Between global supply chains grinding to a halt and established organisations across diverse categories suddenly disappearing, the last few years have demonstrated the full value of robust supplier risk management.
At a time when the only constant has been significant change, supplier risk management has helped leading procurement teams ensure the stable supply of the right goods, at the right time, and at the right price. But, across the industry as a whole, few organisations are harnessing its full potential.
To find out why, and to learn where current practices are falling short, we recently ran a third-party supplier risk management survey with our contacts and clients. Here’s a summary of the top five issues we found with organisations’ supplier risk management practices today:
Problem #1: Lack of resources and awareness
One of the main reasons why organisations’ third-party risk management efforts aren’t delivering their full potential value is that teams simply haven’t allocated the right volume of resources to it yet.
Our survey found that 53% of firms don’t have a clear mandate for supplier risk management, making it difficult to gain the resources they need to manage it well. In many cases, this is down to the fact that the organisation in question hasn’t appointed a chief risk or compliance officer, so risk has no seat at the board level – where awareness needs to be driven most.
87% of organisations have low-to-medium awareness of third-party risk – with awareness varying greatly between teams, leading to inconsistency in how risk is approached.
Problem #2: Highly limited risk coverage
To manage third-party risk effectively, teams need to examine and track as many relevant risk vectors as possible. According to our survey, around 75% of organisations don’t monitor the financial risk of their suppliers, and over 80% don’t monitor ESG and sustainability risk, leaving them exposed to potential reputational damage. Even more surprisingly, 84% don’t actively monitor material price or supply risks at all.
The overall result is that most organisations today – around 95% of those surveyed – are unable to detect risks well in advance of their occurrence. Of those, 44% of organisations say they only have ‘minimal’ notice before risks occur – rendering them unable to proactively mitigate the risks they’re exposed to.
Problem #3: Lack of integrated and holistic visibility
To build up a clear, predictive view of third-party and supplier risk, procurement teams need to gather and leverage a wide range of data sets. The good news is that most organisations already have a lot of the data they need. The bad news, however, is that in many cases, that data is trapped across diverse, siloed systems.
Because all their data isn’t available in one place, most procurement teams don’t have a holistic view of risk. Around 87% don’t have an integrated dashboard for covering and detecting risk. And, without that visibility, they’re unable to manage risk effectively across different vendors.
The result is a procurement team where individual practitioners tackle risk in different ways, and decisions aren’t made in a consistent manner – creating patchy exposure to supplier risk.
Problem #4: Limited access to specialist advice
Proactively identifying risk is extremely valuable – but it’s only half the battle. Once a risk has been spotted, procurement experts need to be able to take the right remediating actions at the right time. That demands reliable and actionable intelligence.
Our survey found that just 10% of firms have access to supplemental risk deep dives that can help them contextualise their own data and insights. Within those organisations, internal stakeholders choose remediation actions based largely on what they personally can see, and what their individual goals are – once again, limiting the consistency and strategic impact of how risk is managed.
Problem #5: Low coordination and ineffective responses
Another big reason why so many Procurement teams aren’t approaching and managing third-party and supplier risk consistently is because responses and remediation actions aren’t formally tracked.
If teams don’t track the actions taken in response to identified risks, it significantly increases the likelihood that no remediating action will be taken. Individual responsibilities become unclear, responses slow, and risks quickly materialise before anyone has done anything about them.
Conversely, tracking risk responses drives rapid action. Responsibilities become clearer, and with visibility of how the organisation has responded to similar risks in the past, teams quickly begin taking consistent actions that drive the same high-level outcomes for procurement and the wider organisation.
It’s time to change the way you manage supplier risk
Together, these problems make it incredibly difficult for procurement teams to manage the myriad third-party risks they face today. But, solving them can be a lot easier than many teams think.
In my next blog, I’ll lay out four key pillars to help procurement leaders and their teams transform supplier risk management, and stay ahead of continuous supply chain disruption.