Supplier Risk Management – The need for speed …at what cost? (Part 1 of 3)
Incorrectly set Supplier KPI Targets are driving up Supply Chain Risk – How do we manage the correlation and mitigate the risks, and re-calibrate more sensible KPI Targets?
In today’s ultra-competitive environment suppliers are often measured by speed related KPIs such as their On-Time Delivery (OTD), Turnaround Rate, Call-out Response Rates, Days per 10k, or other efficiency and time based metrics, aka “Supplier Speed Metrics”. As demand increases for products and services supplied by the supplier to be completed faster, and at less cost are we accurately assessing and evaluating the true cost of this ‘need for speed’ in terms of both the risk to the supplier and the impact such risks could have on the buyers business? Does the risk probability escalate as suppliers get pressured for quicker delivery at lower cost. How does this impact on quality of service? How does this impact on risks associated with Supplier owned and operated assets and subsequently the KPIs we set for Asset Performance Management in general? Whether owned directly or Supplier / Third Party Operated and / or serviced.
Supply Chain Risk Management (SCRM) is not a new concept. Most companies see supplier risk management as a key priority and many have implemented initiatives to address it. However, supplier risk management initiatives, as well as various other operations improvements such as SPM, SRM, ERP implementations, supply chain and process improvement and business intelligence efforts have had limited impact on supplier risk. The reason being is that either the risks are beyond the control of the Buyer, ie Geopolitical risk, they rest with third parties, or in my opinion in the majority of cases the risk management strategy for supply chain are missing the dotted line that links supplier risks to operational performance targets.
So my key question is :
Are unrealistic or inappropriately set Supplier KPI Targets driving up the buyers overall Supplier Chain Risk ?
I would love to hear your feedback / experiences when you finish reading the article.
Equally important is how are we managing the linkage between performance-based metrics and supplier risks and subsequent risk mitigation strategies?
We all know the importance of having a balanced set of KPI metrics that focus not just efficiency and cost but that also pay equal respect to KPIs on areas such as Health, Safety and Environment with the need for efficiency in supply. Yet do we really manage the alignment of risk probability with how fast we drive suppliers to perform, and equally as important how fast do our suppliers drive their tier 2. Before we delve into Tier 1 and Tier 2 Supplier Performance and Risk Management lets look at some examples of Supplier Risks that can in certain cases be tied back to poorly set Performance Targets
Examples of Performance Targets Impact on Risk Occurrence
Example 1: OTD and Transportation Incidents
Coming back to the article headline, are we driving the supplier to hard in terms of OTD metrics? What risks are these driving. Well for one, if the supplier drivers drive at excessive speed to ensure OTD then the probability of a traffic accident increases dramatically. How many of the leading global companies correlate OTD with logistical HSE incidents? How many companies act on or action the findings? Are the sister KPIs of OTDIF (Ontime delivery in Full) and OTDIFTS (Ontime delivery in full and to specification) suffering?
Example 2 Days Per 10k and HSE Incidents
HSE Management is recognised as extremely necessary metric within the Global Oil & Gas industry. The time taken for walkaround inspections and individual equipment inspections is as everyone working in the industry including suppliers a necessary and vitally important task. Yet there does not exist an industry agreed or legally enforceable metric that states the proportion of time that must be allocated to HSE within the industry. And at times when cost reduction is key organisations are trying to do more with less to save costs. As drilling efficiency rates increase in terms of cost reduction is there a direct co-correlation with KPIs that manage HSE incidents and Near Misses?
Example 3 Asset / Capability V Risk
As most companies run their operations / assets as close as possible to the technical performance limits it is essential that proper planning, scheduling, control, operations management do not ever compromise safety, reliability, or regulatory compliance. Many companies are actually moving beyond traditional supplier performance management metrics focused on the global, regional, and local level targets and are now going one level deeper and focusing on targets and KPIs of the supplier’s performance at the asset level. This is based in part on the specification limits of the actual equipment they use.
A good example here is supplier performance at the rig level. This involves monitoring performance at the drilling rig level allowing them to compare performance KPIs based on the type / capacity of the drilling rig. This means that they are aware that pushing the rig near or beyond a certain level of performance based on its capacity could result in risks materializing. And as many rigs have different capacity this approach of setting different KPI targets makes sense. One can often draw a correlation between the HSE risks (events and near misses) that materialise and performance data that shows say for example uptime and drilling efficiency of the rig v maintenance downtime. And as no two rigs are uniquely the same either through specification or years in service (wear and tear) then the approach makes sense and the KPI targets for that supplier asset should be altered accordingly.
