Your Suppliers’ Risk Is Your Risk

As your supply chain grows more
 complex, so do the risks.
In today’s global marketplace, your suppliers—whether Tier 1, 2, 3 or more—are an extension of your company and your brand.
In today’s day and age, in which outsourcing can be the norm, and not only major global corporations stretch across the globe, but also potentially mid-market and mom-and-pop suppliers, supply chains are no longer insulated from external or environmental risk events. These risks can range from a natural disaster, such as the Japan earthquake and tsunami, to lax safety policies, in the case of the Bangladesh garment factory collapse, to the regular ebb and flow of business, including when a supplier is acquired or goes out of business. These risks are not new to the supply chain, but as the supply chain grows more complex, so do the risks to supply, especially when visibility is blurred, suppliers are far-flung and there is no backup plan in sight.
According to Charles Dominick, SPSM3, president and CPO at Next Level Purchasing Association, the reality is “an organization doesn’t own its supply chain. It chooses its Tier 1 supplier, who chooses its supplier [Tier 2], who chooses its supplier [Tier 3] and so on. In those cases, the failure of a Tier 1 supplier may necessitate its replacement, which replaces the entire supply chain for the purchased product or service. Every organization should have a contingency plan covering every tier of the supply chain that answers the question: If this company drops off the face of the Earth tomorrow, who can step in? Of course, any good supply chain contingency plan goes deeper than just answering that question. It addresses lower tiers as well.” 
Dominick elaborates on the escalating chance of encountering risk in the supply chain, saying every business has a percentage of a chance to face operational disruption. That percentage is compounded by the chance that each of the business’ suppliers have to encounter risk as well. With every supplier, and suppliers’ supplier, the chance of risk grows exponentially. He reinforces, “Knowing the risks of a disruption to supply continuity, knowing the likelihood of those risks and developing an appropriate plan for mitigating those risks are the foundational aspects of supply risk management.”

Fallout from the Supply Chain Ignorance Bomb

An organization can’t prevent or avoid risk if it doesn’t know whom its suppliers are, where they are located, and therefore, what its risks are. Because we live in a global economy that’s connected by the Internet, it’s easy to spot the numerous instances of supply chain vulnerability. Brian Winshall, executive vice president of business development at AFN Logistics, concurs“As supply chains become leaner and markets more competitive, the supply chain impact of [risk] events can be profound. Basic mitigation strategies like safety inventory and excess capacity are inadequate. There’s a critical need for businesses to proactively collaborate with suppliers to avoid, or respond to, disruption in a quick and efficient manner. This creates a competitive advantage, increased speed to market, cost reductions and brand protection.”
Diane Palmquist, vice president of manufacturing industry solutions at GT Nexus, warns if you don’t know your supply chain, you’re not only unprepared for the big disruptions, but also the small ones that can quickly escalate into a major bottleneck, especially if you’re single-sourcing materials, which means there is no backup supply. She offers an example: Peugeot lost billions of dollars one year because an Italian Tier 2 fastener supplier’s operations were disrupted, resulting in this tiny component stalling vehicle production. Alternatively, sometimes it takes a major event for a company to sit up and take notice of suppliers of all tiers. She mentions that, when the Japanese tsunami happened in 2011, it was a wake-up call. There was even a New York Times story about General Motors (GM) going into a war room for months to determine its Tier 1 and 2 suppliers. Palmquist notes, “A big tsunami exacerbates the issue, but that issue already existed. It means that [GM] already didn’t know where it was getting its supply. It doesn’t have to be a big disruption that causes pain. That’s why, for just regular business continuity, day-to-day operations and execution, you have to know whom your suppliers are and whom your backups are.”
Winshall agrees, listing the fallout that can accompany not familiarizing yourself with your supply chain: expensive supply loss, delayed reaction times, depleted quality control and increased costs. H says the more an organization collaborates with its suppliers, the more it can avoid and prevent risk since it knows what’s coming down the pipeline.
It’s also important to stress that, to many consumers, there is no difference between a brand and its suppliers, therefore, your suppliers are an extension of your brand. That’s why organizations need to collaborate with suppliers to ensure their corporate social responsibilities are in line with what the organization preaches. “A landmark example of such risk was the 2013 Rana Plaza factory collapse in Bangladesh where rescuers found over 1,000 dead workers and apparel that was made for large, household-name retailers,” says Dominick. “Those retailers denied they authorized production of their garments at that unsafe facility, yet the production was done there regardless. Though it dwarfs the pain experienced by the families of the victims, those retailers incurred damage to their brands.”
Dominick notes unsafe supplier facilities are just the beginning of the kinds of indiscretions that can be exposed. There is also slave and child labor, environmental hazards and financial support for conflict minerals, to name a few.

