Risky Business Tackling the Rising Supply Chain Risk Threat

Printer version  PDF

by Beth Enslow

What’s the fastest growing risk type for companies? Supply chain risk is certainly a leading candidate for companies that make, move, store, service, or sell products. Left uncontrolled, supply chain risks threaten a company’s financial health and brand equity and, depending on the product and event, can have deep social and economic impacts well beyond a company’s immediate environs.

To find out how supply chain risks are changing and how risk managers are responding, Marsh surveyed risk professionals at 110 North American companies and conducted a few dozen follow-up phone interviews. As part of the survey we asked three simple questions about supply chain risk. The answers were startling.

Fully 73% of companies Marsh surveyed said that their company’s overall supply chain risk level has increased since 2005. Perhaps even more disconcerting, 71% say that the financial impact of their supply chain disruptions has also risen.

Supply chain risk is no longer an issue that “operations will handle.” Supply chain disruptions and delays don’t just impact the ability to satisfy a few customers’ orders. They are likely to hurt a company’s brand reputation, stock price, working capital requirements, and cash-to-cash cycle. They can even threaten the health of consumers and the economic well-being of other participants in the supply chain. C-level executives do not want to become the next poster child for supply chain risk on the front page of the Wall Street Journal or other business publication. Lead paint in toys, contaminated pet food and pharmaceuticals, supplier delays causing missed holiday sales, or major customer order interruptions – the list of potential risks and their impacts goes on and on.

Many of these supply chain risk events occur outside a company’s own four walls and within its suppliers or other business partners. Companies are learning that while you may be able to outsource physical supply chain activities to other organizations, you can’t outsource the related supply chain risk.

Said one risk manager from a large retailer: “The supply chain poses serious risks that are not being adequately addressed.”

How a company assesses and manages its supply chain risk is no longer considered “a company’s private business.” Policymakers and credit rating agencies are increasing their scrutiny of companies’ risk management practices, including supply chain risks. Companies also report increased requests from customers who want to understand their business continuity plans and how they will keep customers fully supplied no matter what happens.

Why have supply chain risks increased? Two contrasting forces have been major contributors. First, lean and justin- time manufacturing and distribution processes have removed the traditional shock absorbers of risk in the supply chain as companies try to rid themselves of buffer inventories and time. Second, the globalization of supply, with increased contract manufacturing and purchasing from China, India, and other overseas sources, has increased lead times. It also requires many more handoffs between parties, which creates more opportunity for delays and product integrity issues. Additionally, it causes supply chain shipments to cross more hot spots that are vulnerable to natural hazards, political risk, cargo theft and diversion, and raises the cost of recovering from delays.

The changing role of the risk professional

The risk professionals surveyed by Marsh are feeling the pressure of supply chain risk, and this is changing their job descriptions. One of the surprises of the study is that while 85% of respondents said that their corporate risk office is responsible for assessing and managing insurable risks in the supply chain, 68% also said that the corporate risk office is now responsible for helping assess and manage uninsurable supply chain risks. For many, this means forging closer relationships and ongoing interactions with operations managers and learning how to quantify and prioritize risks along the supply chain, including not only their company’s direct operations, but the risks with suppliers and even the suppliers’ suppliers.

The answer to our second simple question was that there are many supply chain risks on the radar screen of most companies and that the majority of these are outside the traditional domain of corporate risk managers.

As exhibit 1 shows, the top two supply chain risk concerns today are pricing risks and supplier disruptions.

“Hurricanes and floods are not our biggest issues,” said a risk manager from a major consumer products company. The most concerning risk issues, he said, are labor issues, raw material costs, political and regulatory climates, import/export restrictions, and risks involving shifting production from plant to plant or country to country.

“Pricing risks, on-time delivery issues, and the impact of reliability on customer and stakeholder satisfaction have had a major impact on our company’s survival,” explained another participant in speaking about top risk concerns. Pricing risks are a global phenomenon and lead not just to higher purchasing costs but also to more political instability, labor unrest, regulatory actions, trading partner insolvency, and so on. These pricing concerns include global energy prices, global food prices, pollution-related regulatory actions, as well as significant labor and raw material cost increases in emerging market countries such as China and India.

