Advanced supply chain risk management strategies

The world stood still in the first quarter of 2020. As the coronavirus epidemic rapidly made its way across oceans and borders, nations scrambled to put mitigation protocols in place to cushion what could be long-term disruption and damage to national economies and their population. Demand surged in some industries, while it nose-dived into historic lows for others. Business organisations were forced to put into action their supply chain risk management (SCRM) strategies in real-time and in a real-world situation – one that could – and would – severely disrupt the entire global economy. Companies went into overdrive to implement strategic changes to the systems and operations of their global supply chains and resolved to make their supply chain strategy agile, resilient, and flexible.

One year on, businesses are now evaluating their responses during the onset of the pandemic and reflect on what they are doing now. How do those changes affect their supply chains? How do they expect their supply chains to evolve further should another supply chain disruption happen similar to the scale of the Covid pandemic? What are the most important takeaways for creating and practising the right supply risk management strategies?

Facing Risks

Therefore, it is not surprising that after a year, most organisations now understand what supply chain resilience truly means and what it takes to streamline their risk management processes.

The year prior, most companies were looking into multi-pronged efforts to improve their supply chain resilience using a combination of methods such as increasing inventory of critical components, raw materials, and products. Some chose to diversify their supplier bases, selecting procurement sources closer to their locales or regions. However, most companies decided to increase their inventory instead.

4 Types of Supply Chain Risks

These decisions were made based on assessing the risks posed by the other options, such as supplier diversification based on the current situation. This is just one of the four common types of risks in the supply chain.

• Environmental risks. This type of risk can both be external and internal. Examples of external threats are natural disasters and extreme weather conditions such as flooding, earthquakes, winter storms, volcanic eruptions, tornadoes and more. These events can close off airports, cargo ports, and roads, significantly delaying the shipment of goods and even making travel and communication virtually impossible. On the other hand, internal risks can occur within an organisation’s operations and arise from improper safety or management protocols. Chemical leaks, fires, spills, and other environmental hazards can cause damage and result in the shutdown of shipping or storage facilities.

• Political risks. With the rise of borderless economies and increasing globalisation, the risks arising from political stand-offs and others in the same vein are also heightened. Systematic corruption, energy crises, terrorism, and government policy changes can cause significant disruptions in supply chain operations locally and internationally. The United Kingdom’s withdrawal from the European Union, termed “Brexit,” is the most current example of political risk. Civil unrest, security threats, and trade embargoes may result in closed delivery channels and confiscating shipments. Modern technology tools can be deployed to create in-depth analyses of such “hotspot” areas, and supplier contracts are reviewed to ensure that contingency measures are in place should such risks happen.

• Economic risks. More liberal trading policies and a borderless global economy have made it easier for many business organisations to expand their supply networks and operations. However, they also face economic risks such as political uncertainties, when a new leader may be unfriendly or lukewarm towards certain countries or regions. Economic slowdowns such as currency fluctuations, price instability, changing labour costs and inflation can also make it difficult for firms to stabilise their expenditures and investments. This may mean a closer review of supplier relationships within that country to ensure flexibility and adaptability.

• Supplier risks. A supplier in an organisation’s supply chain can also pose a high risk. Suppliers are also vulnerable to delayed or incomplete shipments, erratic communications, and even the threat of business closure. Companies should conduct comprehensive screening and analysis when selecting their suppliers and deploying supplier risk management measures, and other contingency plans should the need arise. Even if a new supplier has already been chosen, periodic assessments must be made so that the supplier continues to comply with the agreements. Suppliers must also be aware of any other risks that may affect their operations.

Today’s technology provides available tools to help organisations improve and comprehensively evaluate their supply chain and partners. Platform tools like Serai’s Visibility can provide end-to-end visibility to enable businesses in forecasting any possible obstacles by tracking the condition of their products and intervening before any problem occurs. Companies can then gain insights into potential changes and deploy optimisation strategies like shifting their resources in real-time to be flexible and adaptive.

