Covid, with its significant risk implications for supply chains from a demand, supply, and financial perspective, is another reminder of the importance of having an appropriate supply chain risk management strategy. Companies have found themselves unable to meet the needs of their end customers because of problems with direct suppliers or failures further down the supply chain such as insolvency or gaps in supply. This has led to many companies looking to prioritise risk mitigation strategies in supply chain management and improve their risk management taking a ‘just-in-case’ proactive approach rather than a ‘just in time’ reactive approach.
“How much just in time do you want to be? It’s great when it works but when it doesn’t, you lose sales“
Soren Skou, Chief Executive of AP Moller-Maersk.
Supply chain risk challenges
There are several challenges companies looking to improve their risk management, need to consider:
Inadequate and inaccurate supplier and supply chain data.
An understanding of how to develop a prioritised action plan to progress necessary improvements.
The appropriate, aligned internal resources available to manage and understand the data associated to many hundreds of suppliers and their supply chains.
To address these risk management challenges, it is worth considering these three development priorities from a supply chain perspective:
Ensure your procurement and supply chain risk strategy are aligned with overall business strategy and corporate goals, and that the senior management team understand the importance of this, the implications of failure and the resources necessary to ensure success.
Understand the financial implications of a supplier/supply failure and the relative risks and speed of impact. This needs to include the wider supply chain, not just direct suppliers. Creating a return-on-investment model aligned with business strategy and proposed supplier risk management framework, can help in both areas.
Have access to relevant, validated, comprehensive supply chain data. This will enable you to assess relevant supply chains and suppliers, monitor them and provide an up-to-date picture of how their risk is changing.
Once you have these key building blocks in place, you need to ensure that you take an appropriate comprehensive assessment approach to the relevant risk areas. These include suppliers’ financial risks, cyber risks, health and safety and CSR issues. In addition, exposure of key supply chain locations to geopolitical risks, natural catastrophes (which are increasing because of climate change) and associated logistical challenges all need to be factored into any risk management strategy. The diagram below may help you think about the various supply chain risk events you might face:
Based on diagram from Paul Hopkin’s “Fundamentals of Risk Management”
Quantifying the financial risk of a supplier or wider supply chain failure, is the first step in successfully implementing a risk management plan. This is best done in terms of profitability impact, but revenue impact sometimes is also adequate. This enables you to understand which aspects of your supply chain to focus on from a disruption perspective, although you should also consider potential reputational and regulatory exposures posed by your supply chain.
4 steps to manage supply chain risk
There are 4 key steps you need to follow to understand risk exposures within your supply chain:
Identify relevant risks: This identification of relevant risks needs to be comprehensive as set out above, and should not only focus on the supplier, but also the supplier’s production or service location. You also need to achieve the appropriate transparency and assurance from your direct supplier in terms of their critical supporting suppliers (supply chain mapping), based on the potential risks they represent from a disruption or reputational perspective. It is critical that the data you are using is appropriately validated and up to date.
Analyse and prioritise the risk: In any aggregation, you also need to recognise it is important to understand individual risk factors, for example, a supplier may be financially sound, but if their production site is exposed to a significant flood or geopolitical risk, this needs to be highlighted. You also need to be aware of any aggregation in respect of a single point of failure in your supply chain.
Monitor the risk: This can’t just be a one-off exercise. We all recognise, particularly in the current business environment, that risk is constantly changing, and the requirements of your end customers are evolving. In most cases companies are using specialist third party providers to deliver an ongoing updated risk picture.
Mitigate the risk: Having identified the suppliers/supplies that represent your highest financial exposure and risk, it is critical that you put into place the appropriate risk mitigation plans. These may include selective additions to inventory, improved and tested supplier business continuity plans or the identification of appropriate pre-qualified alternative suppliers.
It is important that this risk management plan is visible, across key business functions like sales, operations, finance as well as procurement and that it is shared regularly with your top management team so they can feedback in terms of their overall appetite for risk, relevant priorities and resource allocation.
The last year, demonstrates that a risk management strategy is not just a critical part of good supply chain and performance management, it is an evolving action plan that needs regular updating and cross functional top management support. Consumers and investors are increasingly expecting companies to pursue a triple bottom line, people, planet, and profit, and they also do not expect interruptions in their supply chain. This requires an agile and resilient supply chain where risk is proactively identified and managed, avoiding or reducing the impact of supply chain issues. In this regard, knowledge is power, and easy access to appropriate, validated, and timely supplier and supply chain data is the foundation to the successful management of risk in your supply chain. If you do not have it, but your competitor does, it is like trying to win a chess game where your opponent can see all the pieces on the board, but you cannot.