The Growing Importance of Supply Chain Risk Management

Stephen DeAngelis

January 29, 2014

“In uncertain times,” writes Gavin Hinks, “risk management shoots to the forefront of every business mind, but recently, supply chains have also come under the spotlight, with companies seeing the value in paying a little more attention to their security.” [“How healthy is your supply chain?EY, 16 December 2013] He continues, “Supply chain security has been thrown into the public arena in recent years. Natural disasters, scandals, globalization and the increasing complexity of high-tech products have demonstrated how fragile a supply chain can be if the appropriate risk strategies are not employed.” Clearly, you can’t implement appropriate risk strategies if you don’t have some idea about what those risks are. Denise Brehm reports, “Traditional methods for identifying the suppliers and events that pose the highest risk depend on knowing the probability that a specific type of risk event will occur at any firm and knowing the magnitude of the problems that would ensue. However, risks — which can range from a brief work stoppage to a major natural disaster — exist on a continuum of frequency and predictability, and the sources of low-probability, high-impact risk are difficult to quantify.” [“Hidden risk in supply chains,” MIT Media Relations, 16 December 2013]

The focus of Brehm’s article is a study on supply-chain risk written by Professor David Simchi-Levi of MIT’s Department of Civil and Environmental Engineering and Engineering Systems Division. Simchi-Levi is well-known by most supply chain professionals. According to Brehm, Simchi-Levi’s latest study “shows no correlation between the total amount a manufacturer spends with a supplier and the profit loss it would incur if that supply were suddenly interrupted. This counterintuitive finding defies a basic business tenet that equates the greatest supply-chain risk with suppliers of highest annual expenditure.” Simchi-Levi told Brehm, “This helps explain why risk in a complex supply network often remains hidden. The risk occurs in unexpected locations and components of a manufacturer’s supply network.” Because risk assessment is so complex and risk can occur in unexpected locations, companies are well advised to obtain the services of organizations that specialize in risk assessment. One such company is Verisk Analytics.

According to its website, Verisk Analytics offers risk assessment services and decision analytics for professionals in many fields.” Among those fields are:

  • property/casualty insurance
  • financial services
  • healthcare
  • government
  • human resources

The Verisk Analytics site goes on to state that the company can provide “information for risk managers in all industries” and notes that its “mission is to help risk-bearing businesses understand and manage their risk.” Obviously, different industry sectors have different risk profiles so every risk manager requires tailored information. This point was underscored in a 2013 Deloitte Chief Procurement Officer study. [“New Deloitte Research Breaks Down Supply Chain and Supplier Risk Priorities by Industry,” by Jason Busch, Spend Matters, 18 December 2013] Busch writes, “The findings might surprise you.” The results included:

“For manufacturing, commodity price volatility was the top supply risk (with 61% of respondents reporting it as such). In financial services – no surprise here – 70% of respondents reported that the top two supply risks were regulatory and reputational related. In the public sector, economic risk was the most-cited supply risk factor. For technology, media, and telecommunications companies, 59% of respondents reported that service delivery was their biggest risk. For healthcare & life sciences and energy/resources, reputational risk came in at 50% and 57% respectively, the highest reported risk factors for both. Consumer businesses collectively reported that reputational and commodity price volatility risks were the highest areas of concern and focus.”

Although I’m not surprised that reputational risks rank high on many lists, reputations are only harmed when something bad happens that causes disruption, harm, or embarrassment. A good risk manager needs to understand what kinds of threats or events can lead to those bad consequences. That’s where a company like Verisk can help. Its website explains how it helps customers conduct a risk assessment.

