Supply chain risk management

From the April 2021 print edition

The sheer complexity and scale of supply chains in today’s global economy are an increasing concern for leaders in terms of how effectively their company manages related risks. The challenge can become daunting when you layer in details such as shifting definitions of what constitutes a supplier or a vendor, raw materials, professional services, software as a service (SaaS) and cloud providers.

Fortunately, although supply chains are changing, the fundamental risk management strategies still apply. Surprisingly, this begins with an in-depth analysis not of your existing supply chain, but of your own business, value chain and value drivers.

The following are five key steps in managing supply chain risk:

  1. Map and prioritize your business’s value proposition to understand the material breakpoints that define success. Suppliers aren’t intrinsically important solely due to who they are or what they provide. Rather, their importance is defined entirely by the elements of your business that they support. Any understanding of supply chain risk, and the impact on your business and operations, begins with an internal assessment. One way to understand such materiality is to look for bottlenecks in value generation and/or recognition. Consider a pharmaceutical company manufacturing a critical vaccine that requires extreme cold storage conditions for distribution. Some might argue that the vaccine itself is the critical value driver for the pharmaceutical company, meaning the direct supply chain of vaccine ingredients represents the highest potential impact if disrupted. However, the vaccine’s value is only recognized after distribution, which is impossible without specialized cold chain distribution. Cold chain distribution, therefore, might actually be more important than the raw materials that allow the company to manufacture the vaccine.
  2. Rank suppliers by their level of criticality to material business operations. This step follows the same logic of materiality as step one. After identifying criticality within your operations, rank the suppliers specific to those operations.
  3. Identify potential disruptors, and make sure to consider black swan or unexpected risks. Shock events are aptly named, yet we rarely contemplate true shock disruptors when assessing potential risk. Military intelligence experts often couch their analysis of battlefield conditions in terms of “most likely” and “most dangerous,” with the latter consisting of cascading and layered extreme scenarios. This approach enables commanders and their staff to adequately prepare for extreme contingencies. Interestingly, while the most dangerous scenarios often appear excessive at the outset, they are almost always drawn from historical lessons. Recently, countries that had more severe SARS and Middle East Respiratory Syndrome (MERS) outbreaks generally weathered the early stages of COVID-19 better than others. They may have understood early the potential magnitude of disruption from COVID-19 because they applied lessons learned from SARS and MERS. Shock events are rarely without precedent. Expanding your understanding of risk events to include rare, but historically grounded, events can produce a more solid baseline for true resiliency and agility.
  4. Measure your supply chain using metrics that describe supply intake, utility, risk controls and external environmental conditions. Mapping criticality across the business and various supporting supply chains should yield a discrete set of metrics tied explicitly to such analysis. These metrics help to benchmark your supply chain’s general health and status, and can provide early warning indicators of disruption. Among the metrics that may be helpful is one that focuses on supplier spend. Some may say that it should be a separate step. However, spend analysis divorced from an understanding of criticality may, at best, optimize a balance sheet, but gain no preventative value. At worst, it may harm operational viability and create negative value. Spend analysis should supplement risk analysis, providing a secondary metric against which to derive risk mitigation or cost mitigation efforts.
  5. Identify and implement risk controls as needed. Risk controls should include not just direct action within the procurement process — such as holding more stock to weather disruption — but also in other areas of the business. Can research and development develop an alternative to that component or reengineer the process to skip it altogether? How can risk transfer provide a level of financial protection against these shocks?

These fundamental components of a supply chain risk program are part of many well-established supply chain risk management (SCRM) frameworks, precisely because they are foundational principles to understand, measure and manage risk. Applying these to your own SCRM can help you manage today’s known and tomorrow’s emerging risks.

Allison Pan is senior vice-president, emerging risks group at Marsh Advisory.