Use supply chain risk as a wake-up call to change mindsets and metrics

Risk button

A common risk management mistake is waiting for the worst to happen before taking decisive action. Understanding that things will go wrong – it’s not a question of ‘if’ but ‘when’ – sets a sturdy foundation for your risk strategy.


In February, Procurement Leaders chaired a virtual roundtable that brought together global supply chain managers, directors of procurement and heads of third-party risk management from an array of industries. Participants discussed their approach to risk and shared insights from their respective sectors and jurisdictions. Although members agreed procurement teams cannot prepare for every eventuality, leading organisations are forming successful risk management strategies and measuring their performance.


Change mindsets from ‘if’ to ‘when’


In many cases, it is only after an incident that organisations assess their risk processes. Procurement chiefs who wait until disruption impacts their supply chain could find their organisation pays a heavy price given the volatile, uncertain and interconnected nature of modern threats. In fact, Procurement Leaders’ Risk planning guide 2020 research shows that 96% of CPOs surveyed experienced an unexpected supply chain disruption over the past 12 months.


Despite advances in support capabilities, most procurement functions’ risk management practices continue to be reactive. A proactive approach is needed to meet emerging cybersecurity threats and global trade uncertainties, as well as health, safety and environmental risks.


What gets measured gets managed


One of the first challenges procurement functions have is finding the right metrics by which to assess suppliers’ risk profiles. Some roundtable participants said the following basics can be a struggle:

  • Defining their organisation’s risks.
  • Measuring the likelihood and effect of these risks along extended and complex supply chains.
  • Systemising risk management processes.

Functions that have developed appropriate risk management report noticeable benefits, from service performance improvement and timely risk mitigation intervention to better-informed decision-making and greater stakeholder satisfaction.

Members also discuss ways procurement teams can use metrics to assess the health of their suppliers. To best realise this, members offered the following advice:

  • Adopt a cross-functional approach, bringing in different teams with varying perspectives to define risks and the metrics to track them.
  • Use legislation such as the UK Bribery Act or the European Union’s General Data Protection Regulation to build a list of criteria for suppliers to abide by.
  • Tap into publicly available business information or contract business intelligence companies to run credit checks on your behalf.
  • Embed a code of conduct throughout the supply chain that includes considerations around sustainable practices or even cyber resilience. Monitor compliance through regular site visits or third-party audits.

Getting basics right means sophisticated thought


Building a risk assessment methodology is difficult, particularly for buyer organisations with long and complex supply chains. But in a business world marred by volatility and uncertainty, risk management cannot be left unattended.


The outbreak of coronavirus has shown the threat posed to businesses by single-supplier dependency. First, map the supply chain to find those critical links and, where they exist, look for alternative suppliers.


The process may seem long and laborious but it is necessary. Focusing first on a handful of strategic suppliers is a good place to start; tap into those relationships to build and recalibrate your risk management framework, which can later be extended to the rest of the supply chain.


To preempt risk, lessons from past incidents should be learned and fed into the approach. This will help reinforce processes and develop pattern identification, which could be achieved with automation technology.


Finally, think about who owns risk in your function; where is risk managed and by whom? Clear risk management processes are vital as they guarantee a concerted and effective organisational response.

Pauline Schu
Posted by Pauline Schu

Want to learn more? Please fill in your details to hear from us.