Example 4: Asset Management / Maintenance V Accidents
Likewise is there a direct correlation between the KPIs for regular Asset Maintenance / Overhaul and Incidents that are asset related. Does lack of Maintenance result in accidents ? Does a less than recommended time-frame allocated for maintenance / overhauls result in rushed overhauls with accidents. What are the key lessons that a lack of balance between KPIs / meeting targets and associated risk?
Example 5 : P2P / Days Sales Outstanding / Invoice Error Rates
Another area that when not managed correctly could put your supplier at risk is timely payment of their invoices. If the invoices are always paid later than planned it puts extra pressure on the suppliers working capital and when payment of high value invoices are delayed it could have significant risk or impact for the supplier and subsequently risk for your own supply chain. Key factors that drive swings in this metric are directly impacted by other KPIs such as Invoice in Error Rate, Purchase Order Errors, or even Remittance / Payment System issues. so should we look at a the performance of these other metrics before we commit and agree that we will always pay the supplier within x days. If the Invoice error rate KPI is very high then this will ultimately result in late payments as invoices need resubmitted and as a result the financial risk to the supplier of late payment increases beyond what both parties agreed and expected. So look at a range of related P2P KPIs before setting and agreeing the target for the DSO.
Are emerging risk management strategies driving a recalculation of supplier performance targets?
The above set of examples highlight that flexibility is required in setting performance targets to reduce risk. As we are not always comparing like with like in its true sense of the meaning its important that we have regional and local target variations to reduce risk when setting KPI target levels. A simple example is expecting a logistics provider to have similar performance rates for OTD in a developing country versus say a country with highly efficient infrastructure. Likewise where a city has a lot of traffic congestion setting unrealistic OTD KPI targets for that city based on a global KPI level will drive up risk probability.
Figure 1 shows us how an incorrectly set performance target for say OTD can drive an inverse reaction on what we are striving for in terms of a HSE KPI such as accident rate. The below figure illustrates as an example how a slight increase in the OTD target in Feb 2017 to bring the local targets in line with the regions drove up the accident rate.
Figure 2 illustrates that a KPI Target can adversely affect more than one KPI. By implementing OTDIF we now force the supplier into making sure that every part of the order is in the truck (so to speak) before it leaves and also that it gets delivered ontime. This increases the probability of say the Truck leaving later than planned and probablly still striving for the truck to make up time en-route. Does this drive up the probability of an accident.? How much lower should the OTDIF target be from just OTD?
When it comes to risk management we are all very familiar with the Risk Impact and Probability Matrix outlined in figure 3.
To illustrate the importance of appropriate KPI target setting in the context of supplier risk management I have layered the KPI data graph we seen in in figure 2 over a traditional risk probability and impact matrix. in figure 3. This is for mere illustration purposes to get you thinking about 2 things.
1. The probability of the risk occurring (in this case the probability of an accident)
2. The Business impact – How much will it cost us if the risk materializes. Is it even possible that we could estimate the business impact in terms of cost to the supply chain?. We shall look at this further in part 2.
In the example there is no direct correlation between the performance data and risk impact. This is just to get you thinking about things. Now with that in mind think about a couple of things when setting KPIs. Is the KPI target achievable by the supplier at the local level as opposed to say global or corporate level, and at what cost to both their business and your own if the risk materializes.. If we set the KPI target too high does it impact on, or drive other possibly linked KPIs in an adverse direction than we want? How do we assess the Probability and Business Impact. Do we need to collect and manage supplier risk at the category line level ? Likewise do we need to set the target at the local level for each KPI target we set?
So my general question here is :
Should the Risk Management Specialist have a bigger say in the KPI targets set by supply chain relationship managers at the category level ?
I would love to hear your feedback / experiences when you finish reading the article.
Obviously Risk Management Specialists should have a certain degree of involvement in setting KPIs, but such involvement is not yet common place as a policy in the vast majority of organisations engaged in supplier performance and relationship management practices. Their involvement really depends on the resources available and perceived risk levels for certain suppliers or category lines. There is still a wide disjuncture between risk management and KPI target setting for effective supplier management. There is also a lack of process automation between risk identification and logging these risks in the risk register and the subsequent actions necessary to mitigate these risks.
Another major part of the problem here is that many companies do not have the systems capable of making such a correlation between risk level and desired performance targets.
