Innovate in Limiting Supplier Risk

Many organizations manage supplier risk by identifying alternate suppliers for when a severe problem arises. However, there are other supplier risk concerns that can affect corporate brands and that companies should also manage for risk.

The list of considerations is long: the ability of suppliers to protect your confidential information, the second tier of suppliers (your suppliers' suppliers) about whom you might know very little, and supplier employment and sustainability practices that can harm your brand. Every organization needs to reduce risk and mitigate proactively against these threats.

Supplier quality
Last year, LNS Research, which provides advisory and benchmarking services to assist line-of-business and IT executives, advocated two approaches that coalesced into a risk management strategy for supplier quality. One approach grows out of traditional supplier management and consists of an evaluation of how well the supplier performs, how quickly it communicates quality deviations and nonconformances, how quickly it responds to audit report requests, how well it communicates about process and equipment changes, and how well it meets delivery requirements and schedules. LNS links to this an approach that gauges an individual supplier's risk based on its likelihood of being impacted by adverse events, as well as its criticality to the company's products and supply chain.

Today, big data and analytics can provide answers for predicting the risk of adverse events in different areas of the world. Cloud-based supply chain networks also offer records on supplier on-time shipment performance. Enterprises that incorporate intelligence from these outside sources in combination with their own supplier quality management programs can go far in eliminating risk from individual suppliers, and in identifying high-risk situations that must be mitigated immediately.

Information protection
Companies have their suppliers sign confidential disclosure and information protection agreements. Most suppliers are well meaning, but the strength of their individual security systems might not give the degree of information protection required, especially for intellectual property (IP) that contracting companies share. A supplier risk assessment should always include a thorough vetting of IP legal protection measures in the countries where suppliers are located, as well as a thorough vetting of supplier information systems and security. Many companies have rigorous information security and protection policies that they impose on their suppliers.

Employment and sustainability practices
Apple learned the hard way that suppliers' employment practices can harm the corporate brand. Memories remain of the Foxconn 4,000 employees who walked out of the Apple subcontractor's plants in Zhengzhou, China, in 2012. Workers said that Apple and Foxconn were forcing stricter quality standards on manufacturing without giving employees the necessary training.

Enterprises can also get black eyes when they are perceived as bad citizens in terms of sustainability and green practices. Understanding that small suppliers might lack resources for a formal sustainability program, enterprises like Pepsi and Unilever enroll, assist, and evaluate their suppliers against corporate sustainability standards. Consequently, risk of supplier nonconformance (and corporate embarrassment by association) is reduced.

Secondary supplier tier
You know the levels of quality that are being applied to production at your first-tier suppliers, but how much do you know about your suppliers' suppliers? Standard supply chain applications lose the trail on quality and other elements of supplier performance once the first level of suppliers is reached. Some enterprises have been proactive about gaining multi-tier supplier visibility. They include Entergy, which has a program that monitors suppliers at all tiers in the supply chain for employment diversity. Additionally, there are commercial solutions for multi-tier supplier management that can help fill the gaps in subscribers' enterprise resource planning systems can't.

In the 21st century global economy, managing multi-tier supplier networks with clouded visibility presents major supplier risk management challenges. We know that managing this risk has become multi-faceted, with a broad span that ranges from supplier employment practices to quality standards, information protection, financial stability, and even environmental stewardship.

Supplier risk management is a job being shared by financial and supply chain officers, but it gets the CEO's attention when things go wrong. For those who manage supplier risk directly, the goal is to ensure nothing ever becomes so serious that it gets the attention of the CEO.

24 comments on “Innovate in Limiting Supplier Risk

    December 27, 2013

    It rings true that Apple and Foxconne perhaps were not providing appropriate training.  I believe developing a rigorous training audit program is a great way to manage supplier risk.

  2. ITempire
    December 29, 2013

    Mary, if you try to inquire about supplier's supplier, you initial contact means will be through your immediate supplier who might be reluctant to get you in contact with them from the fear of losing his business in the chain. I am not saying that this makes it useless to try, it is just that there is a hurdle.

  3. ITempire
    December 29, 2013

    Flyingscot, it is easier said than done. Training and carrying out environmental and control audits within the organization is a time-taking and a costly task so unless there is some regulatory pressure, the managements of organizations don't give their support for it.

  4. Hailey Lynne McKeefry
    December 29, 2013

    @flyingscott, it may be that these organizations were not providing the right training. The bigger questoin for me is why not? Unless we get to the bottom of this, it's likely that this kind of issue will continue.

