Perhaps the most famous incident of a supplier being inadvertently responsible for a catastrophic business and reputational loss is the 2013 Target data breach. Cyberattackers obtained system credentials given to an HVAC vendor to access Target’s systems. The result: The payment information of 41 million customers was exposed, as well as contact information of more than 60 million customers.
Although this story might seem like a gloomy way to start a supplier diversity blog post, it underscores that risk is inherent with any relationship you enter with a supplier. And large companies need a healthy supply chain in order to thrive. Supplier diversity enters the picture by providing a means for increased productivity, a healthier bottom line, and, yes, even decreased risk.
Supplier risk assessments offer a way for organizations to identify and address threats that their key vendors might pose. Assessments also give companies a chance to strengthen their supplier diversity efforts. Here’s a look at how supplier risk assessments relate to supplier diversity:
Supplier Risk Is Unavoidable
Whenever a company enters a contract with a supplier, some degree of risk is created. This fact is unavoidable—the vendor may not deliver on its end of the contract, may deliver a product that is faulty, or may expose you to liability, as Target’s HVAC vendor did. And organizations simply cannot stop using suppliers; sure, some needs can be pulled in-house, but for everything, it is expensive and unfeasible. Therefore, companies must accept the risk that hiring a supplier, diverse or not diverse, creates. That risk must be managed as well, because if a supplier causes a problem, often the contracting company is the one saddled with the blame and the consequences. Few people associated the Target breach with its supplier; most consumers simply remember that Target had a massive data breach on its hands.
Supplier Diversity Strengthens Companies
Supplier diversity ultimately benefits organizations and should be actively pursued. But in the rush to bring diverse suppliers into your vendor portfolio, you can’t just hire any third party without some degree of due diligence. Diverse suppliers, whether they are new or have been under contract for years, must truly benefit your company. Supplier risk assessments help keep tabs on your best suppliers so that they aren’t increasing your risk.
Supplier Risk Assessments in a Nutshell
The supplier risk assessment process—and we’re simplifying this for brevity—starts with identifying which vendors are most important to your operations and/or present the most risk. You send an assessment—which you create, find from other sources, or generate from vendor risk management software—to the supplier. Individuals at the vendor answer the questions on the assessment, provide any necessary documentation, and send the assessment back for your review. You compute and analyze the results and take action with the supplier accordingly.
One challenge of the supplier risk assessment process is determining whom to audit. If you deal with hundreds or even thousands of vendors, you will only be able to assess a small percentage, so these decisions will be important.
Also, if an assessment returns less-than-favorable results, you might be faced with some tough choices. Do you work with a supplier to improve its results? Is there a level of risk you can comfortably live with? Is it time to replace the supplier? Indeed, these are tough questions but ones you will ultimately benefit from asking.
Risk Assessments and Supplier Development
Supplier development helps diverse suppliers become better partners for your company. This creates stability, growth, and innovation that benefit all parties. Supplier risk assessments can be a key cog in this development initiative. If a diverse supplier is important enough to your organization, you will want to do whatever you can to help it reduce risk. This could entail an on-site visit or financial support, but it’s resources well spent if it strengthens the relationship, benefits your company, and maintains robust supplier diversity.
What is your experience with supplier risk assessments?