Share
Following on from my last article, today I bring you the third of my four part series – Risk Management. In this piece, I’ll be giving you my view on the key aspects to consider when looking to manage risk in your key supply relationships and supply chain.
The focus on managing risk within the supply chain has increased over recent years and rightly so. The advent of the Modern Slavery Act in 2015 and the drive for a more transparent and sustainable supply model has brought an added dimension to managing risk, plus the explosion of the digital age has led to heightened focus from a cybersecurity perspective too. When you also add in the small matter of the GDPR legislation in 2018 and the consequences of not handling data correctly, this concoction of delights is enough to give anyone a sleepless night! All of this coupled with an increase in outsourcing critical activities, has in my view, brought the activity of managing risk to centre stage and high on the agenda for all CEOs and therefore all CPOs.
What was once a snowball has now quickly developed into an avalanche, but how can all of this be managed effectively?
The consequences, both financial and reputational, of not managing risk effectively with your key supply partners is simply a non-starter in my opinion. Not only can huge fines follow a ‘breach’ event, but the damage to your organisation (and those associated with it) can be devastating and something you may never recover from. Gone are the days of passing the buck or simply assuming that someone else has it covered. It may seem obvious, but my recommendation is don’t get caught out! Work with your key SME’s to ensure that risk is central to the framework you deploy for managing your supply estate, particularly your critical services and key suppliers.
When it comes to supply chain risk, both these Tech Target and McKinsey articles provide useful definitions and guidance on the topic. Both are very clear that there are multiple aspects to getting it right, which I absolutely agree with.
For those still grappling with what actually constitutes risk management in the realms of supply management world, the Tech Target definition as below feels like a good concise description that works well for me.
“Supply chain risk management (SCRM) is the coordinated efforts of an organization to help identify, monitor, detect and mitigate threats to supply chain continuity and profitability.”
Going further, I would also suggest that its not a ‘one size fits all’ scenario and that Procurement should not be the sole arbiters of what good looks like for your organisation. Many companies have specific risk teams and my recommendation would always be to work hand in hand with the relevant SME’s within your organisation to develop an approach that’s right for your supply base and your customers. What is clear in my mind though is that your approach will need to be multi-faceted and capable of capturing risks of different types, from different scenarios and during different stages of activity.
When it comes to types of risk, I personally like the simple, but clear approach the McKinsey article takes with its ‘Known’ and ‘Unknown’ risk categorisation. Known risks are typically ones that you should be able to determine. I would recommend understanding what your appetite is towards these and ultimately what ‘good’ looks like. These will be numerous, but could be something such as:
I will talk in more detail shortly as to how I think you can do this, but needless to say having a clear and documented approach to measuring these risks is key.
In addition to the above, there the other side of the coin – unknown risks. Naturally these are more difficult to predict, but can be devastating in their effects, as we’ve seen with the sweeping nature of COVID 19 this year. Planning for each eventuality can be more difficult, but what we’ve learnt is the need to be able to react quickly and with agility. Take time to understand what such potential events could be and then use this work as an opportunity to develop the business case to bolster your resilience and defence mechanisms.
You will have noticed that in my previous articles I’ve been very clear to state that effective supplier management, and in this case, the management of supply risk, isn’t an activity that you start when you’ve signed the contract and the service has become live. Understanding your risks and developing an effective framework to monitor, mitigate and address them is a continual and ongoing activity in its own right.
So how do I weave risk management into my framework and where does it start? As mentioned, work with your business to outline the risk landscape for your supply chain and then take steps to address it at all stages of the procurement and supply management lifecycle. There are many activities at different stages, but below is my summary view of how to hopefully ensure your business is not caught out starting at the outset:
Lastly, and as with the entire discipline of supply management, there are tools, both specialist and end to end that you can deploy to help you in this arena. As always, I would say that investment in such tools should be in line with the approach your company wishes to adopt and its risk appetite. If you do choose not to purchase a specific platform, you will need to ensure you have some method of documenting and managing risk as a minimum. Without it the prospect of significant disruption to your business will be a far more likely event.
Up next and the last in my four-part series is a favourite topic of mine, Relationship Management. I’ll be bringing the curtain down on whats been a really enjoyable series to write and I look forward to sharing this with you in a couple of weeks-time. In the meantime, if you require support on any of the areas covered above, please feel free to contact me on 07834 452333 or at Marriage-Stanley Associates via this link.
James Cowley
Principal Associate, Marriage-Stanley & Associates
Share
Dennis Stanley
Managing Partner
+44 (0) 7812 192 754