Titanic, the ship not the film, has more in common with a major business enterprise than you probably realise. Both are massive entities, run by people with years of experience, moving full-steam ahead, in a sea of risk, assuming that they'll be able to see and manoeuvre around any danger that presents itself. The problem, with both your business and Titanic, is the unseen danger - the risks below the surface. Titanic, as we all know, was taken down by an iceberg - sliced open along the hull by the ice beneath the surface of the ocean. If your business isn't careful, the same thing could happen. I'm talking about supplier risk.
Supplier risk is an iceberg. The tip of the iceberg, that visible 10 percent, is the financial risk. Supplier's financial performance is well documented and publicly available. It's easy to understand their financial position, to monitor their reports and turnover and make an assessment on their viability. Traditionally, this has been the primary way organisations have measured supplier risk but it's not the whole picture. Underneath the surface lies an absolute plethora of ‘other' risks that need to be monitored and measured and, just like an iceberg, they have the potential to sink your business.
There are three main categories of supplier risk- financial, supply chain and corporate social responsibility - and then there are multiple tiers within each of those categories, across multiple dimensions. It's those multiple levels, as you move further and further down the supply chain, where the bulk of risk sits. When you consider executive changes, geographical risks, political risks, disaster planning, and stress testing, to name just a few factors, you begin to see supplier risk as an enormous subject.
What some of the more progressive organisations are doing now is look at the next four or five levels of supplier risk. They're doing this via a structured process in order to understand what their true supplier risk profiles are and to be able to measure and monitor them on a quarterly basis.
Procurement departments should be managing risk proactively rather than just protecting the suppliers and services that come into your organisation. Currently, however, most organisations aren't doing a sufficient amount of supplier risk management; they're just doing the basics. What's happening in procurement departments is that they are doing what is appropriate to the risk appetite of the organisation. If there's a very strong appetite within the organisation to manage operational risk, then you'll tend to find that risk is also higher up the agenda for the CPO or procurement director. It's very high on the agenda in financial services and the oil and gas industry for example, less so in retail and manufacturing. Supplier risk management is reactive at the moment, but I think that will change over the next five to ten years. It has to.
In line with that increased appetite for risk, I believe that there will be a lot more investment in technology in this area over the next five to ten years. There's been a lot of investment in the area of supplier relationship management over the past few years. Going forward, I can see those tools extending dramatically into the risk area. There will be a proliferation of supply risk management tools that come onto the market which bring together the more basic areas of risk, such as financial performance and revenue, with all of these other, deeper areas of risk, creating a dashboard that allows you to see your complete risk position - the whole iceberg - at any point in time. Currently, outside of the oil and gas sector, there isn't really a demand for this type of tool but as risk moves up the procurement agenda, CPOs will reach a point where they'll need this level of in-depth supplier visibility.
You can find very good data now on the financial risk of suppliers. Executive changes, stock-holding changes and financial performance, are all public knowledge and very binary - you either have it or you don't. The tip of the iceberg is pretty much under control for most procurement departments. When you move below the surface and begin to look at the more strategic and proactive areas of supplier risk, that's where organisations are currently leaving themselves open to damage. Effective risk management requires creativity. It means stress-testing your supply chain, assessing your suppliers' suppliers, executing scenario and what-if planning. Unfortunately, it will probably take a few disasters to truly move risk higher up the corporate agenda - it took the sinking of the Titanic to make it law to supply enough lifeboats for everyone on board - but if procurement wants to be seen as a strategic function, they'll need to start addressing the rest of the iceberg.
Contributed by Nick Ford, managing director at Xchanging