How to analyse third-party risks in the supply chain

How to analyse third-party risks in the supply chain

How to analyse third-party risks in the supply chain

What are the cybersecurity, financial and other risks posed by third parties in the supply chain, asks Sri Rangachary, a Senior Director with ISG
Do you truly know your exposure to risk? With every third-party supplier an organisation uses, there is increased risk of being exposed to a security breach, a damaging reputational issue, or a human rights or environmental issue that could be buried within the supply chain.

We tend to think of disruptive events as happening once in a lifetime, but in reality, we should plan for them to be a regular feature of supply chains and manage them accordingly. Proper governance and rigorous supply chain review are critical.

What are the risks posed by third parties in the supply chain? The most obvious risks are cyber security or financial. Imagine if one of your supplier’s suppliers has a ransomware attack that spreads up the chain. Your security is only as strong as the weakest link in the supply chain. An event like this could severely disrupt your ability to do business.

But there are less obvious, newer risks from suppliers. Increasingly we’re seeing emerging threats from areas like environment, social and governance (ESG), and human rights.

Perhaps there are modern day slavery practices that you haven’t spotted, deeply embedded in the supply chain, or a supplier has been found guilty of corruption, or other unethical behaviour. It’s not enough anymore to claim ignorance, and you could lose your hard-won reputation by association with such practices.

You need the right processes in place to catch and head off these kinds of issues, early on.

Managing supplier relationships

The key to good supplier management is good information. What information do you need to mitigate your risk? I’m often asked: “How do I assess the risks from my supply chain?” The answer is in the information you get from that chain.

Look first at the information you have internally available. What is the acceptable risk level in your own business? Every organisation will have a different appetite for risk. A risk heat map is a great way to visualise the impact and likelihood of different risk categories, so you can develop the appropriate response.

The role of technology

It’s simply not possible for a person – or even a full team – to monitor every change and movement that could pose risk within the supply chain. This is where technology can help.

A good third-party risk management system can give you the information you need to monitor and mitigate risk, as well as keep on top of contractual commitments and the performance of your suppliers (including their ability to meet those commitments).

Read more at How to analyse third-party risks in the supply chain

Leave your comments below and subscribe to us for new updates.

The Emerging Business of Supply Chain Risk Management

For many organizations, globalization, outsourcing, and extended supply chains are effective strategies to increase efficiency and achieve economies of scale, however, these benefits are accompanied by the significantly increased risk to quality, safety, business continuity, reputation, and more.

Is Your Company Safe to Work With?

As reported by Forbes, there’s an emerging category of business – supply chain risk management – of which many companies aren’t yet aware.

For the largest companies, this is a jugular area – imagine the exposure of a large oil company or a large online retailer when a supplier they’ve contracted with makes a mistake or even causes an all-out disaster? (Think oil drilling contractor, for example.)

Risk Management Overview

For many organizations, globalization, outsourcing, and extended supply chains are effective strategies to increase efficiency and achieve economies of scale.

However, these benefits are accompanied by the significantly increased risk of quality, safety, business continuity, reputation, and more.

Identifying Risk in the Supply Chain

Organizations are always at risk for losses through cost volatility, supply disruption, non-compliance fines, and safety incidents that cause damage to their brand and reputation.

Knowing what’s at stake is the first step to understanding, measuring, and managing risk in your supply chain.

Supply Chain Safety

Among the highest priorities for companies across all industries, safety concerns are often magnified in chemical, oil and gas, construction, and manufacturing.

Workplace accidents can jeopardize contracts, result in fines, and cause significant damage to a company’s reputation.

Supply Chain Quality Control

Do your vendors and suppliers meet your standards for quality and consistency?

Customers are quick to react when they perceive a drop in quality; and, even the smallest product issues can be difficult to recover from.

Supply Chain Financial Challenges

Any disruption to the supply chain due to financial challenges has the potential to impact business continuity and, ultimately, your bottom line.

Taking a proactive approach to understanding supplier financial strength can prevent disruption and unnecessary costs.

Supply Chain Compliance

Are your contractors insured? Do they have the right type of insurance, the right limits?

