The world stood still in the first quarter of 2020. As the coronavirus epidemic rapidly made its way across oceans and borders, nations scrambled to put mitigation protocols in place to cushion what could be long-term disruption and damage to national economies and their population. Demand surged in some industries, while it nose-dived into historic lows for others. Business organisations were forced to put into action their supply chain risk management (SCRM) strategies in real-time and in a real-world situation – one that could – and would – severely disrupt the entire global economy. Companies went into overdrive to implement strategic changes to the systems and operations of their global supply chains and resolved to make their supply chain strategy agile, resilient, and flexible.
One year on, businesses are now evaluating their responses during the onset of the pandemic and reflect on what they are doing now. How do those changes affect their supply chains? How do they expect their supply chains to evolve further should another supply chain disruption happen similar to the scale of the Covid pandemic? What are the most important takeaways for creating and practising the right supply risk management strategies?
Therefore, it is not surprising that after a year, most organisations now understand what supply chain resilience truly means and what it takes to streamline their risk management processes.
The year prior, most companies were looking into multi-pronged efforts to improve their supply chain resilience using a combination of methods such as increasing inventory of critical components, raw materials, and products. Some chose to diversify their supplier bases, selecting procurement sources closer to their locales or regions. However, most companies decided to increase their inventory instead.
These decisions were made based on assessing the risks posed by the other options, such as supplier diversification based on the current situation. This is just one of the four common types of risks in the supply chain.
Today’s technology provides available tools to help organisations improve and comprehensively evaluate their supply chain and partners. Platform tools like Serai’s Visibility can provide end-to-end visibility to enable businesses in forecasting any possible obstacles by tracking the condition of their products and intervening before any problem occurs. Companies can then gain insights into potential changes and deploy optimisation strategies like shifting their resources in real-time to be flexible and adaptive.
Discussing the common types of risks also involves other risks within a business organisation that will still impact its operations, including its supply chain networks.
Pursuing any business goal or objective, such as revenue growth, also opens the door to other adverse events that may lead to loss.
The exposure to loss in pursuit of gain is defined as “upside risk.” While dependent on the balance between the potential for gain versus loss, dealing with this type of risk is unavoidable in business operations. On the other hand, any exposure to loss that exists outside of the control of the business and not in the pursuit of any gain whatsoever can be termed as “downside risk.”
Any potential for gain can also be viewed as a positive risk, a glass-half-full scenario. Meanwhile, the potential for loss is deemed an adverse risk, which would mean a glass-half-empty. Weighing both can provide a good insight into what possible threats and opportunities could arise in making a particular business decision.
In a nutshell, both the upside and downside risks describe how loss exposure is introduced to an organisation’s risk landscape. But by taking it a step further and viewing it in the light of whether such risks are positive or negative, the bigger picture of measuring the potential for gains and losses emerges.
There are also other strategic risks and operational risks to consider.
Strategic risks arise when a business strategy fails to deliver the expected results, impacting the company’s growth and development. Such risks can be due to technological changes such as automation, increased competitors, or changes in market demands. Some examples of strategic risks include:
On the other hand, operational risks refer to the risk of losses that result from disruptions to an organisation’s day-to-day operations. Not only do such risks have a financial impact, but they may affect business continuity, damage the company’s reputation, and weaken its compliance position. Operational risks require regular, ongoing risk management.
Some examples of operational risks include:
While both strategic and operational risks are part of enterprise risk management (ERM), strategic risk management (SRM) demands a “high level” look at the risk that considers the firm’s objectives and overall strategy. SRM decisions have a long-term focus and must be carefully considered since they can impact its future.
Operational risk is a “ground level” look at a company’s risk profile and view the long-term and short-term risks concerning people, systems, and processes – or anything that affects its operational capabilities, including supply chains.
Companies tend to focus more on operational risk remedies, impacting day-to-day operations. Still, numerous studies and risk assessments – and more recently, the onset of the Covid pandemic – have shown that organisations need to focus on strategic and operational risks. Doing so provides a more significant, detailed landscape of the business’s risk position and the various ways to craft solutions.
Knowing the common types of risks that may occur can provide an organisation with an idea of the strategies they can implement to minimise potential roadblocks along their supply chain. But is there a difference between supply chain vulnerability and supply chain risk management?
