Subscribe to Email Updates

Quality Creates...Perspective

How To Assess Risk In The Supply Chain Ecosystem

David Bolton
by David Bolton on Fri, Aug 30, 2019


Supply Chain Quality

A weak link in the supply chain can have a significant impact on quality.

Digitalization and the connected society may have made our lives easier, but the associated increase in customer expectations has put the supply chain under intense pressure. Product recalls have become part of the daily news cycle, and while the brand gets the headlines, companies need to ensure that every part of their ecosystem is held to the same quality standards.

Supply chain partners deliver huge benefits to businesses, even more so when it comes to keeping pace with today's consumer-driven market. External suppliers can plug internal capability gaps, provide flexibility in meeting demand, and help drive innovation and competitive advantage. Yet when it comes to quality and compliance, the supply chain is a defined source of risk.

There can be hundreds of partners in an ecosystem, each of which may have not only its own working practices but also a quality management system that differs from other elements of the supply chain. Consistency and traceability then become major challenges, as businesses often lack enough visibility and control over their suppliers' safety, quality and compliance programs and practices.

The problem is that product recalls can have a serious impact on both brand reputation and consumer trust. Poor quality products are always associated with the brand, regardless of where the issue occurred in the product lifecycle.

As a result, companies who fail to proactively manage risk throughout their supply chain can face serious consequences should quality and compliance breaches occur. Business Insider reported, for example, that Amazon has well over 4,000 items for sale that have been determined to be "unsafe" or banned by federal regulators, and even Winnie-the-Pooh would realize that these third-party sellers are likely to be part of a supply chain ecosystem.

So, how can companies alleviate the potential for weak links in the supply chain? And, importantly, how can the ubiquitous digital transformation help to plug any risk management holes?

The answer to these questions is rooted in the need for a risk-based approach to quality.

The benefits of a risk-based approach to supplier management

A risk-based approach provides an effective means of dealing with complexity, uncertainty and ambiguity … which is basically what characterizes the modern supply chain.

Where there are as many different approaches to quality as there are suppliers in a supply chain, different people's assessment of risk and how to deal with it will depend on their own experiences. More often than not, managers will rely on subjective judgments and gut feeling. Which might not be the best way to ensure product quality.

In contrast, the risk-based approach provides a unified understanding of risk and a systematic and objective way for measuring and addressing what risk actually is. On a very basic level, companies can apply the concept of risk to supplier quality and compliance so that there’s a common language and metrics for assessing how those processes are meeting their goals.

In fact, risk is a subject that is universal to most organizations – most people speak or acknowledge risk. As a result, risk-based thinking allows businesses to normalize how they communicate measures of quality performance throughout their supply chain.

Understanding supply chain risk

A company and its suppliers should share a common understanding of what risk entails. Many people use the terms 'hazard', 'threat', and 'risk' interchangeably, but 'risk' is a different beast.

Seeing a shark fin from the safety of a beach means that the shark itself is a hazard. A news report that sharks have been sighted in the local area is a threat. Deciding to go swimming in shark-infested waters is a risk. Lightning is also a hazard, but a weatherman predicting thunderstorms with a chance of lightning is a threat. Sheltering under a tree during a thunderstorm-interrupted round of golf is a risk. Especially if the golfer knew in advance that there was a high probability of a storm.

So, a risk-based approach will identify hazards and threats in the supply chain and determine the probability of something happening and assess how severe that outcome could be. A prudent company will then measure these risks quantitatively to enable more systematic and objective decision-making in terms of quality.


Want to weed out the weak links? Download our white paper on supplier quality.

Identifying risks

A risk-based approach promotes communication and collaboration, cutting across the organizational boundaries that exist between in a supply chain ecosystem.

The program draws together a company and its suppliers into a conversation where key people and decision makers find threats, identify risks, and work out how to measure them. The underlying aim is to understand how the various risks interrelate and affect the performance of a supply chain. In addition, the approach helps companies work out both the critical risks and an ongoing method of identifying risk, such as regular audits.

Key areas of risk that company and suppliers should focus on are as follows:

Regulatory risk: Global regulatory trends focus on supply chain transparency, ethical employment practices, and responsible sources. Supply chains that encompass many regulatory regimes deal with myriad compliance requirements. Creating a master list of compliance requirements and relevant dates for validation and certification can help alleviate regulatory risk.

