Back to Hub

How to assess supplier risk management: An overview report and checklist

01/23/2020 By


Procurement professionals must consider many factors when working to protect their organizations from risks — from reputational problems, compliance issues, changing regulations to cyber security and social responsibility.

A WBR Insights report built on advice from the consulting firm GEP and the technology provider Global Risk Management Solutions (GRMS) focuses on supplier risk management.

“There have been significant increases in the level of risk in the supply chain,” said Vikas Kumar Yadav, GEP’s senior director for consulting.

He points out that offshore sourcing from low-cost regions and lean manufacturing as a couple of the top reasons for the increased risk.

The report said that the array of risk events go from things that businesses can’t control to ones they can be vigilant about to mitigate problems. As supply chains become more complex, external risks like natural disasters and geopolitical risks can be difficult to prepare for, whereas risks like quality control issues or mechanical failures can be easier to predict. (See the chart below.)

Source: Report by WBR Insights, GEP, GRMS

Advice on being proactive

The report covers a range of advice for procurement professionals to be proactive when deciding which suppliers to collaborate with — because legal restrictions impact which suppliers are safe to work with and because of financial repercussions for affiliating with organizations that aren’t compliant, for example, not following new regulations or not having updated insurance or certifications.

The report also notes that most companies struggle to monitor their suppliers due to circumstances such as having limited resources or dealing with the cost of supply risk management, in addition to dealing with challenges that may be posed by emerging regulations.

Constantly monitoring aspects of global supplier risk can be a complex process, including risk factors such as financial stability, insurance coverage and regulatory compliance.

The report states that companies can improve their standing by being proactive about conducting supplier risk assessments and monitoring suppliers to mitigate the risk of high fines for noncompliance and financial loss.

Risk assessment

The report also outlines key components of a “World-Class Supplier Risk Assessment Program.” Customized risk programs should be implemented to assess suppliers based on geography, risk and spend, the report said. Companies should also adjudicate all data returns to rule out false positives, in addition to reporting to provide consistent and measurable compliance standards.

The report also recommends that companies be diligent in document verification by validating all documents collected. Continuous monitoring of suppliers is also suggested to enable companies to maintain real-time, third-party verification of supplier information.

Source: Report by WBR Insights, GEP, GRMS

Checklist: 8 factors to watch out for

GRMS also offered an eight-point checklist that procurement professionals can use to assess risk.

  1. Financial stability

When working to mitigate risks to financial stability, companies should use a credit bureau rather than a data source to establish a financial risk score for each supplier, the report said.

  1. Insurance management

In terms of insurance management, continuous monitoring is recommended because it allows companies to notify their own management if a supplier no longer has adequate insurance due to not paying a premium or canceling a policy.

  1. Reputational protection

Resources can also be used for reputational protection, the report said. Global Risk Management Solutions uses a process called global adverse media monitoring to check more than 35,000 publications worldwide to find negative news stories about suppliers. Programs such as these can help companies get ahead of negative news stories, the report states.

  1. Regulatory compliance

Monitoring regulatory compliance risks can include global watch-list monitoring and document validation. Regulatory risks are among the issues that are out of a business’ control but warrant a vigilance to keep up to date on.

  1. Cyber security

The report notes that cyber security risks are among the most important components that companies have been seeking help with in recent years.

“Risk management needs to include the ability to produce a security rating, monitoring tools, possibly a security questionnaire, and the resources to collect and manage the information,” the report states.

  1. Document management

Companies should also focus on document management to collect and manage any standardized document and to validate it. The report notes the importance of getting human eyes on key documents, like an insurance policy to make sure you’re properly covered.

  1. Social responsibility

Efforts to combat social responsibility risks should include diversity verification, sustainability, anti-slavery and human trafficking analysis.

“It’s important not to associate your company with suppliers that rank negatively for these issues, and to foster relationships with suppliers that perform well,” the report states.

  1. Health and safety

It also suggests that companies aggregate and manage information such as Occupational Safety and Health Administration (OSHA) statistics and other materials to manage the organization’s overall health and safety status.