Common sense alone tells you automobile manufacturers face different risks than cosmetics manufacturers. So it comes as no surprise a joint report published by the Cranfield School of Management and Dun & Bradstreet concludes, “There are significant differences across sectors, requiring varying risk management practices across industries.”[1] The report focused on four key metrics: supplier criticality, supplier financial risk, global sourcing risk, and foreign exchange risk. If you are an upstream supplier or a downstream retailer, different metrics must also be considered. The bottom line is you must know your business and identify which risks matter most to you.

Identifying risks

Supply chains have always been at risk from natural disasters, labor disputes, manmade disasters, and the like. Yet, Bain & Company partners, Peter Hanbury and David Schannon, write, “Supply chains are suddenly under threat.”[2] What they really mean is that supply chains are suddenly being threatened by new risks. They explain, “Following years of low inflation and stable trade relations, executive teams in boardrooms across the globe are now grappling with rising inflation, a rapidly changing trade environment and the dire threat of an all-out trade war.” Trying to identify every possible risk a company’s supply chain might face is a fool’s errand. In the great global pantheon of corporate risks, business interruption in all its many forms still ranks as the most prevalent and feared. But, Adam Courtenay (@AdamCourtenay), asserts, “In the great global pantheon of corporate risks, business interruption in all its many forms still ranks as the most prevalent and feared.”[3] He cites results from Allianz’s 2018 Risk Barometer report which found, “While general business interrupters (including supply chain failures, natural disasters and factory fires) remain the top risks for companies worldwide (42 per cent of respondents), cyber risk (number two, with 40 per cent of respondents) is the most feared. Five years ago, it ranked just 15th.” What that reaffirms for supply chain risk managers is that supply chains risks require constant reassessment as the world changes. This year’s top ten risks were identified as:

1. Business interruption
2. Cyber incidents
3. Natural catastrophes
4. Market developments
5. Changes in legislation and regulation
6. Fire, explosion
7. New technologies
8. Loss of reputation or brand value
9. Political risks and violence
10. Climate change/increasing volatility of weather

Although that list is a good starting point for considering what risks your company is facing, it’s certainly not inclusive and may not include risks unique to your business. Howard Kunreuther and Michael Useem, professors at the Wharton School of the University of Pennsylvania, recommend being “alert to near-misses.” They explain, “What we mean by that is, ‘There but for the grace of God go I’ [moments].”[4] They also suggest companies learn to “appreciate global interconnectedness and interdependencies.” I have repeatedly recommended companies engage in some serious “what if” exercises. Near miss moments are a good place to start. If you don’t think your company faces serious risks, you’re wrong. Linda Rosencrance writes, “Every enterprise — be it private, public or nonprofit — is exposed to risk in its supply chain. The list of risks is long and includes lacking the goods or services necessary to meet customers’ needs, not being able to take advantage of market opportunities, disruption in internal operations, interruption in the flow of products and penalties for noncompliance with environmental and labor laws.”[5] She adds, “Successfully managing these risks is critical to the growth — and possibly the very existence — of an organization.”

Mitigating risks

Kunreuther and Useem note, “From product scandals to data breaches to natural disasters, companies are dealing with constant risk. But how they prepare for those risks can make the difference between riding the roughest wave — or drowning in it.” Hanbury and Schannon add, “It’s easy — and understandable — to feel powerless and to continue doing business as usual until the trouble becomes acute. But some fast movers have begun taking important steps to improve their agility and reduce their exposure to supply risk.” In a previous article, I noted, “Trying to prepare for every potential risk to supply chain operations is impossible; nevertheless, some preparation must be made in order to prevent or mitigate significant disruptions to operations.”[6] So what can you do to overcome a business-as-usual attitude that could result in serious inaction and significant harm to your business? Christopher Hagon, co-owner and President of Incident Management Group, observes, “Risk management plays an essential role in helping visualize the risks inherent in today’s complex supply chain operations, a role that not only considers process weaknesses and vulnerabilities, but the overall cost outcome.”[7] In other words, a good enterprise risk management process takes a holistic view of a company.

