top of page
  • Writer's picturePaul O'Farrell

How to reduce risk with a supplier right from the start.

Updated: Nov 15, 2023

Supply-base transparency can be hard to achieve. In global supply chains, hundreds or even thousands of suppliers may contribute to the production of a single product. Identifying the full set of suppliers from the early raw-material sources, to a finished product, can require a significant time investment.

Your suppliers may consider their own supply chains and processes to be proprietary, they can limit visibility to you the purchaser. This can all be further complicated by the presence of a intermediary or agent. This lack of transparency with your supplier presents risk, so having a robust process of identification and qualification sets an early mandate with your suppliers to establish a set of risk management processes that both the buyer and seller participate in and that lack of participation is a risk in itself.

We suggest right from the start, in supplier identification processes to have a clear idea of 'what good looks like' in terms of a supplier and then translate this into an actual search criteria. We can help you here with a search engine developed specifically for searching for quality suppliers in the pharma and healthcare sector.

This for example allows you to combine both technical and regulatory requirements along with location (see graphic below)

Once you have identified a suitable company or a number of companies that could possibly supply, then have a common process and set of data that you collect on a prospective supplier. Having a supplier engage in this process of data collection and support you in building a profile on them is key in the eventual risk management process. Do they become involved in the initial registration process?, do they volunteer basic information on themselves? or engage in longer term up-dating of the profile? All can be indicators of their commitment to become a value supplier to your company.

Below is an example of a standardised registration process, on-boarding, for a supplier along with a wide range of data, providing useful and verifiable information on the company.

We suggest organisations begin to tackle issues in a structured way, putting in place processing supported by digital tools in supplier qualification and addressing identified known risks. while improving the organisation's resilience for the inevitable unknown risk that becomes a problem in the future.

Organisations should invest time with a cross-functional team to catalogue a full scope of risks they face. Building a risk-management framework, that determines which metrics are appropriate for measuring risks and “what good looks like” for each metric, and how to rigorously track and monitor these metrics. This team can also identify grey areas where risks are hard to understand or define (e.g parts of the supply chain where no visibility exists).

Below is a graphic showing our 'My Companies' application allowing you to score, tier and manage on-line activities with your key suppliers.

Organisations can use a combination of structured problem solving and digital tools to effectively manage their known-risk portfolio through four steps:

Step 1: Identify and document risks. A typical approach for risk identification is to map out and assess the value chains of all major products. Each point of the supply chain—suppliers, plants, warehouses, and transport routes. Risks are entered on a risk register and tracked rigorously on an ongoing basis. In this step, parts of the supply chain where no data exist and further investigation is required should also be recorded.

Step 2: Build a supply-chain risk-management framework Every risk in the register should be scored based on three dimensions to build an integrated risk management framework including the impact on the organisation if the risk materialises also the probability of the risk materialising, and the organisation's preparedness to deal with that specific risk. Weightings are applied on the risk scores reflecting the organisation's risk appetite. It is critical to use a consistent scoring methodology to assess all risks. This allows for prioritising to identify the highest-risk products and supply-chain points/nodes with the greatest failure potential.

The use of questionnaires either at the very start or throughout the relationship with a supplier can be very important to gather information and identify risk. They can form a pillar of the over-all process of contanting monitoring and checking on overall risk or specific (maybe new) requirements in a supplier relationship. It is an advantage to have a standard set of questionnaires used by your team over all suppliers so that it does standardise the collection of data and therefore the identification and mitigation of risk can fform part of a process and method.

Step 3: Monitor risk once a risk-management framework is established, persistent monitoring is one of the critical success factors in identifying risks that may damage an organisation. Set tasks (with both internal and external stakeholders) resulting from the identified risks. Score the tasks and have them included in the overall risk factor. Both suppliers and a buyer are then part of the process, by completing tasks successfully, in reducing risk scores.The recent emergence of digital tools has made this possible for most supply chains to identify and track the leading indicators of risk.

For example, a large organisation operating in a regulated industry identified 25 leading indicators of quality issues at its plants and contract manufacturers, ranging from structural drivers including geographical location and number of years in operation to operational performance metrics, such as “right first me” and deviation cycle times. These 25 indicators were carefully weighted to develop a quality risk-exposure score, and then tracked on a regular cadence.

Successful monitoring systems are customised to an organisation's needs, incorporation impact, likelihood, and preparedness perspectives. Hence, while one organisation may track deviations on manufacturing lines to predict quality issues, another may follow real-time Caribbean weather reports to monitor hurricane risk at its plants in Puerto Rico. Regardless, it is critical to have an early warning system to track top risks to maximise the chances of mitigation, or at the very least timing, the impact from their occurrence.

Step 4: Institute governance and regular review The final critical step is to set up a robust governance mechanism to periodically review supply chain risks and define mitigating actions, improving the resilience and agility of the supply chain.

Having a system for a manager to view across all users and stakeholders what risks they have identified and associated mitigating tasks and scores. There should be no silos or lack of transparency either internally or with suppliers, it becomes a risk in itself you you measure lack of openness and sharing of data from your supplier.

Building a risk-aware culture helps an organisation both establish and maintain strong defensive layers against unknown risks. Management and employees need to feel empowered to pass on bad news and lessons from mistakes. This openness fosters an environment where it is okay to voice and deal with issues. Culturally, it is critical that the organisation not get discouraged or point fingers when a risk event occurs, and instead works harmoniously towards a rapid resolution's. Transparency.

Leaders must clearly define and communicate an organisation's risk tolerance. Risk mitigation has an associated incremental cost, and so it is important to align on which risks need to be mitigated and which can be borne by the organisation. An organisation's culture should also allow for warning signs of both internal and external risks to be openly shared. Employees need to be empowered to perceive and react rapidly to external change. This can be enabled by creating an ownership environment, where members feel responsible for outcome of actions and decisions. Employees’ risk appetites should be aligned with an organisation, so that individuals or groups do not take risks or actions that benefit themselves but harm the broader organisation.

For further information on our digital tools and application to support you in the identification of risk and management of suppliers and technical partners in the pharma and healthcare sector, please have a look at and or contact me at

21 views0 comments


bottom of page