Mastering Supplier Risk Management: How to Build More Reliable Suppliers

Published March 12, 2024

Category: Sourcing

Become A Contributor

Written by: Eddie M Campbell
Author Image

Eddie M Campbell

Eddie Campbell is a former Kearney and ProcureAbility consultant with over 15 years of experience driving end-to-end procurement excellence across various industries. After creating and leading the Strategic Sourcing COE at HelloFresh, he founded EMC Procurement, a procurement consulting firm. Eddie is known for identifying and executing supplier cost-reduction strategies and transforming teams to deliver extraordinary results.
 
With a degree in operations management from the University of Alabama and an MBA in supply chain from Arizona State, Eddie is a self-proclaimed procurement geek and futurist with deep expertise in strategic sourcing, contract management, supplier relationship management, and procurement systems. He is passionate about creating value for clients through innovative procurement strategies enabled by modern technology.
 
Eddie and his wife, along with their energetic preschool son reside in New York’s Long Island area. His family is the only thing he loves more than college football. #rolltide
Read More
Supplier Segmentation 
The first step in an SRM program is Supplier Segmentation. This process involves categorizing the supply base into different segments based on various factors, such as the type of goods or services provided, the business volume, and the risk associated with each supplier. By segmenting suppliers, businesses can prioritize their efforts and resources to effectively manage the suppliers that pose the most significant risks. 
For a utility company, we segmented the supply base to identify high-risk and critical suppliers for the initial focus of the SRM program. With over 1,000 suppliers, we had to find a way to maximize the ROI by addressing our most significant risks. We first limited the scope to the 800+ suppliers with at least $5K in spend. Then, we worked with a cross-functional team, including stakeholders from each business area, to identify the highest-risk services and suppliers critical to the operation. Each company should use discretion to define the appropriate segmentation methodology and criteria. 
 
 
Supplier Qualification 
After the suppliers have been segmented, the next step is Supplier Qualification. This process involves thoroughly vetting each supplier to ensure they meet the business’s specific requirements before they are allowed to perform any work. For instance, qualification requirements could include elements like ensuring suppliers have valid licensing and are financially healthy. This step is crucial in preventing potential risks that could arise from working with unqualified suppliers. 
 
High-risk suppliers are determined by the nature of the work performed. Generally, high-risk work has at least one of the following characteristics: there is a reasonable potential for bodily injury, significant damage to company assets, or negatively impacting the general public or environment. Because of the potential for serious harm, the qualification process for high-risk suppliers should have additional safety requirements and/or thresholds. For example, a qualification requirement for both a medium- risk and high-risk supplier may include evaluating each company’s DART rate; however, the threshold for qualification could differ (i.e., 1.5 vs. 1.8 average rate), holding high-risk suppliers to the highest safety standards. 
 
Procurement has the best purview to oversee the qualification process once there is an established list of requirements and thresholds for determining if a supplier is qualified. The requirements should be specific to the risk level and size of the supplier. A detailed variance approval process will be necessary for suppliers not meeting the established thresholds.
 
 
Ongoing Monitoring 
The final component of an SRM program is Ongoing Monitoring. This involves regularly monitoring the performance of suppliers and supplier information to ensure they continue to remain compliant with the established requirements. Regular evaluations of specific suppliers should be conducted at defined intervals and on an ad-hoc basis. This continuous monitoring allows businesses to identify issues early and take corrective action before they escalate into significant problems. This is where having the right enablers becomes critical for sustainability and efficiency.. 
 
A sustainable and efficient program can be achieved by combining robust, user-friendly software with outsourced services like data collection. While some requirements, like certifications, are valid until expiration, others, like safety metrics, must be collected and reviewed regularly. Having a Supplier Information Management (SIM) software or a Third-Party Risk Management (TPRM) partner is crucial to automate or outsource the time-consuming tasks of collecting data and identifying non-compliance, enabling procurement to focus on strategic tasks, like supplier development and corrective actions. 
 
 
Finding a Third-Party Risk Management (TPRM) Partner 
We cast a wide net to find the right partner or combination of partners, evaluating over 40 software suppliers, data sources, and qualification services companies. We focused on best-of-breed and emerging solutions. 
 
Eventually, two solution options emerged. 
1. Implement a SIM software or a combination of software and data sources (e.g., D&B, 
Experian, etc.) and internally manage the program. 

2. Leverage a full-service TPRM provider offering a software platform while allowing the client to 
outsource information collection, validation, and supplier evaluation services. 
 
There are pros and cons to each option. While the self-managed option offers more autonomy and a lower long-term TCO, the longer path to implementation and resource requirement to manage led us in a different direction for the client. 
 
Once we decided on a solution model, we sent our detailed service requirements to the TPRM providers that fit the required profile. Ultimately, the client chose a solution that most closely matched our requirements and offered the most competitive cost model. 
 
 
Conclusion 
In conclusion, a comprehensive SRM program that includes Supplier Segmentation, Supplier Qualification, and Ongoing Compliance Monitoring is essential for any business looking to mitigate supplier risk. By implementing such a program, companies can ensure they work with reliable suppliers, thereby protecting their operations and bottom line.

You May Also Like…

Adam Smith and outsourcing

What does Adam Smith tell us about outsourcing? The answer is somewhat complicated: Nothing directly, but then again everything. I’ll explain. Obviously, the term outsourcing did not exist when...

All in the Game

This article originally appeared in Outsource Magazine Issue #23 Spring 2011 Leading academics charted a path that challenges the conventional definition of winning. Smart companies are applying these concepts, showing that...

SIG|ORG Spotlight Content