Printer Friendly

Breached: outsourcing and global sourcing has meant greater corporate exposure to breaches in the supply chain, but leading risk managers are stepping up to the challenge.


Supply chain disruptions and brand reputation risks are growing in frequency and impact. Barely a day goes by without another media report of a supplier product safety issue or a disrupted flow of goods. The greater reliance on partners and global supply sources and markets is generating more supply chain uncertainty and shows no signs of abating.

Nearly three-quarters of risk managers say their companies' supply chain risk levels have increased since 2005. This is according to Marsh's survey of 110 risk managers, conducted in cooperation with Risk & Insurance[R] magazine.

Not only has risk gone up, but 71 percent report that the financial impact of supply chain disruptions has also increased--damaging bottom lines, customer retention and brand equity. Perhaps most concerning, not a single respondent says that their company is highly effective at supply chain risk management today, and just 35 percent says they were moderately effective.

The impact of growing supply chain risks goes well beyond the direct financial cost, and deeply impacts corporate brand equity and customer trust. We see a coming wave where greater supply chain risk management transparency will increasingly be demanded by business partners, policy makers and financial markets.

Risk managers are bearing the weight of increased expectations for helping their companies better assess and protect themselves from supply chain risks. More than two-thirds of risk managers surveyed say their companies now expect them to assist not only with insurable risks in the supply chain but also with assessing and addressing uninsurable risks. And 66 percent say they are now responsible for providing risk management advice on strategic supply chain decisions, such as new product launches, sourcing decisions and warehouse locations.

Shareholders, boards of directors and senior executives are now demanding better answers and accountability for supply chain risks. Although companies are concerned about these issues, most organizations are just beginning to contemplate the processes and policies to manage these challenges effectively. For risk professionals, this presents a new opportunity to expand their role and activities in the enterprise.

"Actual events have elevated our awareness of business vulnerability and reliance on the supply chain," says the risk manager at an entertainment company. Even though the impact of the company's disruptions were small, they enabled this risk manager to engage the CEO and chief financial officer and gain support to conduct supply chain vulnerability audits and formulate more detailed risk mitigation and business continuity plans.

The table to the left shows the risk areas of greatest concern to study participants. Many of these risks are extending the scope of risk evaluation and advice that risk managers must provide: knowledge of traditional property/casualty insurance issues is no longer sufficient in this dynamic supply chain world.

"Hurricanes and floods are not our biggest issues." says a risk manager from a major consumer products company. The risk issues of most concern, he says, are labor issues, raw material costs, political and regulatory climates, import/export restrictions, and risks involving shifting production from plant to plant or country to country.

Quantifying the potential impacts and prioritizing these evolving risks are among the biggest challenges they face, report risk managers. These tasks are made more daunting by all the external factors bearing on supply chain risk management, such as supplier interdependencies, regulatory changes, and the safety and security of global supply chains.


As supply chain risk levels in their enterprises have grown, many risk managers have been asked to take on more supply chain-related responsibilities and risk assessment studies. Risk managers not embracing this challenge are in peril of becoming marginalized as others in the enterprise rise to tackle this growing risk issue.

Risk management departments increasingly need to be versed in insurable, uninsurable, alternate financing and risk transfer opportunities for controlling supply chain risks--or be viewed as irrelevant to a growing segment of corporate risk.

"Our risk management department is antiquated," reports a legal counsel at a large food and beverage company. "It is staffed primarily with insurance adjuster supervisors. Supply chain risks are managed in different pieces throughout the organization


For the purposes of our study, we classified as "Innovators" the 35 percent of participating companies that reported they are at least "moderately effective" in managing supply chain risks. We found these organizations are taking radically different actions than their peers, who have low supply chain risk management effectiveness or lack formalized programs. According to study results, at these trail-blazing companies:

* The risk manager is taking a strategic role in mobilizing the company against both insurable and uninsurable supply chain risks.

* Supply chain risk management processes are consistent across the enterprise. In fact, innovative companies are a whopping nine times more likely to have consistent, companywide processes.

* Risks are evaluated across the company's end-to-end supply chain. Innovative companies are nearly three times more likely than their peers to include all their direct suppliers in their risk assessments, and twice as likely to include all their transportation carriers and logistics service providers.

To rein in supply chain risks, risk managers need to adopt a highly inclusive approach to supply chain risk management, fully engaging and involving their operational counterparts. A key aspect of success is building trust and ongoing communication between the risk manager and the supply chain operations group. Here are critical actions risk managers can take to succeed:

* Enhance your understanding of supply chain processes to become more adept at uncovering hidden supply chain interdependencies and risks. Many of these vulnerabilities will lie outside your company's four walls, often lurking among your tier-1 or tier-2 suppliers.

* Create a risk culture at your enterprise, where you are viewed as a strategic adviser but risk responsibilities and activities are engrained in supply chain departments, including procurement, manufacturing and logistics functions. Nearly eight out of 10 study participants say that for risk managers to be effective, they need to strengthen their networking skills with these parts of the organization.

