No matter what business you're in-corporate or government, large or small, public or private risk is on the menu. Risk arrives in a wide variety of unappetising flavours: economic volatility, environmental and climatic concerns, rising fuel costs,work stoppages, supply shortages, quality breakdowns, and dozens of other daily specials.
And if that weren't enough, risk has become uncomfortably ubiquitous. Globalization is amajor factor: as the geographic scope of business grows, so does the exposure to upheaval.
So what do (or can) we really know about risk? And what active ingredientsmust companies include in their quest to identify,manage andmitigate risk? Companies know that identifying,managing and mitigating risk is vital. But the bigger,more elusive question is how to know what you don't know and how to prepare and respond to risk effectively.
Some actions are evident and self-explanatory. Companiesmust bemore agile. Theymust work to identify and quantify potential risks. Theymust continuously improve their business processes and adopt leading-edge technologies. Theymust even consider whether best practice is a less viablemantra, given that optimal responses to rapidly shifting conditionsmay be changing too quickly for a staid best practice to be of significant use. Agility-not someone else's best practice-is often the key to supply chain success in today's dynamic, risk-saturated world.
Still, there aremany ideas and actions that are less evident and less self-explanatory, just as there are numerous best practices that encourage or inspire agility, rather than impede it. Innovative companies can domore tominimize risk, not just craft a response to it. They canmanufacture locally as well as globally; source contingent suppliers and logistics providers; bettermonitor and adjust inventories and safety stock; and establishmore geographically distributed or near-shore supply bases. They also can reduce risk by updating their supply chain strategiesmore often than the usually accepted three to five years. After all, the worlds rapidly changing business conditions require supply chain networks that also should changemore frequently. Change ismore of a constant than ever before, so companies must design their supply networks with resilience and agility inmind.
Following are three basic guidelines for enabling effective risk-focused actions.
1. Effective risk management programs are formal constructs
Leading-edge technologymust be combined with business processes that are both risk-aware andto themaximumextent possibleself-healing. Think of this as a lifecycle-focusedmethodology for understanding, anticipating, accommodating andminimising disruptive events. Most organizations do not have a formal capability for quantifying, anticipating andmitigating/minimising risk. Instead, their riskmanagement strategies or continuity of operations plans focus onmajor disruptions and specific assets, such as back-up data centres or offsite data-storage facilities. In effect, they are asset-resilient but not mission-resilient. In addition, few entities have evaluated the risks associated with new operatingmodels, such as increased global interdependencies; expanded outsourcing relationships; and newmergers, acquisitions and partnerships.
2. Effective risk management programs are holistic
Companies need to think holistically about how to develop their risk management andmitigation programs.Historically,most entities' approaches havemirrored the shortcomings of their organizational models: poorly connected functional silos, inconsistent access to information, limitedmanagement-reporting capabilities,minimal collaboration, and insufficient risk awareness across the enterprise. In recent years,many have sought to remedy the problemby developing end-to-end approaches to process-management and organisational structure. Such insights are reflected in their development ofmore integrated riskmanagement models.
3. Effective risk management programs emphasize symptoms rather than scenarios
The guiding force behind any company's riskmanagement andmitigation programis preparation: understanding what potential disruptions exist; the likelihood, severity and duration of their occurrence; and the range of prioritized responses.However, optimal preparation is not contingent onmicro-identifications of every possible scenario. The complexities of today's environmentsmake it nearly impossible to accurately identify all of the scenarios that might occur. A better andmore practical course is to focus on commonalities across scenariosshared symptoms. Thismeans developing resilience frameworks not for work stoppages, hurricanes, terrorist attacks and so forth, but rather for labour shortages, destruction of property, supply disruptions and service outages. Building a risk programaround symptoms (the effects) rather than scenarios (the causes)makes resilience development manageable because it cknowledges that many events share characteristics, impacts and, most importantly, responses. There simply are too many potential disruptions for a business to develop comprehensive resilience programs for every one. For example, problems as varied as weather events and labour-driven port closures evince a similar need to maintain core services and suppliers.We often cannot know in advance when or where such upheavals will occur. But we can develop symptom-based programs that speak to the need for quick responses regardless of the specifics.
Beyond these three guidelines, there are several risk management mantraswhich should be borne inmind:
Many of the solutions needed to bring together data, tools and capabilities exist now. Companies can acquire and use them tomake riskmore identifiable,manageable and avoidable.
It's vital to develop a business case that defines the relationship between riskmanagement and shareholder value. In effect, you're defining the advantages and consequences associated with managing (or failing tomanage) risk.
Uncertainty is an unavoidable part of the risk management conundrum. However, a lot of companies fail to leverage the information they already have on hand.
To do riskmitigation, a company not onlymust know what the risks are; it must also have strategies in place before the event happens. The only way to do that is to createmodels and acquire supply chain software that can quickly simulate alternatives and pick the best one.
Responding effectively to any risk requires information at your fingertips so that you can make good decisions. Supply chainmanagement operations that contribute to high performance are those that maintain information at a level of detail that enables agile decisionmaking-or even
There are innumerable ways that risk can be reduced andmaterial value enhanced when exceptional risk management capabilities are built into a supply chain's basic structure. This is the nature, and the reward, of high performance: knowing better than the competition what to expect, and having the capabilities to turn that knowledge to your advantage. automated decisionmaking-such as dynamic routing and sourcing.