Managing supplier risk is critical for ensuring the stability and reliability of your supply chain. SAP Ariba Supplier Risk's workflow for managing supplier risk can be broken down into four primary steps: onboarding suppliers, identifying risk, mitigating risk, and monitoring risk.
Onboard Suppliers
The first step in managing supplier risk is to onboard suppliers. Suppliers can be added to your site in several ways:
- Administrators can import supplier data.
- Suppliers can be added through synchronization with integrated ERP systems.
- Suppliers can be added manually using supplier requests if your organization uses SAP Ariba Supplier Lifecycle and Performance or SAP Ariba Supplier Information and Performance Management (new architecture).
Identify Risk
Once suppliers are onboarded, the next step is identifying potential risks. This involves several sub-steps:
- Analyze Abstract Risk: Use third-party data and abstract risk analysis tools to assess the risk exposure of your suppliers. You can obtain this data through default providers in SAP Ariba Supplier Risk, additional licensed providers, or the Risk Category Information API.
- Review Risk Exposure: Use the Supplier Risk dashboard to identify suppliers with high risk exposure.
- Identify High-Risk Suppliers: Examine details in suppliers' profiles to gain more insight into their sources and areas of risk.
Mitigate Risk
After identifying risks, the next step is to mitigate them. Depending on your site's configuration, you might use findings or issue management projects to address risks. The sub-steps include:
- Request Engagements with Select Suppliers: Create engagement requests to identify inherent and residual risks and the applicable risk controls, and to collect information on whether the controls are effective.
- Obtain Additional Information: Gather specific risk-related information from suppliers through standard self-assessment questionnaires (SAQs) on SAP Business Network, custom assessment questionnaires, or external sources. Use internal assessment questionnaires to collect input from people in your organization.
- Address Concrete Risks: Use findings or issue management projects to address risks associated with engagement requests, risk controls (in sites that use issues), or the supplier in general (in sites that use findings).
- Review Supplier Residual Risk Scores: When an engagement request is approved, it generates a residual risk rating. Your site’s configuration determines how findings or issues affect this rating.
- Review Risk Exposure for Suppliers: Your site's configuration determines how completed engagement requests contribute to suppliers' risk exposure.
Monitor Risk
The final step is to monitor risks continuously. This involves sub-steps such as:
- Periodically Monitor and Review: Conduct periodic reviews to monitor engagement risk and controls.
- Use Risk Exposure in Procurement Processes: Review supplier risk exposure data during buying and sourcing activities and relevant processes in SAP S/4HANA.
- Run Regular Reports: Use reports and data exports to analyze and gather insights into supplier risk. You can also extract risk data from your site using SAP Ariba APIs.