Traditional approaches to Supplier Risk Management
To overcome the challenges of risk management within the supply base many companies mitigate supply chain interruptions and reduce risk with strategies and tactics that address supplier-centric risk at multiple stages in the relationship through a range of areas / initiatives. These include but are not limited to:
• Supplier Qualification / Requalification
• Market intelligence
• Operational Performance Data
• Health and Safety Performance Data
• Financial Stability ( example Experian, DnB etc)
• On-time Order to Payment Metrics / Collaborative DPO / DSO Management
• Visibility into potential disruptions caused by geopolitical threats, acts of nature, etc.
• Leverage Performance Management / Lessons Learned for continuous improvement
• Establish and use benchmarks for measuring supplier performance
• Create integrated realtime collaborative supplier networks for tier 1suppliers
• Creating a system for collaboration and information sharing from tier 2 suppliers
• Driving joint working development initiatives between buyer and supplier.
All these offer a great start to reducing and mitigating risk.
However that all said and done there are very few companies that have implemented initiatives that link or correlate risk mitigation within their supply base back to hard supplier performance data. What risks evolved and came to pass due to the setting of unrealistic KPI targets.
It’s no longer good enough to simply engage with your tier-one suppliers. Emphasis needs to be paid to controlling the approach taken with tier-two suppliers, ensuring that the necessary obligations for performance and risk management are managed down to the subcontractor level.
Based on a KPMG global study, fewer than 19% of companies believe they have attained a “leading practice” level of supplier risk management. There is no shortage of examples where companies suffered significant harm as a result: damage to brand and reputation, delays in launch of major new products and services, disruption of supply, regulatory penalties and environmental health and safety events, among others.
Companies often lack a comprehensive view of their third-party relationships or the impact that those suppliers can have on the organization.
Tier 2 Supplier Performance and Risk management
Likewise just as buyers need to manage the risk of their Tier 1 suppliers they need to ensure that the supplier themselves has the necessary systems and processes in place to manage their suppliers. A disruption in the tier 2 supply base brought about by a risk that could easily have been mitigated has an upward knock on effect on the Buyer. Very few buyers have the quantitative data to manage tier 2 but by working with their suppliers in tier 1 they could well share best practices and associated information that would help mitigate the risks. In Part 2 we will look at this in more depth.
Integration of Supplier Risk Data with Supplier Performance Metrics
Companies also struggle to obtain the data needed to assess supplier risk – while some data, like public company credit ratings, is readily available, data on supplier regulatory compliance, supplier integrity and supplier production capacity can be difficult to obtain. Companies also struggle to utilize the data to analyse and predict risk. Furthermore, companies rarely establish programs that go beyond monitoring. Structured risk responses are rarely planned proactively, leaving various functions to scramble to address risk reactively when it is identified. There needs to be systems and processes in place that correlate risk to KPI targets. These need to be Real-time and automated and integrated with all available information and data sources.
Part 2 and Part 3
In Part 2 we will look into more depth at how companies can develop an integrated approach for supplier risk management that focuses on both collecting risk and performance data and how to turn this into meaningful insights in setting attainable performance targets that both reduce risks and improve buyer supplier relations.
In Part 3 we will look at how Tier 2 Suppliers and Third Party Management impact on both risk management and KPI target setting.
I would love to hear other experiences of people that both struggled with implementing SUPPLIER RISK MANAGEMENT their SRM / SPM initiative and also any success stories, and advice that you can offer.
About : Daryl Fullerton
Daryl provides guidance and consultancy on the design, development and Implementation of various Supplier Performance & Relationship Management Systems for Global Oil & Gas Operators and Service Companies across Upstream, Midstream and Downstream Sectors.
Specialism’s include Supplier Performance & Relationship Management, Supplier Risk Management, Supplier Enablement, Operational Risk Management, Contract Compliance Management, Scorecards, KPI’s, P2P Process Automation, PIDX Standards, and Management Information & Reporting Systems.
He is currently Supplier Performance Relationship Management Specialist at OutPerform SRM, a management consulting firm providing advisory services for Operators and Service Companies wishing to implement Supplier Relationship, Supplier Performance, and Supplier Risk Management systems and initiatives within the Global Energy Industry.
A keen promoter and believer of the importance and focus on his ‘partnering to solve approach’ in improving Operator / Supplier Relations in 2015 Daryl was awarded the honor of “Supply Chain Pros to Know” in recognition of the leading supply chain professionals and experts worldwide.