Supplier Risk Monitoring

Supplier Risk Management Is More Than Preparing For Specific Events

Written by

Fighting the Last War

Have you ever heard the saying that countries build armies to fight the last war? That means that most leaders learn very specific, tactical lessons from their failures and then try to prevent the same failure from ever happening again – only to find out that the “new war” or next challenge has a different set of rules and all the attempts to protect against the last challenge don’t help with the new one.

Take, for example, the Battle of Fort Eben-Emael. At the time of its construction by Belgium between 1932-35, it was the largest static defensive installation on the planet. The facility was built in response to the fact that, during WWI, newly invented German artillery had quickly and decisively destroyed Belgian fortifications (which were themselves designed to withstand the most powerful artillery in the world…at the time). So after years of construction and a huge investment later, the Belgians had the strongest conventional fort in the world at the start of WWII. The Nazis took it in one night, with only 80 men. By using newly invented hollow charges and stealth gliders, they simply flew into the base and disabled it at critical points, all while suffering a mere 6 casualties. That’s fighting the last war and losing the battle today!

A Familiar Tale for Sourcing & Risk Executives

Risk management, particularly supplier risk, is very much an example of this old saying. How often have you heard sourcing executives say, “our last supplier went bankrupt, so now we check supplier financials religiously.” Yes, only a fool makes the same mistake twice, and of course it’s important to monitor financial risk. But this logic misses the bigger picture that financial instability is only one kind of supplier-related failure. It’s also important to remember that a supplier can be meeting all of the performance metrics in its contract and still put your firm at risk.

A number of recent current events serve as valuable reminders. Companies are increasingly vigilant about compliance regulations of their third parties in order to avoid significant fines. Data security is another area of increasing concern, especially after the high-profile data breaches that were caused by insufficient security processes and procedures on the supplier’s end. In an era of increasing consumer awareness and visibility, your suppliers’ ethical practices can have a direct impact on your own brand and reputation. These examples highlight the importance of proactive risk management across a variety of event types or triggers, beyond those that have affected your business in the past.

And while no one wants to repeat a mistake, it’s all too common to become over sensitized to a specific event type like a financial failure. This becomes apparent when you can’t mention the possibility of bringing in a new supplier without thousands of financially oriented questions being asked about that supplier. Or when your procurement team creates much higher hurdles for financial stability, which automatically disqualifies many innovative, startup suppliers. Most people don’t react to risks and threats based on their likelihood of materializing or on objective information, but instead, based on their own fears and biases.

Three Techniques to Enhance Supplier Risk Management

There are several things you can do to avoid “fighting the last war” and to become risk-aware and resilient as a business.

  • Treat events as examples of risks, not as risks themselves. The best way to do this is to ask “what other kinds of events would cause this same outcome?” For example, going back to our financially ruined supplier, it’s important to remember that financial risk isn’t the only reason a supplier can’t deliver against your contract. Other events that could cause that outcome include a geological disaster striking where a supplier’s delivery center is located or a failure to stay current with regulatory requirements.
  • Ask strategic questions about tactical events and vice versa. For very specific and operational events like a supplier’s financial failure, it’s worthwhile to ask strategic questions like “What has changed in our industry or our suppliers’ environment that might cause a disruption like this in the future?” Similarly, if a strategic event has happened, ask “what can we do today in response to this?”
  • Use trigger events as a sail, not an anchor. There can be a natural tendency to close off from others and to keep negative events in a narrow circle of trusted peers. However, that reaction prevents others from learning and growing from that experience. To truly help move the entire organization forward, it’s worthwhile to endure a few moments of discomfort and share what lessons you learned so the entire company can adopt a best practice around it.

Don’t be caught fighting the last war. Leverage these three techniques to help your organization become more proactive and effective at risk management.