Supplier Risk Monitoring

Supply Risk Maturity: Everyone Thinks They’re Good At Their Jobs, Right?

Written by Christine Ferrusi Ross

Supplier risk managers are in an interesting spot – they’re their own worst enemies. If they’re bad at their jobs, then the company is exposed to unnecessary risk. BUT if they’re good at their jobs, then risk becomes so well managed that stakeholders begin to take their efforts for granted, turning on them with “what do we need you for? Everything is going fine.”

Neither position is particularly good for job security. In both cases, however, having a disciplined way to account for your efforts and effectiveness will help you prove the value of your job. Documenting your efforts through a supplier risk management maturity assessment is one way to achieve this. This type of assessment will help you gain more clarity around how good you are at your job and enable you to have more productive conversations with stakeholders and explain your value beyond just “we lowered the company’s supplier risk.”

So, how do you demonstrate this maturity to your organization? Think about whether you have all the right pieces in place, then think about how well you execute all of those pieces.

Key Pieces To A Comprehensive Supplier Risk Management Effort: What To Do

The first part of justifying value to your organization is to explain the depth of what you’re doing. Effective supplier risk management involves a lot of moving parts, and listing all of the activities you do on an ongoing basis can go a long way in reminding stakeholders about the complexity of your role and the value it brings to your organization. The key activities include:

  • Risk identification, categorization and assessment. Do you know what risks you’re looking for and do you have a model for integrating those risks into the broader corporate risk program?
  • Supplier data. Do you have an ongoing process in place for capturing supplier data and the impact on your overall risk?
  • Risk treatment. What would you actually DO based on your supplier risk identification and monitoring?
  • Organization/team skills. Do you have the right people to manage supplier risk?
  • Metrics. How do you measure the effectiveness of your program, what does success look like for your supplier risk management team?
  • Collaboration with stakeholders. Do you have productive relationships with key stakeholders like senior executives, risk, compliance, legal, procurement, etc.?
  • Reporting. Do you provide useful and actionable information to your stakeholders?

Execution Is The Most Important Part Of Supplier Risk Management: How You Do It         

Anyone can pull up a PowerPoint deck with lots of slides that show organizational diagrams and risk identification models. But how well does your company execute on the key pieces above? Maturity is almost always judged not by the existence of a program, but how well the program is executed. Critical factors in maturity include:

  • Standardization. Does everyone who manages risk use the same approaches, tools, and processes? Transparency across the organization can only come when there is some way to standardize and give everyone the same view.
  • Effective use of technology. Any manual process is likely an ineffective one. Using technology to capture, analyze and share data is a key indicator that a company has invested in maturing its efforts for supplier risk management.
  • Compliance with the processes. Here’s the real jewel in the crown. Does everyone comply with your risk management program? You can have a beautiful approach, rich and accurate data, and books’ worth of action steps to take, but if no one actually uses any of it (or worse, actively tries to go around it) then you can’t consider your organization mature.

The next time you are asked to justify supplier risk management, consider putting your program to the test with a maturity assessment. You’ll be able to have a more productive and thorough conversation about exactly what you’re doing, and how you’re doing it, and you’ll be able to identify which parts excel and which need improvement. Most importantly, you’ll be able to capture and share the depth of your efforts.

For a closer look at Neo’s proprietary supply risk maturity assessment, join me for a webinar on Assessing Your Supply Risk Maturity to Enhance Overall Performance next Thursday, May 28 at 2pm EDT. Hope to see you there!