Strategic risk if not well managed has the potential to destroy the greatest value for an organisation yet; it is where management, risk/audit and board risk committees tend to spend the least amount of time. (Arash Rashidian).

What are some of the risks organisations face?

  • Labour model disruption
  • Lagging digitisation
  • The pace of change
  • Digitisation misconceptions (AI, Robotics etc)
  • Climate change liability
  • Remote working for workforce
  • Dated policies and procedures
  • The War for Talent ( shortages )
  • Sustainability
  • Trade wars

With organisations average spend being upwards of 60% through 3rd party suppliers how are they managing the supply chain risk?

Supply chain risk can be defined as “the implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity” (Wikipedia)

If you are working in the supply chain you will be familiar with the trend that  the world is becoming more influenced by VUCA – Volatility, Uncertainty, Complexity and Ambiguity.

These drivers are increasingly used in recent years to describe the current business environment and the impact it has on the supply chain performance.

Countries such as the United Kingdom and Australia have legislation holding large organisations to account ensuring that there are no suppliers using modern slavery in the manufacturing and provisioning of goods and services supplied to that organisation

The food industry is seeing an increasing demand by consumers for clarity of provenance–also leading to a focus on supply chain risk.

 How do we manage supply chain risks in our businesses today?

 Supply Chain Visions, Inc. has developed a model that targets 4 areas, Strategic, Operational, Financial and Physical risk as per the picture below.

SCRM 
SCOPE

Most organisations today are managing risk through Enterprise Risk Management methodologies like Bow-Tie and Monte Carlo.

Monte Carlo simulation performs risk analysis by building models of possible results by substituting a range of values—a probability distribution—for any factor that has inherent uncertainty– a much more realistic way of describing uncertainty in variables of a risk analysis. Below is an example of a simulation presented in a histogram format.

Image result for monte carlo risk analysis

Bow-tie  is a risk evaluation method that can be used to analyse and demonstrate causal relationships in high risk scenarios. A Bow-tie diagram does two things. Firstly, a Bow-tie gives a visual summary of all plausible accident scenarios that could exist around a certain hazard. Secondly, by identifying control measures the Bow-tie displays what a company does to control those scenarios.

From <https://www.cgerisk.com/knowledgebase/The_history_of_bowtie>

Image result for bow tie risk analysis

Diagram CGE Risk Management Solutions

I have seen this being introduced in complex organisational environments as it provides a simple clear high level management view of what can be a complex analysis.

There are known risks,  where organisation’s can use a typical approach for risk identification mapping out and assessing the value chains of all major products and services, and unknown risks, which by their nature are difficult or impossible to predict, quantify, or incorporate into the risk-management framework 

McKinsey has developed a practical approach methodology to managing unknown risks a model colloquially known as the Swiss cheese model.

ayers o 
Sources 
of risk 
Risk 
manage - 
ment 
barriers 
e p orgamza Ions manage un 
nown ms 
s. 
Significant 
operational event 
• Irrecoverable 
asset damage 
• Catastrophic 
Design quality, 
configuration 
control 
• Preserving 
margins 
• Protecting the 
design basis 
• strictly 
controlling 
configuration 
Equipment health, 
performance 
$ • Overseeing 
maintenance 
strategies 
j• Monitoring, 
intervening 
• Running and 
maintaining 
capital assets 
Oversight, 
assurance 
methods 
• Developing 
oversight 
structure 
• Strengthening 
independence 
and quality 
Decision-making 
processes 
• Emergent-issue 
responses 
• Operational 
focus for reso- 
lution 
• Risk-informed 
Worker, Operator 
fundamentals 
• Frontline skills 
and behaviors 
• Clearly defined 
standards of 
performance 
personnel injury 
• Significant 
environmental 
or local impact 
Event, emergency 
preparedness 
• Operator, 
organizational 
readiness 
. Infrastructure, 
materials 
• Response, 
mitigation 
equipment 
Risk processes, standards, competency, organization, and culture

Australia and New Zealand have adopted the ISO 31000 standard for risk management. Standards New Zealand state that Using AS/NZS ISO 31000 will assist organisations to:

  • increase the likelihood of achieving objectives
  • be aware of the need to identify and treat risk throughout the organisation
  • improve the identification of opportunities and threats
  • comply with relevant legal and regulatory requirements and international norms
  • improve financial reporting
  • improve governance
  • improve stakeholder confidence and trust
  • establish a reliable basis for decision-making and planning
  • improve controls
  • effectively allocate and use resources for risk treatment
  • improve operational effectiveness and efficiency
  • enhance health and safety performance, as well as environmental protection
  • improve loss prevention and incident management
  • minimise losses
  • improve organisational learning
  • improve organisational resilience.

From <https://www.standards.govt.nz/search-and-buy-standards/standards-information/risk-managment/>

Having common standards allow risk to be benchmarked in a macro environment. Comparison and correlation will enable risk management improvements both on a micro and macro level.

In the procurement and supply chain domain of risk management many suppliers of ERP, Sourcing and P2P systems have been developing management tools to deliver integrated reporting of Supplier Risk:

https://www.ariba.com/solutions/solutions-overview/supplier-management/supplier-risk

https://www.zycus.com/blog/supplier-management/5-supplier-risk-assessment-pitfalls-to-avoid.html

https://www.gatekeeperhq.com/risk-module

https://www.oracle.com/technetwork/apps-tech/grc-accelerators/supplierriskmanagementdetails-326886.pdf

https://www.coupa.com/products/supplier-management/risk-assess/

https://www.oracle.com/africa/applications/erp/procurement-cloud/supplier-qualification-management.html

https://www.bvdinfo.com/en-gb/solutions-for-your-role/supplier-risk-management-and-procurement

Procurement Leaders’ have launched a guide to third-party risk management which provides a summary of the maturity curve outlining progression of a function’s management of third party and supplier risk.

The guide is divided into four sections:

  • Functional Efficiency
  • Cross – Functional cooperation
  • Supplier collaboration
  • Network coordination

It describes each maturity level in detail and provides supplementary details on the activities and tools teams can apply at each level.   Procurement Leaders are a global entity that provide procurement and supply chain insights for a global membership through research and white papers.

This is another procurement focused organisation that has seen a more intensified focus on supplier and supply chain risk.

SUMMARY

In a VUCA world many businesses are under increasing pressure to take a more proactive approach to mitigate risks.

Along with traditional risk functions within businesses, supply chain risk partnering with emerging technologies enable organisations to accomplish risk management more efficiently.

At Kearney’s paper “Are you prepared for a black swan event” highlights that the focus on risk by procurement leaders comes at a time when procurement stakeholders (CEO,CXO, CFO, COOs etc) who have been dealing with business risk for many years have higher expectations of procurement leaders to manage supply chain risk.

Procurement teams that are maximising this opportunity and looking at risk management in innovative ways are starting to benefit, demonstrating an opportunity for the procurement function to help build resilience and add value to the whole business.

The advent of Big Data and innovative technology has enabled greater insight for organisations to accomplish this more efficiently. By embracing risk management, procurement can use it to deliver immediate value to all businesses and also enhance its own internal brand.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s