Is Supply Chain Risk Management High Enough on Your Priority List?

Stephen DeAngelis

March 27, 2017

According to the Dun & Bradstreet-produced CIPS Risk Index, “Global supply chain risk grew to a record high at the end of 2016 as the CIPS Risk Index … rose to 82.64, from 79.14 at the end of 2015. The figures put global supply chain risk at the highest level in 24 years following a year in which the pace of globalization appeared to slow.”[1] If that’s not enough to convince your company it needs to pay more attention to risk management, there is growing concern supply chain risks will continue to mount. “The Index … tracks the impact of economic and political developments on the stability of global supply chains. A combination of economic nationalism, rebounding commodity prices and the growth of a burgeoning Chinese middle class is making long international supply chains a more risky prospect while there has been an average of 22 new trade restrictive measures a month in the World Trade Organisation’s latest report. … At a global level, Donald Trump’s election success in November confirmed a wider shift towards protectionism in global trade policy. The adoption of protectionist trade policies, closing of borders and pursuit of bilateral trade deals over multilateral ones, all signal that the gap is widening between an interdependent global economy and the sole pursuit of national interests. As multilateral trade agreements such as the Trans-Pacific Partnership are dismantled, global supply chains face unparalleled uncertainty and stress.”

There will Never Be an End to Risks

Uncertainty and stress are the bane of risk management professionals as well as business forecasters. Bill DuBois, director of marketing content at Kinaxis, writes, “Financial crisis. Check. Environmental catastrophes. Check. What’s next? Is this the year of political disruption?”[2] He continues, “You don’t need to go back any further than a decade to understand the many challenges supply chains have endured over the years.” He briefly recounts some of the causes of disruption that have kept risk managers awake at night over the past decade. Unfortunately for them, risks to the supply chain are like buses in a city, miss one and there is another one on its way. Kevin Ingram, chief financial officer of FM Global, insists that sometimes companies create unnecessary risks through their cost-cutting efforts. “Speed, efficiency, and cost-effectiveness are big supply-chain priorities these days,” he writes, “especially for just-in-time products. But the leaner you make a supply chain, the riskier it gets — especially when it comes to the moving parts, like cargo.”[3] Patricia Titus (@RUSecur), CISO and CPO at Markel Corporation, asserts that security risks are also omnipresent from both inside and outside a business. “Today’s digital transformation,” she writes, “requires security professionals to think outside the box and develop new ways of handling the dynamic way our companies adopt and use technology. … Cloud creates unique challenges for many companies who have a perception that they will lose control of their data, could suffer catastrophic outages or data breach. These are all the same concerns they should have with in-house systems which often isn’t the case.”[4]

Even when a company has a good handle on risks within the enterprise, there are always going to be outside risks — from third parties, hackers, politicians, and mother nature — with which they must contend. The good news according to Luca Urciuoli, an associate research professor at the Zaragoza Logistics Center, is, “With the benefit of digital technologies, companies are using Big Data to identify supply chain risks and create early warning systems with much greater speed and precision.”[5] The bad news is, “The ability to respond to these signals has not advanced at the same pace. Moreover, the gap between risk identification and risk response promises to become more severe as the rate of digitization accelerates.” Since most analysts believe industrial age organizations are going to have to transform into digital enterprises to survive in the decades ahead, Urciuoli’s conclusions should be considered a shot across the bow for companies who have not placed a high enough priority on risk management.

Risk Management Requires Constant Vigilance

Data is a risk manager’s best friend and worst enemy. Why? If gathered, integrated, and analyzed correctly, data can help a risk manager know — in near-real-time — what is happening throughout the supply chain. Unfortunately, the amount of data being generated today can prove to be so overwhelming it can result in frustration and inaction. When faced with a daunting challenge, it’s always best to parse the problem. Here are four steps that can be taken to make the risk management challenge easier to deal with:

1. Establish clear objectives for the risk management process. Most risk management processes focus on continuity of operations and recovery following disruptions. Understanding exactly what you want to get out of the process helps you determine what data needs to be gathered, integrated, and analyzed to achieve those goals.

