I suggest there is a half way house where an initial assessment of the 'products/services' purchased is made to determine which would have the greatest impact on the business should they get into trouble.

As a second observation there will be different views dependent on the industry you're in. A production component in the automotive industry might be significantly harder to resource than a cleaning services provider.

So historical data is backward looking and forecasts are, at best, a guess (I mean, there have been incidents of companies with the highest D&B rating one day who went bankrupt the next), so I absolutely agree with the pharma CPO.

It's not if, it is when. And so few companies actually have a legitimate backup plan in place. Not saying you shouldn't look at risk data, but it should taken with a grain of salt the size of a small house.

Trust in data, but plan, plan, plan.

I agree with the readers comment above, it all depends on how unique or business critical the suppliers goods / services are; which ones would severely impact business continuity? I'm surprised at any company taking a wholesale approach to managing supplier risk...

We focused on developing second sources for our top suppliers as it both mitigates risk AND provides cost savings when we give business to secondary suppliers. However, we did a detailed risk assessment on our top 100 (mission critical) suppliers -- the suppliers who could impact revenue if they fail to deliver/serve.

Supplier risk is an important issue and is key to our responsibility as Procurement Professionals. However like so many things you can over complicate that issue and get carried away with analysis.

That old phrase "Keep it Simple Stupid" still stands in my opinion. Checking a supplier's financial standing by whatever means is your preference and checking current customers' references should yield enough sound information to determine a vendor/suppliers reliability. Not only does this provide information about their likelihood of being around a few years down the road but it will provide information on quality, and on-time deliveries.

While you might gain other bits of information with more research one has to determine if those bits will make any real difference.

I will say that a lot also depends on the products or services you're procuring from the supplier. I'm sure that there are special cases where more research is required.

Good teaser - but I do not agree. It may be crucial to assess the financial risk of the supplier in automotive so that you can set your mid / long term strategy for that commodity and finalize sourcing accordingly.

If my supplier is at risk, I am also at risk

Our company is looking at supplier risk assessment and would appreciate any one that could share risk assessment templates they may be using.

Really? What if your supplier is financially unstable, goes out of business and you have difficulty procuring critical parts? What if those parts are unique? Re-sourcing a supplier correctly is a multi-step process that takes time. Good research on a supplier's capability, capacity and financial health are key to good long term relationships.

Well it depends...

As Ali and Jacob stated, supplier risk is buyer risk and therefore must be subjected to a reasonable - and cost efective - Risk Management regime including:

- Identification
- Categorizing
- Assessment - probability and severity
- Mitigation - reduction, elimination, transferring
- Management - ongoing controls, training and implementation

Obviously, the larger the company and more critical the supplier or service provider, the greater the need for formalized Risk Management processes.

Whether or not you like what you find when go through the process, it still needs to be done.

I agree with Bill's comments, but not only with critical parts but with all vendors - you are crreating a relationship between two companies, a partnership, would you want to invest your own money into a parnership with someone who is not finanacially stable - Rememeber your time is money and creating a relationship with a vendor that may not be there for you when you need them or have the ablity to sevice you reflects on you and your staff -Do it right the first time and you will have a long term partner that will be mutually beneficial to both companies - a "Win - Win " for all

A detailed risk assessment for every single supplier as performed by the consumer goods company would definitely tie up a significant amount of resources. That's why spend segmentation comes in handy: focus first on those high-risk categories where you're facing potential supply interruptions.

Does it really matter if your office supply company shuts down its online catalog? It's an inconvenience, compared to interruptions in the supply of direct materials or critical spare parts.

One key to accomplishing the risk assessment is to build in efficiencies and automation as much as possible: The sheer number of suppliers can become overwhelming, and data collection and aggregation takes a lot of time. The evaluation should then be non-automated, as it is not possible to quantify all risks, translated them into numbers and define automated "red flags" or cutoffs.

Procurement departments may be able to pull off a manual one-time assessment, but monitoring on an ongoing basis is a different story.

My thought is that you must start with a spend analysis and critical analysis of what your key components or materials are. Once you know how many dollars are spent on a commodity and know which commodities could shut you down, you focus on risk preparation for those commodities or items first.

The rest could follow from a general stand point but if you know you are JIT with supplier ABC and that material would shut you down tomorrow, you focus your backup plan on that material today. If you buy a commodity item that everyone can supply, I would not do a lot of research or prep for that material.

That would be my approach.

How can you set a back up plan without assessing your risk?

Suppliers are our business partners. We need healthy and financialy stable companies to improve the business and create new strategies.

Risk assessment is a must not to need a back-up plan.

