A Risk-based Approach to Supplier Quality Management

In the modern economy, business decisions are made based on the forces of the global supply and demand network. In many cases, outsourcing simply to reduce cost is no longer an optimal strategy; rather market-leading companies are attempting to balance a diverse set of needs across a global network, which include responsiveness, quality, and innovation – in addition to cost.

In such an environment, many companies are trying to engage in off-shoring, near-shoring, and on-shoring strategies, all at the same time. So which steps do executives need to take in order to excel and lead in such an environment?

Supplier Quality Management

Engaging in Supplier Quality Management can effectively optimize the global supply chain, while reducing external risk exposure. And, as is the case with managing any risk, to be successful, assessment, quantification, prioritization, and mitigation of risks in a systematic Operational Risk Management framework must extend across the enterprise.

Before working toward the reduction of supply-chain risk, however, it is necessary to first understand Supplier Quality Management.

Supplier Quality Management largely depends on the efficient production of materials, while minimizing adverse events. A supplier that performs well does the following:

  • Quickly communicates non-conformances or deviations
  • Responds to quality audits or report requests
  • Relays process/equipment changes
  • Meets delivery requirements

Inappropriately dealing with adverse events and non-conformance related to performance directly translates to supplier risk.

Risk Assessment

To get a full picture of a company’s supplier risk portfolio, individualized risk assessments should be conducted on the performance of each supplier. This can be done in various ways.

Traditionally, quality managers have sent representatives for on-site audits to view actual production lines. This, of course, has become increasingly costly with globalization, unless multiple suppliers have been strategically chosen within close proximity.

Another method is to build into the quality agreement the delivery of data reports and audits upon request or at specified times throughout the life of the contract.

As Supplier Quality Management is an integral component to the total cost of quality, Enterprise Quality Management Software (EQMS) companies have begun incorporating it into available software. A quality manager should integrate his or her EQMS with that of the suppliers and, if possible, with the supplier’s suppliers (often through a shared web-portal).

This is an ideal method of obtaining a real-time performance assessment and expansive visibility. However, the integration may seem overbearing for smaller companies that would rather remain independent from larger entities.

Risk Quantification

A supplier’s risk can be quantified as a function of two variables (likelihood and impact of adverse events occurring), which are assigned a level of risk for comparison and, later, prioritization.

The first variable relates to the aforementioned performance of the supplier. By analyzing performance indicators in a way that creates standardized metrics —average response time for corrective actions, MRB inventory levels, delivery times, customer complaints, etc.— suppliers can be viewed and rated based on their overall performance relative to others. Supplier Quality Management greatly facilitates this, as information is recorded and available within the software, allowing companies to make an assessment on the likelihood a supplier will have a particular failure in a standardized way.

The second risk variable, impact, greatly depends on the supplier’s criticality to production and the final product. For example, if a there is no substitute for a material used, then that supplier should automatically be considered riskier despite levels of performance.

If production cannot continue without this supplier, it should hold considerable weight in a risk portfolio. Conversely, the less critical a supplier is to continuity, the less risk it should be assigned.

Risk Prioritization


Since organizations rely heavily on supply chains for production, supplier quality management should be given great consideration in defining a strategic vision. By quantifying supplier risk, accounting for both performance and criticality, effective prioritization is ensured.

It is advisable to treat these external risks similarly to internal inefficiencies or gaps. Employing closed-loop CAPA or deviation management techniques, similar to in-house strategies, will mitigate supplier risk while also avoiding the same issues from arising in the future.

Concluding Thoughts

In today’s world of globalized supply and demand networks, companies need to efficiently optimize the supply base, using a broad set of requirements that extend well beyond cost. To accomplish this, companies should begin to use a risk-based approach which looks at both the criticality of a supplier, and the likelihood of failure of a supplier.

By applying standardized risk tools through an integrated enterprise system (ERP, EQMS, MOM Software, etc.), the long-term initiatives around supplier quality are far more likely to succeed.

Matthew Littlefield is President and Principal Analyst for LNS Research based in Cambridge, MA.