Share with your friends

Growing your bottom line through supplier risk management

Grow your bottom line through supplier risk management

In KPMG's Global CEO Outlook Survey 2018, 72 percent of Australian CEOs said that the only way for their organisation to achieve greater agility was to increase the use of third-party partnerships. This interconnectedness means that effective supplier risk management is more critical than ever.


Also on

View of people at the top of a rollercoaster

The organisations that will succeed in today’s highly connected environment are those that create value through the extended supply chain. However, this involves taking advantage of the upsides, while mitigating the potential risks.

Supplier risk management can be challenging, largely due to:

  1. Market complexity: Supply chains involve a large number of third parties (and fourth and fifth parties); multiple delivery locations with diverse terms and conditions; and increased industry regulation, legislation and compliance requirements.
  2. Capacity: Third party governance groups can lack the capacity to deal with complexity and volume of relationships; the focus is usually on the largest third parties by spend; and there can be failure by organisations to sufficiently monitor internal and third party obligations.
  3. Performance: There is a requirement to handle large volumes of often unstructured data to monitor third party performance; and unstructured and fragmented teams can be poorly supported through technology.
  4. Risk: There can be a limited understanding of organisational risk exposure through third party relationships; and new types of activities are being outsourced, creating new levels of risk and required value.

Managing these challenges can have some consequences on a business. These include:

  • Customers: Disruption to service and supply can lead to lower customer satisfaction scores.
  • Reputation (license to operate): Scandals from suppliers are multiplied with the power of social media.
  • Financial: The need to raise the cost of products and services supplied leading to lower profit margins or sales revenue and ultimately share prices.
  • Regulatory: Additional regulation or penalties imposed from regulators for breaches.
  • Cyber and data: A potential loss of customer data and intellectual property.
  • Suppliers: Potential loss of opportunities with suppliers to develop strategic partnerships.

These consequences do not happen in isolation, and when multiplied can have catastrophic implications. These issues are not new and affect multiple industries.

Risks to manage

KPMG's Global CEO Outlook Survey 2018 showed that 74 percent of Australian CEOs have reconsidered an external partnership because the third party (amongst other things) did not fit in well with their organisation’s culture. However, they intend to keep working with third parties, with our survey showing the following priorities for the next 2 to 3 years:

  • partnering with third party cloud technology providers
  • partnering with third party data providers
  • collaborating with innovative startups.

There are a number of well documented supply chain disasters that have impacted major organisations in recent years. For example, Ticketmaster identifying malicious software on connected third-party software that compromised the privacy of its customers; Nestle facing issues with modern slavery in its supply chain; or Apple dealing with manufacturing issues that meant its ‘AirPod’ product deliveries were delayed by months.

To prevent supply chain risk, there are a number of areas of the extended value chain that need to be effectively managed. These include:

  • Environmental and social: Sustainable and ethical sourcing (i.e. modern slavery).
  • Disruption: Technology, cyber, privacy, data, cloud and business continuity.
  • Governance: Supplier performance, operational, regulatory, licensing, compliance and fraud.
  • Financial: Credit rating and counter-party, financial crime, and anti-monetary laundering.
  • Legal: Liability and indemnity.
  • Geographic: Country threats, international regulatory obligations.

Without managing these areas, supply chain risk can damage an organisation’s reputation, license to operate, and its financial viability.

Assessing the comprehensive suite of supplier risks appropriately and consistently can result in a number of common pain points including:

  • inconsistent risk ratings which fail to identify the risk
  • ineffective teams through duplication of effort leading to varying outcomes
  • highly manual processes through the lack of tools and technology enablers
  • lack of business ownership and supplier engagement to effectively manage the risks
  • reactive approach to managing supplier risk impacts.

Getting started on risk management

In KPMG's experience, organisations will typically go through a 'build', 'control', 'anticipate' approach to managing supplier risk, depending on the maturity of their ecosystem. Elements to start working on include:

  • Assessing risks throughout the supplier lifecycle to provide a holistic, end-to-end view.
  • A clearly defined and integrated operating model (procurement, third party risk and business).
  • Simplifying and standardising third party risk management processes including risk assessments, and automating where possible to reduce subjectivity.
  • A clearly defined risk appetite statement and associated policies.
  • Centralising supplier risk information to provide deeper and interconnected exposures.
  • Ongoing communication, engagement and training of the business and supplier risk teams to manage risk.
  • Utilisation of a managed service to bring in experience and technology.

For organisations that are further on the third party risk management journey, more comprehensive steps include:

  •  Aggregating supplier data into one centralised workflow system, and collating supplier data from multiple sources to provide a single source of truth linked to analytics and procurement platforms.
  • Implementing tools to continuously monitor suppliers through a structured program to reassess the suitability of suppliers to respond to changes in the market.
  • Establishing an integrated supplier governance structure, setting objectives that will help align the supply chain strategy with the overall company strategy.
  • Building the supplier relationship, and developing a proactive risk mitigation strategy in a collaborative environment with suppliers.
  • Industry participation to ensure the suppliers (performing the same services for multiple organisations) are asked the risk assessment questions just once to reduce the time and effort involved.

Future trends

Third party collaboration is not only here to stay, but will continue to grow. In future, supply chains will be powered by sophisticated algorithms, simulations and predictive analytics which will include:

  • 24/7 control monitoring – Real-time control monitoring with automated procedures can instantly detect and flag where and when controls have broken in a supply chain.
  • Artificial intelligence and predictive analysis of potential disruptions – Analysis can be conducted on historical data to identify patterns in the supply chain and enable a proactive mitigation plan.
  • Smart contracts – These are developed using Blockchain technology and can be used to safely agree a contract between two parties.

New legislation such as the modern slavery act, the focus on anti-money laundering, and anti-bribery and corruption will have a large part to play. Disruption through external parties will need to be closely monitored to achieve a competitive advantage.

Without focusing on risk, an organisation could face issues with credibility, license to operate and financial viability. Supplier relationships are vital to ensure organisations remain competitive, but need to be proactively managed across the supplier lifecycle to achieve sustainable outcomes for all involved.

©2021 KPMG, an Australian partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organisation.

Liability limited by a scheme approved under Professional Standards Legislation.

For more detail about the structure of the KPMG global organisation please visit

Connect with us


Want to do business with KPMG?


loading image Request for proposal

Save, Curate and Share

Save what resonates, curate a library of information, and share content with your network of contacts.

Sign up today