
Article 8 Min Read
Managing Cyber Risk through Return on Security InvestmentSupply chain issues have been pushed to the top of the news agenda over the past few years. The Russia and Ukraine conflict has sparked a significant and long-term impact on the supply and cost of food across the world. Car manufacturers have taken measures to ensure that they can keep up with the demand for new cars despite an acute chip shortage. As companies triage these and other similar situations, they will inevitably expose themselves to risk.
While supply chain risk has become one of the most important issues for business leaders to tackle, it’s also often misunderstood. For companies to overcome these problems, they must first develop a unified and comprehensive understanding of their risk profile and appetite.
Richard Waterer, global risk consulting leader for Aon, discusses how companies can mitigate risk by formulating an understanding of their supply chain, leaning on data and analytics to avoid issues and setting long-term risk-management goals.
Richard Waterer: One of the big challenges facing any company that has exposure to the supply chain is the fact that it feels too broad to get your arms around. An automotive company might have 30,000-plus parts in each vehicle coming from all over the world. That’s a huge risk.
Risk is defined in different ways in an organization depending on the stakeholder. A procurement director would approach supply chain risk by applying the right due diligence when they onboard a supplier. They would negotiate a contract that pushes as much liability to that supplier as they can in the event of issues around quality, cost or time. But they don’t consider where the risk is in their supply chain. It is a supplier-led view rather than an exposure-led view. The issue with approaching risk as separate initiatives is that it’s inefficient, and it may not focus the firm’s resources on the right areas that can have the biggest impact.
Richard Waterer: A single strategy for supply chain risk is about a single version of the truth — a taxonomy of supply chain issues that the firm agrees they face consistently and, most importantly, a consistent understanding of the impacts of supply chain risk on the business. If we know what it will cost our business, we can take the necessary steps to invest in making sure that it does not happen or its impact can be minimized.
The concept is not entirely new: forward-thinking firms have been doing enterprise risk management for decades. That entails understanding the most significant threats to an organization and its ability to trade, profiling those and then understanding how those scenarios would impact the organization and managing them. An enterprise view of supply chain risk would follow similar steps.
Richard Waterer: From a risk strategy point of view, it starts with an understanding of where the risk is in the supply chain and quantifying it. If you have a picture of your top risks and an understanding of your level of exposure, that will frame the decisions that you want to make as an organization. Those decisions could be around insurance, risk management or supply chain reengineering if the exposure’s significant enough.
It’s about getting to the heart of what matters most to the company. That could be a set of product lines that generate the most earnings, a set of products that are key to a particular geography or a set of products that are important to the future direction or strategy of the firm. If they can agree on what matters most, then they can start to understand what comprises the bill of materials that traces back from that product line and which suppliers are producing which products. That is key to understanding risk exposure better. Then, companies can build scenarios and understand the “what ifs.”
Richard Waterer: Data and analytics can play a critical role in improving visibility in a company’s supply chain. We have seen this help in three scenarios. First, the company already has information on its supply chain and wants to revisit their insurance program to see what kind of coverage they have and if they can cover the losses they incurred because of an interruption from a third-party supplier.
Second, the company is uncomfortable accepting the risk and they want to put stronger risk management around it. Data and analytics can audit suppliers to make sure they are well risk-managed, understand their levels of utilization and determine their fallback position in the event of an interruption. This type of analysis helps companies decide whether they need to find a dual source supplier.
Third, the company has recognized that the size of risk exposure is significant, so they address it in their supply chain strategy by bringing production closer, changing suppliers, assessing deal sourcing and inventory management or holding more stock.
That visibility helps companies analyze the areas they want to focus on, where risk sits in the supply chain and what the impact of those risks would be should they materialize. I think all firms would benefit from a single strategy on supply chain risk, but that strategy could be owned by different stakeholders and played out through different projects and initiatives that are driven by a common set of data and analytics.
Richard Waterer: A balance between efficiency and resilience is the goal. There is a level of investment that’s required to keep that risk managed within your own risk appetite, but at some point, that level of investment could drop off because you’ll be spending more on managing the risk than you are on driving value for the organization. Success looks like striking a balance between those two very broad sets of measures.
No sector has absolutely cracked this — but it’s also less about the response and more about the thoughtfulness and investment that companies are willing to put into their supply chain risk posture. We are seeing that happening a lot more now. There’s been a shift to creating a more open and collaborative culture about risk in many organizations, but there’s a long way to go.
General Disclaimer
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Stay in the loop on today's most pressing cyber security matters.
Explore Aon's latest environmental social and governance (ESG) insights.
Explore our hand-picked insights for human resources professionals.
How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Article 17 Min Read
By leveraging the advances made by academic research, companies can develop more robust climate risk resilience.
Article 19 Min Read
Pricing pitfalls are more common than you think, whether it's working with incomplete data or key man risk – but with the right pricing process, many of these issues can be mitigated. Read our article to learn about the most common pricing errors, and what insurers can do about it.
Article 18 Min Read
In today's increasingly complex insurance landscape, an inadequate pricing system can not only impact insurers' view of risk, but also prevent them from making the right decisions at the right time. Read our article on why it's essential to get pricing right.