Uncovering and Managing Supplier/Supply Chain RiskPosted: May 7, 2012
According to Louis Ferretti, project executive, product environmental compliance and supply chain social responsibility at IBM Integrated Supply Chain, the best, most effective risk management plans have two things in common: They’re significant and core to the business strategy.
And well they should be: In an IBM survey, 60 percent of supply chain executives said risk management was their No. 2 priority (preceded only by supply chain visibility at 70 percent). Additionally, as supply chains become increasingly global and complex, they face greater challenges and risks. In fact, in 2009, this was the catalyst for Ferretti to develop a sophisticated risk management program.
As IBM began developing operations internationally, Ferretti was charged with sourcing for those sites at the local level, within those countries. At that time, anticipated risks included complications related to gas supply, transportation, costs, climate, politics, the economy, the environment and health. (For instance, the SARS epidemic inSingaporenecessitated IBM employees to work from home. So, the infrastructure to support that shift in operations needed to be ─ and was ─ in place.)
The risk management program Ferretti put together involved, first, buying tools and processes to gauge climatic, financial and other risks and provide a “view of total risk”. Then, he developed a set of binary questions to ask suppliers, which led to an impact-likelihood model that’s an industry standard today. After seeking council on his strategies, he enlisted a third-party market intelligence firm to deliver deep-level data about suppliers’ countries of operation.
The end result is a proprietary IBM tool that enables the organization to look as many as six layers down into their top-tier suppliers’ supply chains to assess potential risks. As Ferretti explained, the tool has not only increased the visibility of the supply chain function where it originated, but on the value of risk management in general.
This total-risk assessment tool assigns each supplier a rating ─ and identifies high-risk entities ─ based on data collected related to its hubs, sites, supplier sites, commodities and pandemic readiness. Suppliers are classified as low-, medium- or high-risk depending on this score. A click of the mouse will reveal why that supplier’s score is what it is. And, automated alerts let sourcing teams proactively mitigate risks.
As Ferretti points out, just because a supplier is categorized as high-risk, it doesn’t mean it won’t get IBM’s business. If it provides a critical product, this instead signals the need for a risk mitigation plan to be in place before sourcing with that supplier.
One piece of advice Ferretti offers risk management executives as they develop their own risk management plans: Don’t overload the sourcing personnel with alerts/threats and information. They’ll either be in a constant state of panic, or they’ll start to disregard the alerts and threats. To this end, the total-risk assessment tool he and his team developed is designed to be selective about what constitutes an “alert” or “threat” situation.