Supply Chain Risk Management in the 21st Century
Supply chain risk management is a complicated subject because the number of things potentially affecting operations is almost limitless. As risk management professionals know, there is simply no way a company can plan for every contingency. There is an old saying that goes, “May you live in interesting times.” It’s fair to say we do live in interesting times. For example, a decade ago you would have called me crazy had I predicted in 2017 the U.S. and Europe would create global economic confusion and China’s president would stand before the World Economic Forum as a champion of free trade. But here we are. Alessandro Sanos (@), Market Development Manager, Risk & Enterprise for Thomson Reuters in Europe, writes, “From the policies of President Trump to European populism, the list of geopolitical risks facing companies and their supply chains is extensive. … Three of the biggest areas of risk appear to be coming from the United States, China, and the European Union where there is a state of political change, but just as significant are Russia, Turkey and North Korea.” For risk managers, interesting times require constant attention to unfolding events.
A guide prepared by the Queensland Government in Australia notes, “When one business within the supply chain fails to deliver their product or service to the next business in the chain, the entire supply chain can be disrupted. This can result in: reduced revenues, decreased market share, inflated costs, damaged business reputation, and [loss of] customer confidence. A business with a resilient and responsive supply chain will have a significant competitive advantage over other businesses.” The guide continues, “You can limit the impact of supply chain disruptions on your business by identifying the risks within your supply chain and developing ways to mitigate them. You should document this process in a risk management plan, which is part of your overall business continuity plan. There are 2 main types of risk to include in your risk management plan: external risks — those that are outside of your control; [and] internal risks — those that are within your control.”
Even though it is impossible to identify all potential external risks to a supply chain, you can parse the challenge in a number of ways to help you identify potential solutions and mitigating plans. One of the first ways of parsing the problem is to divide challenges into upstream risks and downstream risks. Each parsing of the problem helps sharpen focus which makes it easier to discover potential courses of action. When considering external upstream and downstream risks, the Queensland guide suggests there are five main types:
- demand risks — caused by unpredictable or misunderstood customer or end-customer demand
- supply risks — caused by any interruptions to the flow of product, whether raw material or parts, within your supply chain
- environmental risks — from outside the supply chain; usually related to economic, social, governmental, and climate factors, including the threat of terrorism
- business risks — caused by factors such as a supplier’s financial or management stability, or purchase and sale of supplier companies
- physical plant risks — caused by the condition of a supplier’s physical facility and regulatory compliance.
Considering today’s geopolitical climate, I would break geopolitical (or governmental) risks out of the environmental risks category and make it a category on its own.
The Queensland guide notes, “Internal risks provide better opportunities for mitigation because they are within your business’s control.” The guide identifies five of internal risks:
- manufacturing risks — caused by disruptions of internal operations or processes
- business risks — caused by changes in key personnel, management, reporting structures or business processes, such as the way purchasers communicate to suppliers and customers
- planning and control risks — caused by inadequate assessment and planning, which amount to ineffective management
- mitigation and contingency risks — caused by not putting contingencies (or alternative solutions) in place in case something goes wrong
- cultural risks — caused by a business’s cultural tendency to hide or delay negative information. Such businesses are generally slower to react when impacted by unexpected events.
Some of those internal risks can be labeled chronic risks. The APICS Supply Chain Council goes even further and defines them as chronic supply chain disruptions. It defines a chronic supply chain disruption as “a persistent disruption that degrades, but does not inhibit, supply chain function and that does not respond to traditional remedies.”
Cognitive Computing and Risk Management
Because supply chain risk management is a complex activity, risk managers deserve a platform that helps reduce that complexity by automating most of the data gathering and analysis and provide insights, warnings, and automated actions that can prevent or mitigate disruptive situations (be they chronic or emerging risks). A Cognitive computing platform, like the Enterra Enterprise Cognitive System™ (ECS) — a system that can Sense, Think, Act, and Learn® — can do just that. A cognitive computing platform can monitor external events and analyze appropriate data from external actors in order to provide early warning of potential threats. It can also monitor internal business processes and analyze data from those processes to help identify chronic risks, improve process efficiency, and even automate some business processes. Today’s risk management processes must be proactive, around-the-clock operations. It is essential, of course, to have contingency and continuity-of-business plans in place and to routinely exercise those plans. Cognitive computing platforms can play an important role by providing early detection and warning of emergency situations and by identifying triggers that activate those plans. Some of the actions identified in those plans can and should be automated and a cognitive computing platform can play a major role there as well.
The Queensland guide notes, “The best way to manage a supply chain disruption is to prepare for it. You should undertake a business impact analysis to prepare your business to address the impacts of supply chain disruption. A business impact analysis identifies your key business processes, and the activities and resources you need to operate your business. It assesses how these key elements will be affected by supply chain interruptions highlighted in your risk management plan. The degree of impact on your business will depend on the severity and length of the disruption, but most disruptions will have a financial effect. Disruptions can be internal, such as a breakdown of vital machinery, or external, such as interruptions to the flow of raw materials or parts to your business. The business impact analysis allows you to measure how supply chain disruptions may affect business activities, including financial management.” When I started Enterra Solutions®, resiliency was a primary focus and we helped organizations implement Enterprise Resilience Management℠ solutions (focusing on Enterra’s patented Enterprise Resilience Management Methodology®). That methodology helps companies understand what their most critical resources, processes, and operations really are. Once a company has a true understanding of where it is most vulnerable, it can take steps to reduce those vulnerabilities. As the Queensland guide notes, “By identifying the key business activities affected by disruptions to your supply chain, you can prioritise your efforts to focus on those activities that would have the most impact on your bottom line.”
Luca Urciuoli, an associate research professor at the Zaragoza Logistics Center in Spain, asserts, “With the benefit of digital technologies, companies are using Big Data to identify supply chain risks and create early warning systems with much greater speed and precision. However, the ability to respond to these signals has not advanced at the same pace.” A cognitive computer platform can help resolve the gap between early warning and response. Urciuoli concludes, “In the not-too-distant future, software that cuts supply chain delays from days to hours, or even to minutes or seconds, could become a reality. But to realize the full potential of this technology and achieve the dramatic cost savings and service improvements that digital supply chains can deliver, companies need to develop cyber resilience.” I would have deleted the word “cyber” because companies need to be resilient in all areas.
 Alessandro Sanos, “Is geopolitics your biggest risk?” Inside Financial & Risk, 31 January 2017.
 Queensland Government Staff, “Managing risk in supply chains,” Business Queensland, 29 June 2016.
 Staff, “Chronic Disruption Plagues over 73 Percent of Supply Chain Managers,” APICS News, 4 November 2014.
 Luca Urciuoli, “Automating Supply Chain Resilience Should Be High on Your Digital Agenda,” MIT Sloan Management Review, 29 January 2017.