Is Supplier Risk Management “nice-to-have”?

We recently built a supplier risk management enterprise solution for implementation as a software as a service (SaaS) business model. The solution was architected based on inputs from various practitioners and domain experts in the industry as well as personal experiences in managing global suppliers in both large and small enterprises. It received many accolades and good reviews. However, we noticed that many companies had tough time justifying the budget for implementation of a supplier risk solution. Frequently, there are other more urgent priorities competing for the same budget. Some organizations tend to view Supplier Scorecard or Supplier Risk Management solutions as “nice-to-have” rather than a critical part of the enterprise operation. I beg to differ. Investment in risk management is somewhat like buying an insurance policy except it is much more critical. An insurance policy is primarily used for reactive or defensive purposes, whereas supplier risk management can be used much more proactively. Consider the recent examples of failures in supplier risk management in widely different industries:

Toyota’s failure in managing the supplier of braking systems (CTS Corp) that led to massive auto recall
Apple’s failure in managing Chinese suppliers (Foxconn) that violated corporate social responsibility obligations
BP’s failure in adequately managing subcontractors (such as Halliburton) for the offshore drilling platform leading to world's worst oil spill

In each case proactive management of supplier risk should have highlighted the danger so that mitigating actions could have been taken before it was too late. No amount of insurance could have provided as much benefit as an appropriate level of investment in supplier risk management. Typically, the investment required for managing supplier risk would have been just a small fraction of the insurance premium. Thus, in an increasingly inter-dependent enterprise that is constantly looking for operational efficiencies by outsourcing non-core functions, investment in supplier risk management cannot be over-emphasized. Is this the hazard of the “flat” world?