Strategic risk if not well managed has the potential to destroy the greatest value for an organisation yet; it is where management, risk/audit and board risk committees tend to spend the least amount of time. (Arash Rashidian).
What are some of the risks organisations face?
- Labour model disruption
- Lagging digitisation
- The pace of change
- Digitisation misconceptions (AI, Robotics etc)
- Climate change liability
- Remote working for workforce
- Dated policies and procedures
- The War for Talent ( shortages )
- Trade wars
With organisations average spend being upwards of 60% through 3rd party suppliers how are they managing the supply chain risk?
Supply chain risk can be defined as “the implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity” (Wikipedia)
If you are working in the supply chain you will be familiar with the trend that the world is becoming more influenced by VUCA – Volatility, Uncertainty, Complexity and Ambiguity.
These drivers are increasingly used in recent years to describe the current business environment and the impact it has on the supply chain performance.
Countries such as the United Kingdom and Australia have legislation holding large organisations to account ensuring that there are no suppliers using modern slavery in the manufacturing and provisioning of goods and services supplied to that organisation
The food industry is seeing an increasing demand by consumers for clarity of provenance–also leading to a focus on supply chain risk.
How do we manage supply chain risks in our businesses today?
Supply Chain Visions, Inc. has developed a model that targets 4 areas, Strategic, Operational, Financial and Physical risk as per the picture below.
Most organisations today are managing risk through Enterprise Risk Management methodologies like Bow-Tie and Monte Carlo.
Monte Carlo simulation performs risk analysis by building models of possible results by substituting a range of values—a probability distribution—for any factor that has inherent uncertainty– a much more realistic way of describing uncertainty in variables of a risk analysis. Below is an example of a simulation presented in a histogram format.
Bow-tie is a risk evaluation method that can be used to analyse and demonstrate causal relationships in high risk scenarios. A Bow-tie diagram does two things. Firstly, a Bow-tie gives a visual summary of all plausible accident scenarios that could exist around a certain hazard. Secondly, by identifying control measures the Bow-tie displays what a company does to control those scenarios.
I have seen this being introduced in complex organisational environments as it provides a simple clear high level management view of what can be a complex analysis.
There are known risks, where organisation’s can use a typical approach for risk identification mapping out and assessing the value chains of all major products and services, and unknown risks, which by their nature are difficult or impossible to predict, quantify, or incorporate into the risk-management framework
McKinsey has developed a practical approach methodology to managing unknown risks a model colloquially known as the Swiss cheese model.
Australia and New Zealand have adopted the ISO 31000 standard for risk management. Standards New Zealand state that Using AS/NZS ISO 31000 will assist organisations to:
- increase the likelihood of achieving objectives
- be aware of the need to identify and treat risk throughout the organisation
- improve the identification of opportunities and threats
- comply with relevant legal and regulatory requirements and international norms
- improve financial reporting
- improve governance
- improve stakeholder confidence and trust
- establish a reliable basis for decision-making and planning
- improve controls
- effectively allocate and use resources for risk treatment
- improve operational effectiveness and efficiency
- enhance health and safety performance, as well as environmental protection
- improve loss prevention and incident management
- minimise losses
- improve organisational learning
- improve organisational resilience.
Having common standards allow risk to be benchmarked in a macro environment. Comparison and correlation will enable risk management improvements both on a micro and macro level.
In the procurement and supply chain domain of risk management many suppliers of ERP, Sourcing and P2P systems have been developing management tools to deliver integrated reporting of Supplier Risk:
Procurement Leaders’ have launched a guide to third-party risk management which provides a summary of the maturity curve outlining progression of a function’s management of third party and supplier risk.
The guide is divided into four sections:
- Functional Efficiency
- Cross – Functional cooperation
- Supplier collaboration
- Network coordination
It describes each maturity level in detail and provides supplementary details on the activities and tools teams can apply at each level. Procurement Leaders are a global entity that provide procurement and supply chain insights for a global membership through research and white papers.
This is another procurement focused organisation that has seen a more intensified focus on supplier and supply chain risk.
In a VUCA world many businesses are under increasing pressure to take a more proactive approach to mitigate risks.
Along with traditional risk functions within businesses, supply chain risk partnering with emerging technologies enable organisations to accomplish risk management more efficiently.
At Kearney’s paper “Are you prepared for a black swan event” highlights that the focus on risk by procurement leaders comes at a time when procurement stakeholders (CEO,CXO, CFO, COOs etc) who have been dealing with business risk for many years have higher expectations of procurement leaders to manage supply chain risk.
Procurement teams that are maximising this opportunity and looking at risk management in innovative ways are starting to benefit, demonstrating an opportunity for the procurement function to help build resilience and add value to the whole business.
The advent of Big Data and innovative technology has enabled greater insight for organisations to accomplish this more efficiently. By embracing risk management, procurement can use it to deliver immediate value to all businesses and also enhance its own internal brand.