Skip to content
By Timothy C. Stone, Senior Director, Supply Chain Risk Management
Supply chain risks—and the very concept of supply chain risk management (SCRM)—have changed radically in the last six years. SCRM used to be confined to logistics and product price/performance, a view that has become far too narrow to manage modern risks. Today, private and public-sector organizations must deal with an array of macro supply chain risk drivers, from trade wars and industrial espionage to modern slavery and climate change, with social media and the 24/7 news cycle amplifying reputational risk. To address these new, diverse risks and future-proof a supply chain risk management solution, organizations must integrate the right technology, ensure tailored compliance processes and governance, and seek out expertise in “modern” SCRM.
COVID-19, China, and SCRM: An Inflection Point
Supply chain risk management was traditionally about getting goods from Point A to Point B. Indeed, until only a few years ago, SCRM—as a professional discipline—was mostly equated with the logistics of just-in-time production, which aims to minimize the time, labor, and materials in a manufacturing process by aligning raw material orders from suppliers with production schedules. But dynamic socio-economic and geopolitical forces have transformed supply chain risk management—a story that cannot be told without exploring the COVID-19 pandemic and the continuing erosion of America’s relationship with China.
It’s no secret that the pandemic fractured global supply chains through government-mandated shutdowns, labor shortages, and demand-signal disruption. But COVID-19 also represented a supply chain inflection point by both crystallizing and amplifying America’s adversarial relationship with China, close trading partners for more than three decades. Faced with the sudden and frightening scarcity of life-saving products—PPE and pharmaceuticals, to name two key examples—U.S. government, industry, and citizenry awoke to America’s lopsided reliance on China for critical goods in a time of crisis. This was indeed a wakeup call: a jarring realization that, through decades of globalization, the U.S. had outsourced crucial needs to an authoritarian geopolitical adversary, breeding supply chain vulnerabilities that could—and in the pandemic’s case, did—implicate life and death.
To read more about key drivers impacting modern SCRM,
download our 2023 Supply Chain Risk Management Insights
Cybersecurity and Modern Supply Chain Risk Management
Cyber risk plays a role in virtually every supply chain and is critical to modern SCRM and supply chain resilience. Public- and private-sector organizations must identify, defend against, and remediate the effects of so-called “supply chain attacks” that can occur through third-party software and sometimes even hardware. A supply chain attack involves the latent implant of nefarious software or hardware that can disrupt business operations and, in some cases, jeopardize a victimized organization’s continued existence. Bad actors often use supply chain attacks to steal proprietary data, including IP and sensitive client information.
Many view the SolarWinds supply chain attack as the most significant in history and, like the pandemic, a defining event for modern SCRM, focusing greater awareness on software supply chains and their associated vulnerabilities. Indeed, before late 2020, the word “SolarWinds” denoted a very widely used but generally obscure U.S. software vendor; today, it’s nearly synonymous with the notion of American vulnerability to cyber espionage. In Q4 2020, the press began reporting that SolarWinds, a purveyor of IT systems management tools, had suffered a breach of its popular network management system software. A Trojan horse virus was replacing existing files on a target’s system with malware that resembled and did the same things as those files, yet that was creating backdoors to compromise the broader system while spreading to other networks. The hack breached the networks and systems of at least nine U.S. federal agencies and 100 companies, many of them household names.
To read more about cybersecurity supply chain risk management,
download our 2023 Supply Chain Risk Management Insights
So What Does “SCRM” Mean Today?
