Today, Equality and appropriate conduct is a hot topic in the news and it is repeatedly surfacing across the board from Politics to the world of Entertainment, and rightly so! However, when it comes to governance, something you can’t manage equally is your suppliers and customers. Organisations don’t have the resources to treat everyone the same at this level, at least in terms of designated time or engagement; ultimately, there needs to be a way to differentiate this.

 

Current approach

Ultimately this commonly comes down to establishing and operating a Segmentation Model of which there are two standards used in Procurement – the Kraljic Matrix or Kenton Model. Both work of a two-axis calculation to force rank the customer or supplier landscape for you: the higher up they are, the closest attention and stronger the governance applied versus the lower they are applying the foundational or lite version!

The Kraljic Matrix (1983) and the variations developed over the years help management select the most appropriate purchasing strategies for different types of products and services, thereby optimising the trade-off between the amount spent and upstream risk.

Kraljic-Matrix

 

The later Kenton Supply Model (1995) and the variations developed over the years help management select the most appropriate inventory strategies for different types of products and services, thereby optimising the trade-off between usage and downstream exposure.

 

Kenton-Supply-Model

The Challenge & Gap

The Kraljic method is probably the better-known of the two, however, both are effective and it is relatively straightforward in either model to determine the spend. In this circumstance, ‘spend’ is defined by the revenue generated by a customer-supplier. 

However, it neither helps address nor determine how to exactly handle the second axis on each model. Kraljic pinpoints Risk and Kenton Exposure. In my mind, Kenton is simply re-labelling Risk, which is most likely due to my background working in Risk. Although, I do not doubt that many will debate me on this. Regardless, the main point here is how can Risk / Exposure be calculated consistently and effectively.

The Process: Closing the Gap

There are two parts to closing the gap in consistently calculating Risk / Exposure; the first part is where Inherent Risk comes into play. However, I will begin by addressing Part 2 as it is essential for understanding Part 1.

Part 2, Due Diligence 

Most, if not all, organisations will conduct a level of due diligence against a customer or supplier pre-contract. Some may even refresh this view periodically (if you are from Financial Services working in Europe or the UK you must be in the ‘some’ group due to the EBA and PRA regulations you should already be complying with).

The supplier side will usually focus on the financial solvency of a company, which largely centres around “are they likely to be able to pay us?” and “are they good payers?”, based on past performance and legal disputes. Whereas a Buyer will look to score the supplier on a basis of not only financial stability but; will they be able to fulfil the product and services that we will contract to them at an acceptable standard of expertise and in a sustainable manner; can I trust them with my data if they have access to it etc. In my opinion, all of these factors are the second step in calculating risk/exposure. Due diligence is really just a Risk Assessment exercise under the covers, which can vary in size; covering a few areas or covering lots of areas in depth. This relates to my earlier point, in that, we can’t simply apply a really rigorous Due Diligence (risk assessment) process to everyone, as we, unfortunately, lack the time. So, how do we know whether to make this a light or heavy process? Enter Part 1 – Inherent Risk.

Part 1, Calculating Inherent Risk

What’s riskier: in scenario 1, you are asked to simply get out of bed, or, in scenario 2, you are asked to climb Mount Everest. If I were to put your company through a heavy weight due diligence process in an uninformed manner for scenario 1, it would involve wasting your time by asking your company questions regarding your ability to climb, whether you have experience climbing at low oxygen etc. It sounds ridiculous when the task is only to get out of bed, right? Alternatively, in the second scenario, my due diligence questions for your company may be too light by not asking your company any questions remotely related to climbing. I know that this all sounds painfully obvious, but I have seen a lot of these scenarios in my career. The point is, that a company needs to first, rate what they believe is the level of risk that can be associated with the scenario or what you are undertaking for a customer or what the supplier is supplying you with at the time of award/selection.

The Importance Of Inherent Risk When Managing Your Customer-Supplier Relationship

Download Whitepaper

Get in touch

If you would like to know more about Inherent Risk, Risk in general or Post-contract Customer-Supplier Management, please get involved through the comments or just like, share and subscribe via the details included to ensure that you don’t miss out on any future content.

To speak to someone from the Brooklyn team about the solutions that we offer, Request a demo, or get in touch.

Related Articles
Are Vendor Dashboards a Game Changer for SRM Teams?
November 5, 2024
Productivity Strategy
Navigating Supplier Assessment
August 19, 2024
Compliance Governance Productivity