Common Mistakes When Rolling Out a Supply Chain Risk Management Program

A critical part of any supply chain is an effective and efficient supply chain risk management (SCRM) program. A SCRM program does more than just protect an organization’s supply chain and improve supply chain resilience — it also protects overall financial performance and stakeholder value from negative impacts.

Read on for common mistakes made when developing SCRM programs and considerations to avoid these pitfalls.

1. The SCRM Program Lacks Appropriate Executive Sponsorship

The most common mistake we see is when organizations embark on a SCRM improvement journey without having gained the appropriate approval and sponsorship from their senior management team. Without executive support, the SCRM program is likely to be under-resourced in terms of the appropriate skilled SCRM personnel and the appropriate SCRM technology and data to drive a holistic solution. Supply chains do not respect functional boundaries. If the senior management team has not ensured that the SCRM program objectives set across the different functional areas are appropriately aligned to optimize performance, teams may have differing views on program goals and the “metrics that matter”. The executive sponsor should push to remove silos.

“We see organizations struggling because they were all different parts of organizations, whether it was a finance department, logistics, operations, compliance, they were all looking at supply chain through their own lenses and their own silos,” stated Timothy C. Stone, Vice President of Supply Chain Risk Management at Exiger Government Solutions. “And that’s really what supply chain risk management is: holistic informed decision making.” 

Read TRADES: A Framework for Modern Third-Party and Supply Chain Risk Management

Assess Your Organization’s Risk Maturity Today

2. The Absence of a Roadmap and Supporting Business Case

We caution clients against launching a SCRM improvement journey without a clear understanding of their current capability and desired capability. There are numerous frameworks that are helpful in scoping and designing a supply chain risk management program, but as often is the case, the “devil is in the detail.”

There are two key factors that underpin a successful supply chain risk management program:

• A roadmap – assessing and articulating the organization’s current-state capability, the desired future-state capability, and the execution roadmap to achieve it.
• A business case – investment requires a return on investment, which means developing a credible business case that withstands scrutiny and illustrates the benefits that arise from an effective supply chain risk management program.

3. Failing to Take Account of an Appropriate Range of Supply Chain Risk Factors

Several organizations make the mistake of only considering a limited number of risk perspectives. They may, for example, be focused only on looking at suppliers from a disruption perspective and even then, mainly looking at supplier financial stability. There can be many other causes of a disruption in a supply chain, such as:

• Sanctions, such as those imposed on Russia for its invasion of Ukraine, that prevent the receipt of relevant goods from a particular supplier
• Labor unrest or strikes in the supply chain
• Cyberattacks such as ransomware
• Physical damage to a supplier’s factory or logistics location as a result of a fire or flood

It is also increasingly important that organizations consider the environmental, social and governance issues (ESG) in their supply chains and where ESG risk management software can help, given the increasing regulations and risk of damage to reputation and brand value. These regulations include such acts as the Uyghur Forced Labor Prevention Act, the UK Modern Slavery Act, and the German Supply Chain Act. It is also important that you consider a range of risk sources:

• Structured ESG supplier questionnaires data
• Open-source social media information in multiple languages
• ESG product and material risk updates

4. Not Addressing the Multi-Tier Supply Chain Risk Exposures

Many organizations focus on their tier one or direct suppliers for their supply chain risk management, but the easiest tiers in your supply chain to evaluate are not where a large chunk of disruptions originate. Research, such as the Business Continuity Institute Annual Supply Chain Resilience Study, shows that around 40-50% of the disruptions come from lower tier suppliers. It is also important to note that increasing regulations put the onus on an organization to understand and manage issues from a multi-tier supply chain perspective. Failure to appropriately address the risks within your multi-tier supply chain will result in financial cost from both a disruption perspective, regulatory fines and impacts on brand value.

Multi-tier supply chains are too large and complex to manually evaluate and continuously monitor. Organizations can’t use cost as an excuse not to invest in technology to manage supply chain risk, especially where technology tools are readily available and risk exposure can be much more costly. Simply taking a vendor’s word about the reliability of their suppliers or relying on only questionnaires to surface risk can lead to unwelcome surprises and disruptions later. Make the investment now to help you gather information quickly and continuously for a holistic picture of your SCRM program.

“Upgrade the technology to help with your risk based program and get a really strong criticality assessment so that you know where to focus,” advised Erika Peters, Exiger’s Global Head of Innovation and Operations. “We have an AI natural language processing platform powered by DDIQ that helps our clients synthesize large volumes of datasets and sources to develop a variety of risk profiles all in one place.”

To help address the lack of supply chain visibility, especially from lower tier suppliers, Exiger created Supply Chain Explorer. The platform illuminates and maps vendors and their relationships to identify concentration and compliance risks.

Check Out: Supply Chain Explorer: First Ever Single-Click Supply Chain Risk Detection SaaS Platform

It is now possible to gain visibility into tracking the purchase and supply of subcontracted products, parts, raw materials, and ingredients. The recent Exiger acquistion of Supply Dynamics enables end-to-end supply chain visibility and holistic risk management via a single, secure, cloud-based enterprise platform.

Improving Your SCRM Program with Exiger

Exiger can help your organization build out or enhance its SCRM program with both experienced subject matter experts and our enterprise platform. Baseline and build third party risk management and supply chain risk management with our maturity assessment to get an idea of your organization’s risk maturity today. Contact us to learn more.

More resources:

• Modern Slavery: Lessons Learned Since the UFLPA Was Enacted
• The Uyghur Forced Labor Prevention Act and Its Impact on Supply Chains
• 7 Takeaways from the Executive Order on Tech Investments in China
• Streamlining Software Security: Harnessing the Power of SBOM