Knowing this information will help you to manage insurance risk and avoid potentially costly litigation.

Supply Chain Reputation

Damage to a company’s brand or reputation can be long-lasting, extremely costly, and sometimes unrecoverable.

Committing to a supply chain risk management strategy can not only prevent brand damage but can also serve to foster new partnerships with organizations that share like values.

Supply Chain Sustainability

It’s no longer enough to assess risk within the traditional construct of a supply chain.

Organizations must look beyond and consider environmental impacts and corporate social responsibility, including adherence to labor laws and sustainable practices.

Read more at The Emerging Business of Supply Chain Risk Management

Share your opinions with us in the comment box and subscribe us to get updates.

Four Steps to Building a Global Chain Risk Management Platform

Be proactive – and significantly reduce global supply chain risks, discover the 4 steps to building a global supply chain risk management platform in a white paper from Avetta.

A global marketplace presents a complex set of challenges, especially when attempting to maintain a safe and sustainable working environment for your employees, contractors, and suppliers.

A minor detail, if left unresolved on the front end, can explode into a financial or operational disaster.

But the implementation of a world-class risk mitigation solution can save time, money, and even lives.

It’s critical to have the plans, resources, and technology in place that verify credentials, measure financial stability, and encourage sustainable business practices.

A proven supply chain risk management partner can ensure that your program is configured efficiently, intuitively, and effectively.

Save your business from negative impacts to its revenue and reputation by taking the right steps to minimize global supply chain risks.

In this white paper from Avetta, you’ll learn the keys to successfully managing your supply chain, protecting it against avoidable situations, and recovering from unforeseen disasters.

Find out how to better equip your business to prevent:

  1. Incidents caused by under-qualified or untrustworthy contractors or suppliers
  2. Injury to employees, contractors, suppliers – and the obligation of medical expenses associated with them
  3. Direct costs such as damaged goods and materials, machinery repair, and insurance deductibles
  4. Indirect costs including revenue loss from brand damage, employee and supplier down time, production delays, and fines

Read more at Four Steps to Building a Global Chain Risk Management Platform

Subscribe us to get updates in your inbox, and post your opinions in the comment box.

5 Critical Supply Risk Mitigation Principles for Your Sourcing Process

Supply chain risk management (SCRM) is becoming a top priority in procurement, as organizations lose millions because of cost volatility, supply disruption, non-compliance fines and incidents that cause damage to the organizational brand and reputation.
Bribes to shady government officials, salmonella in the spinach and forced labor in the supply chain can all result in brand-damaging headlines that can cost an organization tens of millions in sales and hundred of millions in brand damage. And while reputation may only be important for name brands, cost volatility and supply disruption affect all manufacturers.

In fact, in the latest 2015 study by the Business Continuity Institute, supply chain disruption doubled in priority relative to other enterprise disruptions (48% of firms are concerned or extremely concerned). Roughly three-quarters of respondents said they had at least one disruption, and the same amount lack full visibility of their supply chains.

In the same study, 14% had losses from supply chain disruptions (e.g., natural hazards, labor strikes, fires, etc.) that cost over €1 million, and these disruptions can easily go up to nine figures. For example, Toyota estimates the costs for the recent Kumamoto earthquakes to be nearly $300 million. Imagine being out of stock on a product line that does $12 million in annual sales for two months. That’s $2 million in immediate lost sales and longer-term brand damage.

Risk management, and what is necessary for ongoing risk management, never gets operationalized, and as new suppliers get added, supply shifts and supply chains change, new risk enters the picture — risks that go undetected unless risk management is embedded in all key procurement activities, including sourcing. It is important to remember that:

1. When You are Sourcing, You are Really Changing Your Supply Chain Network

2. Supplier Risk is Only One Aspect of Supply Chain Risk

3. Your Sourcing Criteria Must Be ‘Protected’ and Risk Must Be Factored In

4. You Need to Cost the Risk” and Also Get It in the Contract

5. You Must Design a Monitoring System That is Part of Onboarding

Read more at 5 Critical Supply Risk Mitigation Principles for Your Sourcing Process

Share your opinions with us in the comment box and subscribe to get updates in your inbox.