Disruption mitigation: managing risks along the supply chain
July 2016 | FEATURE | RISK MANAGEMENT
Financier Worldwide Magazine
Companies operating in the high-stakes world that is the current global business environment are constantly faced with a multitude of challenges, not least of which the risk factors present in supply-chains and the potential they have for disruption.
Indeed, the risk factors are daunting, especially for organisations that are utilising supply chain risk management systems that are simply not up to the task required – that is, to function as an early warning system for risks and to manage those risks should they come to pass.
In its 2015 report ‘Understanding Supply Chain Risk Areas, Solutions, and Plans’, Protiviti lists many of the supply chain risks that typically bedevil businesses. These include: purchase price risks; inventory and obsolescence risks; regulatory and compliance risks; information privacy and security risks; contract compliance and legal risks; process inefficiency risks; employee and third-party fraud risks; project management risks; corporate culture and change management risks; and demand and supply planning and integration risks.
Even a cursory examination of this list, which is by no means exhaustive, confirms that the task of managing an agile and all encompassing supply chain risk management system is arduous; an undertaking that requires companies to ask how they can improve their extant supply chain risk management systems, as well as embracing the innovative technologies that can help them do so.
However, according to Barry Cross, assistant professor of operations strategy at Queen’s University’s Smith School of Business, companies that are determining how they will cope with the supply chain risks they face should first accept that they will not be able to create an all-encompassing risk management system. Regardless of the industry, business or field they operate in, even a comprehensive approach to risk won’t be able to predict all threats. “This is not necessarily a bad thing,” says Mr Cross. “If a firm is in a state of change or driving a new strategy, a key factor of that direction is that some or even much of what they encounter will be ‘new’. An important element of their risk management system, then, is that people are paying attention when one of these unknowns arises as a threat.”
With billions of dollars lost to companies and economies each year due to risks along the supply chain, the importance of having systems which can control disruptions, monitor their effect and respond to any fallout cannot be overstated.
Companies face a catalogue of difficulties when implementing a risk management system that can effectively mitigate disruption along the supply chain. “When companies start turning over rocks in their upstream supply chains, all kinds of unexpected things can come to light, especially when sourcing involves troubled parts of the world,” says Jane C. Luxton, a member of Clark Hill PLC’s Environment, Energy and Natural Resources Practice Group. “For example, dozens of prominent companies were surprised to discover, as part of their US conflict minerals diligence in 2014, that their supply chains included gold from North Korea that is subject to sanctions under the US Treasury’s Office of Foreign Asset Control (OFAC) requirements. Some companies were able to demonstrate that their products did not actually contain sanctioned gold, but the issue was not only an embarrassment but a potentially serious problem, with both reputational and legal risks at stake, given that sanctions violations can involve significant penalties, including criminal prosecution.”
For Robert J. Trent, co-author of ‘Supply Chain Risk Management: An Emerging Discipline’ (2014), one of the major difficulties companies face when they are looking to implement a risk management system is their inability to see past Tier 1 suppliers. “From my research, more than one executive has commented that this is perhaps the major weakness their company faces in the risk management arena. Another problem is the difficulty in showing a positive return on investment when trying to implement risk management approaches. How do we quantify the benefits from these systems when we are looking at something that might not even happen?”In addition, supply chain risk management is not an embedded part of the culture at most firms, with no real responsibility defined within the organisational structure.
Many companies struggle to put in place effective systems to manage the ever-expanding obligations associated with supply-chain transparency. As Ms Luxton points out: “There is no simple solution to this problem, especially since each company is unique in its approach to purchasing and its relationships with its suppliers, who hold the key to critical supply chain sourcing information.”
So, what are the options available to companies that will allow them to identify and assess the supply chain risks they face? And, once established, how should these risk factors be incorporated into an effective supply-chain risk management programme?
First and foremost, believes Ms Luxton, it is critical for those at an organisation’s C-suite level to back all efforts to establish an effective and accountable supply chain management system. Without this high-level empowerment, the chances of a programme manager being able to command the necessary attention and responsiveness from internal departments to meet compliance obligations optimally will be severely diminished. “The best approach is for a small group within the company, ideally working with outside advisers, to identify the supply chain information demands the company faces from all relevant legal programmes and customer requests,” she says. “The list of these obligations continues to grow, and it will be important for the group to keep updated on disclosure requirements.”