  5. Hailey Lynne McKeefry
    December 29, 2013

    @flyingscott, it may be that these organizations were not providing the right training. The bigger questoin for me is why not? Unless we get to the bottom of this, it's likely that this kind of issue will continue.

  6. jbond
    December 30, 2013

    I agree with you why not provide the right training but unfortunately too many companies are having the same problem. I think many organizations need to be reorganized.

  7. ahdand
    December 30, 2013

    @jbond: Yes training is an essential part for any organization. I think we do need to focus and budget more towards training with the years to come.

  8. Hailey Lynne McKeefry
    December 31, 2013

    @jbond, reorganization may be the answer, but that's a big job–and often put on teh back burner as “hot” issues take the time and resources that might be used for strategic ones.

  9. jbond
    December 31, 2013

    I think if more companies start to do more training they will see the cost effectiveness down the road.

  10. jbond
    December 31, 2013

    Yes but reorganization is a good idea in many companies hopefully they will start cross training and that will help.

  11. Ashu001
    December 31, 2013


    Honestly there is only so much Paper Audits can accomplish in a Supply Chain.

    If you want to know the real deal then you have to have Eyes and Ears on the Ground both Incognito as well as in person with all current Employees.

    That's the only way How You can get a feel for what's really going on there.


  12. Ashu001
    December 31, 2013


    Its not just Costly and Time-Consuming but also usually throws up a lot of False- positives and False-Negatives which again forces you to spend more Precious time figuring things out again.

    This is why most Managements don't give much Support to this issue currently.

  13. Ashu001
    December 31, 2013


    There is another thing as well here.

    Maybe Training needs to become a Whole Lot more Cheaper per se?

    Expensive Training is the No.1 Reason why not many Organizations want to commit to it.

    If we can make it cheaper;automatically a lot more folks will come on board.Won't they?


  14. Ashu001
    December 31, 2013


    I tend to agree with Both You and Hailey here(partially).

    Reorganization can work wonders occasionally but it can be expensive as hell too!


  15. Mary E. Shacklett
    January 5, 2014

    Yes, getting to suppliers' suppliers can be difficult. Many companies try to gain visibility by demanding the information as a condition of issuing a contract. With restricted trade lists now a factor, this is becoming a more standard practice.

  16. Mary E. Shacklett
    January 5, 2014

    Absolutely true–which is why the regulatory people have to be so aggressive.

  17. ITempire
    January 5, 2014

    Mary, it is better to get agreement of the trading partner that the consideration includes rights to obtain information. However, if the vendor is doing something that adds value, he shouldn't feel insecure even if the customer knows his source of products.

  18. ITempire
    January 6, 2014

    Tech4people, I think that if organization is serious about long term success, then it must place a lot of controls over its processes and regularly conduct exercises that help identify weaknesses and areas for improvements. As organizations witness organic growth, they must also be managed in ways that make the success more sustainable.

  19. ITempire
    January 6, 2014

    Jbond, consultants often play an important role in this as they help organizations keep an eye on what's new and give evidence as to how other organizations have benefited from adopting to certain new developments.

  20. Mary E. Shacklett
    January 6, 2014

    In the end, you want to have trust and collaboration in your relationships–so, yes, I agree with you–disclosing your suppliers to a trusted business partner shouldn't matter.

  21. Ashu001
    January 7, 2014


    More than Controls they need Monitoring.

    Effective Monitoring to figure out what they are doing right and what they are'nt.

    And obviously they then need to Re-calibrate their Processes to figure out what they can do better.

    Benchmarking Against the Best in the Business is'nt always easy on the Ego but its worth it in the Long-term as it helps you up your Game sustainably and Decisively for the Future.

  22. Ashu001
    January 7, 2014


    Far too many Companies feel their Suppliers are some sort of a Trade Secret today(Hence they refuse to Divulge any details regarding them).

    How are you going to change that attitude?

    Especially when you really don't have much Control over who all the Trusted Business Partner can share that information with?

    Its not as easy as it sounds.

  23. ITempire
    January 12, 2014

    tech4people, yes, monitoring of processes and way of doing business is important too. Without benchmarking it becomes very difficult to ensure that all points have been covered. Fortunately, we are in times where all of the benchmarking data is available with consultants and on web.

  24. Ashu001
    January 13, 2014


    The way I look at it is like this-We live in the Best of World and the Worst of Worlds!!!


    Sure,we can do a lot of this High-Quality BenchmarkingOnline and in real-time today but what about the Efficacy of this Data?

    Especially so much Data is manipulated/Hacked routinely by Hackers,Nation-States,etc for their own Purposes?

    Its not so easy to trust all that Data that is online currently.  

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.