Vital Links: Supplier Risk Monitoring

March 15, 2011
Organizations which adopt and implement a comprehensive supplier risk monitoring program will have visibility into a broad spectrum of overall supplier risk factors, not just compliance.
Life Science companies face an incredible range of risks in their business environment. Risks for both emerging and mature companies can be categorized into four primary risks types ranging from drug candidate development through commercial and lifecycle management. 

In recent years, Life Science companies have faced increased scrutiny on quality and operational risks, in particular supply chain risk management. Headlines are filled with examples of failures caused by ineffective management of these risks. In 2010, two major events highlighted the criticality of effective supply chain risk management. In May, headlines were filled with the theft of prescription drugs from a Connecticut warehouse. In a coordinated attack during the cover of night, thieves disabled a burglar alarm in the warehouse and carted away dozens of pallets loaded with antidepressants and anti-psychotic drugs. 

In April, the Icelandic volcano eruption wreaked havoc on passenger airline travel and trade across Europe. Many Life Science companies were unprepared to handle the closure of major airports across Europe and were left scrambling to develop alternative transportation and shipping methods. In response, organizations needed to quickly develop and implement contingency plans to mitigate compliance risks, minimize financial impact and continue operations. Overall, quick and coordinated responses helped minimize the potential impact of this natural disaster, but longer disruptions, in some case only a matter of weeks, would have had significant impacts on operations. These events clearly highlighted how fragile today’s life science’s supply chains are.  

Emergence of Virtual Supply Chains
The risks noted above are amplified in organizations with virtual operations. Outsourced supply chain operations have become a central part of many Life Science companies’ operational strategies. Today, many organizations are opting to outsource non-core competencies like distribution and logistics to specialized service providers. Additionally, the emergence of India and China as adequate suppliers of raw materials and critical drug product intermediates (e.g. Drug Substance or API) has accelerated the global sourcing trend. Virtual supply chains have proven to be an effective manner to build infrastructure quickly, lower operating costs and increase profits. This trend will certainly continue in the future.

Despite the advantages of virtual supply chains, there are inherent dangers associated with them that are driving the need to better manage suppliers, most notably:

•    Heightened regulatory focus (e.g. ICH Q9) on managing risk—both internally and externally with partners/suppliers
•    Life Science organizations are ultimately responsible for quality and regulatory compliance of their products
•    Uniqueness of materials that may limit supplier options
•    Global economic crisis impacting supplier solvency or ability to obtain credit/financing
•    Suppliers lacking established risk management programs or tools to mitigate risks within their supply network

With the stakes increasing every day, Life Science organizations must become effective managers of the risks inherent in their outsourced supply chains.

Current Approach to Supplier Risk Management
In response to the virtualization of supply chains, many Life Science organizations have developed supplier audit programs as a means to qualify or monitor ongoing supplier compliance. These programs have defined procedures that are typically executed by quality or procurement personnel and are geared towards uncovering compliance risks. In many instances, these programs are very effective in performing their intended purpose, which is determining compliance risks. However, typical supplier audit programs fall short in providing indications of the overall health and viability of a supplier and have inherent downfalls, most prominently:

