Sun Tzu and Supplier Risk Management
Managing supplier risk
Over 2,500 years ago Sun Tzu observed, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
The key to successful supplier risk management is knowledge. If you leave this unstructured you will not only have mixed results, you will more than likely experience business failure.
Good supplier risk managers will operate a methodology to tick the manage risk ‘box’. Great supplier risk managers will operate a methodology that permeates the relationship, sets boundaries for intervention, and has input from suppliers, the market, and internal stakeholders.
Risks of any kind in the supply chain need to be measured and mitigated to avoid issues and disruption. There are essentially four questions when considering a supplier risk assessment methodology.
- Who will be assessed?
- What will be assessed?
- When to assess and repeat?
- How will assessments be performed?
It is advisable to ensure 100% initial coverage of the supply base with subsequent risk appropriate strategies according to supplier ‘tiers’ thereafter. For those in lower tiers the need is to operate a methodology to balance impact with resource demand. The practical application of this will be largely achieved through quantitative and qualitative evaluation utilising score carding and surveys. Base lining at the programme’s inception is an important data point from which to analyse progression or deterioration.
The risk profile of a supplier will be determined according to key areas including:
- Materiality of outsourced goods/services to buying organisation (dependency)
- Operational service failure risk (continuity)
- Contractual risk (liability)
- Financial risk (viability)
- Capacity risk (scalability)
- Relationship quality risk (longevity)
These typically translate into areas known as occupational health and safety, environment, ethics, human rights and anti-corruption compliance, financial, legal, compliance and anti-fraud.
Once all these attributes, along with spend, are modelled suppliers can be allocated to tiers which will influence the frequency of interaction and review. High risk suppliers will correctly receive the ‘highest’ amount of review for example quarterly while undertaking rectification, medium could be bi-annually and low risk suppliers to be reviewed annually.
Monitoring is best achieved through the introduction of processes to support supplier review points. Surveys will form an important aspect of gathering information and the addition of a supplier platform will enable on-going reviews to be automated and communication enhanced.
Post evaluation scores should be maintained within the suppliers profile and made visible to the supplier via a portal account. Whether this approach is adopted will depend on the maturity of the buying organisation and their relativistic size in comparison to suppliers.
Check-list for setting up your own program
If you are just starting out or are reviewing your current practices, let me suggest seven areas to measure and address.
- Program Governance
- Policies, Standards, Procedures
- Risk Identification and Analysis
- Staff Skills and Expertise
- Communication and Information Sharing
- Tools, Measurement and Analysis
- Monitoring and Review
I will give the last words to Sun Tzu so suffice for me to say, the purpose of a great risk management approach is not to manage risk, the purpose is to anticipate it and avoid issues before they can become manifest.
“The supreme art of war is to subdue the enemy without fighting.”
Grant Watling is a Principal Consultant and Global Consulting service line leader at HICX Solutions. HICX Global Consulting has the mission to help clients make the most of their SRM investments in the shortest possible time and specialise in providing advice on all aspects of supplier management.