“Verisk’s risk assessment business serves customers — mainly in the property/casualty insurance industry — by helping to define, measure, and manage risk. Our risk assessment operations include our flagship ISO subsidiary and several other units. All of those units provide data, software, and information services to property/casualty insurers and reinsurers in the United States, as well as many international carriers. We also sell products and services to insurance agents and brokers, insurance associations and service organizations, government agencies, and the risk-management functions of firms in all industries. Our risk assessment products and services include:

  • data and statistical services
  • actuarial services
  • standardized insurance policy programs
  • underwriting information
  • rating-integrity tools

In addition to conducting risk assessments, Verisk also offers decision analytics services to it customers. Those services help customers “make informed decisions about managing their assets and the associated risk.” Verisk’s offerings include products for:

  • predicting future losses
  • selecting and pricing risk
  • detecting and preventing fraud
  • quantifying losses that have already happened

Verisk Analytics also provides a variety of information, systems, and services to help customers manage supply chain risk and compliance. It does this through four primary divisions: Verisk Climate, 3E Company, CargoNet, and Enabl-u Technologies.

“Verisk Climate provides software, data, and analytics for enterprise climate risk management. The organization’s solutions help corporations improve resilience and profitability while enhancing service to their customers.” There is not an industry sector that will remain untouched in some way by climate change. Maggie Slowik writes, “Over the past three to four years, the world has seen extreme weather events occurring more frequently and more intensely than ever before. Globally, in the first six months of 2013, natural disasters caused an estimated damage of $56bn. Companies and consumers have woken up to the real threat of climate change, and we believe that 2014 might mark a breakthrough of noticeable actions.” [“Embracing Climate Change As A Business Risk,” Procurement Leaders, 22 January 2014] Obviously, companies can’t change the weather; so, when Slowik writes about companies taking action, she means implementing some kind of risk management strategy. For some industries, like agriculture, the connection between the supply chain and climate is clear. For other industries, like electronics, the connection might not have been so clear prior to the horrendous floods in Thailand that affected hard drive manufacturers. Almost every industry relies on water and predicted water scarcity is another factor that could impact industries in the years ahead.

“Verisk’s 3E Company is a global provider of services that help [customers] comply with government-mandated environmental health and safety (EH&S) requirements for hazardous chemicals and other products. The services meet the information and management needs of organizations throughout the supply chain and the product life cycle.” In a post I wrote entitled Predictions for the Coming Year: Supply Chain Management, Part 2, the first prediction discussed was how compliance and sustainability issues are going to impact companies. Both traditional government regulations and non-traditional sources of pressure for corporate responsibility are going to play a role.

“Verisk’s CargoNet is a national database and information-sharing system designed to prevent cargo theft and increase recovery.” If the problem of goods lost in transit (GLIT) is as bad in the U.S. as it is in the UK (and I’ve no reason to think otherwise), then getting a handle on the problem is in everyone’s best interest. David Upton reports that in the UK, “90 percent of retailers believe growing numbers of fake GLIT claims pose a serious threat. This is an ongoing problem and highlights a new form of theft: ‘digital shoplifting’.” [“‘Goods lost in transit’ threaten UK supply chain,” Supply Chain Digital, 12 July 2013]

“Verisk’s Enabl-u Technologies is a leader in loss prevention services for retail, hospitality, grocery, banking, healthcare, and other businesses, as well as law enforcement and government. The company offers data management, analytics, and training services used in the loss prevention operations of many Fortune 500 companies and most major retailers in the United States.” To learn more about how fraud and theft are impacting companies, read my post entitled Fraud and Theft in the Supply Chain.

Other Verisk operating units offer services that can help companies manage their supply chain risk. They include:

  • background checks and drug testing for employees
  • catastrophe modeling
  • catastrophe reports and loss estimates
  • claims fraud detection  and prevention services
  • information about specific properties
  • loss control technical reports, action plans, and checklists
  • motor carrier insurance requirements
  • motor vehicle reports
  • risk management consulting services
  • weather and climate change risk management

Professionals involved in risk management know that it is challenging at best and impossible at worst. No one can predict with any precision when and where an earthquake will strike or a disastrous tornado will touch down or an employee will do something surprising and stupid; but, putting in place and exercising risk manager strategies will make any company more resilient when something unpleasant does occur. The only thing we can be sure of is that something unexpected will occur.