It’s Time To Rethink Supply Chain Risk Management

It is possible to protect supply while avoiding the trade-offs and risks of mitigation. But a radical rethink is needed to succeed.

The past few years have highlighted serious deficiencies in prevalent supply-chain strategies and the major risk that disruptions pose to corporate success. Loss of sales and market share are the most visible and measurable impacts. McKinsey estimates that shocks lasting a month or longer are occurring every 3.7 years and companies can expect to lose 42% of one year’s EBITDA every decade due to supply-chain disruptions.

Herculean efforts by procurement and supply-chain departments to keep supplies flowing have prevented even more extreme disruptions than what we’ve experienced, but have inadvertently created additional risks. Under pressure to quickly identify new sources of supply, due diligence has, at times, been reduced, thereby increasing the likelihood of quality issues, unknowingly supporting forced labor or exposing organizations to fraud. In these instances, tradeoffs have been made, such as impeding carbon emissions reduction progress through the use of less sustainable products or carbon intensive transportation options. Supply-chain disruptions, and the reactions to them, do more than simply reduce profits today. They can damage your brand reputation, reduce customer satisfaction, create compliance breaches and curtail overall corporate efforts to improve our world.

If recent shocks were caused by a black swan event or transitory conditions, the lessons and required actions could be considered limited and incremental. More robust contingency plans that complement current strategies might suffice. Many of today’s challenges, such as port congestion or Covid-19, will almost certainly prove to be transitory. But contentious geopolitics, cybersecurity threats, climate change and other factors will likely only worsen, supporting the case for us having entered what Gartner has dubbed the “Age of Disruption.”

Yet business leaders have a choice as to the nature of this disruption. The default destiny, for those that maintain their current course, is supply disruption and the results that accompany it. 

Today’s complex, global supply chains remain extremely vulnerable

Common supply-chain strategies, such as just-in-time inventory, exacerbate the impact of shocks. Organizational abilities to effectively assess risk and engage suppliers to mitigate it are woefully lacking in most cases. For example, nearly half (43.9%) of CPOs responding to a recent survey by Ardent Partners indicated that they do not know what percent of their suppliers are high risk.

Rather than disrupt supply, let’s disrupt supplier management. It is possible to protect supply while avoiding the trade-offs and risks of mitigation. But a radical rethink is needed to succeed. Today’s common reactions are logical to help mitigate the future impact of the specific shocks we have recently encountered, but not necessarily those of tomorrow. Stockpiling inventory has been the most common response. It can be effective, but only for a time, for certain products, and at great cost in working capital (which is rapidly increasing in today’s rising interest rate environment). Onshoring suppliers is another recent reactionary trend. It can help, but the benefits are limited if only direct suppliers are local, and it concentrates risk.

A smarter approach to supplier management requires several changes

To begin with, businesses must add rigor to their supply chain risk assessment approach. Too often, the process is distilled down to a “check the box” exercise on individual suppliers. Has a supplier provided relevant certifications (.i.e. ISO)? Has past performance exceeded a threshold? Are the supplier’s 3rd party risk ratings acceptable? These can be useful, but are woefully insufficient. Additional areas where changes should be made:

 1. Assessing risk across the supply chain. How to properly assess risk is itself a complex topic which I can barely scratch the surface of here. So I will highlight one aspect that is broadly lacking and must be addressed—understanding the multi-tier supply chain. Companies are exposed not just to their immediate suppliers, but also to suppliers that those immediate suppliers depend on. This normally extends for several tiers. According to research by Dun & Bradstreet, 163 of the Fortune 1000 had one or more Tier 1 suppliers in and around the Wuhan, China coronavirus hot zone, but nearly all (938) had one or more Tier 2 suppliers there. Few knew until impacted.

A lack of visibility into sub-tier suppliers is almost universal. For example, a 2021 McKinsey survey of global supply chain leaders found that 48% have visibility into Tier 1 suppliers, 21% into Tier 2 and only 2% into Tier 3. To properly assess risk, reduce carbon emissions and avoid ethics violations, leaders must map and assess the multi-tier supply chain. That requires implementing a strict process to engage existing and potential suppliers to identify and assess sub-tier supplier dependencies. With large organizations having thousands, if not tens of thousands, of Tier 1 suppliers, technology is essential. Collecting dependent sub-tier suppliers via email at such volumes, mapping them to identify common dependencies and augmenting with additional data to assess sub-tier risk is not practical and prone to error. Having suppliers directly input the details not only improves efficiency, but also reduces matching errors and allows clear visualization of the supply chain.

