Introducing a 360° Supplier Risk Management Approach

KEPLER has setup a non-hierarchical list of common risks encountered in a company. This list will be adapted according to the ambitions and the context of the organization in its market.

CSR

• Social and environmental responsibility
• Corruption, fraud and influence peddling
• Image
• Regulatory conformity

SUPPLY CHAIN

• Delivery delay
• Supply disruption
• Erroneous forecasts
• Degraded supplier / subcontractor performance

PROCUREMENT

• Cost slippage
• Deterioration of supplier relations
• No control of row 2, .., rank n

INDUSTRIAL

• Stop and Break in production
• Breakdown / destruction of the production tool
• Quality failure
• Tool failure following cyber attack
• Degraded supplier / subcontractor performance

EXTERNAL

• Natural disaster, Epidemic
• Geopolitics
• Strike and social movement
• Terrorist attack

MACROS

• MO costs increase
• Protectionism and tax trends
• Price volatility
• Variation of economic indices

LEGAL

• Confidentiality
• Public liability
• Intellectual property theft
• Counterfeiting

FINANCIAL

• Cybersecurity
• Supplier dependency
• Financial health
• Overstocks 

Root Cause

Designing and deploying a risk management program is a time-consuming and definitive task, which, once activated, must be carried out without interruption.

The Company wishing to acquire such a tool must, if it wants it to be effective and exhaustive, dedicate sufficient resources to it over time.

The primary cause of the failures in this area lies in a lack of calibration of these resources.

Other possible causes of failure

1. The spirit of an effective risk management lies in the distinction between risks and their origins and work on the basis of this distinction. However, such gymnastics can be counter-intuitive if not instructed with expertise.It is necessary that the teams devote sufficient time to it and impose great methodological rigor on themselves.
2. Understanding the methods of calculating the risk assessment, the prioritization index and the components of the index is a critical step in the project because it calls for cross-cutting concepts and subject to interpretation.
3. Determining the appropriate level of investment for risk treatment is a critical and often overlooked step. Understanding and comparing the cost of risk and the cost of treatment is complex and complicated to be precise.

To promote the completeness of management and the long-term adoption of the method by the teams, KEPLER has designed an approach inspired by the industrial world and the Analysis of Failure Modes, Effects and Criticality (FMECA).

The implementation of a risk management process, from the identification to the treatment of the most important ones is a project that can be carried out over a period comprised between six and ten months depending on the size and complexity of the organization. 

By relying on experienced teams, able to quickly assess the context and issues, the organization will be able, using the methodology described here, to identify the broad categories of risks to which it is subject.

As part of monitoring supplier performance, and in particular compliance with regulations and CSR constraints, a company will also be able to ensure that it has put the right suppliers under control (including beyond rank 1).

he missions carried out by the firm made it possible in six months to establish a mitigation plan for several major risks and to create a management process supported by the associated procedures:

• Supplier onboarding
• Projects
• New technologies
• Identification and assessment
• Prioritization
• Treatment