Supply Chain Risk Management: You Can’t Outsource Responsibility

Stephen DeAngelis

September 19, 2016

“There’s a saying,” writes Warrick Beaver (@WarrickBeaver), Managing Director of Customer & Third Party Risk at Thomas Reuters, “that you can outsource almost anything, except responsibility.”[1] Beaver explains companies need to be both vigilant and persistent in their efforts to operate an ethical supply chain or risk the consequences. “Hardly a day goes by without a company being dragged into the media or regulatory spotlight because of actions within their supply chain,” he writes. “There has been the retailers whose garden furniture comes from illegal logging in south-east Asia or the supermarket chain selling fish that’s unwittingly sourced from Thai suppliers using forced labor.” Supply chain risk has many sources; reputational risk is a particularly nasty risk because it can affect a company’s valuation and even its survival. Avoiding reputational risk is difficult because a company’s reputation can be blemished by the actions of suppliers deep in its supply chain. Caroline Binham (@carolinebinham) reports, “The fall in market value of companies hit by penalties over breaches committed by third parties can be 10 times as much as the fine itself.”[2] In another article, Beaver asserts, “The impact of globalization on supply chains now and in the future cannot be underestimated. Often, what leads to mishaps is not the complexity of supply chains but the lack of third party management, transparency and monitoring which is fundamental from the beginning of the supply chain through to the end consumer.”[3] He continues:

“By exposing, understanding and then monitoring the many nodes, connection points and related parties involved in a company’s ecosystem, companies can take active measures to ensure that their business is secure and its operations are sustainable at a holistic and bi-lateral relationship level. In addition, in today’s business environment organizations are held responsible for the actions of suppliers, vendors and partners in addition to their own internal activities. A third party could be any person or organization that is connected to your supply chain or is executing business on your organization’s behalf such as a supplier, distributor, agent and/or partner.”

I’ve heard Lora Cecere (@lcecere), founder and CEO of Supply Chain Insights, repeatedly stress the importance of a company having supply chain visibility from a supplier’s supplier all the way to a customer’s customer. A company’s reputation can be damaged if something unethical occurs anywhere within that framework. Analysts from PYMNTS.com write, “It’s not what you don’t know that can hurt you in business as much as it is what you don’t know you don’t know.”[4] They continue, “For firms with increasing global reach, especially across supply chains that stretch across borders, knowledge remains among the most important guarantors of safety, whether in making sure products are delivered as advertised (within spec) or in financial transactions, data sharing and communication shared across cyberspace. Uncovering vendor risk can be as important as monitoring the day-to-day operations of any other part of a firm, especially in B2B relationships.” John Suffolk (@JohnSuffolk), global cyber-security and privacy officer at Huawei Technologies, adds, “Supply chain risk management is not just about ensuring that products and services will be there when needed. It is also about a product lifecycle approach that minimises the risk that products will be tainted by the behaviour of malicious actors, or that the products may contain counterfeit components that can be exploited for illicit purposes.”[5] He continues:

“Each additional supplier in the delivery of a service or product is another opportunity for an illegitimate supplier to provide inadequate goods and regardless of the processes in place, an element of control is undoubtedly removed. The complexity of managing this risk increases when the supply chain spans multiple countries, each adopting different laws and standards. Products deemed ‘suitable’ and ‘safe’ in one market may not be in another; or may not be evaluated at all in another. This equates to thousands of potential areas where an element of the end product could be sub-standard, putting the company selling the final product — or using it — unknowingly at risk from financial and reputational harm.”

Analysts from Source One observe, “Globalization … makes supply chains more vulnerable to complications and, in part, has contributed to elevated levels of pressure to comply with regulations.”[6] Beaver insists that regulatory risks are only part of the problem. “There are two factors at work which are making life tougher for organizations,” he explains. “Firstly, brands are more than ever in the hands of consumers, who are quick to use social media to highlight perceived failings. Secondly, both the volume of regulation and the power of regulators are growing. Little wonder that in this climate organizations are increasingly concerned about their current practices around due diligence. … Essentially, an action in any part of your supply or distribution ecosystem can lead to potential prosecution and reputational damage in another, more highly regulated country.” With so much potential risk being associated with third parties, Beaver asks, “Is there anything organizations can do to identify and mitigate such risks?” His question brings to mind another saying that has been thoroughly discredited over the years; namely, “Ignorance is bliss.” When it comes to supply chain risk management, ignorance is not blissful — it’s dangerous. Hence, the answer to Beaver’s question — what can organizations do? — they can gather and analyze as much data as they can about every stakeholder in the supply chain. Source One analysts add a cautionary note about gathering data. “While many companies know data can be used to optimize supply chain operations,” they write, “it also comes with a number of security risks.” Cyber security is indeed a risk that increases as connections multiply. Nevertheless, more data is better than less data when it comes to avoiding or mitigating reputational risks.

 

There is a lot to consider when trying to ensure a company’s supply is operating ethically. To that end, Supply Chain Magazine teamed with Professor Christopher Tang from UCLA’s Anderson School of Management to create a mindmap for an ethical supply chain. The mindmap includes risks associated with the changing business landscape, the consequences of uncontrolled outsourcing & offshoring, the underlying causes of supply chain problems, and supply chain solutions. Strategies for mitigating supply chain reputational risks include improving the supply chain, balancing supplier selection, implementing a comprehensive vetting program, and ensuring the process has support from top management. Creators of the mindmap conclude, “Risk management, complexity reduction and supplier management ensure supply chain improvement.” Because so many variables are involved in managing a complex supply chain, employing a cognitive computing system is becoming an imperative. Cognitive computing systems can handle both structured and unstructured data (this is especially important if social media is to be monitored) and can deal with many more variables than older systems. In addition to alerting decision makers about potential problems, cognitive computing systems can handle many of the routine decisions that must be made so that decision makers are free to deal with more complicated issues. Since responsibility can’t be outsourced, companies need to be armed with as much information as possible so they can act responsibly in the first place rather than having to try and mitigate the consequences of the unethical actions of others.

 

Footnotes
[1] Warrick Beaver, “Harnessing the power of data to identify supply chain risk,” Thomas Reuters, 19 August 2016.
[2] Caroline Binham, “Companies face lasting damage after third-party misconduct,” Financial Times, 2 August 2015.
[3] Warrick Beaver, “The importance of knowing your third party,” Thomas Reuters, 13 October 2015.
[4] Staff, “Uncovering Hidden Supply Chain Risk,” PYMNTS.com, 19 August 2016.
[5] John Suffolk, “No company is an Island,” SC Magazine, 12 August 2016.
[6] Source One, “Balancing supply chain sustainability and risk management,” The Strategic Sourcerer, 25 January 2016.