Strategic risk: do not forget your supply chain
June 2013 | EXPERT BRIEFING | BOARDROOM INTELLIGENCE
How do organisations mismanage business risk? How do organisations assess their strategy and competitive dynamics, and where are organisations asleep? Recent events suggest one answer is that organisations have become exponentially more complex and interrelated. The strategy of a business can no longer fail to take into account critical enterprise issues such as supply chain and business resiliency. Often, this vital link between strategy and supply chain is sadly proven through the significant impact when there is a disruption.
Supply chain disruptions increasingly impact financial performance
Extensive research looked at thousands of company results, whereby comments in SEC reports were tied back to the stock performance of these companies. The study found an average 25 percent reduction in share price and an impact which commonly lasts over two years, as a result of supply chain disruptions. Companies can be simultaneously impacted by decreased sales and brand damage, while incurring significant extra expenses during recovery times following a business interruption. Historically, supply chain disruptions can lead to an average of 9 percent lower sales and 11 percent higher costs, and many companies with extended interruptions never recover.
These alarming impacts should be of great concern to a firm’s directors and officers, who
are directly responsible for both results and for setting the necessary ‘tone at the top’ around actively addressing risks to strategy and execution. It is often said that CEOs should be heard talking about risk management as much as they do markets and customers, because both can have a major effect on performance. Turning risk into a competitive advantage requires risk accountability, so you do not inadvertently expose your organisation to the ‘blindside’ of risk, potentially costing you money and preventing you from taking advantage of growth opportunities that build shareholder value.
A strong enterprise risk culture can correlate to improved profitability
Financial results studies provide evidence that a robust risk culture and enterprise process can be the basis for improved profitability and business resilience. Some organisations have implemented an integrated enterprise risk management (ERM) approach to managing risk, aggressively identifying the biggest risks so they can be proactively addressed in their strategy. Research by Gates, Nicolas, and Walker in 2012 confirms the reason: more advanced ERM companies are usually able to make better decisions, which should lead to enhanced performance. A 2012 study by FERMA also found that firms with ‘advanced’ risk management practices exhibited stronger EBITDA and revenue results over the past five years than did those with ‘emerging’ risk practices. This review of over 800 firms in 20 countries concluded that: (i) 75 percent more firms with ‘advanced’ risk management practices had EBITDA growth of over 10 percent; and (ii) 62 percent more firms with ‘advanced’ risk management practices showed revenue growth of 10 percent.
The study validates that an active risk practice and culture can directly correlate to stronger financial results, as the entire firm becomes more aware and accountable for the significant obstacles standing in the way of success. This enterprise approach helps management see the connections between the risks, in essence, linking risk management with strategy in their decision making. Perhaps nowhere is this more important than in supply chain risk management.
Eyes wide open
A company’s supply chain is the lifeblood running through its veins and must be seen through a wider, more strategic lens. The aim in supply chains is to lower total costs of ownership. But many companies have not properly considered the risks associated with that approach, and have failed to realise that any action taken to drive cost out can inadvertently drive risk into the business. For example, many organisations fail to identify the increased risks associated with procurement moving to using a single source or a change in sources, often without the knowledge of the risk manager who is tasked with optimising enterprise exposures.
Think about a company that wants to build its product in a different country. This is a potentially good move from a profitability perspective, but what risks are involved with that decision and how does it impact the overall strategy and vision for the future? Without an integrated process supported by top management, companies can fail to anticipate and connect risks on a regular basis. In a heated board meeting, the CEO was challenged by a board member to think beyond inventory and consider how the company would survive a loss of a supplier relationship. The conclusion is that risks, including supply chain risks, must be seen from an integrated perspective.
Boards, executives, and risk professionals need to better understand and quantify how the supply chain and its associated risks relate to the business model and strategy of the company. To really create, protect, and enhance shareholder value, this understanding needs to take place up front – not after a mistake occurs.
For example, a major manufacturer managed supply chain risks in silos and recently suffered a $1bn write-off partly because of that silo approach. While some in management began to manage specific supply chain price increases through long-term contracts, others managed the risk through hedging. Still others in the company were managing the risks by increasing research and development and finding different manufacturing models (resulting in less use of certain high-priced inputs). An integrated approach to ERM and better communication may have saved a billion.
Opportunities for improvement
When the supply chain function works together with risk management and corporate strategy, the synergy can create a competitive advantage and build resiliency. This can offer an expanded and cooperative role for procurement and risk management as they both seek to improve the successful execution of strategy. There are many tools available that risk managers and procurement can use to better understand the exposures their supply chain strategy can bring to the company. A firm can model its value chain to follow the profit flow to find the greatest pinch points. They can also perform a supply chain risk assessment of key suppliers to determine possible weak links. Learnings can be used to build more robust business continuity plans. There are supply chain risk management best practices available that can help a company in this area.
Surprisingly, only about 8 percent of companies reported having business continuity plans with their suppliers. Many companies are running Just in Sequence or Just in Time, but have not planned for what they would do ‘just in case’ a supplier does not deliver. The answer could be found in a collaborative effort between purchasing and risk financing, producing a more effective balance of risk and reward which is validated through scenario testing. Ideally, companies can establish a combined approach to managing certain exposures and insuring those risks which remain out of control of the procurement team, such as the approximately 40 percent of disruptions which occur below Tier One direct suppliers.
Opportunities for improvement in this area abound because negative supply chain disruptions are growing. Nearly 85 percent of those surveyed reported suffering from a supplier disruption, and more than 50 percent reported more than one interruption. Some of these disruptions can last for an extended period of time. An analysis of 2500 disruptions shows that almost 500 lasted more than a week, several hundred lasted more than six months, and some lasted over five years. Additional analysis revealed that approximately 20 percent of these disruptions had financial consequences in excess of $500m. That’s a big number to any organisation.
Interestingly, many companies only insure the assets of key suppliers against fire and other physical damages to production sites. However, the Business Continuity Institute’s (BCI) annual Supply Chain Disruption Study statistics about actual supply disruption causes show that IT and communication issues are the number one challenge in 2012, followed by transportation problems, labour unavailability, regulatory changes, and other reasons. Natural catastrophe was also a key cause of interruption but, as seen following the Japanese tsunami, many of the outages were not directly tied to the physical disruption but to secondary issues like power outages, infrastructure problems, labour and ingress/egress challenges. Given the variety of reasons behind supplier interruption, it may behove companies to take a more holistic approach to managing and insuring value chain risks.
An integrated approach to corporate strategy
Often, the damage from supply chain disruption may not be just to production and profitability, but also about reputation risk. In a significant study on best practice about enterprise risk management, one of the biggest lessons learned from that study was that the number one tool for better addressing enterprise exposures was simply having a conversation. In today’s fast-paced, cloud-based world, that risk conversation is not occurring frequently enough, and there is often not a ‘risk aware’ culture to support that dialogue. Organisations have to think – and discuss – anew about how supply chain risk can be managed and how it impacts their business model, strategy, and vision. By working in concert across business and functional areas, executives can help create a more resilient enterprise that is better able to anticipate surprises, recover from disruptions, adapt to changing conditions and leverage strategic growth opportunities.
Linda Conrad is Director of Strategic Business Risk at Zurich Global Corporate, and Paul L. Walker, Ph.D., CPA, is the James J. Schiro / Zurich Chair in Enterprise Risk Management at St. John’s University. Ms Conrad can be contacted on +1 (410) 664 5207 or by email: firstname.lastname@example.org. Mr Walker can be contacted by email: email@example.com.
© Financier Worldwide
Zurich Global Corporate
Paul L. Walker
St. John’s University