Managing Supply Chain

Risk [L5M2]
Absolom Mukonyo (MCIPS Chartered, FCMI, FSCM, MILT)
LO2

2.2 Analyse the use of outsourced third parties in risk management in

supply chains
In chasing reductions in costs, some risks have
increased
• Over the past decades, best practice in the procurement and supply chain has focused mainly on
reducing the cost of supply.
• Clearly, organisation efficiency programmes have led to greater supply chain risks
• As supply chains become longer, more complex and more geographically spread in order to chase
lower costs, there is inherently more risk.
• Some procurement practices have exposed supply chains to significantly higher risks
• These procurement practices have exposed supply chains to significantly higher risks include
• Outsourcing
• Supply base reduction
• Low-cost country sourcing – has led to increased transport costs and more potential
disruptions, more exposure to geopolitical risks, and reputation risks
• Lean supply
Significantly higher
risk procurement
practices in supply
chains are exposed
to include:
Lean & Low cost country risks

• Lean supply programmes, which aim to reduce the cost of stockholding and
obsolescence, lead to less buffer stock in the supply chain.
• The effects of any disruption are therefore felt more quickly due to
production stoppages.
• Any supply chain disruption can quickly have devastating consequences.
• Low-cost country sourcing has led to the following.
• Additional transport links, causing more potential for disruptions
• Exposure to many more geopolitical risks
• Exposure to reputational risks
Increased supply Chain risks & use of Third-
parties
• In the face of increased supply chain risks caused by efficiency practices, more resources, experience and skills are required to
manage risks more effectively
• Supply chain professional skills such as relationship management, and ability to mitigate and manage risks are now required
• Additional specialised tools, systems and expert advice are also required to assist/help supply chain professionals in managi ng risks
• Tools required include
• Real time monitoring
• Quick problem resolution systems
• Because it is expensive to train people in-house and to have these systems, tools and specialised knowledge, organisations have
tended to use specialist third-party companies that offer risk management services
• Mostly used third-party suppliers of such services include
1. Credit rating agents – for credit ratings
2. Risk auditors – for risk auditing
3. Disaster recovery experts – for disaster recovery
 1. Credit Rating Providers
• Credit rating is a score given to an organisation which is based on the amount of risk it poses to a creditor
• Credit rating providers collect lots of data and analyse them via an algorithm to set the credit rating
• It is based on evaluating likelihood of an organisation’s ability to pay its financial obligations
• Credit rating providers continually monitor public & non-public information i.e. credit watch and adjust in real time – so scores are up-to-date – if buyer is on the watch list of
the credit rating provider they will be automatically notified of changes of the credit rating

• Ratings range from AAA – D, with AAA being the best rating and D being the worst
• It is good practice for buyers to get a credit rating for suppliers during tender process and use it as part of tender evaluation
• Examples of credit rating providers include Standard and Poors’, Fitch Group, and Moody’s (for bigger companies) and Dun & Bradstreet, Experian and Bureau van Dijk (for
smaller organisations)
• It helps better understanding of an organisation’s financial standing
• To calculate credit scores. Credit rating agencies/providers get information from
• Company accounts
• Reputation
• Company filings
• Timeliness of supplier payments
• Size of business
• Structure of business
• News reports
• Company stocks
• Background of company principals
• Timeliness of loan payments
• Whether loans used are secured and unsecured
Credit rating – must never be used alone
• Credit rating scores change and therefore it is important for buyers not to rely solely on credit rating
• Reasons why relying solely on credit rating is bad include:
• Much information used to calculate risk comes from informal channels
• Rating does not show that a portfolio of contracts that the supplier has are financially viable
• Ratings do not show the dependency a supplier has on just one or two customers
• Suppliers fail in the absence of weak financial performance
• Suppliers can go into administration very quickly
• To ensure good supplier monitoring, the buyer must build an early warning signal monitoring (and put suppliers on credit watch
list) comprising of other factors such as
• Reduction in non-critical activities
• Reduction in money spent on facilities
• Increased staff turnover rates
• Increased requests in timely payments and advance payments
• Information from industry networks like supplier losing another customer
2. Risk Auditors – for Supply Chain Audits
• A supply chain audit is a systematic, official inspection of an organisation in the supply chain.
• Typical supply chain audits include some or all of the following areas.
• Health and safety
• Environmental
• Quality
• Information security
• Social accountability/CSR
• Labour
• Business continuity
• Auditing is a useful tool as it reinforces the supply chain’s awareness of an organisation’s requirements by doing the following.
• Allowing continuous monitoring and improvement
• Indicating to the organisation the steps needed to build a more sustainable supply chain
Auditing can be done internally or externally. Externally it can be done via use of independent third-party auditors
Independent third-party auditors are seen as more credible/reliable because they have less vested interest in the results being good
Auditors must have the experience and skills, and a good understanding of the organisation they are auditing
involuntary
Ensuring successful audits.

