Modern global supply chains, in so many ways, mirror complex biological systems. They can be resilient and self-healing, yet at the same time remarkably vulnerable, such as when the clogging of an artery ultimately leads to heart failure. One breakdown begets the next.
Many of the risks that threaten supply chains are obvious, such as volatility in the price of oil, regulatory changes or supplier failure. But many more are often harder to quantify and require companies to set a value on avoided loss.
According to Michael Chagares, executive director of Accenture's Risk Management service line, few companies place a strategic imperative on managing operational risk, even though operational and financial performance are closely linked.
Chagares recently sat down with Business Finance to discuss effective management of operational risk, why so many companies fail to manage it well, how to build operational risk into a skill within an organizational structure, and why failing to manage operational risk invites disaster.
Business Finance: Where does risk analytics come into play when managing the supply chain?
Michael Chagares: With risk analytics, you first need to focus on identifying what are the key risks that will affect you. They fall into three categories: financial risks, strategic-related risks and operational risks. I would submit that a number of companies are very good at their financial risk management, but are not quite as competent at managing operational and strategic risks.
Once the risks are assessed across your entire supply chain, you can then apply analytical tools to understand the impacts of the uncertainties of the risks. Instead of reacting to something that happens, you can look across your supply chain to help sharpen your view and provide stronger capabilities in how you prioritize the risks across the supply chain, how you measure those risks, how you understand different scenarios and test for those scenarios.
BF: Explain how to best handle vendor management in the context of mitigating risk.
MC: Vendor management in today's world has to be very robust and sophisticated in terms of the heightened risk in the supply chain. You have to look at all components. You have to look at critical suppliers. You have to look at their overall financial and operational health. You have to look at doing a specific contractual engagement and understanding how that can be used to potentially mitigate the risk. You've got to have really strong communication between you, your key suppliers and your key vendors to understand and be very proactive on their health and whether there are any issues they should be anticipating.
BF: How do you sustain a solid supply chain risk framework?
MC: In order to sustain any risk management framework, the supply chain risk framework and risk mitigation strategies must be implemented on a more holistic basis. It has to be across the supply chain and it has to be integrated into how the supply chain is managed, so it becomes a risk-based decisioning framework that addresses core risk issues and implements appropriate and effective strategies. Not just dealing with the symptoms, but rather getting to the core issues that are fundamental to be managed.
You want to make sure you're not surprised, and that you've got the right capability to anticipate and manage those things and be effective and ultimately integrate your risk management framework the way you identify, assess, manage, analyze and report risk into the way you manage your supply chain.
BF: How can companies leverage supply chain risk management to drive value and differentiate themselves from their peers?
MC: I think it's getting out of the defensive mindset that we're just going to make sure we're in compliance within each of our various silos and looking at it instead as a creator of value. How can we create value by proactively understanding, managing and monitoring the risk that can cause upstream and downstream consequences to our supply chain on a proactive basis? I think of it as an “eyes wide open”-approach, so we're communicating the information to maximize overall growth and resiliency within the supply chain.
It's a matter of looking at the supply chain as a multi-webbed network of relationships, involving collaborators, suppliers, manufacturing, and logistics. All of those relationships should be fully integrated, talking with each other and understanding that something that may happen early on in manufacturing can ultimately affect logistics and distribution. It has to be identified, managed appropriately, and communicated downstream.
BF: What are some of the key strategies companies can employ to overcome obstacles in integrating risk management throughout a company's supply chain and culture?
MC: First, as in all risk management, you have to obtain buy-in and sponsorship from the top of the organization. It's critical that they support the integration of supply chain risk management into the appropriate business function and that will ensure there is an understanding, a top level commitment, and there is alignment between these strategies and the goals of the organization.
Second, you need to integrate enterprise risk management framework principles across the supply chain. What that means is identifying, prioritizing, measuring and mapping across the supply chain ecosystem and rating the key areas based on qualitative measures of impact, likelihood and management effectiveness and other key metrics the company uses to measure that risk. Then you have to communicate that out across the supply chain.
Finally, you need to implement dynamic supply chains, making sure that to mitigate some of those risks, you have flexible operations, diversified supplier portfolios and global visibility where everyone understands the risks across the supply chain.
You have to ask the what-if questions. Use probability modeling to identify unknown risks, different levels of volatility, and develop appropriate plans to deal with potential scenarios. When is the right time to only have a plan in one country? When is the right time to put a duplicate operation in a second country? What are the risk issues of doing duplicate plans? Always be testing that. Always be considering how that business environment can change.