Three keys to crafting an effective supply chain risk strategy
Before you can decide what actions to take to mitigate or manage a risk, you need to firmly understand your risk maturity level, appetite, and culture.
Gregory L. Schlegel, CPIM, CSP, Jonah, is the founder of The Supply Chain Risk Management Consortium, a former executive in residence, supply chain risk management at Lehigh University, and adjunct professor, enterprise risk management, Villanova University.
The COVID-19 pandemic pushed risk to the top of virtually every corporate agenda. For the first time in about 10 years, most executives (95%) said they had formal supply chain risk management processes, according to a November 2021 McKinsey study, “How COVID-19 is Reshaping Supply Chains.” McKinsey also found that 59% of the companies said they adopted new supply chain risk management practices over the past 12 months. And a small portion of the companies (4%) set up a new risk management function from scratch. Almost all respondents said they had strengthened existing capabilities.
As supply chain risk and resilience (SCR&R) evangelists, we at the Supply Chain Risk Management (SCRM) Consortium found this report to be very encouraging. For the past 13 years, the SCRM Consortium has been building out a body of knowledge in supply chain risk and resiliency in an effort to lead, guide, direct, and coach companies toward successful SCR&R journeys. Over the last three years, we’ve witnessed more companies exercising many of the best practices that we profiled in our book, Supply Chain Risk Management: An Emerging Discipline, back in 2015.
Because COVID has had such an uneven and devastating effect on almost every industry, the watch word during these past few years has been “resiliency.” At the SCRM Consortium, we believe that “A resilient enterprise has the capacity to overcome disruptions and continually transform itself to meet the changing needs and expectations of its customers, shareholders, and other stakeholders.” That is a very tall order. However, in the last few years, we have seen a very robust dialogue among our clients, in our workshops and webinars, and on our social media, covering the strategies of effective or resilient supply chains versus those of super-efficient supply chains. These discussions have covered nearshoring, onshoring, just-in-time versus just-in-case, and the merits of Lean. There has also been a focus and commitment to identifying risks and building out supply chains that can weather several types of risk events. All of these discussions have been in an effort to reinforce resiliency throughout the entire industrial supply chain. This includes U.S. Congressional acts allocating funding to foster more secure, resilient, and strategic supply chains across multiple industries.
However, there is no one-size-fits-all strategy that can be implemented to create a resilient supply chain. Rather, in the supply chain risk and resilience arena, there’s no right or wrong answer—just different answers across every company. It is important to customize your supply chain risk management and resiliency strategy to fit your own operations. To do that effectively you need to understand three things:
Your risk maturity, or where you currently are in terms of risk management practices;
Your risk appetite, or who you are in terms of your tolerance for risk; and
Your culture, or how your supply chain operates.
These three threads are critical to the success of an SCR&R journey. Why? If you don’t know where you are (maturity), who you are (appetite), and how you operate (culture), your SCR&R journey success is at risk.
Risk maturity: Where are you?
A key part of creating a SCR&R strategy is knowing where your company currently is in its risk and resiliency journey and how that compares with other companies. To help companies with this, our Consortium has created a five-stage maturity model (see Figure 1). By knowing where you are currently and what your next steps are, your company will be better able to operate in an era of volatility, uncertainty, complexity, and ambiguity (VUCA).
Stage 1: Foundational. Inthis stage, companies have little or no awareness of risk management or formal education on the tools, techniques, and solutions that are available today. Companies in this stage should develop supply chain processes that incorporate risk and resilience best practices.
Stage 2: Visibility. Visibility and awareness of risk across the supply chain is an important step. Here, transparency is generated across the supply chain—both upstream to suppliers and downstream to customers. The ability to become aware and respond faster than competitors to risk events is a critical success factor.