Reputational risk: Consumers, shareholders, and employees have very high expectations when it comes to quality, safety, sustainability, and ethical sourcing. And it has never been easier for them to share their opinions on social media. A crisis could spread globally within a matter of hours, or even minutes, forcing businesses to respond in real-time. A supply chain reputational risk management strategy is a critical priority.

Security risk: Fraud in the supply chain is a growing risk – counterfeit pharmaceuticals represent the largest segment of counterfeit goods sold worldwide - and financial pressures in the food and drink industry are tempting many suppliers into deceptions over the provenance or quality of their goods. At the same time, there is a consensus that as the weakest link in cybersecurity risk management, the supply chain should be a top priority for organizations.

Contractual Risk: When companies take a siloed approach to contract negotiations, with different functions negotiating different parts of the supplier agreement, gaps can occur that expose the business to significant legal risk. Sub-agreements can commit the business to services never addressed by the master agreement, leaving them without proper protection from the governing terms.

Insurance Risk: Businesses need to ensure that their suppliers carry an up-to-date, properly executed, properly endorsed certificate of insurance (COI), otherwise they can be left exposed to claims from third parties who may be affected by the suppliers' actions or inaction. The suppliers' sub-contractors must also be properly insured.

Financial Risk: Financially unstable suppliers run the risk of imminent collapse. In some cases, like 2017’s Hanjin Shipping collapse, it can happen very quickly, leaving businesses at risk of collapse themselves. Too many companies lack sufficient visibility into the financial stability of their supplier network, let alone their key suppliers.

Risk Assessment Tools

After identifying risks, companies need to quantify them. Risk Assessment tools take the subjectivity out of this process by providing the means to systematically measure risk. These can be defined as follows:

  • Repeatable: using the same methodology to categorize all adverse events
  • Objective: systematically quantifying the actions to be taken
  • Consistent: following a prescribed formula to ensure consistent results every time

Of course, the decision as to which Risk Assessment tool to use depends on the complexity of the risk you’re trying to measure and how much data you have to guide your decision. Throw hundreds of potential supply chain partners into the mix, and this takes on whole new dimension.

Managing supplier risk

Risk Assessment tools on their own are not the solutions to managing risk. Rather, they are there to support decision making by reducing subjectivity, standardizing responses, and providing quantitative justification for them.

For true effectiveness, you need people on the other end interpreting the results. These individuals know the supply chain, know the hazards, and can help determine how to make risk work throughout a supplier network.

A good approach is for companies to assemble a 'Risk Team' that includes key people from their own organization and the suppliers. The team reviews the different risk outcomes and determines how the company is going to handle different risk levels.

For example, a supplier should be actively involved in the company’s CAPA (corrective action preventative action) process, which should proceed according to a closed-loop risk-management protocol.

In this system, events entering the CAPA process are prioritized by risk assessment, with those in the highest risk category (high severity and frequency) pushed to the head of the queue. Once the CAPA is completed, the outcome undergoes a second risk assessment to ensure that it falls within acceptable risk tolerances. If it doesn't, it’s fed back into the CAPA process. As a result, all parties can be sure that the issue has been corrected.

The risk portfolio and supplier scorecards

Measuring risks in the supply chain and taking actions means that a company is building a risk history of its suppliers.

This defined risk history allows decision makers to include a rating for their suppliers on risk scorecards and provides both parties with an objective, quantifiable means of managing the risks in the business relationship. This scorecard is a critical capability in supply chain risk management. To put it simply, suppliers who don't receive frequent, actionable feedback will assume that their performance is fine … even if it's not.

Using a risk-based approach to supplier rating will help an organization identify high-risk suppliers and improve visibility into the supply chain. Potential supplier risks can be identified more quickly and measures put it place to control the risk. With a better understanding of supplier performance, the end brand can make more informed and less risky sourcing decisions.

Taking a risk-based approach to supplier management significantly increases visibility into supplier quality performance and gives a company an effective means to control it. However, the efficiency of any supplier risk management program will depend on the quality of the data that is being generated and analyzed.

Ultimately, companies who have the means to manage supplier risk through a centralized, automated system will be able to mitigate and prevent risk far more effectively than their competitors. And that has got to be good news for both the product lifecycle and the end user.

ETQ's long held mantra that quality creates endless possibilities is one of the many reasons why over 550 global companies trust us to secure brand reputation and customer loyalty. Our SaaS software delivers built-in best practices and powerful flexibility to drive excellence through quality.

To find out more about how ETQ can help you on your quality journey, contact us today for a demo.




Leave a comment