Redefining Management of Supply-Side Risk
Risk, one of the pillars of supply chain management, has always been a key consideration in managing supplier relationships. But recent global and climate events have spotlighted supply-side practices and propelled the subject of risk management to the forefront of supplier relationship management.
Countless environmental and man-made catastrophes have had far-reaching impacts, with natural disasters such as floods, hurricanes and earthquakes wiping out entire businesses and causing supply chain disruptions. Such extremes — the result of climate change — are here to stay, which means that supplier and supply and value chain risks must be taken more seriously than ever.
As the sustainability agenda elevates risk to boardroom agendas, supply chain practices are under the microscope. The simple premise of acting in response should guide the approach to managing supply-side risk.
Risk Identification
The first stage in any risk management strategy is risk identification. It is only once we know what we are dealing with that we can attempt to initiate an appropriate response.
There are seven supply-side risk types. The chart below shows how these can relate to an immediate supplier relationship.
The seven supply-side risks applied to immediate suppliers
Elsewhere in the supply and value chain network, risks also abound, defined by Cranfield School of Management in Bedfordshire, United Kingdom, as “an exposure to serious disturbance arising from risks within the supply chain as well as risks external to the supply chain.”
Just as the seven supply-side risk areas can be used to assess individual suppliers, they can also be applied to the entire supply and value chain network. Here, while the process remains the same, it is the nature of the risks that can vary. These might lie upstream where there is little visibility or direct influence.
Sustainability and Risk
In proactively managing supplier and supply chain risk, sustainability presents the biggest challenge. As many organizations have discovered at a cost, the risk of brand damage through unacceptable operations or even suggested poor practices in the supply chain cannot be ignored.
With sustainability at the forefront, the problem comes in implementing corporate intentions beyond organizational boundaries, particularly in more remote parts of the world. Ensuring there are no bad practices upstream in any supply and value chain network is difficult — and looking across multiple networks makes sustainability in the supply chain difficult for any business.
However, the business case for sustainability is now much greater than any philanthropic desire to work for the greater good, and a company that fails to act here does so at its peril.
Risk Assessment
Once a risk, whether from sustainability or another of the seven areas, has been identified, the risk management process should be employed for each important supplier. This is an ongoing process, with risk assessment repeated regularly and the outputs determining the nature and scope of any supplier interventions. Risk assessment should also examine the entire supply base for emerging supplier risks that might previously been deemed unimportant. This thorough approach will identify mitigation or contingency action needed.
For example, if a business puts sustainability at the core of its brand message and claims to operate responsibly, it must have visibility not only within its immediate suppliers but also throughout its supply chain. There is a potential exposure to costly brand damage through poor practices in sourcing, employment or waste management.
Natural occurrences, such as earthquakes or floods, are harder to predict. However, contingency plans can come into play, especially when the severity is significant.
Once potential risks are identified, the assessment process looks at the degree of risk the company is exposed to for each supplier relationship. This considers the likelihood of any given risk occurring together with the severity of impact — the extent of loss — should it occur.
Once priorities are clear, organizations can take two types of action: (1) mitigate the risk or (2) develop contingencies with an immediate supplier, the whole supply base or even the entire network.
Risk mitigation — actions to remove or reduce the risk — might include contract planning, supplier audits, maintaining close supplier relationships, invoking procedures or implementing training. Contingency planning involves accepting that certain risks cannot be mitigated and planning and preparing in case such a risk is realized. This might include disaster recovery planning, maintaining alternatives, switching suppliers or pausing operations or supply.
A Balanced Approach
Of course, there are countless risks that companies can consider, and there is also the risk that, in worrying about every eventuality, the process itself will become all-consuming. It is, therefore, important to identify and act upon the most critical risks.
There is always a balance to achieve when it comes to risk. It comes down to how much risk the organization is prepared to take to achieve a desired outcome — its risk appetite.
Yet the more we can understand specific risks, the more we can make informed decisions around how much risk we’re willing to accept and the appropriate mitigation levels.