A report published in Norway in 1997 by Bjørn Asbjørnslett and Marvin Rausand discussed the vulnerability of production systems and how important it was to separate risk analysis from vulnerability analysis.
They identified vulnerability as “any property of an industrial system (its premises, facilities and production equipment, including human resources, human organisation, and its software, hardware, etc.) that may weaken or limit its ability to endure threats and survive accidental events that originate both within and outside the system boundaries.” It is worth noting that replacing the words “industrial system” with “supply chain” leads to the same definition.
As previously mentioned, the risks that most business organisations go up against are usually either economic, environmental, political or supplier-based. These risks may not always be “accidental” events, except perhaps in the case of environmental disasters. Nevertheless, these events produce a domino effect and create a disruption that can put the supply chain’s chances of survival to the test.
Thus, it is imperative to identify which situations are risks and vulnerabilities. According to Asbjørnslett and Rausand, risks are all these unforeseen events taking place within the immediate boundaries of the system, and a risk analysis focusing on the possible chain reaction that follows such an “accident,” or what is termed today as “disruption.”
Risk analysis may include the barriers or measures that need to be implemented to prevent or mitigate such risk events from happening again.
However, any protocols needed to restore and restart a system or supply chain that has been disrupted should be part of vulnerability analysis. Such an investigation focuses on the entire disruption period across the whole supply chain until the situation stabilises.
How long, then, does it take for a company to reach a new, stable situation? The answer to this and setting a target for such a solution is the heart of any business recovery or business continuity plan. As any business owner knows only too well, the longer the disruption time, the greater the vulnerability, the bigger the loss.
Thus, any barriers or mitigation measures that must be put in place to prevent such risks or anything similar from happening again should be broader and encompass the entire ecosystem. The authors point out that a vulnerability analysis should be able to do the following:
The end goal of all these steps is to ensure that the system survives the disruption. This brings the discussion to creating a supply chain risk management process that can be implemented should the need arise.
The Covid pandemic, Brexit, increased adverse weather and climate events, escalating cyber-attacks and data breaches have affected organisations and economic growth in every way. Companies have had to deal with the problem of being unable to meet demand due to problems with suppliers or other difficulties such as supplier insolvency. However, this has also resulted in firms opting for reactive, “just in time” solutions rather than the more pro-active, “just in case” approach.
From the previously mentioned vulnerability analysis by Asbjørnslett and Rausand for industrial systems back in the 1990s, these can be summarised into four basic steps that organisations can follow to understand these risk exposures to the supply chain:
1. Identify. Identifying the risks means focusing on the supplier, production, location, and supplier networks. Ensure that the appropriate transparency and assurance from a direct supplier and their network of suppliers through supply chain mapping is accomplished to view any potential risks that may emerge due to a disruption or reputational perspective.
2. Analyse and prioritise. Is the supplier financially sound? If yes, good. But what about their production and warehouse facilities? Is the area prone to flooding or a known hotspot for socio-political unrest? These factors need to be known and any aggregation regarding a single figure in the supply chain.
3. Monitor. Regular and ongoing assessment is the key to risk management, particularly in the current business environment where absolutely anything can happen, and market and customer demands are constantly evolving. Enlisting the help of third-party platform solutions like visibility can help deliver a continuously updated risk landscape.
4. Mitigate. Once suppliers posing the highest risk or loss exposure are identified, businesses must implement appropriate risk mitigation strategies. It may mean minimising additions to inventory, improving or testing supplier business relationship plans, or even identifying and screening alternative suppliers.
The past year has shown that risk management planning and supply chain risk management strategies need to evolve, be updated, flexible, and adaptable constantly. It is also essential to communicate such plans from the top to the critical staff directly involved in enacting them. As consumers and investors have expressed higher expectations and demands from business organisations regarding transparency and accountability, they have also become more stringent regarding interruptions in product delivery.
An agile and resilient supply chain that can meet all these demands and remain proactive in identifying, managing, and mitigating risks positively impacts a company’s bottom line. By harnessing data-driven technologies, an organisation can quickly appropriate, validate and access timely supplier and supply chain data.