How to Minimize Operational Risk by Managing Third-Party Suppliers: A Multi-Stage Approach

Getting a solid hold on supplier quality is not an easy task — not necessarily because of a lack of effort by either party, but instead because of the increasing challenges associated with managing them. Globalization, a dynamic regulatory environment and an increased focus on improving efficiencies and reducing costs to develop a lean manufacturing cycle are just a few of the hurdles businesses are encountering. But operational risk management isn’t a sprint, it’s a marathon that needs to be run with a holistic approach along a multi-stage path.

The challenge

As organizations begin to outsource with a more globalized supply chain, they must also learn to consider the resulting barriers such as cultural nuances, a language divide and geographical borders. Consider the implications for an American company with a Mexican manufacturing facility that works with international upstream suppliers. As an employer, the American company must consider the suppliers’ cultural approach to workplace risk, effectively communicate standards across language barriers and work within the government regulations of the geographical area. Suddenly, operational risk becomes quite complex.

But even if your business works with domestic suppliers and isn’t exposed to a global supply chain, regulatory demands — whether it be industry regulations or government occupational health and safety standards — are consistently evolving to place more emphasis on employer liability. For example, Alberta’s recently actioned Bill 30, which places increased responsibility on employers to guarantee the health and safety of their workers and worksites.

So where do businesses begin to approach operational risk in their third-party environment? Start with an all-encompassing, multi-stage approach based on four key steps:

1) Understanding the current risk

The first step to effectively managing third-party risk is to develop a deep understanding of where current risks exist and to identify where they are likely to develop in the future. A deep analysis of several factors should be examined among each of your vendors, including but not limited to their cultural awareness, performance management processes, safety manuals and procedures, employee communication and general risk awareness.

2) Establishing a strategy

Once identified, prioritize your third-party risks to direct proper focus towards the most immediate issues. Developing a risk management strategy to share across your organization will ensure that a proper structure is in place to identify, prioritize and mitigate potential issues before they can occur. Your risk management plan should inform the basis of your incident management plan for when risks escalate into real issues.

3) Encouraging a risk-aware culture

If your organization boasts a risk-aware culture, an emphasis on safety and incident mitigation will naturally trickle down during the third-party selection process. Risk awareness should start with the executive and be encouraged throughout the entire organization. With a top-down and bottom-up approach to this cultural change, your organization will naturally begin to develop control processes that enable a safe, secure work environment and ultimately, will be reflected through supplier relationships.

4) Incorporating a central database to monitor risk

Ensuring your suppliers are compliant — to both government regulations and to your organization’s site-specific safety requirements — is a critical step in the risk management process. But storing compliance data in spreadsheets is no longer an effective method. With a central compliance management tool, your organization can track critical data and information such as supplier insurance documents, asset maintenance records, incident reports, safety manuals, training certifications and so on. A centralized, technology-enabled repository allows you to track this third-party compliance data and also enables you to mitigate risks by notifying you when tickets expire, equipment requires maintenance or insurance documents become void.

How does your organization currently manage third-party risk? View our contractor risk infographic to see which of the three categories you fall under.

Contractor risk

| Infographic |