Measuring a supplier’s adherence to contractual service levels is at the core of supplier performance management. Yet, while every organization tracks key performance indicators (KPIs) on some level, this data is rarely correlated with key risk indicators (KRIs) because many organizations track a supplier’s physical risks and digital risks separately.
Considering the potential of a business disruption resulting from recent economic-related supplier instability, now is the time to look across the organization, define a common set of supplier KPIs and KRIs, and unify reporting and monitoring for a more comprehensive view of supplier performance.
Four Tips to Unify Teams Around a Common Set of KPIs and KRIs
Each department involved in managing an aspect of a supplier relationship will have its own set of KPIs and KRIs to measure. For instance, engineering teams may focus on a supplier’s ability to meet technical specifications; procurement on their business viability; IT security on controls to protect sensitive systems and data; and compliance on reporting and regulatory audits. What results are silos — each team focused on their risks and performance measures, with no centralized oversight into the supplier. To avoid silos and to present a unified view of a supplier’s performance, here are four practical tips for rallying multiple internal teams around a consistent set of performance and risk metrics:
1. Create a single source of the truth. Each supplier relationship should have clearly defined and documented objectives and goals from the beginning, and that means all relevant internal teams should be stakeholders during contract negotiation. This will require that the organization adopt a single source of truth as it pertains to managing the supplier. You can use a supplier management tool, contract lifecycle management system, accounts payable platform, or a risk assessment solution, but your chosen solution should at least centralize key supplier information such as demographics, business and financial information, and offer some level of integration with supplier due diligence and contracting systems to simplify the process of managing the supplier.
2. Define KPIs and KRIs before contracting with a supplier. KPIs measure the effectiveness of people, processes, and technology functions, such as sourcing, delivery, and payments. KRIs, on the other hand, measure how much risk (or uncertainty) the organization faces if a KPI is not met. Often, KRIs feed into KPIs, with each managed by a different team and requiring coordination. Understanding the departmental relationships between those who monitor KPIs and related KRIs will naturally expand involvement across the enterprise.
To illustrate, let’s say your organization has established a KPI for the number of suppliers that have failed an initial onboarding inherent risk assessment. That KPI might be owned by the procurement team. The accompanying KRI to measure the KPI could be the number of security incidents generated from suppliers that failed their onboarding inherent risk assessment in the last quarter. If that number is high, then the IT security team — responsible for managing that risk down to an acceptable level — will have to expand the scope of initial cyber supply chain risk assessments or implement continuous monitoring to stay on top of those risks.
Consider the impact of multiple different types of risks on supplier performance. Although cybersecurity risks are the most obvious ones to track, financial solvency, operational updates, geopolitical events, and compliance findings or sanctions should trigger risks to supplier performance as well — all of which can be impossible to track without engaging multiple internal teams early in the process to confirm what risks matter to them.
3. Take manual work out of the contract lifecycle. The process of negotiating, reviewing, and managing supplier contracts can be a time-consuming version control nightmare when using manual methods. A manual approach means that key details are more difficult to track, and internal stakeholders may find it too difficult to follow established contracting processes, creating frustration across multiple teams. Worse, a manual approach means that contracting teams might not always know when a new service is being contracted, and legal teams might not have the visibility into contracts to ensure the company is protected — all of which introduces risk to the business.
The solution to this problem is to apply automation in the form of progressing contracts through their approval cycles using workflow; assigning and tracking tasks; centralizing contract discussions to create an audit trail; and version control tracking.
Also, apply role-based permissions so that internal teams only see components relevant to them. With a central system for managing contracts everyone can have input into the attributes required to measure suppliers without the frustration that comes with email back and forth ad infinitum.
4. Build smart reports and performance dashboards. To provide value across the enterprise, supplier performance monitoring needs to produce real-time insights and metrics. Ensure your performance monitoring processes are backed by reporting and dashboards that deliver visibility into KPIs and KRIs in the context of specific contracts and service-level agreements. To accommodate this, we see organizations leveraging natural language processing (NLP) and machine learning (ML)-based automation to extract performance data from contractual agreements and translate it into processes that can be actioned in technology. The result will be a more current and consolidated view of supplier performance, alongside other types of risks. The commercial advantages of consolidated KPI and KRI management extend beyond risk reduction, including having the centralized insights to renegotiate contracts at renewal based on the aggregate data.
Monitoring a supplier’s performance against contractual expectations shouldn’t be considered a stage in the supplier’s relationship lifecycle — rather, it should be a continuous process. This will require better planning in the form of creating a single source of supplier truth, proactively defining KPIs and KRIs, automating the contract lifecycle, and leveraging technology and dashboards to unify teams and help bring greater visibility to performance problems of all types before they cause a disruption.