2. Identify potential risks. Since there is a nearly infinite number of events that can result in disruptions, identifying them all is an impossible task. Select the most likely events in areas like suppliers, logistics, natural disasters, financial calamities, political activities, etc., and then use “what if” exercises to educate yourself about potential courses of action.

3. Develop and Exercise Response Plans. Armed with a few selective “what if” exercises, you are better equipped to draw up response plans for dealing with them. It’s not enough, however, to simply have plans sitting on the shelf. They must be exercised. Why? As the military is fond of noting, no plan survives first contact with the enemy. The importance of exercises is that they prepare decision makers to think on their feet and respond to changing circumstances.

4. Let Technology Help. Urciuoli writes, “Companies routinely create contingency plans to deal with specific disruptions but need to put more effort into digitizing and automating these plans. Risk managers can decide which elements of their contingency plans can be fully automated and which ones continue to require human supervision.”

Cognitive Computing and the Autonomous Supply Chain

Urciuoli observes, “Enterprises use various strategies to make their supply chains more resilient. These include diversification of the supplier base, establishing safety stocks, and planning for spare transportation capacity. These strategies will continue to be important, but building resilient digital supply chains, or cyber resilience, requires a speed of response that can be achieved only through automation and smart software.” He notes that the Center for Global Enterprise “characterizes a digital supply chain as ‘a customer-centric platform model that captures and maximizes utilization of real-time data coming from a variety of sources.’ If a potential disruption is detected, the system decides on the best mitigation strategy and executes that strategy.” Whenever automated decision making enters the discussion, cognitive computing is generally in the mix. Cognitive technologies can collect, integrate, and analyze both structured and unstructured data. This is important because some risks are going to found among consumer comments in social media. Often those type of reputational risks require immediate remedial action. Traditional risk management processes simply can’t see these risks until it’s too late. Urciuoli believes “the main integration challenges, in order of importance” are:

  • Creation of robust information collection and sharing. “Many enterprises, especially small companies, lack the technical skills and financial resources needed to build the required infrastructure. Also, a lack of standardization makes it difficult for companies to communicate across IT systems.”
  • Exploiting business intelligence rules. “More work is needed to assess the risks associated with digital supply chains, develop business intelligence rules to manage these risks, and automate the underlying management processes.”
  • Establishing public/private sector partnerships. “In the increasingly complex and demanding digital environment, governments rely more and more on private sector resources to secure supply chains.”
  • Data confidentiality. “Companies are uncertain about sharing sensitive information via a digital platform. One solution is to develop Dropbox-like technology that gives access to selected parties without the need to download data. Data resides on the owner’s site and is only shown to authorized parties as needed.”
  • Cybersecurity. “Hacking is an ever-present and increasing risk. Digital supply chains are vulnerable to security breaches by criminals such as cargo thieves. New technologies are needed to scan for cyberattacks and protect systems against infiltration. Emerging blockchain technology — which makes it easier to authenticate digital documents and verify the identity of trading partners — is one promising development.”

Cognitive systems can embed rules, learn from experience, and react faster than humans when a problem is detected. That’s why Urciuoli recommends that risk managers seriously consider “which elements of their contingency plans can be fully automated and which ones continue to require human supervision.”


Supply chain risk management is only going to grow in importance in the years ahead. As supply chain complexity increases, so does the need to leverage cognitive computing capabilities to help deal with that complexity. Risk managers will be able to sleep a little more comfortably knowing that a tireless, around-the-clock system is monitoring events and alerting decision makers in near-real-time.

[1] The Chartered Institute of Procurement & Supply, “Supply chain risk reached record high in 2016: CIPS Risk Index,” Continuity Central, 15 February 2017.
[2] Bill DuBois, “Supply chain risk management in 2017,” 21st Century Supply Chain Blog, 24 February 2017.
[3] Kevin Ingram, “Your Supply Chain Is Riddled with Risk,” CFO, 22 November 2016.
[4] Patricia Titus, “The Goldilocks Theory for Risk Management,” CIO Review, 2017.
[5] Luca Urciuoli, “Automating Supply Chain Resilience Should Be High on Your Digital Agenda,” MIT Sloan Management Review, 20 January 2017.