• The following points are valuable in ensuring successful audits.

• Qualified auditors, with the correct skills and understanding of the organisation they
are auditing
• Auditors who will not be influenced by suppliers or become complacent
• A system of rotating auditors, to manage the risk of influence and complacency

Audits must focus on very critical areas of the business

These include Corporate Social Responsibility. The main way to find out whether the
supply chain is meeting the corporate social responsibility requirements is to do an
audit
Supply chain audit process

• The supply chain audit process has the following four auditing phases.
1. Planning – (high risk areas are a priority)
2. Implementing – is carrying out the audit
3. Reporting – on systematic and one-off failures
4. Actions – include corrective action plans, and continued monitoring of all non-
conformances
Supply chain audit non-conformity process
• The supply chain audit non-conformity process, from audit to remedy, is as
follows
• Supply chain audit (is performed first)
• Non-conformity identified
• Corrective action plan put in place
• Continued non-conformity identified
• Remedy implemented
Supply chain
audit non-
conformity
process
 If audits are to be done, auditors must notify i.e., pre-announce
their visit
• However, this may result in employees being coached and coerced in advance
to say the right thing when interviewed

Non-scheduled audits or unannounced audits are more suitable

Pre- for best results

Taking an investigative journalism approach is good to

announced identifying non-compliances

auditing & Site Site audits are best audits than remote audits

audits Ways to do best practice audits

• Unscheduled surprise visits

• Review of relevant documents
• Physical site visits to facilities and worker housing
• Private interviews with workers
• Audit below the first tier i.e. those below top management
 As well as offering operational expertise during the
audit, many third-party audits offer value in the
following ways.

Value / • Sharing data and case studies to help organisations

build a business case for audit expenditure

Benefits
offered by • Helping to train an organisation’s staff

third-party
• Creating a customer network so that organisations can
audits learn from one another

• Creating award schemes so that organisations can

highlight their achievements
Criticism of supply chain audits

Criticism Benefits
❑Are expensive or resource heavy ❑Reinforce awareness of
requirements
❑They are just a snapshot i.e. only ❑Allow monitoring and
cover one point in time (with no improvement
monitoring between audits)
❑Pre-announced audits can be ❑Ensures stakeholders that the
manipulated organisation takes compliance
seriously
3. Third-party Disaster Recovery service providers

• Disaster recovery is the restoration of essential systems to allow the business to perform critical
processes following an incident (/occurrence/event)
• To recover quickly from incidents, an organisation must have disaster recovery plans
• A disaster recovery plan – refer to policies and procedures to help a business provide continuity of vital
infrastructure following a disastrous event
• Typical incidents that require disaster recovery include
• Cyber attacks
• Natural disasters
• Power outages
• Workplace violence
• Fire at business location
• Third party disaster recovery specialists can be
• Used during the disaster recovery planning stage
• Involved in the disaster recovery solution implementation
 Disaster recovery specialists have vast experience and skills of
dealing with many disaster recovery situations

Third Using them at planning stage ensures their contribution to best

parties @ practices to planning, testing and monitoring of disaster recovery

planning Using disaster recovery specialists helps overcome the psychology

trap risk (of it won't happen to me and I have a lot to do regarding
my area i.e. long to do list) – and ensure that the third party is fully

stage
focused on the disaster recovery planning tasks

Third parties can help with data and information about current risks
Third parties @ Solution stage

• Due to their vast experience, third parties can offer better solutions that are tried and
tested
• Third-parties can also be used to host back-up contingency resources such as
duplicate IT systems, emergency offices to host workers when normal offices are
unavailable, duplicate transport careers, emergency air freight, backup or contingency
suppliers
• Procurement professionals must consider having a contingency agreement with
suppliers in their supply chain as best practice (alongside insisting on insurance
policies)
End of 2.2
Let's do 2.3 next