The Air Force and Risk-Based Vendor Management

Steven Minsky | Sep. 15, 2015

This past April, an Air Force reconnaissance airplane caught fire. At the time, 27 airmen were on the plane, and all their lives were put in danger. What went wrong and caused this costly error? According to U.S. Air Force investigators, the mistake traces back to an error in vendor management. In this case, a vendor failed to properly secure an oxygen tank, resulting in a “highly flammable oxygen-rich environment that ignited.”

Findings also indicate that problems with the military contractor may run deeper than a single instance.

Investigators determined that not only was the faulty fastener bypassed during the oxygen system’s maintenance, but only 1 of 11 nuts were up to specification, and replacement components were obsolete, damaged, and often wrong-sized.

Managing vendors with a risk-based approach would have surfaced and prioritized these risks the Air Force was exposed to across their supply chain, and may have indicated that they needed to implement more thorough monitoring procedures.

For one, according to a report, several parts in the system were outdated, some even manufactured over a decade ago. Secondly, many of these already outdated parts were reused multiple times. In what appears to be an effort to cut costs, did the Air Force neglect to monitor the status of such assets?

How could risk-based vendor management help to mitigate this risk?

While all parties fortunately avoided greater consequences, this case illustrates the importance of an adequate vendor management software solution and procedures. Surprises in business are always bad, and surprises like these are always known by front line personnel far in advance which is why they are called “unknown knowns” or risks. Typically these surprises or risks are hidden across multiple silos, in this case multiple vendors that come together in a vendor management program.

Have the lessons learned from BP, which resulted in one of the most infamous of risk-based vendor management failures, been ignored? The total costs for the BP explosion, which killed 11 workers and spilled millions of barrels of oil, were $54.6 billion.

How could risk-based vendor management and monitoring have lessened the risk? Aircraft parts should have been identified and managed based on a risk assessment process. Asset risk assessments would have allowed the organization to assess which components required the most frequent testing, and monitoring activities could have been implemented to identify deficiencies at frequencies commensurate with the risk exposure.

Additionally, several vendors were involved in the attainment and maintenance process. Monitoring third party compliance, and tracking the processes and supplies they affect helps provide assurance that vendor risk is mitigated. Vendors should be assessed not only on their financial stability and past performance, but also according to the criticality in which they integrate with your business. An automated vendor risk management process can sure up communication between the vendor management team and your business process owners, and help connect errors and process failures to the right supplier.

A good solution provides a platform with which to build out a library or central repository of vendors, track and update information pertaining to them, and prioritize those that are most critical to your organization. An ERM methodology will provide more clarity behind vulnerabilities and create a vendor hierarchy for more efficient vendor management.

2018-01-31T13:42:09+00:00

About the Author:

Steven is a recognized thought leader in ERM, CEO of LogicManager, and co-author of the RIMS Risk Maturity Model. Follow him on Twitter at @SteveMinsky