Abstract: In this article, we attempt to answer questions like what are the associated risks in engaging a third-party suppliers (also called as vendors, service providers, contractors or partners); what’s the importance of doing a holistic supplier due diligence; what should be the checkpoints for your supplier due diligence; what’s the process of supplier due diligence and how does SignalX do it; substantiating with relevant statistics and industry insights.
Did you know that the companies that manage supply chain risks proactively spend 50% less on fixing suppliers’ disruption than the companies who don’t do so proactively!? With time, the financial attraction of outsourcing and the increased capacity of third-party vendors to deliver secure and reliable supplies/services has made outsourcing a very lucrative and frequently exercised option for businesses.
Many companies outsource their billing process, their delivery operations, IT systems, raw material procurement, etc rather than bearing the cost of setting up an in-house division for it. But there are many questions that come to business professionals’ minds like: What if the supplier defaulted? What if timely delivery is not made? Or quality standards are not met? Or if the entire engagement ended up in a lawsuit? How do I screen out suppliers as per business needs? How do I mitigate supply chain risks associated with outsourcing when you have thousands of suppliers? And you have open the correct page to find answers to all of them and more:
What are the Risks of Selecting the Wrong Supplier?
Many private and government entities have suffered cumbersome litigations, data privacy breach or loss of crucial intellectual property because they didn’t perform proper supplier due diligence on their supplier ecosystem. According to this 2010 survey by McKinsey, out of 639 entities from various countries and industries, 71% said their businesses were at higher risk from supply-chain disruption than in the past and 72% believed those risks will keep rising. A few types of risks a wrong supplier pose to the mother organisation are:
- Risk of financial loss from supplier default and the following disruption in deliverables triggering clients’ withdrawal
- Risk of financial and reputational loss due to litigations of the breach of contract
- Risk of reputational loss for the business before potential clients and peers due to non-fulfilment of commitment.
- Risk of loss of time and extra cost & effort of rehiring another supplier.
- Risk of getting on the radar of law enforcement authorities
- Risk of sensitive business information and processes getting leaked and misused.
- Risk of personally Identifiable Information (PII) data of customers getting leaked and misused.
Thus, it becomes all the more critical for businesses to carry out due diligence on the suppliers before signing the contracts. A solid supplier due diligence not only helps in selecting your suppliers but also the way contracts are negotiated & drafted, the frequency of on-site audits, information protection and privacy, security and procurement functions and the overall control of business processes.
What are the Points of Evaluation for Supplier Due Diligence?
Remember, you can outsource the service, but you can’t outsource the risk! If the supplier couldn’t honour the contract, for him it would be a default, for the mother ship (hiring organisation), it will be a downright (reverberating) loss: financial as well as reputational.
The points of evaluation for running a supplier due diligence should be:
- Has the supplier defaulted with any of its previous clients?
- Is the supplier financially healthy?
- Is the subject supplier connected to a competitor?
- If yes, what’s the nature and extent of the relationship?
- Will the data be safe with the supplier? Has the supplier’s cyber security ever been violated?
- Has the supplier ever been sued for default or breach of contract?
- If yes, what’s the reason and nature of such litigation? What’s the magnitude of damages?
- Are there any ongoing cases against the supplier? If yes, then again, what’s the reason, nature and damages? Is it a red flag or can it be overlooked?
What Steps to Follow for Doing a Thorough Supplier Due Diligence on your Supply Chain?
Doing supplier due diligence is quite a task plus it’s not a one-time task and needs periodic review as per the dynamic business environment. Though a lot of nuances are involved but to put it simply, supplier due diligence involves the following steps:
- Collecting General Information on Supplier: CIN no., registration no., company type, registered address, office location, products & services, associated brands, etc.
- Information on Corporate Structure: Directors, Management timeline: Appointment and expiry date, capital structure, share holding pattern, shares holding by key managerial personnel, etc.
- Information on Connected Parties: Directors; employees; shareholders; vendors, relation chain with the company, etc.
- Financial Analysis: Balance sheet analysis, income statement analysis, cash flow analysis, detailed financials, index of charges, etc.
- Legal Cases: Disposed and ongoing litigation, cause of litigation, their nature, magnitude of damages claimed, cases against connected parties, etc.
- Regulator Checks: Accounting, payroll and secretarial compliance, debt recovery, insolvency and bankruptcy, direct and indirect taxes, criminal activity, money laundering and serious fraud, etc.
- Market Signals and News: Signals pertaining growth, financials, people signals, awards & recognition, negative, etc
And one has to do it for every new supplier they onboard, thus, eating up on the precious time of business professionals they could have invested in creating the company’s growth. Thus, it is advisable to hire an organisation expert in performing due diligence.
SignalX Handbook of Doing Supplier Due Diligence
At Signal, when we run a supplier due diligence for our clients, the very first question we try to answer is “How will the supplier interact with the core business?” by thoroughly vetting the Master Service Agreement (MSA). Some of our points of consideration are as follows:
- For screening, is the supplier financially viable (by assessing its existential well-being and evaluating the longevity and resilience of the contractual relationship)? Eg: Does the supplier have disproportionate accounts receivable? What’s the profit margin? Does it have sufficient liquidity?
- Checking the transparency and competence in the management. Eg: What’s the corporate structure? What’s the shareholding of Directors? What’s the share holding pattern? Where do they stand vis-a-vis their competitors?
- What inputs the legal procurement team must be equipped with before entering into contract negotiations with the supplier(s)? Eg: Related parties or affiliations with competitors, etc. Has the supplier ever been subjected to any sanctions in any jurisdiction?
- Does the supplier follow/fulfil all regulations and compliances properly? Eg: Is there GST9, GSTR9C, GSTR3B, EPFO, TDS, etc up to date?
- Who are and have been the auditors of the subject supplier? Eg: Are auditors somehow related to the Directors or Co-Founders? Has the auditing firm ever been put under scrutiny?
- What’s the prevailing corporate and public image of the supplier? Has the supplier or its Founders and top-management personnels ever been in the news for wrong reasons? Is the leadership of the company stable? What are the growth signals in the past few years?
Being in the industry for the past 5 years, we have seen many organisations which consider supplier due diligence only after they have already signed the supplier! In the post-COVID world, the security of procurement (the backbone of a robust supply chain) is indispensable and the organisations that nail it certainly have an edge over the competition.
How will SignalX Help Your Business with Supplier Due Diligence?
Having done 7,000+ analyses to date for 100+ corporate clients and law firms, we provide 200+ checks including signals like connected parties, connected party network, peer comparisons, valuations, forensic signals, litigation tracker, regulator checks, all market signals, etc every due diligence report.