Risky Business: Supply Chain Risks and the Questions You’re Not Asking Your Suppliers

Stephanie Buck
Stephanie Buck
Content Marketing & Storytelling Manager, Coupa

Stephanie is passionate about storytelling and helping leaders, businesses, and organizations transform the way they connect with their customers, prospects, and others. At Coupa, she leads storytelling and content production efforts for supply chain. She brings over a decade of experience supporting marketing and communications with impact-oriented enterprises and mission-driven organizations. She earned her Master's degree from the London School of Economics and her Bachelor's degree from Texas Christian University. She grew up in the Chicago area, but currently calls Washington, D.C. home.

Read time: 4 mins
Risky Business: Supply Chain Risks and the Questions You’re Not Asking Your Suppliers

Supply chain leaders often tell us they’re increasingly concerned about risks in their supply chain. They’re worried about everything from risks associated with their suppliers to exposure to potential macroeconomic disruptions.

In this context, a shift that started before the pandemic has only accelerated: supply chain leaders not only need to focus on cost and service, but also on risk, resilience, and sustainability in their supply chains.

Why are supply chain leaders so concerned about risk?

Given increasing and ongoing supply chain disruptions, geopolitical uncertainties, changing ESG regulations, and other environmental and policy decisions that will impact supply chains, there is simply a lot more complexity to supply chains and a lot more at stake if things go wrong.

This means supply chain leaders now have to account for risks from the beginning. It’s not enough to take in risk after the fact, but it must be embedded into supply chain design. Then you must update and refresh those supply chain models as risks change. Companies that do prepare for risk in this way can come back faster after a disruption occurs and minimize the impact of that event.

Why supplier risk management is top of mind

One common source of risk involves not knowing your suppliers’ suppliers, or third- and fourth- and fifth-tier suppliers. These suppliers might not have policies and practices in place that align with your company’s standards or they might have exposure to risks, such as poor labor practices that violate European Union standards, or maybe they’re likely to be heavily impacted by an inbound hurricane or other extreme weather event. But you might not have adequate information to manage those risks properly and respond appropriately if and when a disruption occurs.

What can supply chain leaders do to manage supplier risk?

A good place to start is to ask yourself the following questions:

  1. Who are our suppliers and who are their subcontractors? You likely know who your suppliers are, since you have contracts with them. But do you know who those suppliers source from? Are they subcontracting out certain orders? How much do we really know about them? Establishing good relationships with your suppliers can create a more open flow of information to help you answer these questions.
  2. What business are we doing with them and why? Are you potentially overlooking other equally qualified (or even superior) suppliers? How does our answer to this question align with our business and supply chain strategy? To create value in your supply chain, knowing your “why” with each supplier matters.
  3. Which relationships expose us to risk, and to which risks? Getting as granular as possible on these questions will help you gather data to create informed decisions as you create your supply chain risk management plan.

Build out your supply chain resilience plan

Once you’ve spent time reflecting on the questions above and gathering data, you can:

  1. Identify the risks. How likely is the event? What will the likely impact be? Where will it occur?
  2. Evaluate risk. How serious is it? What ability does your organization have to manage the risk? Is the risk acceptable? How urgent is it?
  3. Determine appropriate responses. Now that you’ve identified and evaluated the risk, what will you do with this information? What actions will or won’t you take?
  4. Model the responses. Before taking action, run simulations on your supply chain’s digital twin to figure out how certain risks would likely impact your supply chain and what effect your proposed options to address those risks (or not address them) would have. Once you model these impacts, you’ll be able to make a decision based on data that will help your organization reduce risk and recover faster.

This is, of course, a high-level overview of ways to assess and respond to supplier risk. These steps also apply to other areas of the supply chain and are expanded upon in the updated Risk, Resiliency, and Supply Chain Modeling white paper. For a deeper dive into these topics, download the paper.

Reduce risk and build supply chain resilience.

Download the White Paper Now