Suicide by supplier

Early stage businesses are increasingly too dependent on a single customer or supplier. The shortage of equity funding has increased this dependence, and with it comes a real risk. Larger businesses are no different as they may be using new technology either through outsourcing, or on development activities, often with the help of early stage businesses.

It is too soon to say how the ongoing saga of BP’s Deepwater Horizon disaster will end. It is possible however that it could be the latest, and largest, case of suicide by supplier given that sub-contractors supplied and operated both the oil rig and its key equipment. Other notable cases from this year include Globespan, the airline forced into administration when its payment card processing agent first delayed settlement of monies owed and then themselves went into administration.

The risk of suicide by supplier looms large in the technology sector as few industries make such sweeping use of outsourced services. It is not unusual for the greater part of development to be outsourced entirely, but even where this is not the case there are still critical components in the supply chain. For example, telecoms network providers are completely interdependent on each other for the ability to offer seamless global networks, through to organisations being reliant on data storage providers to look after their data and information effectively and securely.

There are six questions a business should be able to answer when it commits its fortunes to the hands of a supplier.

1. Does the supplier have the capital strength to survive a severe downturn or shock? This is a dynamic challenge as conditions change. Nevertheless, all organisations that form key parts of the supply chain need to be assessed and evaluated as financially viable far more frequently than has been the case historically.

2. Do you know the key vulnerabilities in your supply chain? Many businesses have spent time thinking about the possibility of a supplier suffering a major operational incident. Often what is not understood is the risk should a supplier to your supplier fail. That scenario is at least as likely and potentially as damaging.

3. What is the back-up plan if a key supplier goes down, and is that plan viable? Prudent organisations have crisis management protocols and plans, which are tested to ensure they work. Consider a major incident where a supplier’s service is not available. It is critical that you know not only what you would do in such circumstances, but who would do it and how this would impact on your business and customers.

4. What risks are posed by the change initiatives your supplier adopts? Changes are usually presented as supporting service improvement; many are really about cost reduction. Suppliers will sell their clients on the positives, but you need to focus on the negatives and how they are managed to protect the service you receive.

5. Can you rely on the information and service reporting you receive? The reliability of reporting by external suppliers is dependent on data quality, calculation methodologies, assumptions and even the graphical choices used to present the information. Disraeli coined the phrase "lies, damn lies and statistics". Businesses need to know the key information they receive from suppliers is presenting the truth.

6. How safe is the data of your business and what is your exposure to financial crime? In the current environment, financial services organisations will be more susceptible to fraud and technology intrusion because more people will be trying to commit fraud. Considered alongside supplier cost savings, which often fall heavily on ‘peripheral’ control activities, this concern increases.

Answering these questions and understanding your true exposure to supplier risk is a huge challenge. The traditional model that many businesses employ is to delegate much of their assurance over risk to the same suppliers who provide them with their core services. So control reports, when available, have content and coverage specified by your supplier rather than you. It is hard to see how this approach can answer the demands of reasonable due diligence, not while such a clear conflict of interest exists between the needs of the buyer and the self-interest of its suppliers.

Kingston Smith’s business protection consultant, David Morrey, is ideally placed to help businesses review the activities of their key suppliers, reporting back on the quality of risk management and controls assurance. This may be through a risk management health check, or by deep dive reviews of the service or of particular areas of concern. Call him on 020 7566 4000 if you would like to discuss this further.

To find out more about the services offered by Kingston Smith’s Technology Team please click here