One of the sessions I attended at SIG was led by a knowledge processing outsourcing (KPO) vendor that will go unnamed in this post. Their presentation, which I found moderately insightful and certainly worth listening to, proved to me why outsourcing vendors should not be running supply risk management programs alone. This organization, which has over 2,000 employees dedicated to what I'll term "analytical BPO vs. process/technology BPO", has a practice around what they term supply risk. But really, it amounts to outsourcing content (e.g., Bloomberg, Lexis-Nexis, etc.) information-type gathering on supplier-related news and running basic credit health checks -- and maybe managing some credentials (e.g., insurance or related certifications). Certainly very valuable, but alone, this does not constituent what I'd term a proactive supply risk management offering -- despite how they spun it.
I had the chance to ask the presenters the amount of lead-time they had given to a client when they "predicted" a supplier bankruptcy (after they had brought up the fact that they had given "advance notice" to a customer about supplier financial distress in two cases). The response was that they gave a "week or so" notice and the news "was already somewhat known" at the time. Now, that's not exactly proactive supply risk management. Certainly, there's a place for KPO providers to help manage many elements of supply risk management offshore. But until they become more proactive and analytical about their monitoring services, such efforts will only solve a small piece of the supply risk equation for companies.