Supplier Risk Management…an Issue Worth Investing In

The issue of Supplier Risk Management has been in the news recently. In January, Wal-Mart released its ‘Ethical Sourcing Update,’ wherein it announced, amongst other changes, a new zero tolerance policy for suppliers that used unauthorized subcontractors. The new policy was in response to the fierce criticism that Wal-Mart received in November 2012 after a fire in a Bangladesh garment factory claimed the lives of 112 workers. In that case, Wal-Mart claims that the factory in question was used without its knowledge and that it had stopped authorizing production there. The rise of highly fragmented and global supplier networks has necessarily lessened the amount of control that any company has over its supplier network. Accordingly, Supplier Risk Management is a growing discipline that is receiving increased attention. Current globalization trends only serve to reinforce the need for a dynamic, fluid and strategic Risk Management program. A recent but already classic example of poor Supplier Risk Management involved the hard disk drive industry. The industry was highly concentrated in Thailand, with over 1,000 factories operating in the sector. In late 2011, the country experienced a particularly strong monsoon season that caused widespread flooding. The flooding set back hard disk drive manufacturing for months and caused global prices to increase approximately 10%, affecting PC sales worldwide. It was almost a full year before production returned to pre-flood levels. The classic methodology utilized in approaching Risk Management hinges on three core work streams: Risk Analysis, Risk Assessment and Risk Mitigation. At the highest level, the goal is to determine the probability of a negative outcome, determine the impact of such an event and introduce measures which will lessen the impact. It is an iterative, dynamic process which cannot be simply viewed as ‘checking the box.’ It is incumbent upon the Sourcing and Procurement professional to proactively take the lead in developing a robust Supplier Risk Management program. The biggest challenge could well be in even establishing a program. This is where a strong business case must be made to justify the required investment, underscoring the risk and potential impact to the company. It would be interesting to see if any PC manufacturers, for example, had scored and assessed the possibility of Thai floods, and the potential impact on the supply of hard disk drives. You can bet that if they didn’t before…they do now.