Supply Chain Management…Risky Business?

I just finished viewing insights from Risk Expert Joe Yacura of ISG, in the video, Supply Chain: Understanding The Risk Factors. This was an excellent, less-than-30-minute overview of supply chain risk management that I enjoyed with my bagel and tea. Joe discussed the critical nature of supply chains and the sources of risk, and he made some recommendations on how to harden the supply chain, specifically addressing cyber-attacks. A company ‘s supply chain and it’s criticality to the company ‘s reputation is more evident as the sources and frequency of risk increase. Joe defines supply chain risk simply as “the disruption of the flow of products or services that meet the requirements [of the company].” Consumers and regulators alike want greater transparency into supply chains, with a better understanding of vulnerabilities, and as a result we are seeing an increase in mandates for company supply chains. Major sources of risk include weather, natural disasters, product reliability and consistency, counterfeit information and misrepresentations. Let’s consider some of those risks: weather…who among us thought Manhattan could be so vulnerable until Sandy hit? How many of us, our hearts aching for the victims, were also concerned about our financial institutions and information, servers and files drowning in rancid water? Were there back-ups? Was my credit card statement floating in Battery Park or the basement of the bank I use? Cyber-attacks: wow, even the New York Times went down recently. If they can lose their bread and butter who else can be hit? Here’s something else to think about…this increased access to information, to big data, has a direct impact on how quickly we react to information and what happens as a result. Information spreads like wildfire, aided by social media. A labor dispute in a low-level management office in the morning can turn into a full-fledged urban strike that afternoon and a global crisis within a week. A malicious malware email can be sent from one foreign government to one citizen and eventually infect millions of computers within hours. Two contract employees engaged in information gathering and research can expose and disseminate data within hours using traditional means or emerging technologies. So how does this relate to Sourcing? Joe argues that in the three levels of a supply chain, the greatest risk is at every level. Since the Chief Procurement Officer (CPO) is ultimately responsible for the sourcing process, and the due diligence done in the contract process, he or she may be the only one with complete knowledge and understanding of the supply chain processes and any potential risks. These processes may be the source of weakness and require mitigation and management, or they could be the source of strength and serve as the mechanisms to harden the company against vulnerabilities. Many companies today employ Chief Resource Officers. These folks can be responsible for working with a CPO and CEO to help manage risk. They may implement best practices recommended by Joe like:

  •  Improve supplier visibility
  • Understand where company data resides and with which suppliers
  • Understand who, at a personal level, is responsible for your data at your suppliers
  • Monitor how your suppliers maintain their infrastructure and process
  • Implement technologies that improve visibility, security, and management
  • Track, monitor, and do it again and again
  • Understand the processes of your third party providers
  • Understand that reliability multiplicative

Joe concludes with the following insight: As we globalize and share services, we become more dependent on third parties to provide both core and support business. These relationships and the processes they dictate, must be constantly maintained, and managed properly. Companies should be prepared to react immediately and should have alternative sources of supply should disruptions occur. A company’s reputation depends on it. Click this link to view Joe’s insights. Visit SIG’s Resource Center for more information on risk management or join us at the 2013 Global Leadership Summit, this October 15-17, in Fort Worth, Texas, where risk management will be discussed in at least NINE different breakout sessions. If this is a hot topic for you, register now and participate in these conversations!

Mary Zampino

Mary Zampino

Senior Director of Global Sourcing Intelligence, SIG

Mary has over 20 years of experience in information technology and over 15 years of experience in sourcing. Mary's responsibilities as SIG include sourcing and developing content for SIG's Global Summits, researching and developing content for the SIG Resource Center (SRC), serving as a member of the SRC Thought Leaders Council and their respective working groups, managing SIG's Peer2Peer member discussions, conducting benchmarking activities, and contributing to original SIG content through newsletter and blog entries.