A common risk management mistake is waiting for the worst to happen before taking decisive action. Understanding that things will go wrong – it’s not a question of ‘if’ but ‘when’ – sets a sturdy foundation for your risk strategy.
In many cases, it is only after an incident that organisations assess their risk processes. Procurement chiefs who wait until disruption impacts their supply chain could find their organisation pays a heavy price given the volatile, uncertain and interconnected nature of modern threats. The Risk planning guide 2020 research shows that 96% of CPOs surveyed experienced an unexpected supply chain disruption over the past 12 months.
Despite advances in support capabilities, most procurement functions’ risk management practices continue to be reactive. A proactive approach is needed to meet emerging cybersecurity threats and global trade uncertainties, as well as health, safety and environmental risks.
One of the first challenges procurement functions have is finding the right metrics by which to assess suppliers’ risk profiles. Some roundtable participants said the following basics can be a struggle:
Functions that have developed appropriate risk management report noticeable benefits, from service performance improvement and timely risk mitigation intervention to better-informed decision-making and greater stakeholder satisfaction.
Members also discuss ways procurement teams can use metrics to assess the health of their suppliers. To best realise this, members offered the following advice:
Building a risk assessment methodology is difficult, particularly for buyer organisations with long and complex supply chains. But in a business world marred by volatility and uncertainty, risk management cannot be left unattended.
The outbreak of coronavirus has shown the threat posed to businesses by single-supplier dependency. First, map the supply chain to find those critical links and, where they exist, look for alternative suppliers.
The process may seem long and laborious but it is necessary. Focusing first on a handful of strategic suppliers is a good place to start; tap into those relationships to build and recalibrate your risk management framework, which can later be extended to the rest of the supply chain.
To preempt risk, lessons from past incidents should be learned and fed into the approach. This will help reinforce processes and develop pattern identification, which could be achieved with automation technology.