Skip to content
Search AI Powered

Latest Stories

STRATEGY

Three keys to crafting an effective supply chain risk strategy

Before you can decide what actions to take to mitigate or manage a risk, you need to firmly understand your risk maturity level, appetite, and culture.

SCX24_01_risk_1200x800.jpg

The COVID-19 pandemic pushed risk to the top of virtually every corporate agenda. For the first time in about 10 years, most executives (95%) said they had formal supply chain risk management processes, according to a November 2021 McKinsey study, “How COVID-19 is Reshaping Supply Chains.” McKinsey also found that 59% of the companies said they adopted new supply chain risk management practices over the past 12 months. And a small portion of the companies (4%) set up a new risk management function from scratch. Almost all respondents said they had strengthened existing capabilities. 

As supply chain risk and resilience (SCR&R) evangelists, we at the Supply Chain Risk Management (SCRM) Consortium found this report to be very encouraging. For the past 13 years, the SCRM Consortium has been building out a body of knowledge in supply chain risk and resiliency in an effort to lead, guide, direct, and coach companies toward successful SCR&R journeys. Over the last three years, we’ve witnessed more companies exercising many of the best practices that we profiled in our book, Supply Chain Risk Management: An Emerging Discipline, back in 2015.


Because COVID has had such an uneven and devastating effect on almost every industry, the watch word during these past few years has been “resiliency.” At the SCRM Consortium, we believe that “A resilient enterprise has the capacity to overcome disruptions and continually transform itself to meet the changing needs and expectations of its customers, shareholders, and other stakeholders.” That is a very tall order. However, in the last few years, we have seen a very robust dialogue among our clients, in our workshops and webinars, and on our social media, covering the strategies of effective or resilient supply chains versus those of super-efficient supply chains. These discussions have covered nearshoring, onshoring, just-in-time versus just-in-case, and the merits of Lean. There has also been a focus and commitment to identifying risks and building out supply chains that can weather several types of risk events. All of these discussions have been in an effort to reinforce resiliency throughout the entire industrial supply chain. This includes U.S. Congressional acts allocating funding to foster more secure, resilient, and strategic supply chains across multiple industries. 

However, there is no one-size-fits-all strategy that can be implemented to create a resilient supply chain. Rather, in the supply chain risk and resilience arena, there’s no right or wrong answer—just different answers across every company. It is important to customize your supply chain risk management and resiliency strategy to fit your own operations. To do that effectively you need to understand three things:

  • Your risk maturity, or where you currently are in terms of risk management practices;
  • Your risk appetite, or who you are in terms of your tolerance for risk; and
  • Your culture, or how your supply chain operates.

These three threads are critical to the success of an SCR&R journey. Why? If you don’t know where you are (maturity), who you are (appetite), and how you operate (culture), your SCR&R journey success is at risk.

Risk maturity: Where are you?

A key part of creating a SCR&R strategy is knowing where your company currently is in its risk and resiliency journey and how that compares with other companies. To help companies with this, our Consortium has created a five-stage maturity model (see Figure 1). By knowing where you are currently and what your next steps are, your company will be better able to operate in an era of volatility, uncertainty, complexity, and ambiguity (VUCA).

\u201cSupply chain risk & resiliency maturity model

Stage 1: Foundational. In this stage, companies have little or no awareness of risk management or formal education on the tools, techniques, and solutions that are available today. Companies in this stage should develop supply chain processes that incorporate risk and resilience best practices.

Stage 2: Visibility. Visibility and awareness of risk across the supply chain is an important step. Here, transparency is generated across the supply chain—both upstream to suppliers and downstream to customers. The ability to become aware and respond faster than competitors to risk events is a critical success factor.

Stage 3: Predictability. At this stage, companies have the capability to test supply chains in terms of “what-if” scenario planning. Network modeling and mapping tools provide a view into how supply chains might react to risk events. The insights from these tools help companies create risk response plans. Exemplary companies at this stage proactively identify risks through alerts, assess them using digital twin models, and mitigate them (or even turn risks into opportunities).

Stage 4: Resiliency. Risk management leaders now embed their tools, techniques, and key risk indicators into daily supply chain decision-making processes. These frameworks, protocols, metrics, and organizational structures provide a foundation for operational excellence in risk management and building a resilient enterprise.

Stage 5: Sustainability. Companies build upon their organizational infrastructures through corporate frameworks such as enterprise risk management; governance, risk and compliance; and process standardization. Leaders continually assess their risk profile and leverage their knowledge database to improve processes. 

Like any major corporate process, supply chain risk and resilience management requires continuous attention and improvement. Leaders who are ahead in this maturity model will fare much better than their competitors.

Risk appetite: Who are you?

