Gary Plant explains how rail managers can ensure supply chain compliance

The GB rail industry supply chain is worth billions of pounds – comprising thousands of suppliers of all types and sizes – providing products and services ranging from paperclips to rolling stock.

The rail industry would quickly hit the buffers without its huge and complex supply chain. This provides rich assets, such as signalling systems and components, consumables, on-track labour, and plant & machinery – that can reduce costs, increase efficiency and raise quality. However, the flip side is that third party suppliers can also bring risk and liability in the form of health and safety problems, compliance breaches, delays, waste, extra cost and negative PR.

Robust supply chain compliance procedures are vital in minimising the chances of buying-in risk. This article sets out some of the techniques and processes used by Altius VA in assessing and assuring rail suppliers and will underpin its new advanced IT system for the Railway Industry Supplier Qualification Scheme (RISQS). RISQS is run by the industry, for the industry by RSSB, the independent body that works with its members to drive improvements to the GB railway system.

Supplier differentiation
Not all suppliers present the same level of risk, so it is important that supplier assessment and management systems are appropriate to the products or services being procured. By precisely tailoring supplier assessment, the cost of compliance can be minimised.

A supplier positioning matrix is a useful tool in differentiating suppliers to align compliance resources appropriately. If you are a fan of Harry Potter, you will be familiar with the ‘sorting hat’ method of classifying aspiring wizards and witches and placing them, according to their talents and temperament, in one of four houses. In the same way, the positioning matrix sorts suppliers into four categories – based on the level of risk they present and the financial value of the supply contract (as detailed in the diagram below).

Risk Management fig 1By differentiating suppliers according to their risk profile and the value of business, you can determine what level of supplier assessment, monitoring and management is required, thereby minimising procurement costs.

For example, it’s not necessary to audit all suppliers, which is an expensive way of achieving compliance. This method can be reserved for where the risk and contract value warrants it.

The most basic checks can be reserved for low risk/low value suppliers, such as those providing low cost consumables. In such instances, financial health checks will probably suffice.

Smart technology can help make assessment simpler and reduce cost. It’s important to use your resources where they will bring benefit to you and your customers, i.e. the ‘Strategic Critical’ supplier category, where you’ve got the most to lose and the highest chance of losing it.

Three steps to compliance
Robust management processes are required to assess, manage and monitor risk and there are three key steps to compliance. This three-step process begins with assessing and verifying capability, then managing supply contracts, and finally monitoring suppliers.

1. Assess and assure capability
a. Supplier information is the critical starting point, but your assessment must be tailored to your specification to ensure that suppliers have the right competence and resources to consistently deliver their products and services to meet your exact needs.
b. Verify the supplier information – this evidence shouldn’t just be checked once a year; it should always be live, up to date and instantly retrievable. For example, there is little point in checking financial solvency or insurance status on a single day and then crossing your fingers that you’ve got things covered for the remaining 364 days. It is also important to be able to quickly update checks against new criteria, such as new legislation or business requirements, rather than waiting for the assessment anniversary.
c. Authorise the information – once a supplier is thoroughly checked and approved for any given product or service, ensure that this approved list is used by all departments and that they don’t appoint non-approved suppliers based on cheaper price. This can prove very costly if that decision also ‘buys-in’ risk. Your list of assured suppliers supports good procurement practice by providing buyers with a pool of capable suppliers for tendering purposes.

2. Manage supply contracts
a. Set clear policies and rules – so that suppliers are very clear of what is expected. Communication breakdown is probably the major contributor to serious incidents, where there is a lack of a common understanding of standards and expectations.
b. Contracts and specification – formalise your requirements so that nothing is left to chance.
c. Controls and restraints – ensure that suppliers understand any control processes that need to be followed, e.g. site access control on construction sites or railway lines, or exposure to heat, radiation, etc.

3. Monitor suppliers
a. Behaviour – don’t let the robustness of your monitoring lull your suppliers into complacency and remove their sense of responsibility for their own compliance and performance. It’s important to be clear about where accountability lies.
b. Audit – While physical audits have their place and are invaluable when used in the right circumstances, they can be costly. To ensure your audits add value, they should be carefully targeted and well defined – to meet a specific purpose.
c. Key performance indicators (KPIs) are essential for successfully monitoring suppliers to ensure that they abide by your contractual agreements and meet realistic targets. KPIs should be set at the start of a relationship. It’s important to gather, measure and analyse statistics that illustrate whether the desired outcomes and objectives were achieved, e.g. % delivered on time, % fixed first time, % call outs achieved within target time. Use these KPIs to provide feedback to your suppliers, so that they realise that this is useful data that isn’t just ending up in a bureaucratic ‘black hole’.

Gary Plant is Managing Director of Altius VA, which provides supply chain compliance software and management services to organisations worldwide. Altius has recently been awarded a major contract by RSSB to deliver supplier assurance services to the Railway Industry Supplier Qualification Scheme (RISQS), which is used by Network Rail, London Underground and 100-plus other buyers to assure more than 4000 GB rail suppliers.

The key rules of compliance management
Minimise the chances that you will buy in problems

  • Are suppliers capable of meeting your requirements
  • Do they really fully understand what you want
  • Do they perform as they should


Minimise the cost of Supply Chain Management

  • Use strategies that reflect the risk and spend
  • Use technology
  • Outsource where you can add no value

Maximise your company’s performance

  • Exclude incapable suppliers
  • Don’t take responsibility away from suppliers
  • Use your resources where they will bring benefit to you and your customers