Modern Supply-Chain Risk Management

By Frank J. Coyne

Comprehensive supply-chain risk management plays an important strategic role in the operation of successful businesses, protecting their most valuable assets while creating a unified, high-performance risk mitigation model.

Within and outside an organization, supply-chain risk management can be defined as the system of people, technology, activities, information, and resources involved in transforming raw materials or disparate ingredients into a finished product or ­ser­vice and moving that product or service from supplier to end customer. Such a supply-chain process can also be referred to as a “cash-to-cash” construct — meaning cash out for raw materials and cash in for the finished product or service.

The ultimate goal of an effective and comprehensive supply-chain risk management strategy is to embed risk awareness into all core elements of the organization — from the C suite through supervisors and department heads across the various operational functions. Ideally, this goal can be accomplished through the construction of a formal, cross-functional supply-chain risk management team that offers a full cash-to-cash view of the supply chain’s internal and external constituents.

Over the last decade, the globalization of business — whether in manufacturing or the service sector — has made it imperative for executives and risk managers to reassess how they manage the growing number of risks facing their organizations, especially those affecting supply chains. In this context, effective supply-chain risk management in the modern organization goes beyond traditionally insured risks such as tangible assets and related liabilities; rather, it focuses on assets as part of a process. With rapid change in today’s international business environment contributing to increased risk exposure across all operational functions, senior management must consider a more comprehensive risk management program that emphasizes efficiencies and addresses a wide variety of traditional (or insurable) and nontraditional (or uninsurable) risks.

Supply-chain trends such as offshore operations, global outsourcing, and lean sourcing continue to impact the modern company. In fact, supply-chain risk management has taken center stage as a vital risk management priority.

To keep pace with the dynamic changes taking place both inside and outside the organization, risk managers — in cooperation with senior management — must embed risk management practices into all mission-critical points along the operational network of the enterprise. By teaching risk management techniques to key personnel, risk managers can encourage the use of appropriate risk-based decision-making techniques. This allows managers to make more informed distinctions between the competing priorities of process cost-effectiveness and controlled efficiency of enterprisewide risk exposures.

For example, in an effort to maximize efficiencies, supply-chain managers may seek to implement just-in-time service inventory, although this solution can run counter to a traditional risk management tendency for system redundancies. In fact, managers are regularly asked to make similar decisions with important risk management implications. Such decisions include discounted versus quality vendors; a single, dedicated high-volume source versus multiple sources; and a small number of high-volume distributors versus multiple distribution relationships.

As the foundation of a successful organization, a healthy supply chain is a vital goal for any risk manager. Risk managers must place themselves at the heart of the process by taking the time and effort to become intimately familiar with all the components that drive critical business processes and relationships. As a result, risk managers can influence risk decisions made within individual functional areas of the business supply chain and guide decisions on which subsequent risk mitigation steps to take.

From a risk manager’s point of view, the following are the three key objectives of an effective supply-chain risk management strategy:

• identifying and prioritizing critical business elements
• mapping the entire supply chain to show interdependencies
• identifying potential failure points along the supply chain

Under a traditional risk management platform, risk managers examine the various supply-chain components — procurement, technology, manufacturing, real estate, logistics, legal, distribution, and staffing — and work to identify and evaluate the potential consequences of risk. While those actions play a vital role, a fully comprehensive supply-chain risk management plan takes the process a step further by continually engaging senior management and functional managers to become active participants in the overall supply-chain risk management process.

In this way, risk managers can become integral players in the supply chain while creating multiple “operational risk managers” throughout the overall process. They can implement gap analysis and a variety of advanced risk analytic tools, such as value prioritization and allocation. Comparable to the “numetrics” used by many supply-chain managers, risk managers can monitor process exposures by risk scoring various owner, supplier, distributor, or customer geographic locations for natural catastrophe loss potential or by using sophisticated modeling techniques to improve risk-adjusted decision making. Furthermore, risk managers will have the ability to use such quantifiable risks associated with traditional and evolving business supply chains to enhance risk-based scenario planning and analysis.

Frank J. Coyne is chairman, president, and chief executive officer of ISO.