‍

Defining Upside Risks versus Downside Risks, Strategic Risk versus Operational Risk

Discussing the common types of risks also involves other risks within a business organisation that will still impact its operations, including its supply chain networks.

Upside Risk vs Downside Risk: Glass half-full or half-empty?

Pursuing any business goal or objective, such as revenue growth, also opens the door to other adverse events that may lead to loss.

The exposure to loss in pursuit of gain is defined as “upside risk.” While dependent on the balance between the potential for gain versus loss, dealing with this type of risk is unavoidable in business operations. On the other hand, any exposure to loss that exists outside of the control of the business and not in the pursuit of any gain whatsoever can be termed as “downside risk.”

Any potential for gain can also be viewed as a positive risk, a glass-half-full scenario. Meanwhile, the potential for loss is deemed an adverse risk, which would mean a glass-half-empty. Weighing both can provide a good insight into what possible threats and opportunities could arise in making a particular business decision.

In a nutshell, both the upside and downside risks describe how loss exposure is introduced to an organisation’s risk landscape. But by taking it a step further and viewing it in the light of whether such risks are positive or negative, the bigger picture of measuring the potential for gains and losses emerges.

Strategic Risk vs Operational Risks

There are also other strategic risks and operational risks to consider.

Strategic risks arise when a business strategy fails to deliver the expected results, impacting the company’s growth and development. Such risks can be due to technological changes such as automation, increased competitors, or changes in market demands. Some examples of strategic risks include:

• Unclear or poorly communicated strategy decisions
• Introduction of new products or services
• Changes in senior management
• Unsuccessful mergers or acquisitions
• Changes to customer demands or expectations
• Damage to the company’s reputation
• Financial challenges such as poor cash flow
• Entry of new competitors
• Problems with suppliers, vendors, retailers, or other stakeholders

On the other hand, operational risks refer to the risk of losses that result from disruptions to an organisation’s day-to-day operations. Not only do such risks have a financial impact, but they may affect business continuity, damage the company’s reputation, and weaken its compliance position. Operational risks require regular, ongoing risk management.

Some examples of operational risks include:

• Inadequate or failed internal processes
• Human error
• System downtime or failure
• Inadequately trained staff
• Breakdown of process controls
• Fraud
• Cybersecurity events such as data breaches
• External events such as natural disasters (flooding, earthquakes, pandemic)

While both strategic and operational risks are part of enterprise risk management (ERM), strategic risk management (SRM) demands a “high level” look at the risk that considers the firm’s objectives and overall strategy. SRM decisions have a long-term focus and must be carefully considered since they can impact its future.

Operational risk is a “ground level” look at a company’s risk profile and view the long-term and short-term risks concerning people, systems, and processes – or anything that affects its operational capabilities, including supply chains.

Companies tend to focus more on operational risk remedies, impacting day-to-day operations. Still, numerous studies and risk assessments – and more recently, the onset of the Covid pandemic – have shown that organisations need to focus on strategic and operational risks. Doing so provides a more significant, detailed landscape of the business’s risk position and the various ways to craft solutions.

The difference between supply chain risk and supply chain vulnerability

Knowing the common types of risks that may occur can provide an organisation with an idea of the strategies they can implement to minimise potential roadblocks along their supply chain. But is there a difference between supply chain vulnerability and supply chain risk management?

A report published in Norway in 1997 by Bjørn Asbjørnslett and Marvin Rausand discussed the vulnerability of production systems and how important it was to separate risk analysis from vulnerability analysis.

They identified vulnerability as “any property of an industrial system (its premises, facilities and production equipment, including human resources, human organisation, and its software, hardware, etc.) that may weaken or limit its ability to endure threats and survive accidental events that originate both within and outside the system boundaries.” It is worth noting that replacing the words “industrial system” with “supply chain” leads to the same definition.

