After spending a little time with a few hundred customers, the most common mistake that I see is when a "one size fits all" approach is applied. In reality, different supplier relationships need relevant approaches to balance the needs of risk management, regulatory compliance, and sourcing strategy with business efficiency.
The best first step is to recognize that not all suppliers have the same requirements and can vary by the commodity or service provided, the geographic location, and/or the business unit served. For example, the regulatory requirements in Germany on sustainable practices is different than the United States, or a customer's business unit that services the federal government will have different requirements than a business to consumer company. If a customer tries to manage all controls for all suppliers in the same process, it slows down significantly and users aggressively find work-arounds to onboarding and managing suppliers that fit the speed of their business.
Supplier Onboarding: This process represents how a customer can get started with the supplier and be as simple as collecting name, address and a little information in order to get approval for a sourcing event. In process design, it is common to overlook the most frequent onboarding activity which is to collect the transactional data in order to pay an invoice for a supplier that is just used one time. Most customers design their processes to focus in the middle where a supplier is expected to provide goods/services for a period of time and therefore a full risk due diligence process is applied. Advice is to make this process two steps - collect enough information to decide whether it is feasible to work with the supplier and then if this passes, manage the more detailed or transactional information.
Supplier Management & Monitoring: This step in the lifecycle requires attention and is generally only applied to those critical suppliers where an outage at the supplier level would disrupt the customer's business. Another common mistake is to focus risk management solely on onboarding and not include monitoring as part of the supplier management activity. While the numbers can vary by industry, most critical suppliers do not change frequently and if a customer does not monitor the risk profile of a supplier through an automated process, it will be difficult to quickly recognize and react to anything that would impact the supplier or the customer's operations. Quantitatively, the number of low impact suppliers by count will be 80%+ and most customers manage the most critical 1%-5% suppliers, so having an automated monitoring process that holds the supplier to the proper risk thresholds is essential to maintain the proper coverage.
Supplier Qualification: Also, often overlooked is the ability to perform due diligence on a supplier and take advantage of that knowledge in all relevant source to pay decisions. Conversely, by requiring qualification for decisions, the suppliers natural push to "land and expand" can be limted from areas that may not be strategic or cost effective. Customer leading practice experience will show that qualification as a due diligence activity will lower the inherent risk of supplier outages.
Supplier Off-boarding: The last step of the relationship is another opportunity to evaluate risk beyond the activities of ensuring that the supplier properly off-boarded. Customer best practices have included revisiting the impact of the end of the relationship on how it would apply to supplier single/sole sourcing, strategic objectives such as diversity targets, and sustainability goals.