MANAGING SUPPLIER RISK IN THE GLOBAL SUPPLY CHAIN
Suppliers and service providers exist to serve the global supply chain, but they may also cause harm through poorly managed risk. This can happen in many ways. For example, if you work for or are in partnership with a US-registered company and a supplier engages in fraud or a third-party sales agent takes a bribe, it can attract huge fines under the US Foreign Corrupt Practices Act.
A trading partner with valuable intellectual property can inadvertently share it, sell it to a competitor or use it to make competing or counterfeit products. Trading partners who have trusted access to their partners’ systems can be hacked and subsequently infiltrated. An uninsured contractor has an accident on-site and sues for millions. The list of real-life incidents is practically endless.
Outsourcing can also bring risk: Over the last few decades, more and more functions that used to be done internally are now done by third parties. This includes everything from IT to customer service, payroll, logistics, quality, manufacturing, HR, facilities management, security, sales, marketing, R&D, legal, accounting, sourcing, procurement — you name it.
If someone else can do it better, faster and cheaper, then it’s a candidate for outsourcing. But along with the explosion of outsourced services, risk has increased for many corporations as visibility and control have decreased.
Increasing regulatory complexity and compliance: The regulatory and legal responsibilities along with compliance requirements imposed on corporations have grown dramatically in recent times. Driven by a range of public scandals and catastrophic business failures, lawmakers feel compelled to make sure “this will never happen again”.
New regulations are constantly being revised across multiple countries to enforce food and drug safety, counter money laundering and tax/duties evasion, restrict corrupt practices, counter international terrorism, ensure environmental protection, support fair trade, prevent labour exploitation and slavery, offer financial and consumer protection, and countless others.
On top of this, there are numerous lists of parties that you either cannot do business with or that have specific restrictions on how you can do business with them. To make matters worse, newer regulations are almost always open to interpretation, the details of which often get resolved through litigation or further legislation. Keeping up with all of this is a huge burden for businesses. It seems that just when companies get systems and policies working to comply with one set of regulations or restriction lists, a whole new set comes along.
The procurement challenge: The chief procurement officer’s numberone priority will always be reduction in spending. In addition, today the CPO is expected to reduce a tremendous variety of risks associated with suppliers and vendors, making sure the organisation is in compliance. Often the CPO is asked to do all that while simultaneously reducing purchasing headcount and/or budget.
To use their limited procurement resources wisely, most companies segment their suppliers so that they can manage them with the appropriate amount of diligence and effort expended, focusing their precious resources on those suppliers which are most important to the organisation.
Is segmentation the answer? Unfortunately, most current supplier-segmentation strategies are not well-suited for managing the full range of risks posed by suppliers. Smaller suppliers still have the potential to cause substantial damage to a company. Unless these risks are also diligently managed, a firm is vulnerable.
Segmentation strategies that are based on the size of savings opportunities may work well for focusing resources on the largest spending-reduction opportunities, but they are not ideal for identifying and managing the largest risks. Some companies address this by adding “criticality” as a segmentation criterion, to ensure that any supplier that is solesourced, hard to replace and critical to the running of the enterprise is considered carefully.
Decentralised procurement challenges: The challenge for a global company in managing vast numbers of smaller suppliers is compounded when procurement decisions are made locally, specifically for site-specific or geography-specific services.
Risk considerations are often diminished with local procurement decisions, even when explicit corporate policies are in place mandating due diligence procedures. Too often, local entrenched relationships (such as back-handers, the good old boys’ network and “we’ve always used them”) rule the day.
Summary: Managing the risks in today’s global supply chain imposed by suppliers and third-party service providers has become increasingly difficult and expensive. At the same time, the risks imposed by these relationships keep on getting larger and costlier. Companies are faced with either spending too much time and effort to manage the risks or just accepting the risk and damages incurred. Neither is a great choice.
In the next few articles we will examine some strategies for mitigating
these risks.
This article is excerpted from a research report “Co-Managing Supplier Risk: Lowering Risks and Cost-of-Managing Simultaneously” by Bill McBeath of Chainlink Research. The Link is coordinated by Barry Elliott and Chris Catto-Smith as an interactive forum for industry professionals. We welcome all input, questions, feedback and news at: BJElliott@ABf1Consulting.com, cattoc@ freshport.asia