Strategic risk if not well managed has the potential to destroy the greatest value for an organisation yet; it is where management, risk/audit and board risk committees tend to spend the least amount of time. (Arash Rashidian).

What are some of the risks organisations face?

  • Labour model disruption
  • Lagging digitisation
  • The pace of change
  • Digitisation misconceptions (AI, Robotics etc)
  • Climate change liability
  • Remote working for workforce
  • Dated policies and procedures
  • The War for Talent ( shortages )
  • Sustainability
  • Trade wars

With organisations average spend being upwards of 60% through 3rd party suppliers how are they managing the supply chain risk?

Supply chain risk can be defined as “the implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity” (Wikipedia)

If you are working in the supply chain you will be familiar with the trend that  the world is becoming more influenced by VUCA – Volatility, Uncertainty, Complexity and Ambiguity.

These drivers are increasingly used in recent years to describe the current business environment and the impact it has on the supply chain performance.

Countries such as the United Kingdom and Australia have legislation holding large organisations to account ensuring that there are no suppliers using modern slavery in the manufacturing and provisioning of goods and services supplied to that organisation

The food industry is seeing an increasing demand by consumers for clarity of provenance–also leading to a focus on supply chain risk.

 How do we manage supply chain risks in our businesses today?

 Supply Chain Visions, Inc. has developed a model that targets 4 areas, Strategic, Operational, Financial and Physical risk as per the picture below.

SCRM SCOPE

Most organisations today are managing risk through Enterprise Risk Management methodologies like Bow-Tie and Monte Carlo.

Monte Carlo simulation performs risk analysis by building models of possible results by substituting a range of values—a probability distribution—for any factor that has inherent uncertainty– a much more realistic way of describing uncertainty in variables of a risk analysis. Below is an example of a simulation presented in a histogram format.

Image result for monte carlo risk analysis

Bow-tie  is a risk evaluation method that can be used to analyse and demonstrate causal relationships in high risk scenarios. A Bow-tie diagram does two things. Firstly, a Bow-tie gives a visual summary of all plausible accident scenarios that could exist around a certain hazard. Secondly, by identifying control measures the Bow-tie displays what a company does to control those scenarios.

From <https://www.cgerisk.com/knowledgebase/The_history_of_bowtie>

Image result for bow tie risk analysis

Diagram CGE Risk Management Solutions

I have seen this being introduced in complex organisational environments as it provides a simple clear high level management view of what can be a complex analysis.

There are known risks,  where organisation’s can use a typical approach for risk identification mapping out and assessing the value chains of all major products and services, and unknown risks, which by their nature are difficult or impossible to predict, quantify, or incorporate into the risk-management framework 

McKinsey has developed a practical approach methodology to managing unknown risks a model colloquially known as the Swiss cheese model.

ayers o Sources of risk Risk manage - ment barriers e p orgamza Ions manage un nown ms s. Significant operational event • Irrecoverable asset damage • Catastrophic Design quality, configuration control • Preserving margins • Protecting the design basis • strictly controlling configuration Equipment health, performance $ • Overseeing maintenance strategies j• Monitoring, intervening • Running and maintaining capital assets Oversight, assurance methods • Developing oversight structure • Strengthening independence and quality Decision-making processes • Emergent-issue responses • Operational focus for reso- lution • Risk-informed Worker, Operator fundamentals • Frontline skills and behaviors • Clearly defined standards of performance personnel injury • Significant environmental or local impact Event, emergency preparedness • Operator, organizational readiness . Infrastructure, materials • Response, mitigation equipment Risk processes, standards, competency, organization, and culture

Australia and New Zealand have adopted the ISO 31000 standard for risk management. Standards New Zealand state that Using AS/NZS ISO 31000 will assist organisations to:

  • increase the likelihood of achieving objectives
  • be aware of the need to identify and treat risk throughout the organisation
  • improve the identification of opportunities and threats
  • comply with relevant legal and regulatory requirements and international norms
  • improve financial reporting
  • improve governance
  • improve stakeholder confidence and trust
  • establish a reliable basis for decision-making and planning
  • improve controls
  • effectively allocate and use resources for risk treatment
  • improve operational effectiveness and efficiency
  • enhance health and safety performance, as well as environmental protection
  • improve loss prevention and incident management
  • minimise losses
  • improve organisational learning
  • improve organisational resilience.

From <https://www.standards.govt.nz/search-and-buy-standards/standards-information/risk-managment/>

Having common standards allow risk to be benchmarked in a macro environment. Comparison and correlation will enable risk management improvements both on a micro and macro level.

In the procurement and supply chain domain of risk management many suppliers of ERP, Sourcing and P2P systems have been developing management tools to deliver integrated reporting of Supplier Risk:

https://www.ariba.com/solutions/solutions-overview/supplier-management/supplier-risk

https://www.zycus.com/blog/supplier-management/5-supplier-risk-assessment-pitfalls-to-avoid.html

https://www.gatekeeperhq.com/risk-module

https://www.oracle.com/technetwork/apps-tech/grc-accelerators/supplierriskmanagementdetails-326886.pdf

https://www.coupa.com/products/supplier-management/risk-assess/

https://www.oracle.com/africa/applications/erp/procurement-cloud/supplier-qualification-management.html

https://www.bvdinfo.com/en-gb/solutions-for-your-role/supplier-risk-management-and-procurement

Procurement Leaders’ have launched a guide to third-party risk management which provides a summary of the maturity curve outlining progression of a function’s management of third party and supplier risk.

The guide is divided into four sections:

  • Functional Efficiency
  • Cross – Functional cooperation
  • Supplier collaboration
  • Network coordination

It describes each maturity level in detail and provides supplementary details on the activities and tools teams can apply at each level.   Procurement Leaders are a global entity that provide procurement and supply chain insights for a global membership through research and white papers.

This is another procurement focused organisation that has seen a more intensified focus on supplier and supply chain risk.

SUMMARY

In a VUCA world many businesses are under increasing pressure to take a more proactive approach to mitigate risks.

Along with traditional risk functions within businesses, supply chain risk partnering with emerging technologies enable organisations to accomplish risk management more efficiently.

At Kearney’s paper “Are you prepared for a black swan event” highlights that the focus on risk by procurement leaders comes at a time when procurement stakeholders (CEO,CXO, CFO, COOs etc) who have been dealing with business risk for many years have higher expectations of procurement leaders to manage supply chain risk.

Procurement teams that are maximising this opportunity and looking at risk management in innovative ways are starting to benefit, demonstrating an opportunity for the procurement function to help build resilience and add value to the whole business.

The advent of Big Data and innovative technology has enabled greater insight for organisations to accomplish this more efficiently. By embracing risk management, procurement can use it to deliver immediate value to all businesses and also enhance its own internal brand.

Published by mike blanchard

Michael (Mike) has a broad and diverse background with significant commercial and strategic experience. He is an experienced Senior Executive Manager and manages strategic leadership roles with P&L. He has substantive experience and knowledge ranging from: • Procurement & Supply Chain • People • Commercial • Legal and Contract Management • Governance and Risk • Engineering • Customer Services • Marketing • Project and Product management; • Managing Director growing start-up businesses • Extensive Senior Executive management experience in multiple large complex organisations as divisional manager of in country multi-national customer centric companies. Mike has led teams in sport from age of 11 and business from age of 24 and loves to lead through making a difference to the way in which people think, work and execute change to deliver meaningful outcomes. He is always inspired by people doing amazing things. He seeks to build rapport and has a history of growing loyal and highly functioning teams and creating space for ideas and confidence to develop.

Leave a comment