With mounting strain on suppliers' bottom lines, rising volatility in the materials markets and a drive to reduce costs on both supply and purchasing sides, chief purchasing officers (CPOs) are facing a unique set of challenges.

These threats have made risk assessment and management vitally important. By developing effective strategies to handle supplier risk, CPOs may be able to not only preserve operations, but also strengthen company growth and competitiveness.

In a recent IBM survey of nearly 400 global chief supply chain officers, risk management ranked among the top concerns, with 60 percent stating that it has a significant impact on their supply chains. In fact, supply chain risk was a higher priority among CPOs than rising costs and increasing consumer demands.

According to the survey, overall economic turmoil is only a partial cause for the rising focus on risk management. Widely publicized product recalls and supply chain interdependence driven by globalization are cited as the other major sources for concern.

Although roughly 69 percent of CPOs claim to have formal risk monitoring procedures, only 31 percent evaluate risk and performance in combination due to a perceived lack of standardized processes and effective technology. This absence of comprehensive solutions presents a major obstacle for risk assessment.

Among supply management systems, predictive supply risk forecasting "is probably the least mature and most in need of more providers at the moment," according to Jason Busch of Spend Matters.

"Every vendor says their tool can be applied to problems related to supply chain risk, but right now there are very few comprehensive tools that, for example, can quantify risk as a cost factor and incorporate that into existing models," an analyst at AMR Research recently told Managing Automation.

This lack of a standardized technological approach to identifying and weighing supplier risk means that greater responsibility falls on CPOs to develop their own strategies. But traditional methods may no longer suffice.

Due to the increasing complexity of supply chain mechanics, purchasing-related risks now exercise more influence over key components of corporate success, such as revenue, operation costs and overall business viability. In addition, the greater exposure to risk caused by globalized interdependence among suppliers means that older models for risk assessment may be inadequate for present-day needs.

"We usually look at the known issues and make a nice diagram with probability on one axis and impact on the other. That's Risk Management 1.0," Erwann Michel-Kerjan, managing director of Wharton's Risk Management and Decision Processes Center at the University of Pennsylvania, explained to Knowledge@Wharton magazine. "Risk Management 2.0 is [going] beyond the known issues to look at the links and interdependencies. You can no longer look at the risks independently of each other."

New risk management approaches shift away from mathematical models to focus on benchmarking supply processes and integrating decision-making into risk evaluations to gain a better understanding of hidden risks and potential responses.

CPO Agenda has developed a hierarchy for purchasing-related risk assessment strategies: Level 1 ("unstructured") companies improvise a response to each risk as it arises; level 2 ("reactive") companies have predefined risk responses; level 3 ("proactive") companies develop contingency plans to anticipate high-priority risks; level 4 ("cross-functional") companies integrate internal decisions with supplier conditions; and level 5 companies add value or growth by using purchasing to address strategic issues.

CPO Agenda recommends taking the following basic steps to build an adequate risk response strategy:

• Identify which risks are likely to affect the business and document their key drivers and characteristics;
• Assess the probability and likely impact of identified risks on key performance metrics (e.g., earnings or cash flow at risk);
• Develop response strategies (avoid, transfer, mitigate, accept) that are consistent with the company's overall risk appetite, the portfolio of risks to be addressed and the need to deploy resources efficiently and effectively; and
• Monitor the risk environment on an ongoing basis, and evaluate the performance of current risk response strategies.

The majority of companies fail to complete all four steps, either identifying risks and failing to quantify them or developing responses but neglecting to measure their effectiveness. Another common problem is developing a one-time or intermittent approach without applying it in a consistent manner. By contrast, the best-performing companies identify risks, quantify/qualify them, craft appropriate responses and measure the effects of each response to refine the process.

The manufacturing industry in particular has to focus closely on supply chain risk. As the American Society for Quality explains, "Much of what manufacturers purchase is then incorporated into their products. This means there is a higher inherent risk, or potential impact, in the manufacturing customer-supplier relationship."

As such, identifying and anticipating supply chain risks in industrial manufacturing may require additional risk management measures. Supply Excellence recommends using the following assessment questions to gauge supply-side stability:

• Does your supplier have a business plan? If so, when was the last time you reviewed it with them?
• When did your supplier last take any innovative steps?
• Is your supplier undergoing severe staff turnover or downsizing?
• Are you waiting longer for payments?
• Is your supplier facing increasing debt and declining growth?

Although these questions may be difficult to ask, they can yield crucial indicators regarding supply chain reliability versus risk potential. The difference between a company that is able to shield itself from risk and one that is vulnerable to it often lies in the quality of a supplier-purchaser relationship.

Resources

The Smarter Supply Chain of the Future
IBM, January 2009

Segmenting the Supplier Information and Relationship Mgmt. Market
by Jason Busch
Spend Matters, April 16, 2009

Deep Dive: Technology Directions - Tools for Managing Risk
by Jeff Moad
Managing Automation, March 2009

Re-thinking Risk Management: Why the Mindset Matters More Than the Model
Knowledge@Wharton, April 15, 2009

An Upside to the Downturn
by Stephen Finch, Ashley Hubka and Gregory Kochersperger
CPO Agenda, Spring 2009

Certified Quality Manager Handbook: Second Edition
by Duke Okes and Russell T. Westcott
ASQ Quality Press, 2001

Are You Asking Your Suppliers the Right Questions?
by Katie Siegle
Supply Excellence, April 15, 2009