Risk analysis: The domino effect

As previously mentioned, the risks that most business organisations go up against are usually either economic, environmental, political or supplier-based. These risks may not always be “accidental” events, except perhaps in the case of environmental disasters. Nevertheless, these events produce a domino effect and create a disruption that can put the supply chain’s chances of survival to the test.

Thus, it is imperative to identify which situations are risks and vulnerabilities. According to Asbjørnslett and Rausand, risks are all these unforeseen events taking place within the immediate boundaries of the system, and a risk analysis focusing on the possible chain reaction that follows such an “accident,” or what is termed today as “disruption.”

Risk analysis may include the barriers or measures that need to be implemented to prevent or mitigate such risk events from happening again.

Vulnerability analysis: Stabilising the system

However, any protocols needed to restore and restart a system or supply chain that has been disrupted should be part of vulnerability analysis. Such an investigation focuses on the entire disruption period across the whole supply chain until the situation stabilises.

How long, then, does it take for a company to reach a new, stable situation? The answer to this and setting a target for such a solution is the heart of any business recovery or business continuity plan. As any business owner knows only too well, the longer the disruption time, the greater the vulnerability, the bigger the loss.

Thus, any barriers or mitigation measures that must be put in place to prevent such risks or anything similar from happening again should be broader and encompass the entire ecosystem. The authors point out that a vulnerability analysis should be able to do the following:

• Identify potential threats to the system
• Verify that the vulnerability of the system is acceptable
• Verify that the system has adequate security and safety measures
• Evaluate the cost-effectiveness of the proposed measures and actions
• Support in the establishment of an emergency preparedness plan
• Design a robust or resilient system

The end goal of all these steps is to ensure that the system survives the disruption. This brings the discussion to creating a supply chain risk management process that can be implemented should the need arise.

‍

Four steps in supply chain risk management

The Covid pandemic, Brexit, increased adverse weather and climate events, escalating cyber-attacks and data breaches have affected organisations and economic growth in every way. Companies have had to deal with the problem of being unable to meet demand due to problems with suppliers or other difficulties such as supplier insolvency. However, this has also resulted in firms opting for reactive, “just in time” solutions rather than the more pro-active, “just in case” approach.

From the previously mentioned vulnerability analysis by Asbjørnslett and Rausand for industrial systems back in the 1990s, these can be summarised into four basic steps that organisations can follow to understand these risk exposures to the supply chain:

1. Identify. Identifying the risks means focusing on the supplier, production, location, and supplier networks. Ensure that the appropriate transparency and assurance from a direct supplier and their network of suppliers through supply chain mapping is accomplished to view any potential risks that may emerge due to a disruption or reputational perspective.

2. Analyse and prioritise. Is the supplier financially sound? If yes, good. But what about their production and warehouse facilities? Is the area prone to flooding or a known hotspot for socio-political unrest? These factors need to be known and any aggregation regarding a single figure in the supply chain.

3. Monitor. Regular and ongoing assessment is the key to risk management, particularly in the current business environment where absolutely anything can happen, and market and customer demands are constantly evolving. Enlisting the help of third-party platform solutions like visibility can help deliver a continuously updated risk landscape.

4. Mitigate. Once suppliers posing the highest risk or loss exposure are identified, businesses must implement appropriate risk mitigation strategies. It may mean minimising additions to inventory, improving or testing supplier business relationship plans, or even identifying and screening alternative suppliers.

The past year has shown that risk management planning and supply chain risk management strategies need to evolve, be updated, flexible, and adaptable constantly. It is also essential to communicate such plans from the top to the critical staff directly involved in enacting them. As consumers and investors have expressed higher expectations and demands from business organisations regarding transparency and accountability, they have also become more stringent regarding interruptions in product delivery.

An agile and resilient supply chain that can meet all these demands and remain proactive in identifying, managing, and mitigating risks positively impacts a company’s bottom line. By harnessing data-driven technologies, an organisation can quickly appropriate, validate and access timely supplier and supply chain data.