Effective risk managers are helping their companies understand the root causes of supply chain risk and are structuring strategies to overcome them. A key aspect of success is building trust and ongoing communication between the risk manager and the supply chain operations group. The risk manager cannot simply walk into the supply chain department and claim instant oversight rights for all supply chain activities that may create risk for the corporation.

Instead, build relationships so that you become involved as early as possible in new initiatives or key changes to the business.

"Don't present yourself as a policeman but instead talk about their business goals and what risks they could present," advises a high-tech participant. "Tell them, 'Here's four things to think about or contingencies to plan.'"

Likewise, supply chain managers often do not have the strategic risk management skills and business continuity knowledge and creativity that a risk professional brings to the table. The most successful companies are creating a partnership atmosphere between the risk management team and supply chain managers.


It is not surprising that risk managers report that organizational issues are their biggest hurdles to effectiveness. All of a risk manager's skills at organizational facilitation, risk prioritization and risk monitoring will be taxed by supply chain processes.

Supply chain processes and the associated risks cross many functional departments within an enterprise, such as purchasing, manufacturing and logistics--as well as stretch beyond a company's boundaries to its suppliers and other supply chain partners.

The traditional focus of supply chain professionals has been on how to cut costs while maintaining sufficient customer service levels; strategic risk management has not been something most have been explicitly tasked with or measured on.

Burdened with daily tactical firefighting, it can be difficult for them to step back and take the time for risk processes. "At this point, supply chain risk isn't being considered because everyone is working so hard to get the job done," says a participant from a midsize food distributor and restaurant chain.

Many companies are struggling with supply chain risk management processes that are fragmented and inconsistent across functions, business units and geographic regions. These fragmented approaches lead to redundant efforts or unaddressed risks; they also make it extremely hard to also domino risk effects and hidden interdependencies across functions and regions.

Just 18 percent of study participants report having consistent, companywide processes for supply chain risk management. These organizations have been much more successful in containing supply chain risks than their peers. They are:

* 2 times less likely than their peers to have seen their supply chain risk levels increase significantly since 2005

* 1.4 times less likely to have seen their supply chain disruption costs increase significantly since 2005


Creating process consistency is, of course, easier to say than do. So how have study participants created process consistency across disparate functional organizations, geographic locations and internal political boundaries?

It turns out that these participants have taken a much more inclusive approach to supply chain risk management than their peers, fully engaging and involving their operational counterparts.

Advises a healthcare risk manager: "It's all about psychology. Present yourself as a resource to people versus making them feel like you are taking control."

Companies that have made some of the greatest strides in supply chain risk management also work with senior management to institutionalize risk management responsibilities.

For instance, 45 percent of companies with process consistency report that supply chain managers have risk plans or metrics in their job descriptions or management business objectives. Not a single company with inconsistent processes reported having this level of alignment.

Another critical enabler of process consistency is having a cross-functional supply chain risk team. Innovative companies are twice as likely as their peers to have cross-functional teams in place. A cross-functional team will typically consist of a combination of leaders from finance, legal, risk and operations. Some companies also report that a human resources representative is included on this team. Others include their insurance company or broker in their team discussions.

"We set up a cross-functional team two-and-a-half years ago," explains a risk manager at a data services company. "This shared structure has created consistency and lets us resolve issues quicker than in the past. For instance, understanding how others on the team have solved supplier issues has helped a lot."


To improve their ability to mobilize and partner with supply chain operations, risk managers can hone their skills in a number of areas. According to our risk manager participants, here are the most important aspects to strengthen:

* Increase your knowledge of end-to-end supply chain processes

* Strengthen your networking and orchestration skills for interacting across department boundaries and supply chain functions

* Become effective at translating supply chain risk issues into the language of the CEO/CFO to gain support for initiatives

* Increase your ability to educate the supply chain functions on key risk areas and best practices

* Put in place a risk measurement process that will allow you to aggregate risks across business traits and supply chain functions to monitor total company risk levels


* A wide majority of risk managers say their exposures to supply chain risk have increased since 2005.

* No survey respondents says their company is "highly effective" at supply chain risk management.

* Companies that are innovative at addressing supply chain risks are more likely to assess risks across a much broader portion of their supply chains.

* Innovative companies are twice as likely as their peers to have cross-functional teams in place and take a more inclusive approach to tackling supply chain risk.

@ On the Web

* The research process.

* Root causes of increased risk in the supply chain.

* Are supply chain risks receiving the attention they deserve?

* How risk managers can take action and protect their supply chains.

The Benefits of an Expanded Role

Risk managers' increased involvement with supply chain risks has benefited their companies in a number of ways, including:

* More effective insurance spend and risk portfolio balancing due to enhanced understanding of changing supply chain conditions

* Lower legal liabilities

* Enhanced business continuity and trade disruption management

* More cost predictability for the enterprise

* Improved oversight of suppliers (and suppliers' suppliers), logistics partners and contractors

* Improved ability to respond to customer queries concerning the company's business continuity and other plans

* Faster recovery time and better adherence to corporate guidelines when disruptive events occur

How Is "Supply Chain" Defined?

The supply chain includes all processes involved in making, moving, storing or servicing physical goods across the end-to-end supply chain--that is, from raw material producers through to the end customer.