This is really an industry specific question, then again it is not because scale also matters. If I am making high-tech products in a global supply chain, it is certainly in my interest to subscribe to data services which indicate the occurrence of events (geocoded & realtime) that may disrupt the flow of components or subassemblies from suppliers impacted by said events.

I would also need to know two primary things: 1) which inventories of products will be impacted resulting from global events (earthquakes, riots, weather, etc), and, 2) (which is MOST important) Who can provide supply among existing portfolio of suppliers for those items which are disrupted AND may not be currently under contract in the form of viable sourcing options... Form this information you can then put plans into action.

Risk management isn't a waste of time, it just needs enough critical mass of revenue to support the overhead necessary to put the pieces together. If you can tell CFO, within 12 hours of something going awry in the world, what the potential impact is to cash flow - you have a real risk management capability.

Regular supply chain risk analysis is critical to many. For all market sectors - mission critical parts, inventory, etc. keep the engine of commerce running.

Furthermore, done properly (ie:, comparing the financials of incumbent suppliers with other companies in the same market sector) it enables Strategic Sourcing, Supply Chain, Shared Services and other divisions to recognize and maintain the most robust, healthy relationships with their suppliers and back-up positions for mission-critical sourcing needs.

Assessing risk should be an initial step and an ongoing process. New suppliers should always be evaluated for risk and this relationship should be maitained. Suppliers with higher risk (even if they are a prefered supplier to your company) should have a secondary supplier for items in question.
Specialty items, single supplier items and such are naturally high risk and should be treated as such. Constant monitoring of these suppliers is necessary. Process development and continuous improvement metrics in these areas goes a long way. Setting expectation and a communication schedule works well but must be maintained.

I agree that assessing risk is difficult to do - you don't know which supplier might fail and you don't know when. Doing detailed analysis on every supplier is time consuming - and subjective (who in your company would do it?).

But what if it was quick, easy, objective and gave reliable results? What if, with about 80% accuracy, it could predict which suppliers would go away in the next 2 years? Would you be willing to do it then for every (or most, especially key) suppliers?

I've built such a tool... been working on creating the commercial version. But I've not focused on releasing it because honestly, I'm not sure that anyone would pay to use it. So what if a particular supplier is risky? Buyers still choose them - even when they have alternatives.

Risk is an excuse - a ruse, a red herring. A good one, to be sure. But unless and until buyers will choose alternates in lieu of risky preferred suppliers, risk comes second to money (which is the usual driving force in most procurement activities).

Wow... I sound like a heretic. Maybe I am. But there's no sense in measuring something for which you ignore the results.

Supply chain risk can occur far down the supply chain stream -it's not about reviewing the immediate supply base, but understanding the full background of the products and services which are designed/spec'd to be purchased. And then educating the business so there is a good understanding of purchasing life cycle strategy on key items.

Another thing that buyers need to do is challenge business stakeholderto remove as much complexity as possible from what is being designed or spec'd before tendering starts. Simple changes can remove a lot of supply chain risk as it avoids sole source situation where only one supplier can supply the complex item or service.

I used to run e-auctions on new engineering designs of small metal components. If few suppliers bid, I would find out what design features caused suppliers to not bid. This would be fed back to the engineers to give them opportunity to design out the difficult feature. If design was amended, we would run new auction to assess marketability of new design. If design couldn't be changed, then we agreed at the start that the item was a sole source supply with little opportunity for cost reduction. If there were quality or other supply risk problems in future, we knew from the bidding history if we could easily find alternative suppliers or needed to work with incumbent to fix the problem. The efficiencies for Purchasing and Quality were great because everyone could better focus their time and efforts in the right way.

Buyers should consider the competitiveness of the supply market when they put items or services out to tender. If there aren't many national players, and they find a small regional supplier who looks capable but can't handle the full amount of spend, then buyers should consider splitting spend to give some work to the regional supplier who might grow into larger supplier in future. This will bring healthy competition to the supplier, market and buying companies are less dependent on fewer, larger suppliers in future.

In addition, business priorities move so fast today, that putting together a detailed supplier risk assessment may be out of date within months both in terms of the suppliers assessed and in terms of what the buying company deems is a real risk.

The time to do the risk assessment is at the tendering stage and then keep the info and learnings to hand for future reference, checking on a regular basis if the assumptions are still valid. Using e-sourcing technology will make this process manageable.

It seems some basic due diligence on a new vendor would be prudent.

What if you used Google Maps to view a vendor address and it turned out to be an outhouse?!? Alarm bells would probably go off in your head that an unscrupulous "vendor" was trying to swindle your company.

More here:
http://blog.170systems.com/bid/8691/Preventing-Vendor-AP-Fraud-A-Great-Tip-For-Maintaining-Your-Vendor-File