5 Key Considerations to Supplier Risk Evaluation

The Covid-19 pandemic exposed major vulnerabilities in global supply chains, causing uncertainty, shortages and long lead times. These events challenged supplier relationships, with status quo partnerships in question and under scrutiny.

The supply interruptions and long lead times for critical process supplies during the pandemic prompted supply chain professionals to de-risk their supply chains. Dual sourcing is often cited as a risk management strategy, but in the regulated bioprocess and medical device industries, this approach may be difficult or impossible. In some cases, dual sourcing may not actually reduce the risk in the supply chain due to a common weak link for the first and second source. The strength of the supply chain cannot be a binary evaluation, with dual sourcing associated with strong and sole sourcing being weak. Each supplier has their own strengths and weaknesses, which impacts assurance of supply.

How should engineers and supply chain managers evaluate the assurance of supply programs of their current or potential suppliers? This blog outlines five key areas for consideration and proposes the creation of a relative risk evaluation score based on each factor.

1.  Industry specialization and experience:

Suppliers who specialize in industries with unique requirements are generally better suited to anticipate customers’ needs and have the competency to support their customers.

  • What industry(s) are the supplier’s products and services sold primarily in?
  • How long has the supplier served the regulated industries?
  • Is the supplier active in relevant trade organizations?
  • Does the supplier follow relevant best practices, guidance and regulations?
  • Does the supplier have deep subject matter expertise for their products and services?
  • Does the supplier understand your challenges?

2.  Business continuity:

Suppliers who take business continuity seriously as a discipline are better prepared for unexpected events and have systems in place to manage crises.

  • Does the supplier have a formal business continuity management system (BCMS) and ISO 22301 accreditation?
  • Is the BCMS subject to third party review and certification?
  • What techniques does the company use to assure supply (e.g., capacity planning, forecasts, inventories, blanket orders)?
  • Does the supplier have a formal supplier scorecard / supply chain management program?
  • Does the supplier have a formal program to ensure compliance with trade regulations?

3.  Consistent quality:

Suppliers with good quality systems and cultures are better prepared to meet customer needs.

  • Does the supplier have a certified quality management system (ISO 13485 / ISO 9001)?
  • Does the supplier have quality agreements with their suppliers?
  • Does the supplier have a formal supplier audit program?
  • Does the supplier have a formal complaint management system?
  • Does the supplier have a formal controlled document management system?
  • Does the supplier maintain specifications with critical quality attributes?
  • Does the supplier have subject matter expertise in regulatory matters?

4.  Change management:

Suppliers serving regulated industries must have change management procedures as part of their quality system.

  • Does the supplier have a formal change management program and change control procedures?
  • Does the supplier have a formal change notification process?
  • Does the supplier have systems in place to identify and segregate pre-change and post-change material?
  • Does the supplier require change management / change notification for their suppliers?
  • What is the notification period for a planned change?

5.  Corporate social responsibility (CSR):

Suppliers with formal CSR programs are better positioned to avoid supply chain risks associated with legal, ethical and human rights issues.

  • Does the supplier have a formal CSR program?
  • Does the program address ethics, labor and human rights, sustainable procurement, and compliance with law?
  • Does the CSR program comply with any international standards?
  • Is the CSR program subject to third party review / certification?

Risk evaluation score model

Below is a proposed risk evaluation model to assess the relative risk of a supplier according to the responses to the questions shown above. It allows the user to rank the relative importance of the five key considerations as well as the supplier’s performance against those considerations.

Below are examples of scoring for each consideration. Documenting the criteria for each score will drive consistency in risk assessments and allow for the comparison of the relative risk of suppliers.

Examples of relative importance for purchased goods or services:

Examples of relative risk score for each key consideration:

You can reduce risk in your supply chains by first evaluating your own needs and then the key elements of your suppliers’ assurance of supply strategy. Then, supply chain professionals can focus their efforts on the highest risk items and suppliers in the supply chain. By incorporating a risk evaluation during supplier selection, you can build a more robust supply chain with fewer hidden risks.