By Stephen DeAngelis
People now have access to more information than at any time in history — and it’s all available at the click of a mouse. You might find then find it surprising that a recent survey, conducted by Verdantix, found more than half of the company representatives who responded indicated “they still use a mix of spreadsheets and paper” as part of their supply chain risk management process.[1] The survey involved 161 executives in heavy industry sectors in six countries. The study concluded companies failing to use digital age technologies “do not have the ability to use the information to drive better safety and compliance outcomes for their businesses.” It is fair to say that companies using pre-digital age risk management processes may not be taking risk management seriously enough.
Rick Brumett writes, “While understanding and utilizing a traditional risk management program can be sufficient for many companies, a more mature, better business-value approach recognizes that risk management is a critical part of any sustainability strategy. It is no longer enough for organizations to maintain a complete understanding of their streamlined processes, lean improvement programs and enterprise-wide communications. To grow and succeed, it is imperative that enterprise leaders effectively identify and demystify all layers of risk in order to expand into new markets and sustain a competitive advantage.”[2] He goes on to note, “The rapid pace of change in the business environment is reaching record speed, and added challenges are exacerbated by growing volatility in global economies. Relying on inaccurate, incomplete or untimely data hinders executives’ ability to make the most intelligent decisions that affect the bottom line.”
Risk management at the speed of business
The term “risk management” reflects the fact that risks can’t be avoided only managed. The staff at CAST Software writes, “Supply chain risk management (SCRM) involves monitoring for and identifying potential threats to the supply chain. Although there is no way to completely eliminate risk, many issues can be avoided and contingency plans can be put into place to minimize or mitigate the impact on operations and/or profitability.”[3] As Brumett emphasizes, business now moves forward at record speeds and risks can confront businesses just as fast. There is no possible way for businesses to monitor and identify fast moving risks using paper and spreadsheets.
The CAST Software team writes, “Generally speaking, there are two types of risk associated with supply chains. There are things that are impossible to predict and plan for, such as natural disasters, epidemics, and acts of terrorism, and there are other things that can be planned for, provided an organization has the data necessary to observe and act on early indicators. This may include: Supplier/Production Disruptions; Warehouse Shortages; Transit Delays; Theft; Consumer Demand Changes; Cyber Security; [and] Software Risk.” I think they are mistaken when they assert you can’t plan for unpredictable risks. Simply ignoring those types of risks because they are unpredictable is setting a company up for greater than necessary adverse consequences. For example, companies located in areas prone to hurricanes (or having suppliers in those areas) absolutely need to plan for disruptions created by devastating storms. The GRC Pundit insists, “Organizations striving to increase risk management maturity in their organization become more: Aware; responsive; agile; resilient, and lean.”[4] Regarding those characteristics, the Pundit writes:
Aware. “[Organizations] want to have a finger on the pulse of the business and watch for change in the internal and external environments that introduce risk. Key to this is the ability to turn data into information that can be, and is, analyzed and be able to share information in every relevant direction.”
Aligned. “They need to align performance and risk management in the context to support and inform business objectives. This requires the ability to continuously align objectives and operations of the integrated risk capability to the objectives and operations of the entity and give strategic consideration to information from the risk management capability, enabling appropriate change.”
Responsive. “Organizations cannot react to something they do not sense. Mature risk management is focused to gain greater awareness and understanding of information that drives decisions and actions, improves transparency, but also quickly cuts through the morass of data to what an organization needs to know to make the right decisions.”
Agile. “Stakeholders desire the organization to be more than fast; they require it to be nimble. Being fast isn’t helpful if the organization is headed in the wrong direction.”
Resilient. “The best laid plans of mice and men fail. Organizations need to be able to bounce back quickly from changes in context and risks with limited business impact.”
Lean. “They want to build business muscle and trim fat to rid expense from unnecessary duplication, redundancy, and misallocation of resources; to lean the organization overall with enhanced capability and related decisions about application of resources.”
The risk management maturity level encouraged by the GRC Pundit will never be achieved using paper and spreadsheets; hence, the need for cutting edge technologies to help with early identification, prevention, and mitigation.
Digital age risk management tools
Many of the technologies used to enhance business operations, like cognitive computing, can also be used effectively in the risk management arena. There are also a number of solutions specifically designed for risk management processes. Linda Rosencrance writes, “Various types of supply chain risk management tools are available to enterprises, including predictive analytics, enterprise risk management (ERM) systems and sensors.”[5] Justin Bateh (@BatehJustin), supply chain expert and professor of business at Florida State College at Jacksonville, told Rosencrance, “When managing supply chain risk, it’s important to control for financial risk, inventory risk and procurement risks. Several tools are available at a company’s disposal, with the most important generally being a system of predictive analytics.”
There is no single set of risk management tools that is best for all companies. Eliot Arnold, chief strategy officer at Crunch Data Inc., told Rosencrance, “There typically isn’t a one-size-fits-all approach. In reality, a more heterogeneous environment is what companies, big supply chain firms, end up with — a mix of best-of-breed technologies that solves a particular problem.” He went on to say, “The tools that can best measure risk relative to supply chain performance are those that contribute significantly to managing risks. The adage ‘you can’t manage what you can’t measure’ is critical for risk prevention.” In addition to cognitive technologies, which can provide predictive analytics, Rosencrance notes that ERP software and governance, risk and compliance (GRC) tools can also be useful in the risk management process. She adds, “Blockchain is another technology that has the potential to reduce risk in the supply chain by expediting transaction processes by speeding up identity verification of the individuals who are transferring the assets and receiving the product shipments.”
One thing to remember when implementing risk management tools is that they need to work together. The GRC Pundit explains, “Risk management fails when information is scattered, redundant, non-reliable, and managed as a system of parts that do not integrate and work as a collective whole. … Successful risk management information architecture will be able to integrate information across risk management systems and business systems. This requires a robust and adaptable information architecture that can model the complexity of risk information, transactions, interactions, relationship, cause and effect, and analysis of information that integrates and manages with a range of business systems and external data.”
Footnotes
[1] Avetta, “More Than Half of Companies Still Use Paper and Spreadsheets to Manage Supply Chain Risk, Creating Significant Issues in Managing External Contractors and Suppliers,” Business Wire, 18 September 2019.
[2] Rick Brumett, “How to Navigate the Many Risks in Your Supply Chain,” IndustryWeek, 10 January 2017.
[3] Staff, “Supply Chain Risk Management,” CAST Software.
[4] The GRC Pundit, “Role of Technology in Risk Management Maturity,” GRC 20/20, 11 May 2017.
[5] Linda Rosencrance, “Supply chain risk management tools vary from generic to niche,” TechTarget, 14 May 2018.