In addition, this dedicated group should include representatives who are knowledgeable about purchasing practices and compliance programmes, as well as the company’s marketing and public relations functions. Moreover, the involvement of outside counsel can be critical as surprises could emerge that require internal audits or self-disclosures to government agencies.
“Once the group is clear on all the types of information that will be needed and where it is located within the company, or with upstream suppliers, they can formulate an effective implementation plan,” says Ms Luxton. “Most supply chain disclosure programmes recognise that reporting will improve over time, so the plan need not be perfect initially, but it is important to put in place a credible, good-faith procedure.”
For a supply chain risk management strategy to be successful, there needs to be cross-functional activity that engages a wide range of stakeholders, as well as an agreement that the responsibility for it is not left solely in the lap of a risk manager or equivalent department. “There are a number of ways to build risk management into a business,” notes Mr Trent. “Risk identification and management needs to become an accepted part of major processes – during product development, supplier selection, commodity strategy development, customer order fulfilment, demand estimation and planning. For example, a cross-functional team should not be allowed to propose a commodity strategy without a fully developed risk management plan included with the strategy.”
In addition to the cross-functional team of experienced supply chain people, there should also be one or two sceptics included. “Give the team time to think about what has gone wrong in the past, and what could go wrong in the future,” proposes Mr Cross. “Rank the risks in order. Consider the likelihood that something will go wrong, what the impact of that event may be and the firm’s ability to detect the risk being manifested. Furthermore, broader crisis management plans should be developed to tackle anything else that may arise.”
Resilience and structural flexibility
According to Dr Martin Christopher, emeritus professor of Marketing & Logistics at Cranfield University’s School of Management, it is critical that resilience is built into supply chains due to the inevitability that they will experience unexpected turbulence or be affected by events that are impossible to forecast. Resilience is the ability of a system to return to its original or desired state after being disturbed, with resilient processes at their best when they are flexible, agile and able to change quickly.
“Perhaps one of the most powerful ways in which enhanced supply chain resilience can be achieved is through structural flexibility,” says Dr Christopher. “Structural flexibility reflects the ability of a supply chain to adapt or reconfigure its architecture in response to major changes on the demand side or the supply side of a network. The key to structural flexibility is the adoption of a supply chain design philosophy which recognises that the best decisions in a turbulent and uncertain world are often those decisions which keep the most options open.”
According to Tony Abel, managing director within the supply chain practice at Protiviti, greater resilience across supply chains can be obtained by ramping up the use of technology, to make risk management systems that much more robust. “Common risk models help to predict the likelihood of an occurrence, as well as estimating the potential business impact for many of the operational and process risks that are important to an organisation,” opines Mr Abel. “However, many standard models do not work so well for incidents that are more difficult to predict, such as natural disasters or political and social risks. Applying alternative models that require the assignment of probability and financial impact, regardless of the type of risk, is something that existing supply chain risk management systems could do better.”
Managing risk in future
How effective supply chain risk management systems will be in future is of course difficult to determine. But, alongside the increasing prevalence of global supply chains, there are a number of trends and developments emerging that will almost certainly have a major impact in this space.
“It is not only global supply chains that are increasingly prevalent, but also supply chain accountability regimes,” suggests Ms Luxton. “The chairman of the US Securities and Exchange Commission famously said that it was ill-suited to carry out a supply chain reporting programme, but nonetheless the Dodd-Frank Act requires it. These obligations are now entrenched in both a growing list of legal obligations and customer and marketplace expectations, and companies need to take them into account in their risk mitigation planning.”
Another development which may very well have a significant impact on global supply chains, and how risks are managed, is re-shoring. This refers to bringing the supply of goods back to home markets from offshore. “Cheap or common goods will still be sourced in developing markets, but strategic supply relationships may be coming home, where we can manage risk more easily through proximity, common language and culture,” says Mr Cross. “Sometimes the supply of that good is too important for it to be half a world away.”
With supply chains playing such a key role in business operations worldwide, the ways companies manage the risks are of prime importance as they pursue fresh strategies and new directions.
Not only does a robust supply chain risk management strategy act as an early warning system for companies, in terms of identifying and preparing for the risks they are likely to face, it also opens up access to a multitude of new suppliers and markets – an absolute necessity for any company serious about keeping disruption to a minimum, thriving during turbulent times and securing long term viability.
© Financier Worldwide