The following is an excerpt from the Interos book, “The Resilience Operations Center: A New Framework for Supply Chain Risk Management.” Download the ebook or request a print copy here.
Operational Resilience and Determining Supplier Inventory
Having identified risks and assets, and with a clear understanding of the challenges and success factors to creating a Resilience Operations Center (ROC), the next important phase is determining your supplier inventory. Here are some important questions to answer:
- What is the scope of your supply chain risk management (SCRM) program? Organization wide, including all affiliate companies? Limited to a specific business unit? Something else?
- Do you have an inventory, and if so, how do you know that it is complete and includes your extended supply chain?
- Do you know who your critical suppliers are and who their critical suppliers are?
- Is there a database where supply chain inventory information is stored and managed? Or are there multiple databases where this information resides? Is the database automated or manual (Excel spreadsheet)?
- What organization and supplier information do you collect as part of the new supplier onboarding process?
- Do you categorize your suppliers into risk domains based on the products or services they are providing to your organization or, alternatively, on the functionality provided or information that you shared with them? What role does your information classification scheme play in this process?
- Which lines of business in your organization have been granted exclusions from your standard procurement process (and may not have been included in the overall supplier inventory)? Does documentation exist for any exceptions that have been made?
- How is the supply chain inventory kept up to date to maintain the confidentiality, integrity, and availability of your organization’s key products or services, business processes, and information?
- How can you use the available information to achieve quick wins to build program momentum with management and your board of directors?
If you do not know the services or products that are provided by your existing suppliers, then a review of how your suppliers are onboarded and what information is captured upfront is an important place to start.
Supplier Inventory Building: Automated Discovery Versus Manual Survey
The manual survey methods for building your organization’s inventory likely have gaps or inaccuracies, given that they are based on reporting of supplier relationships by individuals. What if there was a more objective way to discover, evaluate, build, and continuously verify your supply chain inventory?
Emerging automated tools and platforms, ones that leverage multi-tier, multi-factor, and continuous inventory discovery processes, demonstrate this possibility. These tools can use a variety of artificial intelligence technologies and include machine learning and natural language processing. This makes it possible to fill in important gaps, remove overlaps, and resolve conflicts in supplier and subcontractor inventory tiers, while continuously validating and adding to your existing supplier inventory.
These tools provide actionable insights into and alerts of the risks introduced to your supply chain. They continuously monitor changes in supplier relationships and associated risk factors. Machine learning can be used to discern relationships from public, commercial, and private sources of data that are not obvious in investor/ownership, board membership, and subcontractor relationships, to name a few. Machine learning can also be used to build out more robust risk information; for example, identifying ripple effects of geographic events. Natural language processing can immediately identify and alert you to negative information about suppliers in public news feeds, allowing for a proactive response before the news negatively impacts your organization.
Automated tools now exist with the ability to create and maintain a single source of truth for supplier risk, covering financial, operations, geographic, cyber, regulatory, geopolitical, and environmental/social/governance (ESG) risks. Such tools allow centralization of your organization’s aggregated supplier risk posture and can drive key operational risk mitigation and trends in your organization’s risk reporting.
What Supplier Inventory Information Do I Need to Get Started?
In order to leverage this opportunity effectively and efficiently, your organization would need a minimum amount of information regarding your suppliers. Otherwise, the high volume of data returned by these automated tools could overwhelm you. This baseline information includes:
- Supplier name
- Location of product or service being provided
- Relevant URLs and internet hosting details
- Critical software development organizations involved
- Names of commercial products being used or deployed
- Additional specific data, depending on defined individual use cases
Spending time upfront to carefully define use cases (for example, starting with new supplier onboarding) can help you discover supply chain relationships that you were unaware of and that may pose unacceptable risks that need to be addressed prior to contract signing. Being aware of the constant, rapidly evolving nature of SCRM through increased use of these automated tools, along with a clear understanding of and plan for integrating these tools into your organization’s existing operating processes, are important success criteria for SCRM risk management. Their contribution to maintaining operational resilience is a game changer in the rapidly evolving SCRM landscape.
Lay the Groundwork for a Resilience Operations Center
The Resilience Operations Center book goes into more detail on these and other topics, including aligning a business operating model with strategic risk management objectives, identifying your risk management program’s maturity level, and defining key ROC governance processes. Get a copy of the book here and put your supply chain and your organization on the road to operational resilience.