Using Risk-Based Monitoring to Fix Fractured Supply Chains

The extraordinary events of the past two years have strained nearly every supply chain in the world, in degrees ranging from mild to disastrous. The resulting stress fractures can’t just be left to heal by themselves; they need to be repaired before companies can start to rebuild and reoptimize for the future.

In most cases, these fractures can be recognized in a company’s data, but it also helps to be able to look for specific types of risk. Dun & Bradstreet’s 2021 report on “The Resilient Supply Chain” identified six risk areas that CPOs consider to be of critical concern. Looking for fractures in these areas gives business leaders a place to start repairing their supply chain in the short term and positioning it to be stronger going forward.

The six types of risk are:

  1. Scale and complexity of globalization
  2. COVID-19 business recovery
  3. Cybersecurity
  4. Ongoing supplier monitoring
  5. Due diligence during supplier onboarding
  6. Environmental, social, and governance (ESG)

The key to successfully keeping these concerns in check is knowing which types of data to monitor for signs and symptoms that risk levels are elevated. When this effort is executed purposefully, procurement can prioritize certain categories of spend as being more susceptible to risk and disruption than others and focus their primary efforts there.

Look for: Globally Extended Categories and Supplier Relationships

Although visibility has been improved by digitally transformed supply chains, it remains more difficult to monitor distant suppliers and the products or services they provide. Even the concept of “distance” is not straightforward, since it may include literal miles of separation, cultural divides, or both.

Distance also encompasses supply chain tiers: the number of supplier relationships and handoffs required to put a final product into a company’s hands.

  • Geographical Distance – First Tier: Being physically separated from a supplier makes communication and collaboration both more difficult, additionally hampered by time zone differences that may complicate direct, live communication. Travel time is long, and products may have to pass through many hands, some of which are third party shippers, before final delivery can take place. Procurement should examine contracts to see where production is taking place (versus where a company is headquartered) and invest in additional monitoring for suppliers located beyond a certain distance.
  • Geographical Distance – Second and Third Tier: Once the first tier of the supply chain is addressed, procurement should look to the second and third tier to better understand the potential risks their suppliers and suppliers’ suppliers face. When possible, supply chain mapping beyond the first tier will identify individual sources of risk based on distance and location as well as instances where more than one tier-1 supplier is relying upon the same tier-2 supplier, creating a risk “choke point” where the company believed they had diversified their sources of supply.
  • Supply Chain Tiers Collectively: We’ve addressed the difference between identifying high-risk first, second, and third tier suppliers based upon distance, but some supply chains extend many more tiers beyond that. This in and of itself justifies additional monitoring, first determining which critical products are dependent upon suppliers beyond the third tier, and then applying additional monitoring.

Working with an external data provider is usually the most effective way to gain the necessary multi-tier visibility for reconnecting and reinforcing supply chains.

Look for: Early Signs of Fraud

Given how dependent today’s companies are on data and digital information to make well-informed decisions about their supply chain, data quality is always a concern. Unfortunately, not all problematic data is the result of simple (but troublesome) quality issues. In some cases, fraud may be at the root of the problem.

Simply monitoring for supply chain risk is the best first step against fraud, since risk tends to flourish in areas that are unmonitored. For more proactive oversight, procurement should be on the lookout for data signals such as:

  • Unclear vendor identity, either at the parent level or as a subsidiary
  • Difficulty matching invoices and shipping documents with contracts and suppliers
  • Invoice totals that fluctuate unpredictably even when demand is relatively consistent
  • Frequently changing shippers from or between suppliers

Look for: Sources of Supplier Risk

We have considered risk from the entire supply base and beyond, but in many cases, individual suppliers may be sources of risk all on their own. Procurement needs the capability to proactively monitor for instances of disruption or elevated risk in two ways:

  • Ongoing Automated Monitoring: Automatically monitoring specific suppliers and/or supplier production locations for susceptibility to risk events and noncompliance. Since these issues can arise anytime and anywhere, the more automated this process can be made, the better. Having a dependency where an individual must take the time to check up on specific suppliers is much like having no risk monitoring at all.
  • Additional Risk Screening During Supplier Onboarding: Although risk assessment is included in every sophisticated sourcing process, benchmarking a supplier for specific risk types and levels at the time they are being onboarded is essential. Not only does this draw a line in the sand that can be referred back to for comparison; contracted suppliers may be more transparent about risk once they know they have secured a piece of business than when they are one of many companies still in the running.

Competitive supply chains are so networked and so complex that even starting to think about their inherent weaknesses can keep a business leader up at night. Fortunately, by starting with some practical, data-driven steps, the process can be started — and once begun, each round of procurement will strengthen the healing begun with those initial fractures.

Learn more about how Dun & Bradstreet helps you refine your supplier risk management process and build more resilient supply chains.


The information and opinions provided by Dun & Bradstreet in reports, articles and blog posts are suggestions only and based on best practices. Dun & Bradstreet is not liable for the outcome or results of specific programs or tactics. Please contact an attorney or tax professional if you are in need of legal or tax advice.