As illustrated above, today’s supply chain risk management goes far beyond the traditional understanding of SCRM as product price/performance and ensuring goods end up on a consumer’s doorstep. SCRM implicates diverse and complex risks driven by the interconnectivity of twenty-first century third-party relationships, with organizations exposed in real time to the vulnerabilities of their upstream suppliers. In other words, modern SCRM is about way more than whether your shipment of deodorant arrived on time. Rather, it’s effectively a health assessment of an organization’s suppliers across various risk types:
- Reputational, criminal, and regulatory
- Operational and financial stability
- Foreign ownership, control, and influence (FOCI)
- Environmental, social, governance (ESG)
- Cyber
The types of events and concerns that drive these risks, and that supply chain risk managers must consider, include:
- Government-led investigations, regulatory enforcement actions, and criminal prosecutions
- Evidence of fraud
- Supplier operational instability or financial duress
- Weather events and disasters
- Global and regional shortages of key materials, commodities, and products
- Geopolitical conflicts and trade wars
- Human rights and modern slavery
- Climate change and varied other concerns implicating ESG risk
- Cyberattacks
To learn more about modern SCRM,
download our 2023 Supply Chain Risk Management Insights
Modern SCRM: A Case Study
A recent series of geopolitical events, which call to mind a toppling row of dominos, exemplifies the interconnectedness of the risks in modern supply chain risk management. It all began with a geopolitical spat:
- Australia called for an international probe into the origin of the COVID-19 virus; China perceived this as an insinuation about China’s culpability for the pandemic.
- In response, hewing to its tried-and-tested playbook of economic coercion, China launched a trade war with Australia. The CCP used Chinese consumption of Australian exports as a lever to punish Australia: China boycotted several major Australian export industries, including coal, barley, copper, and wine.
- The boycott of Australian coal compounded an existing coal shortage in China stemming from the country’s efforts to reduce its coal consumption to meet aggressive climate-related goals (the CCP deliberately suppressed domestic coal prices to disincentivize coal mining and production). The upshot was an energy crisis in China, complete with electricity rationing and factory shutdowns, along with a resulting dip in Chinese industrial activity.
- The reduction in China’s industrial throughput compounded the economic slowdown already driven by China’s stringent zero-COVID policy. This occurred side by side with slowdowns among developing industrial economies that manufacture goods for Western markets, such as Vietnam and Malaysia—themselves besieged by COVID outbreaks and labor shortages.
- China’s reduced industrial throughput, in turn, led to shortages and associated price spikes in raw materials such as silicon and aluminum—China the leading global exporter of each—while exacerbating existing supply constraints and container shipping delays already stymying global ports.
To read the full SCRM case study,
download our 2023 Supply Chain Risk Management Insights
Organizations That Don’t Adapt to Modern SCRM Will Be Left Behind
Clearly, supply chain risk management heading into 2023 is about far more than logistics and price/performance. A modern SCRM program that focuses solely on this traditional view of a supply chain would be like trying to measure a person’s health by solely using an oxygen sensor. To be sure, the sensor would provide valuable data about oxygenation of the person’s blood, yet won’t necessarily tell you anything about the person’s vital signs, including body temperature, pulse rate, respiration rate, and blood pressure. While the sensor can thus confirm the patient has sufficient oxygen in his blood, it wouldn’t tell you if the patient had just dropped dead from an aneurysm. In the same vein, an organization’s supply chain health is about far more than one narrow risk.
The financial impact from mismanaging supply chain risk is real. Recent pandemic disruptions have cost the U.S. economy trillions, with shareholders and board members seeing this loss. Customers are frustrated with unmet demand, organizations find themselves in reputational peril, and major players in nearly all industries routinely suffer costly disruptions. Having SCRM-focused technology, processes, and expertise to understand, navigate, and monitor today’s supply chain risk is more than a “nice to have” as we approach 2023. It’s a “must have.” Organizations that adapt by investing in SCRM will be equipped to manage risk and build resilient supply chains, flourishing in this new operating environment. Those that don’t will get edged out, losing customers and revenue.
Need more transparency in your supply chain? Consider Exiger’s supply chain risk management software that can help surface all risks that might be hiding deep within your supply chain.
What Are The Building Blocks of an Effective Supply Chain Risk Management Program?
Although the prospect of building an effective SCRM program can be daunting for those organizations new to the party, the “how to” of managing supply chain risk can be captured in three key pillars:
- Tools to automate due diligence, risk assessments, and monitoring of third-party relationships;
- Processes and governance tailored to an organization’s priorities and pressure points; and
- Supply chain expertise across the implicated risk areas.
