Catching up on a few older articles that we didn’t publish this summer….. At the Institute for Supply Management’s 101st annual conference in Indianapolis, Indiana, friend of the site, Mickey North Rizza, gave an engaging presentation on the future of supply risk management to a packed room. Mickey has many years of experience managing supply risk as a procurement practitioner and studying risk as an industry analyst, and she is a widely recognized procurement and supply management thought leader… so, it was a real treat to hear her take on the subject.
What is Risk?
As a reminder, “the definition of risk is the probability of a threat or disruption, damage, injury, liability, loss, or other negative occurrence,” said Mickey. “It’s something negative to something that we hold as great.” For her, there are four main categories of risk – each one can impact an organization’s finances, legal status, and reputation:
- Compliance – adherence to government regulations concerning corruption, conflict minerals, child labor, human trafficking, modern slavery, and sustainability, as well as IT security
- Financial – the pressure to generate revenue, profitability, and working capital; to produce cash statements; to source raw materials; and the uncertainty surrounding mergers and acquisitions
- Operational – these cover people, processes, and technologies; when something goes wrong with any or all of them; it involves human capital and IT, as well as suppliers
- Viability – a broad category covering political risk (e.g., elections, alliances, ceasing or renewing diplomatic relations, terrorism, war), natural disasters, and supply chain resilience
Organizations shoulder these risks every day; and the depth and breadth of the risks, and their potential impact, continue to expand. To demonstrate her point, Mickey asked the audience what risks worried them. Although some cited perennial supply risks – natural disasters and global markets – a couple of others said that cyber security and “undefined risks” worry them, which highlights the changing and uncertain nature of supply risk management. She seemed to validate their concerns. “Our world is really going to change, more than you know,” she said, “and the risks are going to get greater.”
Is Your Organization Prepared?
Many enterprises are not prepared for the future. Citing recent studies on supply risk management, Mickey noted that there are disparities between what enterprises regard as their top impact-driving supply risks and their ability to manage or mitigate them. To get enterprises (back) on track to avoid or mitigate future risks, Mickey set forth ten steps that procurement and supply management practitioners can take now and moving forward.
- Research the issues – a pretty basic and easy first step for novice and experienced supply management pros, alike, is to immerse themselves in the risks that are new and or evolving, like cyber security for the supply chain, or human trafficking/modern slavery regulation.
- Compile accurate and complete spend and supplier data – enterprise procurement teams need a holistic, 360 view of their operations and their suppliers to understand where the risks reside. There can be a ton of risk hiding in spend data (savings leakage), and supplier data (non-compliance, reputational risk, viability, etc.).
- Build a catalog of risks – compile the “known knowns,” and then consider the information sources you need to monitor them. Then arrange them in a grid, score them, weight them, model them (table-top exercises, scenario analysis, “war gaming”), and learn lessons.
- Consider a rules-based approach – business leaders should consider leveraging technologies to look at risks from a rules-based approached (e.g., if a supplier risk score is at a certain percentage, then taking action to bring it to an acceptable level).
- Require governance – although most companies have adopted a center-led approach to governance because it brings everything together, enterprises need to establish some kind of governance structure, whether they are centralized, decentralized, or center-led.
- Integrate Processes – this includes linking horizontal business processes (e.g., manufacturing, product development, product lifecycle management, sourcing, and procurement) in order to create an ecosystem. “Departments don’t work in a silo,” said Mickey. But as a team, they can work towards eliminating or reducing risks.
- Reconsider technology and value management – Futuristic technologies (e.g., robotics, 3-D printing, connected devices, advanced data analytics, and digital fabrication) will integrate our physical and virtual worlds. Previously, end users viewed these entities and processes separately. But when integrated, they will change processes, manufacturing, risks, and worldviews.
- Put “feet on the street” – it can be valuable to have local teams in supplier locations who track down the suppliers, understand local customs, laws, and incorporate this knowledge into the supplier contract (and processes) to protect the enterprise from running afoul of laws and / or tarnishing their reputations.
- Train employees on “need to share” – whenever practitioners make a change, they need to share it with the rest of the organization and the enterprise – for example, if the enterprise can longer source goods and services from a particular supplier. Failure to communicate policy or process changes can result in non-compliance, financial, or legal impact.
- Measure, monitor, mitigate, and tweak – this brings risk cataloging full circle. It applies a scientific approach to risk management that asserts that risks are not static, but dynamic. Scoring, tracking, and proactively managing risks (ideally avoiding it altogether), and then applying lessons learned to risk models is the preferred way to approach supply risk management, rather than leaving things to chance and hoping for the best.
Supply risk management is not a “set it and forget it” process; it is one that requires continuous learning and adaptation. The risks that enterprises faced five years ago have been joined by other risks, like supply chain cyber security, government regulation, and a growing consumer appetite for sustainable, fair trade, and organic/non-GMO food. Sourcing, procurement, and supply risk management teams need to stay current on these and other trends in the marketplace today, as well as keep their eyes and ears pealed for what is on the horizon. Futuristic technologies, like 3-D printing, connected devices, and robotics, have been disrupting the way that enterprises conduct business. And they have the potential to further disrupt the risk environment for enterprises.