Main menu

Shifting Supply Chain Priorities Reinforce TPRM Business Value

August 19th, 2020

A reliable supply chain is especially important in uncertain economic times when customer retention is critical. Disruptions don’t just impact revenue today; they impact customer lifetime value, a measure used by companies ranging from consumer packaged goods to banks. Whether it’s toothpaste or a home equity loan, when buyers can’t get your product, they find alternatives and often don’t return. And the stakes are even higher for essential organizations like financial services and pharmaceutical firms that also face regulatory scrutiny.

Surveys prior to the COVID-19 pandemic show that emerging risk has been on the minds of boards, but it took this black swan event to expose just how hyper-efficient supply chain methodologies and supplier rationalization threaten supply chain resilience. Within weeks of the pandemic spreading globally, Axios reported that 75% of organizations experienced supply chain impact, which quickly brought supply chain resilience to the forefront of many business leaders’ minds and agendas. For instance, by April, PwC research found that more than half of CFOs considered vendor viability a top three priority.

Third-party risk professionals are uniquely positioned to help business leaders prevent supply chain disruption. As a point of collaboration, TPRM works with procurement, business leaders, IT, legal, and vendors from onboarding through offboarding and delivers key metrics that top management and the board rely on to make good decisions. So, when a crisis occurs, third-party risk is also the inflection point for identifying and mitigating potential risks to supply chain resilience.

How TPRM Supports Supply Chain Resilience

As the central point for data related to third parties, the TPRM team has a unique opportunity to create a 360-degree view of third parties that delivers broad insights about their viability and resilience. With the right tools, they can identify:

  • Suppliers impacted by hazards. The pandemic may have highlighted the brittleness of supply chains, but doesn’t mean that programs can let their guard down when it comes to continuity of supply. In the months since quarantines were imposed, organizations have experienced potential disruptions due to border conflicts, Internet strikes, tropical storms/hurricanes, civil unrest across the US, and many other natural and man-made events. Supply chain resilience solutions should automatically alert risk experts and relationship/category managers when and which of their supplier(s) and critical fourth parties are in a position to be impacted by these events, so they can take fast action.
  • Business impact on the supplier. When COVID-19 first became an issue, organizations scrambled to assess the impact on their suppliers, especially those identified as critical/material or having other KRIs (e.g. financial viability concerns, geographic location). A robust system for assessing supply chain resilience risk can not only identify potentially impacted suppliers, but automatically trigger business impact assessments to the supplier and generate risk scores based on their responses, rapidly delivering the information the business needs to make timely decisions.
  • Response to supply chain resilience risk. A business impact assessment is an opportunity to do more than just demand an update from your supplier; it’s also an opportunity to collaborate with them on mitigation/remediation. Would being flexible on payment terms help the supplier ensure continuity of supply? Does your critical supplier need documentation that you offer an essential service so they can continue to operate? Your system should manage the action plan for remediation through to completion to ensure all requirements are documented and completed.
  • Alternate sources of supply. Unfortunately, there may well be situations in which a supplier simply can’t provide a product/service, at least temporarily. Leveraging the supplier data already in the system, your TPRM solution should be able to automatically identify suppliers who offer an alternative and generate an RFx for a new contract. Speed is of the essence to ensure that your business can continue to operate, especially if your competitors may find themselves in a similar position and will be trying to secure the same product/service.

Supply Chain Resilience Risk Calls for a Different Approach

While the increased focus on supply chain resilience has prompted a lot more conversations about the role of TPRM in managing supply chain risk, most standard TPRM solutions aren’t suited for assessing the emerging risks that could impact the resilience of your supply chain. Some approaches that are NOT sufficient for mitigating supply chain resilience risk include:

  • Onboarding Assessments. Of course, onboarding assessments are important for evaluating risks that impact supplier resilience, such as financial viability, business continuity planning, and operational resilience. But the pandemic has demonstrated that unforeseen risks have unexpected impacts on suppliers. Once an event happens, it’s important to assess whether it has changed the vendor’s risk profile. For example, few business continuity plans accounted for global disruption. A supplier’s strategy for geographical failover wouldn’t address the challenges of widespread quarantine and shelter-in-place orders.
  • Monitoring. This is another best-practice for TPRM that should be supplemented to account for supply chain resilience. Many robust monitoring tools can feel like lagging indicators in a crisis. In the event of a sudden disaster, for example, a financial viability monitoring tool would likely not be as timely as conducting a business impact assess with the supplier to understand what facilities, people, inventory, or other resources may be affected. Passive monitoring also doesn’t provide the opportunity to collaborate with the supplier to identify potential mitigation/remediation. Risk intelligence should include real-time global monitoring of potentially hazardous events to trigger business impact assessments for proactive risk mitigation.
  • Spend management. It’s tempting to use spend as the primary criteria for conducting supplier business impact assessments. However, there are countless examples of how lack of one small component can halt an assembly line or a relatively inexpensive aspect of online presence can halt ecommerce. While spend is generally a good indicator of priority, mitigating supply chain disruption benefits from the more nuanced view of supplier relationships found in a mature TPRM system.
  • Single domain solutions. In a heavily connected, highly digital world, supply chain resilience risks can arise from multiple sources. Effectively anticipating, defending against, and responding to, and recovering these risks requires the ability to look at all of these risk types – including natural and man-made hazards, cybersecurity, financial viability, business continuity, fourth and nth parties, and information security. Creating this complete view of the entire vendor portfolio cannot be accomplished with siloed solutions.
  • COVID-19 solutions. The pandemic has certainly been a significant supply chain resilience risk, but a solution built specifically for a global bio-hazard doesn’t have the breadth of functionality needed to address the many risks that could disrupt your supply chain. And the time, effort, and resources needed to modify such a solution would be better spent on a purpose-built solution that could deliver value from day one.

As the business seeks to navigate this new landscape, TPRM has an important leadership role in assessing supplier resilience. With a proactive approach and the right tools, TPRM can demonstrate a direct line to revenue by protecting continuity of supply.

To find out more about how Aravo is helping organizations build better supply chain resilience, download our datasheet or arrange a demo today.

Share with Your Friends:

Our Expertise
Who We Help

Ready to get started?

Get in touch for a better approach to third-party risk management