Factoring Risk & Business Continuity into Holistic Supplier Management
Posted by Georg Roesch, VP Direct Procurement Product Management in Supplier Management on March 3, 2020
Research reveals a rise in disruptive incidents deep in the supply chain.
What is the optimal way to categorize your suppliers so that you can manage them better and maximize business continuity? The latest Supply Chain Resilience Report published by the Business Continuity Institute in partnership with the Chartered Institute of Procurement & Supply (CIPS) provides some fascinating insights.
A total of 352 respondents from 63 countries participated in the survey. Although there were 15 vertical sectors covered, financial and insurance services accounted for a large portion (24.2%) of participants, followed by professional services (16.8%). Nearly half (47.4%) described their main functional role as business continuity. The report, therefore, provides a very useful insight into supply chain management and resilience from the perspective of this community.
Number of disruptions
First, the good news: overall, the number of disruptions fell slightly. 51.9% of organizations experienced supply chain disruption in 2019 compared to 56.5% in 2018. Those that did suffer disruptions tended to suffer fewer overall. Organizations, it seems, are getting better at managing their immediate (tier 1) suppliers. Incidents involving tier 1 suppliers fell below 50% for the first time since 2016 (48.9%).
The top five disruptions over the past year remain unchanged, with unplanned IT and telecommunications outages accounting for 44.1% of them. So no surprises there.
However, here comes the shocker: incidents in the supply base across tiers 2, 3 and beyond saw an increase, albeit a small one. Tier 2 incidents rose to 24.9% (from 23.2% last year), and those occurring in tier 3 and beyond rose to 12.2% (from 11.0% in 2018). The BCI reports that part of this could be down to decreased due diligence deep into the supply chain: 12.2% of disruptions occur in tier 3 and beyond, yet over two-thirds of respondents (67.7%) do not seek to understand the business continuity arrangements of key suppliers within those tiers. 40% of respondents never attempt to understand these continuity arrangements for tier four suppliers and beyond.
According to the report author, Rachel Elliot, “The crucial word is ‘key’ suppliers. It’s important to take a risk-based approach, assessing riskier key suppliers as a priority. Risk mapping, usually with technology, can help identify issues further down the supply chain.”
This is an issue we discuss at some length in our recently published white paper, Holistic Supplier Management: Orchestrating the Procurement Function for Maximum Benefit. It is not the level of spend or the tier level of a supplier that makes it strategic to your business. Rather, it is the relative value (not price or spend volume) a supplier adds to the business and the outcome/risk that a disruption of supply would cause to the business. Although there are many nuances, this formula provides a basic framework for assessing and categorizing your suppliers, who fall into one of four boxes:
Low value / strategic
Manage these suppliers to ensure security of supply (typically there are few alternative suppliers and/or it would take time to replace them.
High value / strategic
These are the strategic suppliers that you need to manage most carefully. Disruption would be very costly. However, they could very well be a tier 2 supplier, which is especially likely in IT, for example, where services are increasingly layered, e.g. it could be a network services or platform supplier to your SaaS provider.
High value / non-strategic / approved suppliers
You need to monitor these suppliers to ensure that they are delivering value, but there is a low risk of disruption (typically because there are alternatives).
Low value / non-strategic / basic
This is your “tail spend”. You could be spending a lot with these suppliers but there are alternatives and the potential for disruption is low. Thus, they need far less attention.
The report’s author highlights a disconnect between actual disruptions and what procurement professionals spend their time worrying about. The greatest source of concern, according to 61.7% of respondents, is cyberattack and data breach, although this only accounted for 26.1% of disruptions in 2019.
“Over the next year I’m expecting that political and socio-economic issues, civil unrest, possibly due to climate change, could have more of an effect on supply chains and it will be interesting to see if those translate as higher financial losses for organisations,” said Rachel Elliot.
One risk that she could not foresee at the time of writing the report, of course, was the coronavirus epidemic, whose dramatic effects we highlighted in a recent article and which has since grown considerably more disruptive to global procurement, with the disease reaching more geographies. Analysts and professional associations such as the BME are now offering advice to streamline their risk management and search for alternative suppliers at an early stage. “It is not about analyzing ‘if’ a disruption will happen but about establishing action plans and being able to deploy rapidly ‘when’ disaster strikes,” writes a Gartner analyst.
Understanding the deeper supplier ecosystem and the value and risk presented by each supplier has always been important but never more so than now.