4 Risk Management Lessons From the Big Guys

Risk management has been a common topic for the electronics supply chain for a long time. Recently, though, supply chain risk management chatter has reached an all-time high.

Perhaps the intense interest has been driven by extreme events in the past year, such as natural disasters (hurricanes, tsunamis, etc.), as well as emerging threats and systemic vulnerabilities (oil dependence, armed conflicts, etc.). For example, in October 2012, Hurricane Sandy closed ports and airports in the northeastern United States. Floods in recent years also plagued Thailand, hitting more than 1,000 factories and creating huge problems for the automotive and high-tech industries.

“The risk becomes more complex as supply chains are more global in nature,” said Richard Waugh, vice president of corporate development at Zycus, a procurement solution vendor. “It has taxed and gone beyond what the legacy capabilities might be in some organizations.”

Further adding to the tension is an increased understanding of supply chain security, including regulatory risk, brand risk, and counterfeiting. Then, of course, are the normal risks of disruption, allocation, capacity, quality problems, and shortages.

Moreover, the nature of the supply chain has evolved rapidly. Taylor Wilkerson, program manager of supply chain management at consulting firm LMI explained:

In general, we've seen risk management shift quite a bit as companies have become more specialized, which in turn has led to the extension of the supply chain. Rather than the supply chain being two or three tiers, especially in [the] electronics world, you have retailer, final assembly, each of the components in that assembly and then the subcomponents. It's really extended the supply chain and shifted the role of risk management from having to manage immediate suppliers to having to manage several tiers up and down in the supply chain.

For large organizations, creating a comprehensive risk management approach is daunting. For midsized organizations, it's an even bigger stretch. “Smaller organizations are very much on the reactive side of risk management,” said Bindiya Vakil, CEO and founder of Resilinc Corp. “They focus more on day-to-day operations. It is difficult for them to have time, resources and money for more proactive initiatives.”

Today, the vast majority of midsized companies do not have a mature risk management system in place. The Corporate Executive Board Company (CEB), a member-based advisory company, conducted a poll that found that fewer than one in five midsized organizations falls into that category.

Fortunately, these smaller supply chains can successfully borrow from the big-company risk management playbook to address risk without having to have a centralized risk management program. Using these lessons, midsized organizations will be able to build a robust and effective risk management strategy.

Lesson 1: Think beyond first-level risk. Today, organizations must think beyond solely looking at events that would stop materials from moving or being produced, to any event that would create risk to the corporate brand, workforce management, environmental impact, and sustainability.

Further, it's important to think beyond the walls of the organization to see potential areas of risk. “A lot of smaller organizations tend to look at risk management and business continuity without understanding there is risk the supply chain that can do a lot of damage if a supplier has a risk event,” said Wilkerson.

Lesson 2: Focus on measuring and defining risk exposure. “Don't focus on past incidences as [a] way of defining what risks you are exposed to,” said Wilkerson. “It's a natural human tendency to look to the past, but that is not necessarily a good indication of what risk is going to be.”

Instead, consider the location of partners and suppliers, and look at business and economic trends. Once potential risks have been identified, they need to be prioritized and addressed in order. Focus on products that are specialized, or that represent a large amount of revenue or profit margin. “There is a danger in spending too much time in getting specific and precise in the analysis rather than getting enough information to take action,” said Wilkerson.

Instead, organizations need to build risk management into all of their decisions. “The mindset needs to be to influence these sourcing, planning and inventory management decisions so they are made in a risk management fashion,” said Vakil. She pointed to four methods of managing risk:

  1. Risk acceptance: Organizations should define a threshold of acceptable risk for all products. Commodities, for example, may allow for a high level of risk because they can be sourced from other vendors.
  2. Proactive risk mitigation: For high-exposure, vulnerable parts and suppliers, take steps to mitigate risk, taking them in order of importance.
  3. Crisis response: Because risk cannot be 100 percent mitigated, organizations should establish a process to quickly get notification of events that might disrupt the supply chain.
  4. Risk insurance: When risk cannot be managed in any other way, organizations should invest in insurance to address potential losses.

Lesson 3: Enhance partner communication. Get beyond the basic procurement and pricing discussions and talk with supply chain partners about how to respond to a disruption. “The goal would be to create better communication if there is an incident,” said Wilkerson. “It's to the benefit of both companies. You need to convince suppliers that they should notify you immediately if they [are] experiencing a disruption.”

Lesson 4: Integrate risk management technology tools thoughtfully. One advantage that midsized organizations have compared with larger organizations is a certain level of agility around technology adoption to support risk management efforts. Even so, simple technology isn't enough. “These tools have an excellent repository for data and analytics,” said Vakil. “However, the entire organization, including people, processes, incentives, and metrics, has to be aligned around the tool itself.”

A solid combination of planning, relationship building, and smart leveraging of technology can help even midsized organizations move forward in successfully managing supply chain risk.

Editor's note: This article was originally published in EBN's Velocity e-magazine. Read more here.

5 comments on “4 Risk Management Lessons From the Big Guys

  1. ITempire
    March 25, 2014

    Due to the expansion in business activities, one should continuously modify the risk managememt systems in companies keeping in mind the requirements of today's market needs. To compete, an organization should be mature enough to look its supply chain operations with a critical mind and take all necessary measures to strengthen its risk management systems.

  2. Eldredge
    March 25, 2014

    “The risk becomes more complex as supply chains are more global in nature,”

    I think part of the impact from globalization of the supply chain comes in the form of regional consolidation of key industries in an effort to gain from economy of scale and/or proximity to key resources.

  3. Hailey Lynne McKeefry
    March 26, 2014

    @WaqasAltaf, first of all, organizations need to really get a handle on how much risk that they can tolerate. There's often a misperception that there's a way to totally mitigate risk but that's an illusion. Organizations who get a handle on thier own risk tolerance can start making smart decisions despite limited resources.

  4. Hailey Lynne McKeefry
    March 26, 2014

    @Eldredge, globalization has a huge impact on the supply chain. Logistics becomes a huge part of that equation–and i think cross organizational cooperation is going to be increasingly important.

  5. Eldredge
    March 26, 2014

    In addition to changes in logistics, geographical co-locatin of same and/or related industries produces increasing risk for high impact from natural disasters and other geographical influences.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.