2. Increasing supplier visibility. With this visibility into risk, companies can then make informed decisions to reduce their exposure. Here, a new approach is also required by many. One that takes a portfolio view of category supply risk. Some companies have done this, but too few. In a Forrester Consulting survey of over 400 procurement decision makers at companies with over 1000 employees, the top barrier to ensuring supply continuity was an inability to effectively assess the overall risk across suppliers in a category. Supplier risk management too often focuses on evaluating the risk level of each supplier and selecting lower risk ones when possible. Taking a category view often means little more than ensuring alternate sources are available.

A portfolio view goes a step further, borrowing from a successful strategy of investment portfolio managers—diversification. A lower risk, less volatile investment portfolio does not necessarily involve the lowest risk investments, but ones that have diverse risk profiles.

3. Shifting category strategies. A common response to recent supply shocks has been to begin shifting supply from China to local markets. That won’t necessarily reduce risk, just change the type of risk and increase costs. For example, U.K. factories were forced to shut down in March during the pandemic, while Honda factories in Wuhan were reopening. A China + 1 strategy, now being considered by many organizations, would have ensured greater resilience at all stages of the pandemic while also mitigating the cost impact. As long as the +1 supplier has a distinct risk profile from the Chinese one, including sub-tier suppliers not exposed to China.

Successfully implementing such a portfolio approach requires the right talent and technology. Procurement and supply chain teams need to continue building the analytical skills of their teams. Technology can empower these teams by providing relevant data from internal, 3rd party and supplier sources when and where needed and help derive actionable insights from it.

4. Mitigating and measuring risk impact. Effectively assessing risk and building supply chains with lower exposure will reduce the frequency and severity of disruptions, but not eliminate them. To mitigate the impact when they occur, companies must also adopt more sophisticated methodologies to model the effects of specific events. An innovative approach is the stress tests developed by MIT professor David Simchi-Levi which revolve around 2 measures. Time to recover (TTR) is the amount of time a particular supply chain node needs to regain full capacity after a specific shock. Time to survive (TTS) is the maximum duration that the supply chain can match supply with demand after a facility disruption. By calculating these for a range of possible scenarios, organizations can more accurately assess the financial impact of disruptions, where weak points are located and devise appropriate contingency plans and inventory strategies. Work must be done on testing and refining such approaches.

5. Improving supplier collaboration. An additional element to improve is the nature of supplier collaboration. Leaders must be willing to share more information with suppliers and digitize how such sharing takes place. Supply chains can be both more efficient and more resilient with greater transparency into supply and demand. That requires as close to real time sharing of information as possible, from both buyers and suppliers. Too often organizations limit the information shared out of concern for confidentiality, or do so too late. Greater willingness to share details helps suppliers plan their own supply chains and leverage existing Spend Management systems.

6. Accurately measuring your own performance against competitors.  Lastly, acknowledge that your organization is probably not as good as it thinks when it comes to managing supply risk. In a Forrester Consulting survey of over 400 procurement decision makers at companies with over 1000 employees, 77% of respondents indicated that their supply chain continuity was better than competitors and only 5% felt it was worse. Such overconfidence is dangerous as it kills the motivation to improve, especially when radical change management is involved.

Supply chains are increasingly critical to success or failure. The right approach to managing them creates a significant competitive advantage, improving financial results while also avoiding ethics breaches and helping improve sustainability. Historic approaches are not fit for tomorrow’s global market, requiring a broad rethink to how we assess, mitigate and model risk. While no risk management approach will be optimal in every scenario and for every business, there are some common lessons to consider. As with so many business imperatives, the path forward requires changes to our talent and processes, with the right enabling technology. Fortunately, we have what we need today. Prudent leaders will apply the needed changes to their organization before their competitors do the same.

Get the StrategicCIO360 Briefing

Sign up today to get weekly access to the latest issues affecting CIOs in every industry

MORE INSIGHTS

Strategy, Insights, Action

In our weekly newsletter, get insight into the biggest issues facing CIOs, along with strategic ideas, solutions, and interviews.