Risk management in the supply chain – frequently on the agenda but only implemented to a limited extent
riskmethods welcomes a guest post from Prof. Dr.-Ing. Günther Reinelt, Senior Advisor in the areas of purchasing and inbound logistics and professor in operations and supply management at Hochschule Niederrhein in Germany. Dr. Reinelt is writing today about risk management in the supply chain.
On the one hand, globalization and digitization have provided many companies with great opportunities for growth and profitability, but on the other, the risk level in the supply chain has increased significantly.
Risk Management in the supply chain – A challenge for organizations
Awareness of supply chain risks has risen considerably as a result of the 2008 financial crisis, the ash cloud in Europe or Fukushima for instance, and yet many companies still seem to approach this issue in a rather uncoordinated manner, with a tendency to focus on isolated individual measures, such as financial information on suppliers.
Leading enterprises are taking a cross-functional and cross-company approach, which is characterized by proactive, active and reactive elements, to minimize and prevent risks in the supply chain. The continually evolving advanced efficiency of the specialized information and technology systems used plays a vital role in this regard: relevant information can be filtered and processed from the huge supply of data, which then allows for virtually centralized risk management with simultaneous decentralized sensor and operational capacities.
Supply Chain Risk Management is an integrated sub-process of a company-wide risk management process. Coordinated goal definition, risk identification, risk analysis, risk management, and monitoring and control of the efficiency of systems and measures make up the key elements.
The proactive phase: Developing a corporate strategy
The proactive phase involves developing a corporate strategy that is in line with the objective to achieve a defined delivery capability in case of a harmful event, while striking an efficient balance between required capacities for recognizing and managing supply interruptions, and susceptibility to disruptions in the supply chain.
This requires creating risk-related transparency in the supply chain – a transparency that covers more than just Tier 1 suppliers. In reality, the supplier base is usually a network and not a linear chain, and a Tier 3 supplier could be the trigger of enormous supply disruptions, for example, because it supplies two or three Tier 1 or Tier 2 suppliers. Besides recording the supplier base structure, the relevant supplier risk profile must be set up as part of supplier approval. This enables quick and realistic assessment of the possible impact in the event of a disruption. In addition to the suppliers, self-induced risk factors such as customized product specifications, exotic materials or manufacturing processes must be recorded as risk-enhancing factors.
Diversity of risk causes in the supply chain
Risk causes can be extremely varied. From natural disasters, geopolitical disruptions, currency fluctuations, pandemics, technological problems, unexpected changing requirements, limited resources up to intentional hazards, and beyond – the range of triggering factors is vast.
By analyzing the potential causes it is possible to asses the likelihood of occurrence and the impact, and to define four categories of scenarios: For a high likelihood of occurrence with low or high impact, the impact can be limited by means of appropriate resources and practiced procedures (drills). A critical scenario is one of a low likelihood of occurrence with high impact, as a great deal of imagination is required to visualize situations that are actually inconceivable (black swan) and that have never before occurred (e.g. 9/11). Another aspect to consider when assessing risks is the time delay between the triggered event and the occurrence of damage, i.e. the recognizability of the risk.
If the harmful event has occurred, i.e. the active phase is entered into, a coordinated approach in line with predefined procedures and routines is required to ensure that the existence of the company is not threatened and that the market is serviced, while preserving the interests of the company and customers.
The reactive phase: Reviewing established procedures
The reactive phase is used for case-by-case reviewing of established risk management procedures and further improvement of these procedures, based on the experience gained in overcoming the situation that has resulted from a harmful event.
Experience shows that companies using active and efficient risk management make a strong case for the outlay of expenditure in this regard, both in terms of image and finances – which should motivate others to also concern themselves intensively with the topic of risk management in the supply chain.
What are your experiences? I’m very happy about any feedback.