Many organizations manage supplier risk by identifying alternate suppliers for when a severe problem arises. However, there are other supplier risk concerns that can affect corporate brands and that companies should also manage for risk.
The list of considerations is long: the ability of suppliers to protect your confidential information, the second tier of suppliers (your suppliers' suppliers) about whom you might know very little, and supplier employment and sustainability practices that can harm your brand. Every organization needs to reduce risk and mitigate proactively against these threats.
Last year, LNS Research, which provides advisory and benchmarking services to assist line-of-business and IT executives, advocated two approaches that coalesced into a risk management strategy for supplier quality. One approach grows out of traditional supplier management and consists of an evaluation of how well the supplier performs, how quickly it communicates quality deviations and nonconformances, how quickly it responds to audit report requests, how well it communicates about process and equipment changes, and how well it meets delivery requirements and schedules. LNS links to this an approach that gauges an individual supplier's risk based on its likelihood of being impacted by adverse events, as well as its criticality to the company's products and supply chain.
Today, big data and analytics can provide answers for predicting the risk of adverse events in different areas of the world. Cloud-based supply chain networks also offer records on supplier on-time shipment performance. Enterprises that incorporate intelligence from these outside sources in combination with their own supplier quality management programs can go far in eliminating risk from individual suppliers, and in identifying high-risk situations that must be mitigated immediately.
Companies have their suppliers sign confidential disclosure and information protection agreements. Most suppliers are well meaning, but the strength of their individual security systems might not give the degree of information protection required, especially for intellectual property (IP) that contracting companies share. A supplier risk assessment should always include a thorough vetting of IP legal protection measures in the countries where suppliers are located, as well as a thorough vetting of supplier information systems and security. Many companies have rigorous information security and protection policies that they impose on their suppliers.
Employment and sustainability practices
Apple learned the hard way that suppliers' employment practices can harm the corporate brand. Memories remain of the Foxconn 4,000 employees who walked out of the Apple subcontractor's plants in Zhengzhou, China, in 2012. Workers said that Apple and Foxconn were forcing stricter quality standards on manufacturing without giving employees the necessary training.
Enterprises can also get black eyes when they are perceived as bad citizens in terms of sustainability and green practices. Understanding that small suppliers might lack resources for a formal sustainability program, enterprises like Pepsi and Unilever enroll, assist, and evaluate their suppliers against corporate sustainability standards. Consequently, risk of supplier nonconformance (and corporate embarrassment by association) is reduced.
Secondary supplier tier
You know the levels of quality that are being applied to production at your first-tier suppliers, but how much do you know about your suppliers' suppliers? Standard supply chain applications lose the trail on quality and other elements of supplier performance once the first level of suppliers is reached. Some enterprises have been proactive about gaining multi-tier supplier visibility. They include Entergy, which has a program that monitors suppliers at all tiers in the supply chain for employment diversity. Additionally, there are commercial solutions for multi-tier supplier management that can help fill the gaps in subscribers' enterprise resource planning systems can't.
In the 21st century global economy, managing multi-tier supplier networks with clouded visibility presents major supplier risk management challenges. We know that managing this risk has become multi-faceted, with a broad span that ranges from supplier employment practices to quality standards, information protection, financial stability, and even environmental stewardship.
Supplier risk management is a job being shared by financial and supply chain officers, but it gets the CEO's attention when things go wrong. For those who manage supplier risk directly, the goal is to ensure nothing ever becomes so serious that it gets the attention of the CEO.