Managing Supply Risk Part One – Quantifying and Predicting Supplier Risk


How companies ensure continuous affordable supply by measuring supplier risk and anticipating potential supplier problems. Early warning gives companies a much broader range of options to deal with potential problems in a systematic way.


Ahhh for the simpler days, when the job of procurement professionals was just to find reliable sources, negotiate the best price, and manage delivery. Today’s supply chains demand so much more.Sourcing professionals are expected to predict and mitigate the constellation of risks that have arisen from increasingly globalized sources and supply chain complexities, involving orders of magnitude more players.But we shouldn’t complain too much because risks = opportunities.Those who can handle this complexity, who create the agility needed to deal with supply disruptions, and who preemptively alleviate supplier problems, become valuable players within the organization.

Managing supplier risks (non-performance, bankruptcy, etc.) as well as supply risk (industry capacity constraints, disruption of supply, allocation, etc.) has always been a core function of sourcing.However, with globalization and outsourcing, there are so many more things that can go wrong. The management of risk has taken on new dimensions of complexity and criticality, demanding new approaches and methods for mitigating risks. We examine some of these in this series on managing supplier and supply risk.

Quantifying Supplier Risk

It is common sense, but not necessarily common practice to quantify the risks for each of your key suppliers.The approach taken by one major high tech manufacturer we talked to provides a good template for managing supplier risk. They group their suppliers into A, B, and C tiers, based on strategic importance, volume, and a few other factors. It is mandatory for their buyers to maintain a risk profile for every “A” tier supplier.

The risk profile incorporates elements such as financial health, political stability, infrastructure risks, and natural disaster risks of the regions in which the supplier operates.For example, some cities in China have frequent power outages, which can last days, which is disastrous for PCB (printed circuit board) manufacturing.

The suppliers are ranked into risk categories — the lower the rating, the riskier the supplier.These are used in supplier selection and negotiations.Category 1 (highest risk) suppliers are never used.Use of category 2 suppliers (second highest risk) depends on the availability of alternatives.If there really are only one or two suppliers of a specific item or material worldwide, then this company may still do business even with a category 2 firm. If the supplier is important, the buyer will work with them to find ways to lower risks, but that is not always possible (you can’t necessarily ask your supplier to build a new factory in a different geographic region). So, the sourcing group sometimes will go back to the design engineering group, to explore if there is a way to redesign the product to allow selection of a lower risk supplier.

This company thereby moves their spend for specific categories away from high risk regions and suppliers to gain better yields and better logistics. But there are some risks that they have to live with.For example, although there is a high earthquake risk in the Silicon Valley area where many high tech suppliers are concentrated, it is impractical for them to refuse to buy from any suppliers in Silicon Valley.

The key lesson here is that supplier risk should be methodically measured for key suppliers and systematically used in the selection process. Exceptions (selection of high risk suppliers) must go through a justification process and trigger risk mitigation planning activities and actions. No more eyes half shut to supplier risks, just because we’ve always used them or know someone there!

Predictive Supplier Risk Management

A large diversified industrial manufacturer, whom we will refer to as “MultiManufacturing, Inc.” developed a unified integrated supplier performance database. This database is described in a previous article on supplier performance management. MultiManufacturing found that having all their supplier performance data centralized proved to be very useful in helping them proactively manage supplier risk.They have been able to automate predictive supplier risk management by combining three sources of information:

  • Publicly available data — such as credit worthiness, how quickly the suppliers pay bills, lawsuits, court actions, earnings, number of people on payroll, etc., all of which can be bought from companies like D&B and mined from publications and the web by bots (software agents for data mining and monitoring).
  • Qualitative supplier performance data — feedback and evaluation of suppliers by the people within the buyers’ organization: buyers, engineers, users, manufacturing, quality personnel, etc. Gather direct intelligence on how the supplier is performing relative to their peers from the individuals who are interacting with the suppliers.
  • Quantitative supplier performance data — their centralized database pulls actual performance data (e.g. on-time delivery, quality, etc.) from the companies’ various execution systems.

These are fed into software from Open Ratings (part of D&B) that analyzes data patterns to predict in advance the risk of supplier failure.For example, if quality and delivery are faltering, the firm’s financial performance is shaky, and/or qualitative ratings are declining, then a red flag is raised.Some of these are leading indicators. Deterioration in quality often precedes financial declines. Integrating these different sources of information creates a better predictive tool than viewing the data points in isolation.The system uses “learning” algorithms that improve predictions over time.Other sourcing and procurement vendors — such as Aravo, Ariba, Emptoris, BravoSolution, and others — also have some predictive supplier risk/alerting capabilities to varying degrees.

At MultiManufacturing, thresholds defining the tolerance for risk are tuned and adjusted, for example, based on the volumes required, transition time, and direction of demand (ramping up or down).If there is a product launch or ramp up coming, then the tolerance for risk may be narrowed so that problems are flagged at a lower threshold — the red flag goes up sooner and remedial action, if needed, can happen while there is still time to mitigate the risk.When a flag is raised, the course of action depends on the situation:

  1. If this supplier is very important over the long term, and hard to replace because of a unique technology or other unique value, then MultiManufacturing will invest resources into helping them improve. They help some key suppliers implement 6-sigma programs, but can only do this with a very few critical suppliers who can’t be replaced. They are dependent on those suppliers and need them to survive and flourish.
  2. If the supplier is in trouble and is not unique, MultiManufacturing will began transitioning to other known suppliers or search and find someone else as quickly as possible.During a crisis, if they have no other choice, they may even pay the supplier’s bills to keep the lights on for a short period until they can transition to another supplier.
  3. If the degree of risk is tolerable, for example if they have a reliable second source, then they may continue with the supplier for the time being while concurrently moving to other sources over time.

The ability to spot trouble ahead of time is extremely valuable. It allows MultiManufacturing to start one of these mitigation strategies before there is a crisis.This gives them a broader range of choices in action and the time to act calmly and deliberately, avoiding expensive, sub-optimal, hasty reactions and possibly a very expensive, high-profile supply failure.By quantifying supplier risk and proactively monitoring and predicting potential trouble, firms can greatly increase the chances of ensuring uninterrupted supply at a price that they can afford.


Part Two of this article series is on supplier disaster recovery and business continuity.

To view other articles from this issue of the brief, click here.

Scroll to Top