and implemented. Defining
and documenting the process requirements for a specific company’s business
model and supply chain is a critical first step. Once this is complete, one of
several available technology solutions can be selected based on the best-fit to
the documented requirements. Effective due diligence, risk-sensing, and
auditing can also benefit from technology solutions. In
Summary Today’s businesses have no
shortage of challenges. From consumer demands, to increased government
regulation, to dynamic operational strategies, the need for an effective and
efficient supplier and supply chain risk management program has never been
greater. Indeed, an enterprise-wide framework and program, covering supplier and
service provider risks, should be a strategic imperative for any company. |
||||||