Stage 3: Predictability. At this stage, companies have the capability to test supply chains in terms of “what-if” scenario planning. Network modeling and mapping tools provide a view into how supply chains might react to risk events. The insights from these tools help companies create risk response plans. Exemplary companies at this stage proactively identify risks through alerts, assess them using digital twin models, and mitigate them (or even turn risks into opportunities).
Stage 4: Resiliency. Risk management leaders now embed their tools, techniques, and key risk indicators into daily supply chain decision-making processes. These frameworks, protocols, metrics, and organizational structures provide a foundation for operational excellence in risk management and building a resilient enterprise.
Stage 5: Sustainability. Companies build upon their organizational infrastructures through corporate frameworks such as enterprise risk management; governance, risk and compliance; and process standardization. Leaders continually assess their risk profile and leverage their knowledge database to improve processes.
Like any major corporate process, supply chain risk and resilience management requires continuous attention and improvement. Leaders who are ahead in this maturity model will fare much better than their competitors.
Risk appetite: Who are you?
Another key factor to consider when creating a SCR&R strategy is how your company views risk in general, or what its appetite for risk is. McKinsey, in its “Risk Report of 2017,” defined risk appetite as “the aggregate level and types of risk a board of directors and management are willing to assume to achieve its strategic objectives and business plan, consistent with applicable capital, liquidity, and other regulatory requirements.”1
Based on that definition, we’ve provided a profile of what we call the four risk perspectives or appetites, which you can read on the right of Figure 2. The key to understanding the different perspectives lies in the x– and y–axes. On the y–axis, is how a company might perceive risk. At the bottom of the y–axis, the perspective is somewhat risk averse, meaning, the company attempts to avoid any initiative that creates a risk to the bottom line. Moving higher on the y–axis, a company might perceive risk as an opportunity. The x–axis represents the risk strategies/tactics that tend to support the four risk appetite perspectives: nothing, seek to control losses, risk steering in which all decisions are driven by a careful cost/benefit analysis, diversifying, and risk acceptance. There’s no right or wrong risk appetite for a company to have, just differences.
Culture: How do you operate?
Finally, risk, from the Consortium’s point of view, is all about culture. When it comes to devising a SCR&R strategy, it’s important to remember what the world-renowned management guru Peter Drucker allegedly said: “Culture eats strategy for breakfast.” In other words, even the best devised risk and resiliency strategy will fail if it runs counter to a company’s internal culture or how it actually operates.
One way to think about a company’s culture is using the SCRM Consortium’s Operational Propensity graphic, which is shown in Figure 3. We call this graphic: “What’s the shape of your kite?” It uses four characteristics (shown around the edges) to define a company’s culture: speed, external focus and differentiation, agility, and stability and control. The four edges help define four different personas: bureaucratic, trapped, agile, and startup.
No company or organization is all one type of persona, but a company does tend to have an overwhelming propensity in terms of operational style and attitude, which we call the “longest shape of the kite.” The company depicted in this example is mainly bureaucratic, or slow to react and focuses on efficiency. However, the graphic also shows that the organization does have some startup qualities and push for collaboration. Again, there are no right or wrong kites here, just different ones.
Putting it all together
To help companies conceptualize these three key threads, the SCRM Consortium built an online survey, consisting of 92 questions covering risk perspectives, risk processes, risk maturity, risk appetite, and operational propensities. We advocate that companies have five to eight company executives from multiple disciplines take the survey to provide differing perspectives revolving around risk. The answers to the survey questions are then run through artificial intelligence/machine learning (AI/ML) algorithms, which produce:
• A computer-generated graphic positioning the company within our five-stage risk maturity model (where you are);
• A computer-generated graphic depicting your risk appetite (who you are);
• A computer-generated graphic profiling your operational propensity/culture (how you operate); and
• Five to eight action items, based on the above positioning, to move the company forward on an SCR&R journey. This is all encapsulated within a 90-Day SCR&R hardcopy report, packed with insights for a successful SCR&R journey.
