Risks have exponentially increased for supply chains in recent years and there is no doubt the coming years will see even more pressure. This raises the question how ready managers are to deal with risks and what their risk appetite is. We spoke to Erika Peters, Global Head of Innovation & Operations at Exiger, about risk management maturity in the supply chain and Exiger’s proprietary framework created to help organisations understand themselves better.
‘Often when board members ask their management team about specific third party and supply chain risks and their teams interpretation of those risks and what they could mean to the company, the questions have been difficult to answer due to the lack of an overarching risk appetite strategy in place helping guide the management team in building processes and decisions similar to a credit or market risk function,’ Erika explains. The framework called “TRADES”, created by Exiger, is aimed at evaluating the current state of the supply chain risk management framework and what can be done to improve.
What companies should aim for is to enter a Predictive State where they can understand and act on risks before they occur. ‘For this to happen, companies need to have confidence in the information to build risk models of their organisation specific what-if scenarios to understand the impact,’ Erika says. ‘The majority of organisations, however, are not even close to that stage.’
Start to finish
Usually, companies find themselves in a more reactive environment where things happen to them with little prior knowledge. Getting to the final stage means taking the organisation on a journey through embedding active risk management and eventually predictive. Erika speaks about central repository of vendors and how crucial supply chain mapping is as a foundation for the process to be successful.
‘Think about your direct and indirect risks and then you can look at monitoring and modelling out different disruption events or potential risk scenarios,’ Erika continues.
Risk appetite
We usually go through how much risk we want to take in many areas of our lives but often businesses find it hard to implement those lessons in their environment. ‘Evaluating risks vs rewards is unique for each company,’ Erika points out. ‘Step one should be knowing what the micro and macro risks are specific to their industry and business model. During the pandemic, for example, companies had no idea of how their supply chain could be impacted or rely on central points of failure.’ Now organisations are searching for ways to be more proactive and take a broader look at the way they define risks and can mitigate them.
Erika specifically called out geopolitical risks as an area of growing concerns. These involve sanctions and working with organisations or countries that are or could be sanctioned or countries with nefarious intentions. ‘You have to know where your business sits within the micro and macro risk ecosystem and consider what potential problems might appear.’
There are also inherent risks related to specific country profiles. Consumers in different parts of the world have a different sense of what is right and wrong. ‘If an active consumer finds out about something they find unethical a vendor of a company is doing like financing modern slavery, this can become huge reputational damage.’
Evaluating risks should be a case-by-case exercise taking a risk based approach. ‘If you are hiring a company on a long-term contract, providing critical products to a business, this requires more extensive due diligence than a third party hired for one event like organizing your Christmas party, where exposure of any inherent risks are much less, reducing the need for extensive research.’ The risk appetite threshold for critical vendors and suppliers should be much lower.
Maturity
Erika is unsure how many companies have managed to learn the lessons from Covid. ‘Some specific companies have taken things very seriously. For others it is still a question of how much they would actually want to know about their risks.’
She gives an example of an Italian company which was the only producer of a specific valve for medical ventilators in the world. ‘Everyone should have known this was part of their supply chains during the pandemic when ventilators were in high demand, but they didn’t. This was a huge operational issue in the whole world.’
People have become more interested in understanding their risk profile and companies are strategically focused on this issue and are realizing that having a strong third party and supply chain risk management programme is a competitive advantage. ‘Competitors have even started to research their competitors to find out whose programme is better in order to beat out their competition.’ Overtime Erika expects frameworks around ESG to be more widespread playing into this competition.
Erika urges senior leaders to be clear about their vendor and supplier risk thresholds so they can set the scene for execution managers. If there are documents that outline what is acceptable and what’s not, people can easily navigate and choose the right suppliers and make decisions as well as build out mitigation steps for risks discovered. ‘There are easy decisions that are black and white like avoiding sanction risks. But a lot of risks are not black and white and those risk appetite frameworks needs to come from the tone at the top.’
Supply of critical components to a business’ operations need a backup plan. But organisations can only create it when they have clearly mapped out their supply chain and have methodically described each element. ‘Conducting a product risk assessment and a vendor risk assessment including their supply chain risks are very important. This is how you understand what your plan B needs to be instigated.’
Future proofing
‘Looking into the future and deciding which risks to focus on more depends on your business profile and industry,’ Erika explains. If you are based in the US, monitoring America’s foreign policy is extremely critical.
We should always be considering what matters most to our industry, for example if you are in the food sector, risks to your company will be different than if you are in manufacturing.’✷
