Look Beyond First-Tier Suppliers to See Your Real Risks


We need to think of our suppliers’ suppliers as our suppliers. A bit of a tongue-twister, but nonetheless an important concept.

If we only concern ourselves with the first tier of suppliers our risk management will be largely ineffective. Indeed, we need to recalibrate our thinking about supply chain risk and resilience.

Recent trend research by McKinsey & Co highlights another major part of the problem in identifying that, ‘efforts to strengthen and diversify supply chains have generally been hit or miss rather than systematic.’

So, how do we move away from an approach that is at once too shallow and too ad hoc?


Think in terms of the entire network rather than supplier tiers

First, we need to take a network view of supply risk. When we look at the entire network that constitutes our business, we better understand how we might be exposed, beyond those first-tier direct relationships. This perspective means that we are more inclined to make decisions about our overall exposure rather than just thinking in terms of relationships that we might have influence over.

The network perspective allows us to see a series of third parties that can expose us to risk. These might be related to logistics, such as freight carriers and ports, or they might be foreign governments, civil unrest in key locations, non-state actors such as organised crime, including cybercriminals, or even pirates and terrorists. As much as we would like to believe in a stable, orderly world, the reality is very different.

Related to the above point, your first-tier suppliers will often be in the same country as you. So, if you only assess first-tier suppliers, the risks will appear lower than what they actually are. Your suppliers’ suppliers are likely to have a different risk profile and can easily be the weak link that, if broken, will critically harm your business.

Mapping your supply network is the first and most important task to perform if the risks are to be addressed. With limited resources to apply, you must understand exactly where risk is being generated.

In turn, you will make a more accurate assessment of how material the risks are, and you will be in a more informed position to consider what can be done. This much more systematic approach gets you away from the dangers of the ad hoc approach McKinsey & Co talk about.


Don’t let contracts distract you

Network thinking also gets you away from believing that risk can be managed through the contractual relationship with your first-tier suppliers. Placing contractual requirements on a supplier to manage supply risk has been proven over and over again to be ineffective. As much as legal minds might argue for this approach, it must be tempered with the realities the network analysis will reveal. 

By contrast to a contractual approach, when we work with clients to systematically identify supply nodes within their network that have a high risk of failure, we can implement discreet and highly targeted mitigation measures that substantially reduce risk and do so at the fraction of the cost more generalised or ad hoc approaches.