Some of the most interesting facets of supply risk management revolve around the unknown – what could happen, under what circumstances, what the impact could be, and what to do about it. Many people lose sleep over the unknowns in their professional (and personal) lives, at least until they have nailed down some specifics and an action plan. And even then, they don’t really know what will happen until it happens and they are forced to deal with it. Now let’s apply this to supply management.
What are the “Unknown Unknowns”?
Former Secretary of Defense, Donald Rumsfeld, one of the most controversial secretaries of defense of the last century, once said during a press conference, perhaps infamously, that “There are ‘known knowns’ – there are things we know we know. We also know that there are ‘known unknowns’ – that is to say, we know there are some things that we do not know. But there are also ‘unknown unknowns’ – the ones we don’t know we don’t know.” If your head is swimming trying to follow along, you’re in good company.
Still, the former Secretary raises a point that applies quite nicely to risk management. Part of the challenge of managing risk is identifying it, particularly ones that fly under the radar and go unnoticed. Risk identification is just one of several parts of an effective supply risk management program. Here are some ways that Chief Procurement Officers (“CPO”) and supply management pros can gain greater visibility into known and unknown supply risks:
- Assemble a cross-functional risk management team that takes an enterprise-wide view of supply risk. This helps to identify supply risks that procurement or supply chain, by themselves, would miss – like HR, IT, or legal risks lurking within their supply chain.
- Quantify each risk in terms of both probability and impact. How often does this happen “in the wild?” Who does it happen to? Under what circumstances? And what is the impact in terms of downtime? Cost to the enterprise? Brand reputation? Market share?
- Pull in third-party market and supplier intelligence to build out risk models for not just the enterprise, but also the categories and suppliers that the enterprise relies on. Do not take the suppliers’ word that they can provide a high-risk (e.g., sole source) commodity. Consider the data and plan accordingly.
- Take steps to avoid risks, including risky suppliers and commodities. For example, if a category manager relies on a sole source for a commodity, particularly if that supplier is in a high-risk country, they can avoid the risk of a supply disruption or a price hike by sourcing from multiple suppliers, or at least identifying alternative suppliers in a pinch.
- Develop contingency plans for when the improbable becomes probable, and the inevitable becomes reality. Bad things happen to good companies – just ask the executive team at Chipotle. That is why every CPO and procurement team needs to have a game plan vis-à-vis the growing risks that lurk within their supply chain. Flying blind is unacceptable.
- Practice. Role play. Wargame. What do successful athletes do constantly? They practice against adversaries (real and simulated), and they practice like they play. CPOs and risk managers are going to take some hits, and they need to be able to recover in the moment, bob and weave to avoid future hits, and respond under fire.
People often take solace in the notion that although many risks are high impact, they are low probability. “This could ruin us, but how unlucky would we be if it were to happen?” they might say. Sometimes we are at the mercy of the universe, but many other times we have the ability to identify risks and the factors contributing to those risks and either avoid them now or plan for them in the future. No one wants to be the one chance in a thousand that experiences disaster or hardship. But no one wants to pick up the pieces when disaster strikes. Get proactive – identify the risks, how to avoid them, or what to do about them now.