This guest blog comes to us from Josh Angert of Vendor Centric.
Procurement and Supply Management professionals are tasked with managing a number of third-party relationships. Naturally, this means keeping abreast of risk factors to keep the business secure and maintain effective operations. Reputational, financial, and operational risks are just a few of the potential hazards you'll want to watch out for. One area of risk, however, is often overlooked - third-party concentration risk.
What is third-party concentration risk? There are a number of ways to answer that question. Let's start by looking at some of the tell-tale signs.
1. Over-reliance on a single vendor for critical services
Identifying a vendor you can trust takes time. That's why it's so great to find one, especially when they've got the resources and insights to provide more than one service. Remember, however, that relying on one vendor for all, or most, of your essential functions presents a number of risks. Consider these two scenarios:
- Imagine your organizations uses a vendor for two critical services and a sudden data breach impacts its ability to offer one. Do you continue leveraging the vendor for the other service?
- Imagine a vendor provides several critical services to your organization and suddenly goes out of business? How will this impact your organization?
2. Fourth-Party Concentration
Getting to know all of your organization's third-parties is typically a challenge on its own. It's doubly challenging to engage with your vendor's vendors (your fourth parties). Even if you've done a good job of building a diverse supply base, you can still face concentration risks. What if your suppliers are leveraging the same supplier for their critical functions? In these instances, an impact to one of your fourth parties could have ripple effects for your third parties.
Generally, it's a good idea to build relationships with your fourth parties. Making the effort could uncover a number of hidden risks. Vendors might, for example, outsource their efforts to a fourth party or share confidential information with them. Don't let your visibility into the supply chain end with third-party relationships.
3. Staying Too Local
This risk depends on your industry and the type of work you do. Typically, however, no organization will want all of its vendors to be located close by. What if, for example, a severe weather event affected your geographic region. This will prove all the more costly if it effects your organization and a majority of its suppliers.
The key to identifying concentration risks (of any sort) is documentation. At all times, you need to know who your vendors are, where they are, what they provide, and what relationships they maintain with fourth parties. That's why you need a dedicated approach to strategically managing your vendor relationships. Once you've identified risk, you've got to have contingency and continuity plans to ensure risk management and value generation.