Supply chain risk management is a full-time job. Logically that means chief executive officers (CEOs) must delegate that responsibility to someone who can dedicate their full attention to the endeavor. Having delegated that responsibility, however, doesn’t mean CEOs are then free to ignore it. “Although delegating supply chain management generally makes sense,” writes Bret Ahnell, an executive vice president at FM Global, “it’s critical for business leaders to bear in mind that hidden threats to supply chains — whether fires, natural hazards, political risks, terrorism, corrupt officials, weak economies or shaky infrastructures — can disrupt and even devastate businesses.” In other words, everyone from the CEO down to front-line workers need to be vigilant about risks that could disrupt operations — even if a company has a full-time team monitoring those risks. The larger the company is the more important it is to have a full-time team that can develop and exercise continuity of operations plans. As Susan Avery (@AveryJournalist), Editor-in-Chief of My Purchasing Center, notes, “‘Hoping that your luck holds out’ is not a good strategy for managing risk in the supply chain.” Yet that is exactly what a company is doing when it hopes risk management can be handled individually by various c-level officers. Avery reports that a study by the consulting firm A.T. Kearney and research and analytics company Rapid Ratings International affirms that c-level officers with other full-time duties, like chief procurement officers, simply can’t give appropriate attention to risk management. “Procurement leaders who participated in the study say they understand that risk exists, yet they admit they are not doing all they can to ensure supply continuity should an event occur that causes a disruption. They say it’s because they don’t have the time or the budget to address these issues.”
Being Mindful of Risks is Not Enough
Günther Reinelt, a professor in operations and supply management at Hochschule Niederrhein, asserts that even though the risk level in the supply chain has increased significantly so has awareness of supply chain risks. He writes, “Many companies still seem to approach this issue in a rather uncoordinated manner, with a tendency to focus on isolated individual measures, such as financial information on suppliers.” He observes, however, “Leading enterprises are taking a cross-functional and cross-company approach, which is characterized by proactive, active and reactive elements, to minimize and prevent risks in the supply chain.” He continues:
“The continually evolving advanced efficiency of the specialized information and technology systems used plays a vital role in this regard: relevant information can be filtered and processed from the huge supply of data, which then allows for virtually centralized risk management with simultaneous decentralized sensor and operational capacities. Supply Chain Risk Management is an integrated sub-process of a company-wide risk management process. Coordinated goal definition, risk identification, risk analysis, risk management, and monitoring and control of the efficiency of systems and measures make up the key elements. The proactive phase involves developing a corporate strategy that is in line with the objective to achieve a defined delivery capability in case of a harmful event, while striking an efficient balance between required capacities for recognizing and managing supply interruptions, and susceptibility to disruptions in the supply chain. This requires creating risk-related transparency in the supply chain — a transparency that covers more than just Tier 1 suppliers. In reality, the supplier base is usually a network and not a linear chain, and a Tier 3 supplier could be the trigger of enormous supply disruptions, for example, because it supplies two or three Tier 1 or Tier 2 suppliers.”
Patrick Burnson, Executive Editor of Logistics Management, reports that rising risks and complexities associated with extended supply chains have resulted in a growing number of technologies aimed that can help companies deal with risk management. He adds, “Given the number of highly disruptive global supply chain events in recent years, this should not come as much of surprise.”
Leveraging Technology to Improve Risk Management
As Reinelt noted, risk management begins with good supply chain visibility. Good visibility requires a continual flow of data up and down the supply chain. Data, however, is only as useful as the analytics applied to it. Fortunately, there is good news in that regard. Burnson writes, “According to Steve Banker, vice president of supply chain management with ARC Advisory Group, one of the most promising developments in the risk mitigation arena is the development of new software applications that can dig down to the granular level of procurement and distribution networks.” Those software applications use artificial intelligence (AI) — especially the field of cognitive computing — to provide insights, identify anomalies, and automate processes. In the future, cognitive computing systems will form the heart of control towers that will play a leading role in risk management as well as in day-to-day operations. Banker (@steve_scm) notes that today’s state-of-the-art control towers (or control rooms) operate in real-time. “The data is real-time and near real-time,” he writes, “and typically actions that are taken based on the information are presented to operators is almost instantaneous in the event of safety issues, or can be executed in a few hours surrounding less critical production equipment issues.” Risk management systems need to monitor more than operational data. Exactly what data needs to be monitored is unique to each company. However, a good resource for what should be included in a risk management program is the online Riskipedia provided by the Global Supply Chain Resiliency Council (GSCRC). “Riskipedia is an open-source project and online resource that captures and chronicles the most important Supply Chain Risk Management (SCRM) and Resiliency terms and concepts, people and organizations, and tools and technologies.”
Borrowing a metaphor from John Donne, the 17th Century English poet, John Suffolk (@JohnSuffolk), global cyber-security and privacy officer at Huawei Technologies, reminds us that no company is an island. “Great poetry,” he writes, “is timeless. And the words of John Donne are as relevant to us today as they have ever been. … No successful company stands alone. Instead, every company, large or small, has an extensive — often complex — supply chain supporting it.”  Because no company is an island, business leaders must be aware of all of the risks and opportunities their companies confront. Cognitive computing systems can help companies achieve that goal and, in the process, make companies more adaptable. As Ahnell notes, “The quality of adaptability, the resistance to potential business disruption, and the ability to quickly bounce back from disaster epitomize organizational resilience. … In the end, with your supply chain resilient, you can return your focus to concerns that tend to occupy chief executives every day, including attracting top talent, expanding in key markets and outperforming less resilient competitors.”
 Bret Ahnell, “Tips for Gauging Your Supply Chain Risk and Resilience,” Chief Executive, 18 July 2016.
 Susan Avery, “Why risk needs to be top of mind for procurement leaders,” CSCMP’s Supply Chain Quarterly, 21 July 2016.
 Günther Reinelt, “Risk Management in the Supply Chain,” Supply Chain 24/7, 29 October 2015.
 Patrick Burnson, “Leveraging Technology to Mitigate Global Risk,” Logistics Management, 2 August 2016.
 Steve Banker, “Shell’s Next Generation Operations Center,” Logistics Viewpoints, 25 July 2016.
 “Global Supply Chain Resiliency Council Launches Riskipedia™,” Press Release Rocket, 22 February 2016.
 John Suffolk, “No company is an Island,” SC Magazine, 12 August 2016.