Mitigating Supply Chain Risk with a Single Strategy

Overview

Supply chain issues have been pushed to the top of the news agenda over the past few years. The Russia and Ukraine conflict has sparked a significant and long-term impact on the supply and cost of food across the world. Car manufacturers have taken measures to ensure that they can keep up with the demand for new cars despite an acute chip shortage. As companies triage these and other similar situations, they will inevitably expose themselves to risk.

While supply chain risk has become one of the most important issues for business leaders to tackle, it’s also often misunderstood. For companies to overcome these problems, they must first develop a unified and comprehensive understanding of their risk profile and appetite.

Richard Waterer, global risk consulting leader for Aon, discusses how companies can mitigate risk by formulating an understanding of their supply chain, leaning on data and analytics to avoid issues and setting long-term risk-management goals.

Q: What challenges do businesses typically face when managing supply chain risk or disruption?

Richard Waterer: One of the big challenges facing any company that has exposure to the supply chain is the fact that it feels too broad to get your arms around. An automotive company might have 30,000-plus parts in each vehicle coming from all over the world. That’s a huge risk.

Risk is defined in different ways in an organization depending on the stakeholder. A procurement director would approach supply chain risk by applying the right due diligence when they onboard a supplier. They would negotiate a contract that pushes as much liability to that supplier as they can in the event of issues around quality, cost or time. But they don’t consider where the risk is in their supply chain. It is a supplier-led view rather than an exposure-led view. The issue with approaching risk as separate initiatives is that it’s inefficient, and it may not focus the firm’s resources on the right areas that can have the biggest impact.

Q: How does this traditional approach differ from having a single strategy for supply chain risk?

Richard Waterer: A single strategy for supply chain risk is about a single version of the truth — a taxonomy of supply chain issues that the firm agrees they face consistently and, most importantly, a consistent understanding of the impacts of supply chain risk on the business. If we know what it will cost our business, we can take the necessary steps to invest in making sure that it does not happen or its impact can be minimized.

The concept is not entirely new: forward-thinking firms have been doing enterprise risk management for decades. That entails understanding the most significant threats to an organization and its ability to trade, profiling those and then understanding how those scenarios would impact the organization and managing them. An enterprise view of supply chain risk would follow similar steps.

Q: What are the first steps in building a unified supply chain risk strategy?

Richard Waterer: From a risk strategy point of view, it starts with an understanding of where the risk is in the supply chain and quantifying it. If you have a picture of your top risks and an understanding of your level of exposure, that will frame the decisions that you want to make as an organization. Those decisions could be around insurance, risk management or supply chain reengineering if the exposure’s significant enough.

It’s about getting to the heart of what matters most to the company. That could be a set of product lines that generate the most earnings, a set of products that are key to a particular geography or a set of products that are important to the future direction or strategy of the firm. If they can agree on what matters most, then they can start to understand what comprises the bill of materials that traces back from that product line and which suppliers are producing which products. That is key to understanding risk exposure better. Then, companies can build scenarios and understand the “what ifs.”

Q: How can data and analytics help a company identify and assess supply chain risks?

Richard Waterer: Data and analytics can play a critical role in improving visibility in a company’s supply chain. We have seen this help in three scenarios. First, the company already has information on its supply chain and wants to revisit their insurance program to see what kind of coverage they have and if they can cover the losses they incurred because of an interruption from a third-party supplier.

Second, the company is uncomfortable accepting the risk and they want to put stronger risk management around it. Data and analytics can audit suppliers to make sure they are well risk-managed, understand their levels of utilization and determine their fallback position in the event of an interruption. This type of analysis helps companies decide whether they need to find a dual source supplier.

Third, the company has recognized that the size of risk exposure is significant, so they address it in their supply chain strategy by bringing production closer, changing suppliers, assessing deal sourcing and inventory management or holding more stock.

That visibility helps companies analyze the areas they want to focus on, where risk sits in the supply chain and what the impact of those risks would be should they materialize. I think all firms would benefit from a single strategy on supply chain risk, but that strategy could be owned by different stakeholders and played out through different projects and initiatives that are driven by a common set of data and analytics.

Q: What advice would you give to leaders who want to improve their supply chain risk management?

Richard Waterer: A balance between efficiency and resilience is the goal. There is a level of investment that’s required to keep that risk managed within your own risk appetite, but at some point, that level of investment could drop off because you’ll be spending more on managing the risk than you are on driving value for the organization. Success looks like striking a balance between those two very broad sets of measures.

No sector has absolutely cracked this — but it’s also less about the response and more about the thoughtfulness and investment that companies are willing to put into their supply chain risk posture. We are seeing that happening a lot more now. There’s been a shift to creating a more open and collaborative culture about risk in many organizations, but there’s a long way to go.