Abstract: In this article, we attempt to answer questions like what are the associated risks in engaging a third-party suppliers (also called as vendors, service providers, contractors or partners); what’s the importance of doing a holistic supplier due diligence; what should be the checkpoints for your supplier due diligence; what’s the process of supplier due diligence and how does SignalX do it; substantiating with relevant statistics and industry insights.

Did you know that the companies that manage supply chain risks proactively spend 50% less on fixing suppliers’ disruption than the companies who don’t do so proactively!? With time, the financial attraction of outsourcing and the increased capacity of third-party vendors to deliver secure and reliable supplies/services has made outsourcing a very lucrative and frequently exercised option for businesses.

Many companies outsource their billing process, their delivery operations, IT systems, raw material procurement, etc rather than bearing the cost of setting up an in-house division for it. But there are many questions that come to business professionals’ minds like:  What if the supplier defaulted?  What if timely delivery is not made? Or quality standards are not met? Or if the entire engagement ended up in a lawsuit? How do I screen out suppliers as per business needs? How do I mitigate supply chain risks associated with outsourcing when you have thousands of suppliers? And you have open the correct page to find answers to all of them and more:

What are the Risks of Selecting the Wrong Supplier?

Many private and government entities have suffered cumbersome litigations,  data privacy breach or loss of crucial intellectual property because they didn’t perform proper supplier due diligence on their supplier ecosystem. According to this 2010 survey by McKinsey, out of 639 entities from various countries and industries, 71% said their businesses were at higher risk from supply-chain disruption than in the past and 72% believed those risks will keep rising. A few types of risks a wrong supplier pose to the mother organisation are:

• Risk of financial loss from supplier default and the following disruption in deliverables triggering clients’ withdrawal
• Risk of financial and reputational loss due to litigations of the breach of contract
• Risk of reputational loss for the business before potential clients and peers due to non-fulfilment of commitment.
• Risk of loss of time and extra cost & effort of rehiring another supplier.
• Risk of getting on the radar of law enforcement authorities 
• Risk of sensitive business information and processes getting leaked and misused.
• Risk of personally Identifiable Information (PII) data of customers getting leaked and misused.

Thus, it becomes all the more critical for businesses to carry out due diligence on the suppliers before signing the contracts. A solid supplier due diligence not only helps in selecting your suppliers but also the way contracts are negotiated & drafted, the frequency of on-site audits, information protection and privacy, security and procurement functions and the overall control of business processes.

What are the Points of Evaluation for Supplier Due Diligence?

Remember, you can outsource the service, but you can’t outsource the risk! If the supplier couldn’t honour the contract, for him it would be a default, for the mother ship (hiring organisation), it will be a downright (reverberating) loss: financial as well as reputational. 

The points of evaluation for running a supplier due diligence should be:

• Has the supplier defaulted with any of its previous clients?
• Is the supplier financially healthy?
• Is the subject supplier connected to a competitor?
• If yes, what’s the nature and extent of the relationship?
• Will the data be safe with the supplier? Has the supplier’s cyber security ever been violated?
• Has the supplier ever been sued for default or breach of contract?
• If yes, what’s the reason and nature of such litigation? What’s the magnitude of damages?
• Are there any ongoing cases against the supplier? If yes, then again, what’s the reason, nature and damages? Is it a red flag or can it be overlooked?

What Steps to Follow for Doing a Thorough Supplier Due Diligence on your Supply Chain?

Doing supplier due diligence is quite a task plus it’s not a one-time task and needs periodic review as per the dynamic business environment. Though a lot of nuances are involved but to put it simply, supplier due diligence involves the following steps: 

• Collecting General Information on Supplier: CIN no., registration no., company type, registered address, office location, products & services, associated brands, etc.
• Information on Corporate Structure: Directors, Management timeline: Appointment and expiry date, capital structure, share holding pattern, shares holding by key managerial personnel, etc.
• Information on Connected Parties:  Directors; employees; shareholders; vendors, relation chain with the company, etc.
• Financial Analysis: Balance sheet analysis, income statement analysis, cash flow analysis, detailed financials, index of charges, etc.
• Legal Cases: Disposed and ongoing litigation, cause of litigation, their nature, magnitude of damages claimed, cases against connected parties, etc.
• Regulator Checks: Accounting, payroll and secretarial compliance, debt recovery, insolvency and bankruptcy, direct and indirect taxes, criminal activity, money laundering and serious fraud, etc.
• Market Signals and News: Signals pertaining growth, financials, people signals, awards & recognition, negative, etc

And one has to do it for every new supplier they onboard, thus, eating up on the precious time of business professionals they could have invested in creating the company’s growth. Thus, it is advisable to hire an organisation expert in performing due diligence.