Down to the Nitty Gritty of Your Supply Chain

Palmquist suggests organizations map out their supply chain networks to determine Tier 1, 2, 3, etc. suppliers, but acknowledges that it’s not easy. One reason is an organization’s supply chain network can change rapidly, but even with the ever-increasing pace of the changing supply chain, most companies know their Tier 1 suppliers.
The caveat, she admits, is determining the other tiers of supply; many organizations don’t know every single supplier of every single component, but they need to know what those are and where they come from. She says that once businesses map out their supply chain networks electronically, the task becomes far easier. They can link suppliers involved with specific product lines and SKUs, and better visualize the supply chain network overall to facilitate decision-making and analysis. Furthermore, she suggests tying these maps in with risk management software, which can be predictive in locating political unrest, weather issues and the like. This helps businesses notice where they may need to take action. This requires operating the supply chain as a network, with all suppliers and trading partners connected in a cloud environment, and a single version of the truth at the core.
Sonal Sinha, vice president of industry solutions at MetricStream, confirms that analyzing what an organization’s supply chain universe contains can be a very daunting task. Not only are companies growing organically, but also inorganically through a deluge of mergers and acquisitions. Add to that the global nature of commerce and supply chains, and the increasing participation of suppliers from less advanced countries that may not have sophisticated tracking mechanisms or systems, and the once-clear waters muddy quickly.
Sinha recommends using a risk-based approach, whether based on payment history or the highest revenue product, to identify suppliers, “There’s a good chance that, if you paid a supplier in the last couple of years, they’re active. A second step would also be to take a look at the highest revenue product you’re selling. If you have 200 products in your portfolio, but 10 of those 200 make up 80 percent of your revenue, then focusing on those 10 products and the suppliers supplying components for those products can be a really great way to start gathering information on your highest risk suppliers.”
Biju Mohan, vice president of consulting at GEP, agrees that organizations should identify high-risk suppliers based on financial impact to the business, but he also advises that companies use the metric for time to recover in case of a disruption. “There needs to be a constant assessment of strategies—including backup options, inventory management, rapid response manufacturing, etc.—that can be put in place to manage any risks with these suppliers. Increasingly, it is important to start evaluating the risk impact of a supplier change as part of this process,” he says. “Familiarize yourself with suppliers. Knowing and measuring the potential financial impact and time to recover from risks driven by suppliers can help an organization manage their risk profile and take corrective/predictive actions as needed.”

Risk-Ranking Your Supply Chain Universe

Many organizations are getting into the habit of assigning risk profiles to suppliers, based on different metrics, because of the complexity of the supply chain network. These risk indicators vary by company, goals, supplier geography, etc. In this case, there is not necessarily a one-size-fits-all methodology. Sinha says, when it comes to business continuity risk, some companies may assess factory location, export markets, geopolitical forces, and finance and credit ratings, to name a few.
According to Winshall, organizations can take supply chain mapping a step even further to incorporate risk, “Companies can geo-code suppliers utilizing service-area mapping technology, and can then apply risk indices for things like corruption, political instability, logistics performance, climate risk and more. In doing this, businesses know how a commodity or product may be impacted at the time of an event, like a natural disaster or a labor strike. Organizations that don’t have this technology may not be alerted for days or weeks, and a slow reaction can cause irreversible damage and financial loss.”
Dominick concludes, “Supply chain leaders need to think about creating a supply chain culture that applies to all of their suppliers at every tier. Having multi-tier visibility into one’s supply chain is a product of creating a culture that promotes a spirit of collaboration, information sharing and transparency. That type of culture needs to start with a C-level relationship between an organization and its strategic suppliers, and replicated at each tier of the supply chain. When the ‘let’s be a successful supply chain’ mantra is more than lip service, then it should not be a stretch to imagine C-level executives from companies at each tier of that supply chain in the same room at the same time.”

Supply & Demand Chain Executive covers the entire global supply chain, and focuses on return on investment, professional development and change management, all in a solutions-based format.  As a C-level and line-of-business executive, you can depend on our mission-critical editorial to solve your supply chain challenges.  Supply & Demand Chain Execurive the user manual for successful supply and demand chain transformation.
This story originally appeared in Supply & Demand Chain Executive.

Carrie Mantey joined the Supply & Demand Chain Executive team in August 2013. She has worked in the business-to-business field for eight years, spanning the automotive aftermarket, product design and development, chemical processing and supply chain management industries, and holds a writing degree from the University of Wisconsin-Whitewater.

Demo: MasterControl Document Control Software
MasterControl Spark Helps Small Businesses Effortlessly Manage Documents

Download Free Resources
White Paper: Reducing the Documentation Burden in FDA Design Control
White Paper: Top Five Ways Document Automation Can Boost Financial Success in Life Sciences Industries
Webinar: Streamlining SOP Document Systems
Interactive Graphic: Evolution of a QMS