The online survey and risk assessment tool helps the Consortium sit with clients and guide them on their risk journey. Typically, there are process checkpoint calls throughout the 90-day project, which includes hours of coaching.
Dow’s engagement
Many companies have used this tool to help them plot out their SCR&R journey, including the materials science company Dow. A global company with annual revenues of over $55 billion in 2022, Dow produces a large portfolio of products including plastics, industrial intermediates, coatings, and silicones at 104 manufacturing sites in 31 countries.
Dow’s executive risk teams have been in place for decades. They have been identifying and assessing risks for operational projects in logistics, procurement, manufacturing, and finance across multiple business units. Dow’s corporatewide approach has been to have its Global Security Operations Center (GSOC) manage external threats.
Recently the company has been trying to better understand what risks there are relative to the company’s own processes as well as how its employees think about and approach risk. As part of that effort, Dow used the Consortium’s online SCR&R assessment tool to profile a major product line’s as-is SCR&R maturity level, risk appetite, and operational propensity/culture.
A small group of Dow executives engaged in the online survey. It took Dow about 30 days to get 100% completion. The executives were from Risk Management, Supply Chain, Logistics, Engineering, the Tech Center, Finance, and Analytics. The feedback from the Dow team aligned very closely with the AI/ML computer-generated graphs depicting where they are on the risk maturity model, who they are from a risk appetite perspective, and how they operate. The SCR&R assessment tool report produced a 90-day plan and recommended new metrics for measuring supply chain resilience at Dow. The table in Figure 4 represents Dow’s future state metrics going forward in this space, identifying key performance indicators for each stage of the risk management process including: sensing a risk, interpreting it, generating alternatives, deciding what action to take, and executing on the action.
Dow’s experience with the SCR&R Assessment Tool is very reminiscent of other companies that have used it. The concept of using current risk maturity level, risk appetite, and culture to help formulate a SCR&R strategy has proven helpful to executives across multiple industry sectors, including consumer packaged goods, software, electronics, industrials, health care, and chemicals.
Risk and VUCA
It’s clear that we are operating in an increasingly complex and interconnected business environment that is experiencing many rapid and unpredictable changes. Often times it can be difficult to judge what these changes might mean for the future of our organizations. Some people describe this environment using the acronym “VUCA,” which stands for volatility, uncertainty, complexity, and ambiguity. In a VUCA world, supply chain risk and resilience become more important than ever.
While identifying and assessing risks is an important start on the supply chain risk management journey, it’s not enough. Unless you take real action, risk identification and assessment end up being only academic exercises. To truly know how your company should act to mitigate or manage those risks, you need to first understand where you are on the risk maturity curve, who you are in terms of risk appetite, and how you operate. Otherwise, you might create a plan that does not match your particular organization’s operations and needs. Only by understanding your risk maturity, appetite, and culture can you hope to realize the benefits of risk mitigation and management, which include cost reductions, cost avoidance, top-line revenue growth, market share growth and working capital improvement.
Companies in every sector are converting assets from fossil fuel to electric power in their push to reach net-zero energy targets and to reduce costs along the way, but to truly accelerate those efforts, they also need to improve electric energy efficiency, according to a study from technology consulting firm ABI Research.
In fact, boosting that efficiency could contribute fully 25% of the emissions reductions needed to reach net zero. And the pursuit of that goal will drive aggregated global investments in energy efficiency technologies to grow from $106 Billion in 2024 to $153 Billion in 2030, ABI said today in a report titled “The Role of Energy Efficiency in Reaching Net Zero Targets for Enterprises and Industries.”
