This blog presents a few thoughts on supplier risk management related to criteria in evaluating suppliers and determining which suppliers you should audit.
There are two criteria that are the most popular for the evaluation of suppliers: 1) the percentage of lots accepted and 2) the percentage of on-time delivery. Both of these metrics have potential limitations. For example, what if a good supplier ships only two shipments this year, and there is a problem with one delivery? The reverse is also possible. What if a poor supplier ships lots every week? Ten bad lots per year will result in an 80% quality rating.
On-time delivery has other issues, such as does purchasing update the due date in the MRP system when they ask suppliers to push out the delivery date due to soft sales volume? If a supplier expedites an order in half the standard turnaround time in their “best-effort” to meet your requested due date, should they receive a negative result for percentage on-time delivery if they are one week late?
The points above help identify the limitations of supplier metrics. In the end, if you have a critical supplier—there is no substitute for auditing them. Unfortunately, auditing costs money. So which suppliers should you visit?
The “critical suppliers” is often the answer, but how do you decide who is critical? Well, …benchmarking is a good idea. For example, a Notified Body (NB) must audit “critical suppliers” that do not have ISO 13485 certification. They define “critical” as subcontractors that perform high-risk processes, such as contract sterilization, subcontractors that perform contract packaging and suppliers that manufacture finished devices. Health Canada even provides some guidance on the definition of critical subcontractors, and how the NB shall determine which “subies” need to be audited.
Internally, your supply chain and quality assurance team have to develop a list of suppliers that will be audited. In general, I recommend that all “critical” suppliers be audited at least once every three years (equal to the certification cycle). However, your auditing schedule is a plan that should have “wiggle room.”
For example, if you weren’t planning to visit an existing supplier until next year or the following year, and suddenly there is a new quality issue with that supplier, you may want to add a “for cause” audit of their facility to your supplier audit schedule. You might want to add suppliers near another supplier you were going to audit anyway to reduce travel costs.
Practically speaking, you might decide to audit your ten worst suppliers each year. This might be determined by qualitative, cross-functional rankings, rankings for nonconforming materials, or by the number of supplier corrective action requests. There is no “right” or “wrong” way to determine which suppliers should be audited. However, the best companies have strong supplier quality programs to reduce scrap and the need to perform inspections.