As a result, companies now are awakening to the realization that prices from lower-cost countries will not remain the same year-on-year. Already, some are shifting operations from China to countries such as Vietnam, Thailand, and Malaysia to combat price inflation. But these new destinations are also experiencing strong inflationary pressures and many have even higher risk levels for natural hazards, political unrest, logistics infrastructure failures, and product integrity challenges. Plus, tack on the rising price of fuel, which is significantly raising transportation costs.

To protect against pricing risks (and their domino effect on other risks), companies should reassess their sourcing and logistics strategies and risk management policies. For instance, start monitoring suppliers closer for their financial solvency and credit lines to ensure they have the cash to support your raw material and production requirements. Already some companies report spotting lower-quality material in products or suppliers experiencing delays because of cash flow issues exacerbated by the global credit crunch.

The answer to this third question we posed was most disconcerting of all. Despite rising awareness and concern about supply chain vulnerabilities, most organizations do not believe they are adequately assessing and addressing these risks. No study participants said that their supply chain risk practices are highly effective. Moreover, only 35% of organizations self-reported that supply chain risk management was moderately effective at their companies. At most companies, supply chain risk management processes are piecemeal, informal, ad hoc, and inconsistent. Even at companies in which local supply chain managers are made responsible for their functional risks, the danger looms that interdependencies and knock-on impacts will likely be missed as a disruption ripples across the supply chain.

Getting a handle on supply chain risks Quantifying the potential impacts and prioritizing evolving supply chain risks are among the biggest challenges they face, reported risk managers. These tasks are made more daunting by all the external factors bearing on supply chain risk management, such as supplier interdependencies, regulatory changes, and the safety and security of global supply chains.

The typical risk manager we surveyed estimated that just 25% of his or her company’s end-to-end supply chain is being assessed annually for risk likelihood and impact. A lack of staff time and resources – combined with the complexity of supply chain processes that can involve thousands of internal and external organizations – create daunting challenges.

Promisingly, the study results show specific practices that can greatly enhance the thoroughness and effectiveness of supply chain risk management.

What risk managers can do to succeed

Fully 77% of study participants said that for risk managers to be effective, they need to increase their basic understanding of end-to-end supply chain processes. And 79% advised that risk managers must strengthen their orchestration skills for networking and interacting across manufacturing, purchasing, logistics, retail operations, or other supply chain functional groups.

“To succeed, you have to be able to partner with operations and purchasing to identify and address issues,” said a risk manager at a midsize food and beverage company. “You need to educate them on the purpose of risk management and get them to partner with you from the start on their initiatives.”

“Each function may have a different format and vernacular for risk areas,” cautioned a consumer goods risk manager. “You need to be clear in what you’re asking for and be able to speak their language – don’t make the functions reinvent the wheel they already have in place.”

Risk managers also need to keep up to date with both traditional and emerging insurance and alternate financing vehicles for dealing with supply chain risks. These may include trade disruption insurance designed to protect against the disruption of supply sources, including: supplier insolvency; trade credit insurance designed to protect against buyer credit risks; stock throughput policies designed to provide continuous “all risk” coverage for goods or merchandise in transit or storage; and new innovations around critical supply chain insurance.

The study found a number of other critical personal success factors for risk managers. It also revealed that organizational processes at many companies need to change.

Organizational recommendations for action

• Have the risk manager take a strategic role in mobilizing the company against both insurable and uninsurable supply chain risks.
• Implement supply chain risk management processes that are consistent across the enterprise and are designed end-to-end, including direct suppliers, critical raw material suppliers, and logistics partners.
• Embed risk management activities and responsibilities into existing supply chain processes and functions. This includes supply chain managers having risk plans or metrics in their job descriptions or management business objectives (MBOs). Top performers are nearly four times more likely to have adopted an “embedding” strategy.
• Use a cross-functional team to manage supply chain risks. Today, only 31% of participants have established such a team, including just 19% of companies with revenue over $1 billion.
• Improve the company’s ability to measure supply chain risk and resiliency by geography, product line, customer, and so on. Institute regular operating segment and business unit conversations about risk. Understand and talk the CEO’s and CFO’s language when presenting risk status and proposing risk management initiatives.

To learn more about risk manager’s changing roles and additional strategies for dealing with supply chain risks, please download the study Stemming the Rising Tide of Supply Chain Risks: How Risk Managers’ Roles and Responsibilities Are Changing at http://global.marsh.com/risk/supply_chain/