Many analysts believe a holistic view of an enterprise must include all supply chain stakeholders from a supplier’s supplier to a customer’s customer. That kind of visibility is not easy to achieve. The longer and more complex a supply chain the more difficult attaining visibility becomes. It’s one reason blockchain technology is garnering so much attention. Blockchain holds the potential of dramatically increasing tracing and tracking capabilities. But visibility goes far beyond tracing and tracking. It includes supplier financial health, unique local risks, availability of transportation, the trade climate, and more. It’s a lot to keep track of. Fortunately, emerging technologies, like blockchain, the Internet of Things, the cloud, and cognitive computing can help. Jim O’Donnell (@jimodonnelltt) notes, “A wide range of tools has been developed to help with supply chain risk assessment and mitigation. For example, predictive modeling tools can help foresee whether a supplier is more or less likely to be affected by climate or geopolitical disruptions. Analytics tools can also help companies perform supply chain risk assessment of their suppliers on a number of categories, such as use of forced child labor.”[8]

Waiting to address supply chain risks until they actually affect an enterprise is a losing strategy. Having a risk management plan in place and exercising it are essential. Chloe Jansen, manager of operations performance at Ayming, calls this mending the roof while the sun is shining.[9] She writes, “Future-proofing for a rainy day should be a no-brainer.” She continues, “Turning back the clock to mend the roof before the downpour is not an option, but it is possible to benefit from our hindsight.” She suggests companies take four basic steps:

• Health check — “Run a diagnostic review of current spending and operational practice to identify key areas of risk and opportunities for improvement.”
• Get your house in order — “Launch a transformation program, focusing on ‘right-sizing’ the organization, streamlining spend to achieve value for money, and enabling people to ‘do the right thing’ through improved processes and technology. Transformation programs should balance the need for immediate savings with the longer-term gains that come from strategic change.”
• Ongoing monitoring — “Continuous performance reviews should ensure that spending and operations are aligned to current as well as future business requirements, including risk assessments.”
• Getting the most from the supply chain — “Organizations that effectively harness supplier innovation are better placed to transform their own operations and business.”

One of the reasons companies aren’t better at risk management is because they fail to invest in it. Business executives see it as expense with an unknown return on investment. Jansen asserts such thinking is short-sighted. “Future-proofing requires investment,” she explains. “But an expert diagnostic review can help self-fund transformation, using cash released to cover the investment — whether it’s in people, processes or technology — and sustain and enhance these savings while also reducing risk. Just because your business has weathered the squalls so far, it does not mean it will withstand a storm. The best time to inspect and repair that roof is now.”

Footnotes
[1] Cranfield University, “Risk in supply chains differs by industry, new report finds,” Phys.org, 12 June 2018.
[2] Peter Hanbury and David Schannon, “Could Looming Supply Chain Risks Sink Your Company?” IndustryWeek, 18 May 2018.
[3] Adam Courtenay, “Top 10 global business interruption risks,” INTHEBLACK, 1 June 2018.
[4] Howard Kunreuther and Michael Useem, “Betting on Disaster: Why Risk Management Is a Leadership Issue,” Knowledge@Wharton, 14 June 2018.
[5] Linda Rosencrance, “Supply chain risk mitigation strategies on multiple fronts,” TechTarget, June 2018.
[6] Stephen DeAngelis, “Supply Chain Risk Management Requires Pre-crisis Preparation,” Enterra Insights, 12 June 2018.
[7] Christopher Hagon, “Steps to Secure and Mitigate Risk for the Global Supply Chain,” Security Info Watch, 15 Jun 2018.
[8] Jim O’Donnell, “Get a grip on supply chain risk,” TechTarget, June 2018.
[9] Chloe Jansen, “Mending The Roof While The Sun Is Shining,” Spend Matters, 4 June 2018.