ABI’s report divided the range of energy-efficiency-enhancing technologies and equipment into three industrial categories:
Commercial Buildings – Network Lighting Control (NLC) and occupancy sensing for automated lighting and heating; Artificial Intelligence (AI)-based energy management; heat-pumps and energy-efficient HVAC equipment; insulation technologies
Manufacturing Plants – Energy digital twins, factory automation, manufacturing process design and optimization software (PLM, MES, simulation); Electric Arc Furnaces (EAFs); energy efficient electric motors (compressors, fans, pumps)
“Both the International Energy Agency (IEA) and the United Nations Climate Change Conference (COP) continue to insist on the importance of energy efficiency,” Dominique Bonte, VP of End Markets and Verticals at ABI Research, said in a release. “At COP 29 in Dubai, it was agreed to commit to collectively double the global average annual rate of energy efficiency improvements from around 2% to over 4% every year until 2030, following recommendations from the IEA. This complements the EU’s Energy Efficiency First (EE1) Framework and the U.S. 2022 Inflation Reduction Act in which US$86 billion was earmarked for energy efficiency actions.”
Economic activity in the logistics industry expanded in November, continuing a steady growth pattern that began earlier this year and signaling a return to seasonality after several years of fluctuating conditions, according to the latest Logistics Managers’ Index report (LMI), released today.
The November LMI registered 58.4, down slightly from October’s reading of 58.9, which was the highest level in two years. The LMI is a monthly gauge of business conditions across warehousing and logistics markets; a reading above 50 indicates growth and a reading below 50 indicates contraction.
“The overall index has been very consistent in the past three months, with readings of 58.6, 58.9, and 58.4,” LMI analyst Zac Rogers, associate professor of supply chain management at Colorado State University, wrote in the November LMI report. “This plateau is slightly higher than a similar plateau of consistency earlier in the year when May to August saw four readings between 55.3 and 56.4. Seasonally speaking, it is consistent that this later year run of readings would be the highest all year.”
Separately, Rogers said the end-of-year growth reflects the return to a healthy holiday peak, which started when inventory levels expanded in late summer and early fall as retailers began stocking up to meet consumer demand. Pandemic-driven shifts in consumer buying behavior, inflation, and economic uncertainty contributed to volatile peak season conditions over the past four years, with the LMI swinging from record-high growth in late 2020 and 2021 to slower growth in 2022 and contraction in 2023.
“The LMI contracted at this time a year ago, so basically [there was] no peak season,” Rogers said, citing inflation as a drag on demand. “To have a normal November … [really] for the first time in five years, justifies what we’ve seen all these companies doing—building up inventory in a sustainable, seasonal way.
“Based on what we’re seeing, a lot of supply chains called it right and were ready for healthy holiday season, so far.”
The LMI has remained in the mid to high 50s range since January—with the exception of April, when the index dipped to 52.9—signaling strong and consistent demand for warehousing and transportation services.
The LMI is a monthly survey of logistics managers from across the country. It tracks industry growth overall and across eight areas: inventory levels and costs; warehousing capacity, utilization, and prices; and transportation capacity, utilization, and prices. The report is released monthly by researchers from Arizona State University, Colorado State University, Rochester Institute of Technology, Rutgers University, and the University of Nevada, Reno, in conjunction with the Council of Supply Chain Management Professionals (CSCMP).
"After several years of mitigating inflation, disruption, supply shocks, conflicts, and uncertainty, we are currently in a relative period of calm," John Paitek, vice president, GEP, said in a release. "But it is very much the calm before the coming storm. This report provides procurement and supply chain leaders with a prescriptive guide to weathering the gale force headwinds of protectionism, tariffs, trade wars, regulatory pressures, uncertainty, and the AI revolution that we will face in 2025."
A report from the company released today offers predictions and strategies for the upcoming year, organized into six major predictions in GEP’s “Outlook 2025: Procurement & Supply Chain.”
Advanced AI agents will play a key role in demand forecasting, risk monitoring, and supply chain optimization, shifting procurement's mandate from tactical to strategic. Companies should invest in the technology now to to streamline processes and enhance decision-making.
Expanded value metrics will drive decisions, as success will be measured by resilience, sustainability, and compliance… not just cost efficiency. Companies should communicate value beyond cost savings to stakeholders, and develop new KPIs.
Increasing regulatory demands will necessitate heightened supply chain transparency and accountability. So companies should strengthen supplier audits, adopt ESG tracking tools, and integrate compliance into strategic procurement decisions.
Widening tariffs and trade restrictions will force companies to reassess total cost of ownership (TCO) metrics to include geopolitical and environmental risks, as nearshoring and friendshoring attempt to balance resilience with cost.
Rising energy costs and regulatory demands will accelerate the shift to sustainable operations, pushing companies to invest in renewable energy and redesign supply chains to align with ESG commitments.
New tariffs could drive prices higher, just as inflation has come under control and interest rates are returning to near-zero levels. That means companies must continue to secure cost savings as their primary responsibility.
Specifically, 48% of respondents identified rising tariffs and trade barriers as their top concern, followed by supply chain disruptions at 45% and geopolitical instability at 41%. Moreover, tariffs and trade barriers ranked as the priority issue regardless of company size, as respondents at companies with less than 250 employees, 251-500, 501-1,000, 1,001-50,000 and 50,000+ employees all cited it as the most significant issue they are currently facing.
“Evolving tariffs and trade policies are one of a number of complex issues requiring organizations to build more resilience into their supply chains through compliance, technology and strategic planning,” Jackson Wood, Director, Industry Strategy at Descartes, said in a release. “With the potential for the incoming U.S. administration to impose new and additional tariffs on a wide variety of goods and countries of origin, U.S. importers may need to significantly re-engineer their sourcing strategies to mitigate potentially higher costs.”
Freight transportation providers and maritime port operators are bracing for rough business impacts if the incoming Trump Administration follows through on its pledge to impose a 25% tariff on Mexico and Canada and an additional 10% tariff on China, analysts say.
Industry contacts say they fear that such heavy fees could prompt importers to “pull forward” a massive surge of goods before the new administration is seated on January 20, and then quickly cut back again once the hefty new fees are instituted, according to a report from TD Cowen.
As a measure of the potential economic impact of that uncertain scenario, transport company stocks were mostly trading down yesterday following Donald Trump’s social media post on Monday night announcing the proposed new policy, TD Cowen said in a note to investors.
But an alternative impact of the tariff jump could be that it doesn’t happen at all, but is merely a threat intended to force other nations to the table to strike new deals on trade, immigration, or drug smuggling. “Trump is perfectly comfortable being a policy paradox and pushing competing policies (and people); this ‘chaos premium’ only increases his leverage in negotiations,” the firm said.
However, if that truly is the new administration’s strategy, it could backfire by sparking a tit-for-tat trade war that includes retaliatory tariffs by other countries on U.S. exports, other analysts said. “The additional tariffs on China that the incoming US administration plans to impose will add to restrictions on China-made products, driving up their prices and fueling an already-under-way surge in efforts to beat the tariffs by importing products before the inauguration,” Andrei Quinn-Barabanov, Senior Director – Supplier Risk Management solutions at Moody’s, said in a statement. “The Mexico and Canada tariffs may be an invitation to negotiations with the U.S. on immigration and other issues. If implemented, they would also be challenging to maintain, because the two nations can threaten the U.S. with significant retaliation and because of a likely pressure from the American business community that would be greatly affected by the costs and supply chain obstacles resulting from the tariffs.”
New tariffs could also damage sensitive supply chains by triggering unintended consequences, according to a report by Matt Lekstutis, Director at Efficio, a global procurement and supply chain procurement consultancy. “While ultimate tariff policy will likely be implemented to achieve specific US re-industrialization and other political objectives, the responses of various nations, companies and trading partners is not easily predicted and companies that even have little or no exposure to Mexico, China or Canada could be impacted. New tariffs may disrupt supply chains dependent on just in time deliveries as they adjust to new trade flows. This could affect all industries dependent on distribution and logistics providers and result in supply shortages,” Lekstutis said.