Another key factor to consider when creating a SCR&R strategy is how your company views risk in general, or what its appetite for risk is. McKinsey, in its “Risk Report of 2017,” defined risk appetite as “the aggregate level and types of risk a board of directors and management are willing to assume to achieve its strategic objectives and business plan, consistent with applicable capital, liquidity, and other regulatory requirements.”1

Based on that definition, we’ve provided a profile of what we call the four risk perspectives or appetites, which you can read on the right of Figure 2. The key to understanding the different perspectives lies in the x– and y–axes. On the y–axis, is how a company might perceive risk. At the bottom of the y–axis, the perspective is somewhat risk averse, meaning, the company attempts to avoid any initiative that creates a risk to the bottom line. Moving higher on the y–axis, a company might perceive risk as an opportunity. The x–axis represents the risk strategies/tactics that tend to support the four risk appetite perspectives: nothing, seek to control losses, risk steering in which all decisions are driven by a careful cost/benefit analysis, diversifying, and risk acceptance. There’s no right or wrong risk appetite for a company to have, just differences.  

\u201cThe four risk appetite perspectives

Culture: How do you operate?

Finally, risk, from the Consortium’s point of view, is all about culture. When it comes to devising a SCR&R strategy, it’s important to remember what the world-renowned management guru Peter Drucker allegedly said: “Culture eats strategy for breakfast.” In other words, even the best devised risk and resiliency strategy will fail if it runs counter to a company’s internal culture or how it actually operates. 

One way to think about a company’s culture is using the SCRM Consortium’s Operational Propensity graphic, which is shown in Figure 3. We call this graphic: “What’s the shape of your kite?” It uses four characteristics (shown around the edges) to define a company’s culture: speed, external focus and differentiation, agility, and stability and control. The four edges help define four different personas: bureaucratic, trapped, agile, and startup. 

\u201cExample of operational propensity (culture) 'kite'

No company or organization is all one type of persona, but a company does tend to have an overwhelming propensity in terms of operational style and attitude, which we call the “longest shape of the kite.” The company depicted in this example is mainly bureaucratic, or slow to react and focuses on efficiency. However, the graphic also shows that the organization does have some startup qualities and push for collaboration. Again, there are no right or wrong kites here, just different ones.

Putting it all together

To help companies conceptualize these three key threads, the SCRM Consortium built an online survey, consisting of 92 questions covering risk perspectives, risk processes, risk maturity, risk appetite, and operational propensities. We advocate that companies have five to eight company executives from multiple disciplines take the survey to provide differing perspectives revolving around risk. The answers to the survey questions are then run through artificial intelligence/machine learning (AI/ML) algorithms, which produce:  

•      A computer-generated graphic positioning the company within our five-stage risk maturity model (where you are);

•      A computer-generated graphic depicting your risk appetite (who you are);

•      A computer-generated graphic profiling your operational propensity/culture (how you operate); and

•      Five to eight action items, based on the above positioning, to move the company forward on an SCR&R journey. This is all encapsulated within a 90-Day SCR&R hardcopy report, packed with insights for a successful SCR&R journey.

The online survey and risk assessment tool helps the Consortium sit with clients and guide them on their risk journey. Typically, there are process checkpoint calls throughout the 90-day project, which includes hours of coaching.

Dow’s engagement 

Many companies have used this tool to help them plot out their SCR&R journey, including the materials science company Dow. A global company with annual revenues of over $55 billion in 2022, Dow produces a large portfolio of products including plastics, industrial intermediates, coatings, and silicones at 104 manufacturing sites in 31 countries.

Dow’s executive risk teams have been in place for decades. They have been identifying and assessing risks for operational projects in logistics, procurement, manufacturing, and finance across multiple business units. Dow’s corporatewide approach has been to have its Global Security Operations Center (GSOC) manage external threats.

Recently the company has been trying to better understand what risks there are relative to the company’s own processes as well as how its employees think about and approach risk. As part of that effort, Dow used the Consortium’s online SCR&R assessment tool to profile a major product line’s as-is SCR&R maturity level, risk appetite, and operational propensity/culture.

A small group of Dow executives engaged in the online survey. It took Dow about 30 days to get 100% completion. The executives were from Risk Management, Supply Chain, Logistics, Engineering, the Tech Center, Finance, and Analytics. The feedback from the Dow team aligned very closely with the AI/ML computer-generated graphs depicting where they are on the risk maturity model, who they are from a risk appetite perspective, and how they operate. The SCR&R assessment tool report produced a 90-day plan and recommended new metrics for measuring supply chain resilience at Dow. The table in Figure 4 represents Dow’s future state metrics going forward in this space, identifying key performance indicators for each stage of the risk management process including: sensing a risk, interpreting it, generating alternatives, deciding what action to take, and executing on the action. 

\u201cDow's new metrics for measuring supply chain resilience

Dow’s experience with the SCR&R Assessment Tool is very reminiscent of other companies that have used it. The concept of using current risk maturity level, risk appetite, and culture to help formulate a SCR&R strategy has proven helpful to executives across multiple industry sectors, including consumer packaged goods, software, electronics, industrials, health care, and chemicals. 

Risk and VUCA

It’s clear that we are operating in an increasingly complex and interconnected business environment that is experiencing many rapid and unpredictable changes. Often times it can be difficult to judge what these changes might mean for the future of our organizations. Some people describe this environment using the acronym “VUCA,” which stands for volatility, uncertainty, complexity, and ambiguity. In a VUCA world, supply chain risk and resilience become more important than ever. 

While identifying and assessing risks is an important start on the supply chain risk management journey, it’s not enough. Unless you take real action, risk identification and assessment end up being only academic exercises. To truly know how your company should act to mitigate or manage those risks, you need to first understand where you are on the risk maturity curve, who you are in terms of risk appetite, and how you operate. Otherwise, you might create a plan that does not match your particular organization’s operations and needs. Only by understanding your risk maturity, appetite, and culture can you hope to realize the benefits of risk mitigation and management, which include cost reductions, cost avoidance, top-line revenue growth, market share growth and working capital improvement. 

Notes:

1.McKinsey on Risk, No. 3 (June 2017): https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/mckinsey-on-risk/mckinsey-on-risk-number-3-summer-2017

Recent

More Stories

cover of report on electrical efficiency

ABI: Push to drop fossil fuels also needs better electric efficiency

Companies in every sector are converting assets from fossil fuel to electric power in their push to reach net-zero energy targets and to reduce costs along the way, but to truly accelerate those efforts, they also need to improve electric energy efficiency, according to a study from technology consulting firm ABI Research.

In fact, boosting that efficiency could contribute fully 25% of the emissions reductions needed to reach net zero. And the pursuit of that goal will drive aggregated global investments in energy efficiency technologies to grow from $106 Billion in 2024 to $153 Billion in 2030, ABI said today in a report titled “The Role of Energy Efficiency in Reaching Net Zero Targets for Enterprises and Industries.”

Keep ReadingShow less

Featured

Logistics economy continues on solid footing
Logistics Managers' Index

Logistics economy continues on solid footing

Economic activity in the logistics industry expanded in November, continuing a steady growth pattern that began earlier this year and signaling a return to seasonality after several years of fluctuating conditions, according to the latest Logistics Managers’ Index report (LMI), released today.

The November LMI registered 58.4, down slightly from October’s reading of 58.9, which was the highest level in two years. The LMI is a monthly gauge of business conditions across warehousing and logistics markets; a reading above 50 indicates growth and a reading below 50 indicates contraction.

Keep ReadingShow less
iceberg drawing to represent threats

GEP: six factors could change calm to storm in 2025

The current year is ending on a calm note for the logistics sector, but 2025 is on pace to be an era of rapid transformation, due to six driving forces that will shape procurement and supply chains in coming months, according to a forecast from New Jersey-based supply chain software provider GEP.

"After several years of mitigating inflation, disruption, supply shocks, conflicts, and uncertainty, we are currently in a relative period of calm," John Paitek, vice president, GEP, said in a release. "But it is very much the calm before the coming storm. This report provides procurement and supply chain leaders with a prescriptive guide to weathering the gale force headwinds of protectionism, tariffs, trade wars, regulatory pressures, uncertainty, and the AI revolution that we will face in 2025."

Keep ReadingShow less
chart of top business concerns from descartes

Descartes: businesses say top concern is tariff hikes

Business leaders at companies of every size say that rising tariffs and trade barriers are the most significant global trade challenge facing logistics and supply chain leaders today, according to a survey from supply chain software provider Descartes.

Specifically, 48% of respondents identified rising tariffs and trade barriers as their top concern, followed by supply chain disruptions at 45% and geopolitical instability at 41%. Moreover, tariffs and trade barriers ranked as the priority issue regardless of company size, as respondents at companies with less than 250 employees, 251-500, 501-1,000, 1,001-50,000 and 50,000+ employees all cited it as the most significant issue they are currently facing.

Keep ReadingShow less
photo of worker at port tracking containers

Trump tariff threat strains logistics businesses

Freight transportation providers and maritime port operators are bracing for rough business impacts if the incoming Trump Administration follows through on its pledge to impose a 25% tariff on Mexico and Canada and an additional 10% tariff on China, analysts say.

Industry contacts say they fear that such heavy fees could prompt importers to “pull forward” a massive surge of goods before the new administration is seated on January 20, and then quickly cut back again once the hefty new fees are instituted, according to a report from TD Cowen.

Keep ReadingShow less