You Need more than a Kit to Manage Supply Chain Risk

Disruptions to supply chain operations are inevitable. Over the years I’ve read a lot of articles discussing the kind of toolkit supply chain risk managers need to deal with those disruptions. Although I agree that a risk management kit is essential, I also believe it is only one of the things required to foster enterprise resilience. Analysts from Precoro note, “Risk management is the process of identifying, assessing, and controlling risks arising from operational factors and making decisions that balance risk with offsetting benefits. It is a systematic approach used to identify, evaluate, and reduce or eliminate the possibility of an unfavorable deviation from an expected outcome.”[1] They go on to observe, “Supply disruptions can come from a wide variety of sources, including physical damage at production facilities, natural disasters, strikes and labor disputes, capacity issues, inventory problems, incorrect forecasts and delays.” Before you can assemble a kit of tools to deal with supply chain risk, you need to identify the possible sources of risk. Precoro analysts identify seven broad areas in which risks can originate. They are:

  1. Financial Risks: “These risks can range from an unexpected or unfavorable change in exchange rates all the way to a supplier’s bankruptcy.”
  2. Scope of Schedule Risks: “Largely a result of poor project definition or a poorly worded statement of work, these are primary risks that threaten the timeline … they can also have cost implications. Schedule changes are often the result of a natural disaster such as hurricanes, fire, or flood, or as a result of noncompliance issues generated by the supplier.”
  3. Legal Risks: “Legal and contractual risks are often related to disputes or different interpretations of contractual obligations, or from not meeting the requirement included in the terms and conditions.”
  4. Environmental Risks: “Environmental risk includes the organization’s negative impact on water, air, and soil as a result of discharges, emissions, and other forms of waste.”
  5. Sociopolitical Risks: “When the regulatory environment changes in response to a new government or to increasing awareness of inequitable social conditions, many existing institutions experience difficulty in adapting.”
  6. Project Organization Risks: “These are generally a result of not having the right people or equipment in the right place at the right time. You might also consider this as a planning risk.”
  7. Human Behavior Risks: “Human behavior risks are the most difficult to assess. Sometimes the project or activity may be put in danger due to an illness or injury or due to the departure of key personnel. Sometimes, it may be the result of poor judgment or bad decisions.”

Confronting each of these types of risks requires a different set of tools. As I noted above, even if a supply chain risk manager assembles all the tools he or she may need, they still require a plan discussing how those tools are to be used in a given situation.

Fostering Appropriate Supply Chain Risk Management Responses

Rick Brumett notes, “Customer demand and increased complexity raise the threat of enterprise risk. Supply lines grow longer and competition increases daily. … It is no longer enough for organizations to maintain a complete understanding of their streamlined processes, lean improvement programs and enterprise-wide communications. To grow and succeed, it is imperative that enterprise leaders effectively identify and demystify all layers of risk in order to expand into new markets and sustain a competitive advantage.”[2] Any time the complexity specter raises its scary head, business leaders should look for solutions that can help simplify and make sense of the situation. One of the tools that can address many of the challenges associated with supply chain risk management is cognitive computing. Cognitive computing platforms can gather, integrate, and analyze structured and unstructured data and can provide alerts when anomalies occur and, in some instances, autonomously act when a threat is detected. Because cognitive computing platforms can deal with many more variables than older systems, they are ideally suited for the complex risk management challenge. One of the most important things a good cognitive computing platform can do is improve visibility as digital supply chains become a reality. According to Greg Schlegel, founder of The Supply Chain Risk Management Consortium, visibility is the first step of “a four-stage journey to what he calls the ‘New 21st Century Risk Maturity Model’.”[3] The four stages are:

  1. Visibility. Make sure you know exactly where your suppliers, distribution centers, customers, etc., are.
  2. Predictability. Can you predict or do you understand how your company will react? Digitize your supply chain and map it on the computer. See how you will react to Black Swan incidents by simulating the model.
  3. Resiliency. After you’ve completed the first two, then build resiliency into the supply chain. How many single-source suppliers do you have? How many sole-source suppliers (with a patent)?
  4. Sustainability. This is about eight years out in the journey. Each stage takes about two years to complete.

Although a cognitive computing platform can help improve visibility and response, Rich Weissman (@rich_weissman) reminds us people, process, and technology are all necessary components of a good supply chain risk management system. He writes, “Today’s supply chains may boast integrated systems and digital connectivity, but at the end of the day much of the risk mitigation happens daily behind desks and phones. To do so, procurement professionals must count on a set of both proactive and reactive tools that help minimize or mitigate disruptions.”[4] That holds true for any supply chain professional not just procurement professionals.


As noted at the beginning of this article, supply chain disruptions are inevitable. This means a company must maintain a proactive supply chain risk management process that monitors, plans for, and reacts to emerging situations. People, processes, and technologies all play an important role. To ensure each of these areas work in harmony, plans must be exercised. Not only does exercising help fine tune the plans it ensures the right technologies are in place to support the plan and that people are better prepared to react when something unexpected occurs (because the unexpected will occur). Michael Rasmussen (@GRCPundit) observes, “To maintain the integrity of the organization and execute on strategy, the organization has to be able to see their individual risk (the tree) as well as the interconnectedness of risk (the forest). Risk management in business is non-linear. It is not a simple equation of 1 + 1 = 2. It is a mesh of exponential relationship and impact in which 1 + 1 = 3, 30, or 300. What seems like a small disruption or exposure may have a massive effect or no effect at all. In a linear system, effect is proportional with cause, in the non-linear world of business risk management risks is exponential. Business is chaos theory realized. The small flutter of risk exposure can bring down the organization. If we fail to see the interconnections of risk on the non-linear world of business, the result is often exponential to unpredictable.”[5] Cognitive computing is one of the tools in the kit that can help make sense of the complexity involved in risk management. But like other tools in the kit, it needs to be used in the right way by the right people in order to make an enterprise more resilient.

[1] Staff, “7 Basic Types of Supply Chain Risks,” Precoro, 3 March 2017.
[2] Rick Brumett, “How to Navigate the Many Risks in Your Supply Chain,” IndustryWeek, 10 January 2017.
[3] Barry Hochfelder, “Resilient operations require supply chain risk maturity,” Supply Chain Dive, 9 May 2017.
[4] Rich Weissman, “When disaster strikes: A procurement toolkit to mitigate supply chain disruptions,” Supply Chain Dive, 9 May 2017.
[5] Michael Rasmussen, “Role of Technology in Risk Management Maturity,” The GRC Pundit, 11 May 2017.

Follow me on Twitter