Supply chain activities involve internal processes such as manufacturing, purchasing, warehousing, transportation and inventory management, as well as external activities performed on your behalf by suppliers, logistics partners, transportation carders, distributors, co-packers, service and repair organizations, and so on.

Executive Support: Not as Effective As Hoped

A surprising finding of the study was that a formal executive oversight committee that includes the CEO, chief financial officer or chief operating officer does not correlate to supply chain risk management performance improvements.

Participants with formal C-level oversight did not experience a lower financial impact of supply chain disruptions or a higher degree of supply chain risk management effectiveness than their peers. They also are no more likely to have consistent processes or testing of supply chain contingency plans than companies that lack an executive oversight committee. The study did find, however, that executive oversight leads to more risk manager responsibility for uninsurable supply chain risks and for providing risk advice on tactical/operational supply chain activities such as supplier delays.

Although a formal executive committee is not a silver bullet, it is still critical to secure top management support. "You must have senior management support to gather the required information in the organization," advises a participant from a large consumer products manufacturer. "A 'Risk at a Glance' executive report should be used to ensure continued support from the top."

Increasingly, risk is being incorporated into the formal corporate strategic planning process to ensure physical assets such as plants do not have geographic concentration points and to eliminate single points of failure in the supply chain.

Leading companies are instituting regular operating segment and business unit conversations about supply chain risk. These discussions are vital to ensure that business unit leaders and general managers are sufficiently accounting for and managing risks as their business conditions and strategies change.

Many enterprises with corporate risk management functions are implementing policies that make business unit heads responsible for conducting risk assessments and impact analyses on a yearly basis. This includes developing and testing business continuity plans for all critical assets, with "criticality" being defined as any asset that generates a certain level of contribution margin.

These assets can include:

* People

* Plants, distribution centers, stores, office locations and data centers

* High-importance brands, products or components

* Business processes

* IT applications and physical and electronic data

* Critical suppliers and all third-party risks such as logistics providers and co-packers, including the critical infrastructure or utilities they rely upon such as water and power

--Beth Enslow

Obstacles to Risk Management Effectiveness

Despite their best intentions, many risk managers face distinct challenges in mobilizing their organizations to assess and address supply chain risks more fully. Risk manager concerns include:

"The size, complexity and geographical dispersion of our supply chain operations,"

--Risk executive with a high-technology manufacturer

"Getting the knowledge to carry out competent reviews in this area."

--Risk executive with a large retail operator

"The cross-functional nature of the supply chain makes it challenging for the risk manager to get to know all the appropriate people and keep on networking as our organization evolves and people change roles."

--Risk executive with an apparel manufacturer

"Departments do not coordinate discussions of risk."

--Risk executive with a large contract manufacturer

Editor's note: The entire report is available on the Web at www.

BETH ENSLOW is a senior vice president in the Supply Chain Risk Practice at Marsh Inc. She has more than 20 years experience advising companies on physical and financial supply chain optimization and related risks. Her previous positions include running the supply chain and global trade research practices at Aberdeen Group and Gartner. She can be reached at
Top Supply Chain Risk Concerns

 % of Respondents

* Pricing risks 55%
* Risks and delays with our supplies 50%
 Risk with our own plants, warehouses, stores 41%
* Logistics delays and disruptions 40%
 Natural disasters 40%
* Customer-facing risks (e.g., demand volatility) 36%
* Brand reputation risks (product recalls, fair
 labor) 29%
* IP theft, counterfeiting, gray market 26%

* Expansion of risk manager's
traditional responsibilities

Note: Table made from bar graph.

Effectiveness of Supply
Chain Risk Management
Processes at Our

Highly effective 0%
Moderately effective 35%
Low effectiveness 28%
No formal process to address 24%
Do not know 14%

Note: Table made from pie chart.
COPYRIGHT 2008 Axon Group
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2008 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Enslow, Beth
Publication:Risk & Insurance
Article Type:Cover story
Date:Apr 15, 2008
Previous Article:Eliminating the weakest links.
Next Article:Risky business: as global supply-chain management becomes more important to overall corporate strategy, companies should be wary of how they tackle...

Related Articles
Listening to the signals: the decibels that ring loudest in the ears of risk executives in the electronics industries have to do with privacy and...
Strategic sourcing: a terrific analysis of "sourcing" was presented in a recent issue of Harvard Business Review.
Guessing game jitters: as companies cut costs and boost productivity by using complex inventory management techniques, they may be unwittingly...
Patchwork silt: mending an existing legacy insurance policy with technology coverage is worth its weight in mud. Such patchwork is insufficient, and...
The 'cyber' risks of outsourcing: outsourcing does not mean out of mind when it comes to cyberliabilities. Instead, companies with databases full of...
A new frontier: information security is a big task, and insurers are only beginning to provide specific coverage and risk-mitigation advice.
Cracking the toughest of risks: they're the six toughest risks to underwrite, for now, anyway, and an integrated international economy is making them...
Taking cover: directors and officers respond to the growing threat of cyber attacks.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters