Over the past two years, global supply chains have been in a state of turmoil. For businesses across the economy, supply shocks and shortages have become a fact of life, and a financial headache: the cost of shipping containers on many major global trade routes has more than doubled.
With substantial supply chain risks set to remain for the foreseeable future, risk management needs to become a strategic function. Get it right and your business will gain a substantial competitive advantage.
Customers are demanding better and more transparent risk management. Their purchasing strategies are increasingly oriented toward suppliers’ ability to deliver (as well as cost).
As existing supply chains become less reliable, alternate sources are in big demand. But they are also few and far between. Key raw materials, such as lithium and magnesium, are hard to procure, while the supply base of several key sectors, such as semiconductors, is now highly concentrated.
Other risks include non-compliance with increasingly onerous trade restrictions, a lack of transparency, and a tricky transition from low-cost and just-in-time-based value chains to ones that revolve around environmental, social, and governance (ESG) factors. Each of these dynamics may contribute to shortages and high prices that ripple through supply chains. In some cases, businesses try to innovate their way out of trouble, but that can jeopardize their financial viability.
Risk management needs to be rethought
The market has responded to the reemergence of supply chain risk by offering a range of mapping and scoring technology/services, but many organizations fail to create sustainable competitive advantages and business cases around supply chain risk management by focusing too much on platform-driven approaches.
That is a mistake: companies that are adept at risk management will gain a competitive advantage. Trusted by customers, they are more likely to win new business. In fact, successful and transparent risk management increases the marketable quantity of end products by ensuring the ability to deliver. An important competitive differentiator in today’s world, robust risk management can justify higher prices.
It is important to recognize that a structured and systematic approach to identifying risks is now a must. Supply dynamics are too complex to be addressed ad hoc. Businesses need to take a comprehensive and fully transparent approach to risk management throughout the value chain. The organizational culture must reward the identification of risks and encourage open exchanges on this topic, while risk management should be embedded into the existing roles within the organization.
How do we approach risk management?
Drawing on our deep expertise in procurement and supply chain management, Kearney works with clients to develop a governance model to monitor the impact of risk across the organization. We aim to build a central, stringent, and cross-functional process for the systematic management of risks. Ideally, this process will be fully automated to address risks across all areas and for all customers in the best possible way.
A cognitive risk engine can be used to provide full risk transparency. If you can create a digital twin of your value chain, you can address risks throughout the entire value chain and logistics, right down to which customers are affected. Global, detailed, and real-time risk modeling, using a scalable cloud-based solution, is the best possible way to gauge risk and optimize the mitigation strategy.
But a risk management solution also needs to be flexible. To evaluate suppliers based in countries where information is difficult to obtain, a business may need to employ alternative forms of finance and risk modeling. It is important to receive this information in real time before another competitor terminates this supplier so that, in this case, a safety stock can be built up unnoticed.
How clients typically apply risk management in their supply chain
We see three supplier risk archetypes:
1. Risk seeker
Focused on regulatory compliance and mitigation of short-term risks. Risk management strategy characterized by specific risks and problematic suppliers. Uses streamlined technology diagnostic tools for identification and assessment of risk. This archetype may be first to move, but can miss quite a bit of the picture if they move forward without a robust process and governance to manage the process and act on identified risks.
2. Disruption avoider
Focused on future and buried risk, but potential disrupters take precedence. Risk management strategy characterized by broad supply chain bottlenecks including suppliers’ risk and performance, and crucial risk categories such as raw material or cyber. Uses identification of critical suppliers’ potential issues for identification and assessment of risk.
3. Strategic differentiator
Focused on risk management as a competitive advantage. Risk management strategy characterized by building strategic capability, and views risk as an input into business operation optimization. Uses strategy, process, governance, and technology for identification and assessment of risk including full digital twin of supply chain to reconfigure for resilience, and risk map as trigger for continuous management.
Additionally, the companies differentiating risk strategically as a competitive advantage encourage its strategic partners to follow Supply Chain Risk Management Standard (SCRM) culture and processes. Intellectual property and business sensitivity can prevent the level of openness desired to directly monitor supply chain risk, but if your partners can adopt the right mindset and process, you can be more comfortable with the level of risk and potential exposure.
Key questions to ask before setting out to improve the management of risk
Strategic
- What do you want to achieve—mitigate short-term risk and secure business continuity in the coming 24 months or drive strategic decision-making?
- Are you ready to adopt a predictive mindset to identify vulnerabilities and enable avoidance strategies?
Process
- Are you willing to create full transparency and connect key downstream processes to risk management?
- What performance improvements process are you willing to embed to ensure processes are self-healing and relevant?
- Are you willing to dedicate resources to contact second- and third-tier suppliers directly and obtain more information?
Governance
- Are you ready to make risk management a part of your main steering mechanism?
- Will you make sure that accountabilities are embedded in roles?
- Which key performance indicators (KPIs) will be used to incentivize risk mindset, and are they appropriate?
Technology/enablement
- What is your ambition for transparency and automation?
- Are your aspirations limited by existing technology and datasets?
Capabilities and culture
- Will you come up with a clearly articulated and socialized case for change?
- Do you have the ability to connect strategy and culture through metrics and performance management?
How to make the management of risk a source of competitive advantage
To provide guidance to our clients, Kearney has developed the risk management reference model (see figure 1).
Mindset
Understanding risk management. Make risk management a strategic function under the responsibility of the CPO with regular reporting and steering committees. It should be fully integrated along the entire value chain (R&D, purchasing/supply chain, sales).
Tone from the top. Risk management should be sponsored by the CEO, with the CPO taking technical responsibility, supported by a risk management committee consisting of relevant managers and employees from purchasing, supply chain, and R&D.
Transparency and honesty. Develop a risk management manual setting out risk management’s eight core dimensions (see below), which is accessible to the entire organization and the subject of recurring training courses and onboarding. Create an incentive model that rewards people for identifying and addressing risks, together with an organizational model that defines roles and responsibilities.
- Values and culture
- Communication and training
- Technical infrastructure and IT
- Risk management
- Goal setting
- Programs and processes
- Organization and control
- Monitoring and improvements
First line of defense
Risk identification and opportunities. Perceive risks as opportunities to gain a competitive advantage and introduce processes to identify risks. These should include:
- Scoping: Selection of industries, categories, value creation steps for risk sensing
- Sensing: Linking of internal (BOM—bill of materials), supplier (risks), and market (logistics) data
- Interpreting: Transfer of the harmonized data into the respective risk dimensions
- Dimension #1 (risk category): information security, regulations
- Dimension #2 (components): semiconductors, batteries
- Dimension #3 (supplier): …
- Evaluating: Prioritization of risks using a multidimensional scoring approach
- Planning: Development of actions to mitigate risks via cross-functional teams
Execution, steering, and monitoring. Introduce regular reporting mechanisms, such as business area-specific reviews of risks and cross-divisional review of risks, and ad hoc reporting mechanisms, such as external risk panels or a whistleblower system that can escalate and mitigate risks as appropriate. Control mechanisms could include an OBK-driven (objectives and key results) model based on a cross-functional organizational and process landscape and an internal system for monitoring the risk management process and its efficiency.
Tools and methods. Aggregate internal BOM, supplier risks, and market logistics data, while developing a fully automated and fully integrated IT solution for identifying and assessing risks, as well as tracking responsibilities and mitigation strategies.
Capabilities. Develop risk identification, mitigation, and prevention capabilities related to the technical, financial, and administrative capacity of an organization.
Continuous process improvement. Take a structured approach to identifying potential for improvement and corresponding measures, supported by a mindset of continuous improvement.
Second line of defense
Corporate risk management encompassing values and culture, goal setting, communication and training, programs and processes, technical infrastructure and IT, organization and control, risk management, and monitoring and improvement.
Legal: safeguarding buyers. Provide buyers with a defined framework for the selection of suppliers/components/raw materials, and a real-time overview of the risks via the integrated IT solution for risk management. Request that suppliers regularly fill out a questionnaire on the current risk situation and risk mitigation.
Third line of defense
Process and documentation audit, random sampling, and traceability. Develop a risk management handbook and a database that tracks risks and associated responsibilities.
What does “good risk management” look like?
In our experience, very few organizations can count themselves as leaders in risk management, nor use it to establish a competitive/business advantage. In many cases, they have assembled some pieces of the puzzle, but not all (see figure 2).
Here is a summary of what leaders will have implemented in each area of the risk management reference model:
Risk identification and opportunities. The supply chain has been modeled completely and transparently (in other words, which risks exist and which customers are exposed to these risks).
Execution, steering, monitoring. Cross-functional processes have been implemented to address risks. These will include a weekly reporting routine, structured approach, and checklist to assess risks and set up a task force. The organization will have a catalog of measures for known risks.
Tools and methods. An integrated and near real-time (less than five hours) cloud solution will collect all relevant data centrally and model risks. A risk management tool will present risks transparently along the value chain, with an interface to suppliers.
Capability setup. The organization will have the data science skills to model relationships and to create and manage IT solutions, together with cross-functional knowledge regarding industry-specific relationships, since parts are reused everywhere via platform models. The organization will have the skills to ensure process security and the mentality to identify the best possible solutions.
Continuous process improvement. After each incident, the organization will hold workshops with the process participants, possibly involving the respective suppliers and customers, and extract the potential for improvement.
Second line of defense. The buyer, supply chain manager, and risk manager will be involved in the development process with the value proposition of “Go” and “No go” component lists. If a supplier does not meet the relevant risk criteria, the buyer, supply chain manager, and risk manager will be able to exercise a veto.
Third line of defense. The organization will conduct internal and external audits on a regular basis to obtain expert opinions.
Ready to make risk management a strategic asset and a source of competitive advantage?
We understand the complexities of establishing a strategic risk management function and its implementation toward a competitive advantage. Our transformation approach ensures a comprehensive perspective with a clear business case. To talk more about your ambitions and how we can help, please contact the authors below.
Комментариев нет:
Отправить комментарий