4 Steps To Effective Vendor Risk Management

(0) Great Not so great (0) You need to Login or Sign up to vote

Vendor risk management is a key function of Procurement and Supply Chain. Some companies have dedicated teams to track and manage vendor risk.

A official definition is that  "It is  implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity".

Potential benefits of Proactive Risk management is

Now, whether Procurement should track vendor risk or there should be separate Vendor Management Office managing that, is a topic for another day. If you are getting started with risk management practice, then follow these four steps to organize the risk management process

  1. Define Vendor Risk Categories

  2. Identify key Suppliers

  3. Process to track Vendor Risk

  4. Risk Mitigation Strategy

Let’s look at each one of them

1. Define Vendor Risk Categories

All risks are not equal, what is important to your supply chain might be very different as compared to another company in another industry. Start with identifying what risk categories are important for your business . Here are some example of vendor risk categories

Delivery Risk: This is a measure of whether the supplier is at risk of not able to supply good or services. Some of the key drivers for tracking risk in this category are

Financial Risk: As the name suggests, this is a measure of vendor’s financial stability and its ability to stay solvent. Some of the key drivers for tracking risk in this category are

Reputation Risk: This is measure of risk to the reputation of the company. Some of the key drivers for tracking risk in this category are

Quality Risk: This is a measure of product or service quality risk.Some of the key drivers for tracking risk in this category are

Use the above parameters to come up with a balanced scorecard. You can have a generic scorecard or you can create category specific scorecards to meet the requirements for that category.

2. Identify Key Suppliers


Does it make sense to track risk for all suppliers? probably not and there is a diminishing returns with the increased number anyways. So the second step is to identify the key suppliers for which you want to track risk.

There are lot of supplier segmentations approach. If you have one, that’s great. if not, here is a simple approach to identify key suppliers for which you should be tracking supplier risk.

Above are some of the examples, but you get the idea.

3. Tracking Supplier Risk

When it comes to tracking risk, you need to clearly define the following

Tracking Risk: Once you have identified the risk categories, break it down into specific measures or Key Performance indicators. Some examples

This is not a comprehensive list by any means, but some ideas on how to get started with defining KPI’s.

Once you are done defining the specific KPI’s for various risk categories, Identify and define how you are going to gather data to track vendor risk. Some things to consider

4. Risk Mitigation Strategy

The fourth and last step in you Vendor Risk management strategy is to define a risk mitigation plan. Some risks have high probability and some have low probability, that could be used for prioritizing risks for defining a mitigation plan.

For example, for delivery risk, a short term mitigation strategy is to carry additional inventory. Other measures could include frequent site visits to ensure better quality.

When it comes to investments in Vendor risk management, try to find a right balance of risk and reward.

For more topics on Vendor risk management, follow the link below

Go to the link