Supplier Risk Management

Supplier management has recently emerged as an important area for risk management. As globalization has changed the business world drastically this past century, companies now have complex global networks from which they buy and sell products. Given this, Baylor University’s Hankamer School of Business conducted research to determine supplier risk management practices. Their findings are based on interviews with 33 companies including KPMG, Johnson & Johnson, Coca Cola, and IBM to name a few.

This abstract summarizes some of the key points in this document.

Why Does Supplier Risk Management Matter?

Historically, supplier risk management hasn’t made the priority list as other functions have such as sales, marketing, and product development. However, several events have begun to shift the tide towards supplier risk management practices. Consider the following two examples.

  • Nissan and Toyota experienced considerable disruptions in the supply chain as several tsunamis have hit Japan in recent years.
  • MDonald’s sources their meat through OSI. In 2014, it was uncovered that one of OSI’s partners was packaging expired meat.

Supply chain disruptions and supplier quality controls are just two examples of risks associated with supply chains. Other risks to consider are labor issues, weather, supplier reputation, and sustainability.

Common Risk Management Practices

The onboarding process was found to be the most common risk management technique. The onboarding process is a tool used to determine the value of forming a relationship with a supplier. Generally this process will include an evaluation of the supplier’s performance and financial health. However, this process may be the only risk management technique used by companies. What is missing from this is an ongoing evaluation of suppliers to ensure an up-to-date analysis of each supplier. 

Other risk management practices include key performance indicators (KPIs) and key risk indicators (KRIs). KPIs are a necessary component of risk management strategies. Companies use these to easily monitor supplier relationships in regards to performance related aspects such as on-time delivery, quality, and prices. However, this does not provide a comprehensive review of supplier risk. To provide the comprehensive risk review, companies need to develop KRIs. Unfortunately, many companies struggle to develop these as attaining the data has proven difficult.

Next Steps

The next step to achieve a comprehensive risk management approach of suppliers is to develop an evaluation tool comprised of several risk components. The research determined the following four risk components are areas that should be incorporated into the tool: environmental risks, brand reputational risks, data security risks, and labor concerns. However, in order to develop such a tool a company needs access to the right type of data and predictive analytics. 

Link: Supplier Risk Management: Joining Best Practices with Technology

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2016-04-01