Procurement and risk management need to team up over modern supply chains, say Alex Hindson and Finlay Murray

The world is changing. Once upon a time organisations managed the majority of their supply chain within the boundaries of their own business. But the changes do not only impact the manufacturing industry through outsourcing to lower cost environments. The world is becoming more interdependent, with a growing trend for companies worldwide to create alliances to remain competitive.

Many financial institutions have gone down the road of off-shoring back office operations, such as HR, IT and financial processing. In other cases, core competencies are outsourced so economies of scale can be achieved or access to more economic high skill labour pools are possible. 'Hollow companies' focused on brand and marketing are now being formed, but how can these businesses be made robust and sustainable?

So why is this challenging?

As organisations become more specialised, each is likely to focus on its core activities, creating an integrated supply chain of partnerships and interdependencies. This has replaced vertically integrated companies as a much more agile and adaptable response to the challenges of the marketplace.

Organisations with complex interactions and networks of business partners now need to cooperate. This leads to sharing substantial intellectual property and know-how in what is becoming an increasingly knowledge-based economy.

Much of this information is dependent on enterprise-wide IT systems. Organisations are seeking to drive efficiency through systems integration, and the trend is towards fewer, more complex systems to run individual businesses. These systems will become more critical, and, over time, organisations will come to rely on them more in terms of providing management information and operational planning and control of their businesses.

Seeking to understand and manage complex supply chains of this type requires an enterprise-wide perspective on both procurement and risk.

Major risk exposures in modern supplier bases

Security of supply is always a concern. There are many causes for a supplier failing to meet its delivery commitments, but commonly these are the result of a fire, or increasingly because of flash floods. Alternatively your chosen suppliers may not be able to meet your increased demand forecasts in a timely manner, with resultant loss of market opportunity, perhaps failing to deliver sought-after products in the run-up to Christmas.

Quality failures are increasingly a concern, with a significant rise in product recall events, most recently and publicly with contaminated paint on toys sourced from China. Also failure to effectively control supply chain security can lead to counterfeit goods entering the market. Such exposures have the potential to significantly and permanently damage an organisation's brand and reputation. Increasingly, ethical supply is becoming a key issue.

Stakeholders not only require and expect high quality goods delivered on time and at a reasonable price, but they want to know how they were made, where and by whom. Policies on supply chain ethics may no longer be enough; customers may expect organisations to answer the 'prove it to me' test.

Procurement and risk management

Accountability for the management of the supply base generally resides with procurement functions reporting to a chief procurement officer. Consideration of threats to interruption of supply of goods or services is often the remit of a risk manager or chief risk officer.

Understanding and managing these issues effectively requires an integrated approach. Bringing the perspectives of the procurement and risk management teams together provides a rounded evaluation

With enterprise resource planning (ERP) systems it fairly easy for most organisations to categorise their top 10% of suppliers by spend, and procurement functions are well versed in applying strategic supplier management processes to this population to ensure good relationship management.

“Organisations with complex interactions and networks of business partners need to cooperate.

A key development with the drive for efficiency has been seeking efficiency of supply through just-in-time arrangements and the consolidation of the supplier base to drive value through harnessing buying influence.

How has risk been integrated into this process? As Figure 1 demonstrates, when looked at through the prism of risk, supplier priorities can look very different from spend ranking. A small contract to maintain telecommunications services to head office or a supplier of key ingredient manufacturing from a single-site family business might become disproportionately important.

Taking a structured approach

Organisations are certainly managing their supplier bases currently. The key question is how this is done, whether it is based on a clear strategy and harnesses the strengths that different professions bring to the process.

Taking a structured approach helps support the overall business objectives in terms of procurement policy and enterprise risk management. It also has benefits in terms of managing and communicating expectations within and outside the organisation.

A structured framework for managing suppliers is outlined in Figure 2. By reference to business objectives captures within overall risk management and procurement policies it is possible to define for any organisation the overall strategy for supplier management. A policy for supplier management will define clearly why this is important for the business and what needs to be achieved.

Setting policy expectations

The policy defines expectations that can be shared with key suppliers. For example it might clearly state the importance of maintaining security of supply as well as protecting the brand of the organisation and its customers through ethical supply.

The policy might also define at a high-level the key elements of ensuring security of supply and a sustainable supply, including for example:

business continuity performance

product recall plans

stock inventory management

supply chain management covering upstream suppliers

quality assurance standards

legal compliance

“Ultimately successful supplier relationships are founded on a long-term partnership.

environmental, safety and health performance

corporate responsibility standards

reporting, monitoring and audit.

Such policy expectations would normally be shared with suppliers as a precursor to a risk assessment and audit process. Clearly it is important that suppliers are engaged and provided with help and guidance in how to address these requirements. In some cases external best practices and standards exist, against which performance can be evaluated. In other cases, company policies may be more specific than available benchmarks.

Other key stakeholders such as customers, investors and insurers are increasingly asking for assurances that the risk associated with suppliers is being effectively managed. Having a clearly defined policy endorsed by senior management is clearly a first step in showing commitment in this area. Ultimately those stakeholders may seek evidence to demonstrate that these policy expectations are being delivered in practice. Needless to say, significant press coverage has resulted when organisations have put in place policy commitments but not delivered them in practice, particularly in the area of ethical supply.

Implementing a supplier management process

Supporting the implementation of such a policy would be supplier management procedures. These would need to be aligned to the specific needs of an organisation and the nature of its supplier base but would typically include aspects related to:

supplier selection

risk ranking suppliers

data collection and audit

risk improvement planning.

The key to successfully implementing such a process will be communication, both internal and external. It is essential for risk management and procurement professionals to reach a common understanding of the objectives of the process, as well as how it will be implemented in practice. Procurement and, in some cases, quality assurance teams may be called upon in practice to complete the process, including risk assessments and audits. Risk managers therefore have a role to play in terms of training and equipping these assessment and audit teams

Communication with suppliers is equally important to a successful outcome. Depending on the scale and resources of suppliers, they may have limited experience or capability in responding to such demands. Their capabilities and preparedness to engage in risk improvement planning may ultimately determine whether they will remain a key supplier to the organisation. However in the short term, organisations need to recognise the need to provide guidance and support to suppliers in helping them on the improvement journey. Ultimately successful supplier relationships are founded on a long-term partnership.

It is important to recognise that the objective of the activity is to manage supply chain risk exposures, and therefore working in partnership with key suppliers to mitigate significant exposures is a key element of the process. Figure 3 provides an example of a structured methodology managed by a global procurement function with an embedded risk assessment process and clear reporting process to escalate significant risk exposures. This demonstrates a practical example of a small risk management team engaging with a much larger and globally deployed procurement function to design and establish a common approach. This process integrates the key elements required by both functions to provide a robust process that is nevertheless able to be simply and consistently implemented globally.

Sustaining the process

Developing and implementing a supplier management process takes time and considerable resources. It needs to be recognised that such a process can bring significant value to an organisation, but only if it is sustained over a period of time. This requires clear ownership and accountability to be assigned within the business. Resources need to be made available, staff trained and their roles valued. Ultimately the process will create a large quantity of valuable information. Organisations will realise that a supplier database will ultimately be needed to manage and analyse the data and enable management information to be extracted in such as way as to inform future sourcing decisions. This is when supplier management ceases to be a project and becomes a key business process.