A common risk management mistake is waiting for the worst to happen before taking decisive action. Understanding that things will go wrong – it’s not a question of ‘if’ but ‘when’ – sets a sturdy foundation for your risk strategy.
In February, Procurement Leaders chaired a virtual roundtable that brought together global supply chain managers, directors of procurement and heads of third-party risk management from an array of industries. Participants discussed their approach to risk and shared insights from their respective sectors and jurisdictions. Although members agreed procurement teams cannot prepare for every eventuality, leading organisations are forming successful risk management strategies and measuring their performance.
In many cases, it is only after an incident that organisations assess their risk processes. Procurement chiefs who wait until disruption impacts their supply chain could find their organisation pays a heavy price given the volatile, uncertain and interconnected nature of modern threats. In fact, Procurement Leaders’ Risk planning guide 2020 research shows that 96% of CPOs surveyed experienced an unexpected supply chain disruption over the past 12 months.
Despite advances in support capabilities, most procurement functions’ risk management practices continue to be reactive. A proactive approach is needed to meet emerging cybersecurity threats and global trade uncertainties, as well as health, safety and environmental risks.
One of the first challenges procurement functions have is finding the right metrics by which to assess suppliers’ risk profiles. Some roundtable participants said the following basics can be a struggle:
Functions that have developed appropriate risk management report noticeable benefits, from service performance improvement and timely risk mitigation intervention to better-informed decision-making and greater stakeholder satisfaction.
Members also discuss ways procurement teams can use metrics to assess the health of their suppliers. To best realise this, members offered the following advice:
Building a risk assessment methodology is difficult, particularly for buyer organisations with long and complex supply chains. But in a business world marred by volatility and uncertainty, risk management cannot be left unattended.
The outbreak of coronavirus has shown the threat posed to businesses by single-supplier dependency. First, map the supply chain to find those critical links and, where they exist, look for alternative suppliers.
The process may seem long and laborious but it is necessary. Focusing first on a handful of strategic suppliers is a good place to start; tap into those relationships to build and recalibrate your risk management framework, which can later be extended to the rest of the supply chain.
To preempt risk, lessons from past incidents should be learned and fed into the approach. This will help reinforce processes and develop pattern identification, which could be achieved with automation technology.
Finally, think about who owns risk in your function; where is risk managed and by whom? Clear risk management processes are vital as they guarantee a concerted and effective organisational response.