  • Narrow focus results in an incomplete assessment of overall supplier risk—lack of visibility into supplier’s business, operational and financial risks
  • Reactive risk management approach—events or incident as triggers to perform supplier audits vs. continuous monitoring to pro-actively identifying risks before occurrence 
  • Processes and tools for assessing and prioritizing risk typically being subjective—non-programmatic or standardized approach to customizing and applying risks management tools within Life Sciences
Most often, organizations lack other methods or tools to effectively manage supplier risks. However, in order to meet the demands of today’s business environment, organizations must adopt a more holistic view and begin to change their approach on how supplier risks are assessed and managed.  
Innovative Approach to Monitoring Supplier RiskEffective supplier risk management is facilitated by a few key elements. First, effective supplier audits must go beyond simply quality and regulatory compliance focus.  A holistic view of evaluating and monitoring supplier risks should include compliance risks but also must assess financial health and viability, operational performance and risk, and industry and business performance of key suppliers. These four key main risk elements will provide organizations with a more comprehensive view of supplier risk.  Second, monitoring of key suppliers must be continuous. The pace of today’s business environment organizations to understand and assess risks real time. Consolidation within the industry is happening on a daily basis, supplier operations are moving to lower cost centers overseas and new regulations are introduced. By waiting for bi-annual or annual visits to identify supplier risks, organizations increase the risk of disrupted operations and compliance violations.  Thirdly, regulatory agencies are actively encouraging organizations to apply established risk management tools within Life Sciences operations. First introduced within quality and manufacturing operations with the advent of ICH Q9, application of these tools within supply chains has been shown to be extremely helpful in identifying, assessing and managing risks at key suppliers. For example, Failure Mode and Effects Analysis (FMEA) can be effect in understanding vulnerabilities in a key suppliers own supply chain or key business processes. Risks prioritization matrices ensure high-priority supplier risks are highlighted for immediate action.  
Lastly, and surprising often overlooked, high priority risks, once identified, must be addressed immediately. Defined solution recommendations and action plans must be developed quickly in order to maintain momentum and provide direction to suppliers or project teams. Time sensitive or high priority risks should be addressed in the first implementation wave. Lower priority risks can be addressed during subsequent waves. Repeatedly, agency inspections uncover situations where Life Science organizations knew of supplier risks months or even years ago, but no actions were taken to address or mitigate these risks following the initial audit.  Leading Life Science companies looking to move from reactive risk management to a more proactive approach should consider integrating these key success elements into their supplier risk management program.   Implementing Supplier Risk Monitoring ProgramsLife Science organizations should adopt a holistic, phased approach to assessing and monitoring key supplier risks.  Phase I: PrioritizationWhen establishing a supplier risk monitoring program, organizations should look to prioritize the suppliers included in the program. If organizations tried to monitor all suppliers across different risk areas, supply chain managers would be overburdened with the sheer volume of information. 
A reasonable approach is to perform an initial risk assessment to determine the risk profile of the supply chain and which suppliers would be good candidates for inclusion in the monitoring program. Additionally, the initial risk assessment should also determine which risk dimensions to monitor. For instance, a U.S. based supplier with class leading revenue, may not require financial health risk monitoring. But if this supplier has a history of quality violations or incidents, monitoring this supplier for compliance risks may be more appropriate. On the other hand, if a supplier is smaller and with only a handful of customers, monitoring financial health would be appropriate given the higher risk of bankruptcy. Once the key suppliers and risk areas have been defined, organizations can now begin to identify information sources.In today’s age, information is readily available and accessible. Search engines can rapidly collect information on key suppliers. In reality, mining through all this information is time consuming and inefficient. A more effective approach would be the utilization of specialized business information services. Corporations have emerged to provide organization with specialized information ranging from quality and regulatory developments to bankruptcy risks of domestic and global suppliers. As part of phase I, organizations should look to identify their information requirements and map them to the various specialized business information providers.  
Phase II: Continuous Monitoring and AnalysisThe changing business and regulatory landscape increasingly requires organizations to proactively identify supplier risks.  To do this requires continuous monitoring of key suppliers. The program defined in Phase I is not a one-time event, it’s most effective if risk information is continuously collected and assessed. In fact, information from the specialized business information providers will be coming in on a continuous basis, thus the frequency of assessment must match that as well. To alleviate the burden of continuous assessment, there are many well established risk management tools, that when applied properly, can quickly assess risks and support the development of targeted solutions.  Phase III: Information Aggregation and ReportingOne of the key challenges associated with collecting large amounts of information on a continuous basis is aggregating the information in a clear and succinct manner. Information will be coming in from various news sources at different times and frequency. This requires organizations to establish processes and supporting IT infrastructures to collect and manage supplier risk information. One innovative approach to information management is the utilization of shared portals as a central repository of supplier information. Supply managers can simply log-in to access and view up-to-minute information relating to key suppliers. Additionally, these portals can be customized to display dashboards, risk indices and other key supplier information. Detailed risk reports can also be integrated to the shared portal for easy access and viewing. Also, with the availability of email on mobile phones, updates can be shared instantly. Depending on the severity of the risk, immediate action may be required and notifications via mobile phones can be an effective communication channel to ensure high priority risks get addressed quickly. Overall, these are just a few ways organizations can leverage technology to support their supplier risk monitoring program.    Benefits of Supplier Risk MonitoringEstablishing a supplier risk monitoring program, like the one described above, requires organizational commitment, resource investment and a change in mindset. Many organizations believe their current approach for auditing suppliers, with its narrow focus on compliance risk factors, is an effective method for managing supplier risk. In reality, they are only managing a fraction of overall supplier risks. Benefits realized by implementing a supplier risk monitoring program include: •    Provides organizations with critical information necessary to effectively assess overall supplier risk•    Pro-actively mitigates emerging supplier issues and risks•    Shift organization mind set from reaction to prevention and mitigation•    Prevents supply disruptions and subsequent negative media coverage•    Enables organizations to comply with the risk management principles of ICH Q9SummaryAs organizations continue to rely on partners for critical supplies or services, they take on increased levels of risks. Additionally, with the greater regulatory emphasis on supply chain risk management, Life Science must now adapt to this new environment and establish the capability to manage risks outside of their control. Organizations which adopt and implement a comprehensive supplier risk monitoring program will have visibility into a broad spectrum of overall supplier risk factors, not just compliance and will ensure they are able to continuously supply patients with their life saving therapies.   
About the Author

Scott Chizzo | President & Chief Consultant