In nearly all of our engagements with electronics companies, it is common to see component and subassembly suppliers categorized as critical vs. non-critical, strategic vs. non-strategic, or core vs. non-core. This is based on the premise that there is a small subset of suppliers that supply products and components that are critical to the functionality of the end product or are simply expensive and cannot be ignored. As such, internal resources are allocated toward managing this small base of important suppliers to ensure that the supply chain is tightly managed and that supply is available when needed. It is not unusual to see an electronics manufacturer have nearly 2,000 suppliers, but consider less than 50 of them as critical. This all works well except when a major crisis like a pandemic emerges with no warning.
The COVID-19 pandemic of 2020 has all but upended nearly every supply chain. Small mom and pop shops that bend metal, provide secondary operations such as plating, or simply manufacture off-the-shelf fasteners are shutting down production lines worldwide. Whether you’re missing a $5,000 subassembly or a five-dollar injection molded part to finish building your product, your product shipments will remain on-hold until both arrive. In this newsletter, we will discuss a few strategies you can deploy to avoid being caught off-guard when a crisis lands on your plate.
- Segment your suppliers based on risk, not just spend
Most companies agree that not all suppliers should be managed and measured with the same degree of care. Few, however, have a comprehensive approach for determining when a supplier is, or is not, critical. We have seen companies use spend data to establish importance and while this may be one factor for you to consider, it is not the only one. In other words, just because you spend millions of dollars with a DRAM supplier does not mean they should be managed more tightly than a specialty machine shop that precision-machines a component to meet your tight tolerances.
In establishing the importance of a supplier, think about what it would take for you to replace their product should there be an unexpected disruption in supply. What are your switching costs and how long will it take for you to ramp-up another supplier to ensure continuity? What intellectual property do you need access to and do you have the contractual rights to gain access to that technology should you need to pivot to a new solution? During this moment of extreme disruption, we believe you should look beyond spend and focus your efforts based on three factors: 1) Is the part sole-sourced – i.e. only one supplier is qualified to produce the component? Or is it single-sourced meaning there are multiple companies that produce a part with the same form, fit, or function but you have only qualified one? The former is a more difficult situation; 2) Is the part custom and designed exclusively for you? The component could be custom from the ground up or it could be a custom tweak to a standard product; and 3) Who owns the design and tooling? If your supplier is the owner, it can limit your freedom in moving the part in a crisis and narrows the options you have to mitigate risks.
- Know the basics about your non-critical suppliers
If you are using the typical model of supplier management and only focusing on your top suppliers based on spend data, how can you truly understand your supply chain risks when you have hundreds, perhaps thousands of suppliers that are unmanaged and left on auto-pilot? If you are like most companies, you will assume that, in general, non-critical suppliers will continue to hum along. That might be a reasonable assumption in normal times but current conditions are far from normal.
The exclusive focus on top suppliers has two problems. First, the process for deciding on top or critical suppliers is fairly narrow. As we described above, most companies categorize suppliers based on the easiest factor to calculate: spend. This leaves a lot of suppliers uncovered and you are likely to find significant risk in the long tail of non-critical suppliers that represent the other 80% of your supply base. You may have to tier these suppliers with more granularity and address risk accordingly. For instance, a non-critical capacitor supplier that is publicly held with transparent financials has a different level of financial risk associated with it than a 100-person, privately held plating shop that has a secret sauce that you need. If you consider these two cases, you may need to dig deeper in order to better understand the plating shop than you do the capacitor manufacturer. Second, if there is a global disruption (such as the COVID-19 virus) that impacts nearly every country and every supplier around the world, you need to have a minimum set of data that you can immediately access for a broader set of suppliers.
We realize that you may not have the resources to actively manage hundreds or thousands of suppliers, but it is important to have some basic information to stay informed on your risks and options. For every supplier in your supply chain, you should have some visibility to two fundamental elements: (1) financial health; and (2) business continuity risk and disaster recovery encompassing both operational and IT readiness. This due diligence is particularly important for all of your sole-sourced and custom parts. If a supplier cannot provide you with business continuity and disaster recovery plans, ask them to develop one under a mutually agreeable timeline. This deficiency at your supplier should be a yellow flag for you but hopefully one that you can overcome quickly through a collaborative approach. If your supplier is privately held and unwilling or unable to provide you with enough detailed financials to give you a reasonable sense of their liquidity, plan your exit or at least implement a robust second sourcing strategy. Our experience has been that most companies do not even have a clear understanding of their critical suppliers when it comes to business continuity and financial health, much less their non-critical ones. Their focus is typically limited to cost and performance with little attention to risk.
- Look beyond your contract manufacturers
Since the wave of outsourcing started in the year 2000, companies have become more reliant on contract manufacturers, not only for the manufacture of their products, but for additional services such as service, repair, design, and purchasing of components. That is why most CMs are now called EMS (Electronics Manufacturing Services) providers. This sensible approach has allowed companies to focus on their core competencies and outsource activities that are considered non-core. Among the activities that are outsourced is the management of component suppliers. In other words, if you are like most companies, you have become reliant – perhaps over-reliant – on your CMs to now manage your component suppliers. This is especially true if you are a small or midsize company that has limited in-house commodity management resources and therefore rely on the CM to do all of the heavy-lifting in the extended supply chain.
What CMs do really well is manage the common parts where they have the leverage of buying similar parts for hundreds of customers. What they do not do as well is manage the risk of unique, sole-sourced, and custom parts. Their cost structure and pricing does not normally reflect this and if you rely on them to drive this activity on their own, your company is vulnerable when a major catastrophe like COVID-19 arrives. Managing the risk in your extended supply chain is on you, the manufacturer of the end product, not on the CM. While you may use the CM to gather information (typically for a fee), you have to give the program emphasis and drive the results.
Conclusion
We understand that you cannot “boil the ocean” by suddenly performing an equal level of due diligence on an unreasonably large number of suppliers. However, there is value to be gained from further segmenting your suppliers, understanding where you have risks, and putting together mitigation strategies. At a minimum, make sure that all suppliers can demonstrate that they have a robust business continuity plan and are financially healthy. How deep you decide to probe into these plans vs. accepting their declarations at face value depends on the risk profile associated with each supplier.
With so many moving parts in a fully disrupted supply chain such as what we are facing now, we understand that you may simply not have the internal resources to take on this gargantuan task. At Symphony, we have seasoned supply chain and IT professionals that are experienced in conducting risk assessments and identifying vulnerabilities. If this is an area in which you have a need, please contact us at info@symphonyconsult.com.