Understanding supply chain risk management

by Everstream Team

Your organization’s supply chain is its lifeblood. But long, complex supply chains can be vulnerable too. That’s why effective supply chain risk management should be part of every organization’s business continuity planning. 

It’s highly likely that your product managers don’t even know all that goes into the making of a single product. How could they? The manufacture of a modern integrated circuit (IC) involves more than 1,000 separate processing steps and 70 or more border crossings between suppliers and service providers in a dozen or more countries.1 Semiconductors are among the most complex products manufactured today, and they’re present in a high percentage of manufactured goods. But even simpler supply chains rely on multiple global sources. Global trade in goods reached a record level of almost $25 trillion in 2022.2 

Just look at the factory closures and transport disruptions linked to the COVID-19 pandemic which caused domino-effect disruptions for almost everyone. In one survey of U.S. Fortune 1000 companies, 94% said that the coronavirus had disrupted their supply chains.3 And those effects lasted long after the initial crisis had passed. In another survey conducted in 2022, 100% of automotive companies and 97% of industrial products companies said that the pandemic had a net negative effect on their supply chains.4 

The coronavirus crisis was an exceptional event, but supply chain disruption is now business-as-usual. For example, run-of-the-mill issues with the complex supply chain of the Boeing 787 Dreamliner delayed the commercial launch of the airliner by three years and caused costs to overrun by $10 billion.5 According to McKinsey, a company can expect supply chain problems to cost the equivalent of half a year’s profits every decade on average.6 Supply chain problems can put projects, programs, and entire businesses in jeopardy.  

Although humans can’t track these myriad connections anymore, technology can. Digitized supply chain risk management (SCRM) using artificial intelligence can map and track a product’s elements, the suppliers, where they are located, and the risk level that your supply could dwindle, cost more, or disappear entirely.  

In this paper we will examine the different types of risk that can affect supply chains and the range of impact they can have. Then we’ll explain how companies can use SCRM strategies to identify and assess risks in their own supply chains. Finally, we’ll look at the strategic and tactical actions available to minimize, mitigate, and manage supply chain risks 

What is supply chain risk management? 

Supply chain risk management describes the tools, processes, and approaches that companies use to identify, assess, and mitigate the risks across their complex supply chains. It has become a critical part of every organization’s approach to risk management and business continuity planning.  

infographic with statistics on companies relying on supply chain risk management 

Sometimes disruption can even result from too much of a “good” thing. For example, as the world economy roared back to life following the COVID pandemic, demand for computer chips outstripped the semiconductor industry’s supply capacity. Customers in multiple industries faced high prices and long wait times for critical components. 

Similarly, demand for bicycles boomed during the pandemic, leading to widespread and long-lasting shortages throughout the industry. In December 2022, one major German bike maker had 45,000 unfinished machines in its warehouses, awaiting the delayed arrival of components from Asia-based suppliers.7 

Whether the causes are “good” or “bad,” supply chains are vulnerable to a huge range of different risks. Those risks tend to fall into a few major categories. 

Natural and climate disasters 

Earthquakes, floods, extreme weather, and volcanic eruptions can impart a terrible human cost, and they can disrupt economic activity for months.  

In 2021, a week of exceptionally low temperatures and severe snowstorms in Texas left 3.5 million people without power or water. The storm paralyzed the region’s huge petrochemical industry, affecting 95% of North American ethylene production. A critical raw material for plastics, disruption to ethylene plants led to high prices and ongoing shortages. 8  

Climate change is increasing the frequency, severity, and impact of weather-related natural disasters. That includes hurricanes and tropical storms, intense rainfall, droughts, and periods of extreme heat.9 

Cyber risks 

Digitalization has helped manufacturing processes and supply chains become faster, more efficient, and more flexible. But as advanced computer systems become more integral to modern business, any interruption to normal service can have far-reaching and costly effects. 

In January 2023, a ransomware attack on the UK’s Royal Mail service locked users out of the systems used to manage international letter and parcel deliveries. The attack brought the company’s overseas mail services to a halt for more than a week, and the resulting backlog led to weeks of delays as services slowly recovered.10 

Financial risks 

In tough economic conditions or competitive markets, suppliers can find themselves in financial trouble. If things get so bad that the affected business must scale back its operations or close altogether, customers can be left without the products they need.  

In 2022, for example, record gas prices caused serious disruption for energy-intensive businesses in Europe. Chemical companies shuttered plants, leading to shortages of basic materials, including ammonia and carbon dioxide in some markets.11 

Rapid input cost inflation put extra strain on businesses in multiple sectors, especially when long-term contracts made it hard for them to put up their own prices. In late 2022, a survey of German automotive suppliers found that 10% were facing financial difficulties because of inflation.12 

Environmental, social, and political risks 

Social and geopolitical shifts can upset supply chains. In recent years, moves by the U.S. to limit the transfer of sensitive technologies overseas have forced technology companies operating in China to reconfigure their supply chains, for example. 

Russia’s invasion of Ukraine in 2022 contributed to higher global food and energy prices. It also created extra problems for the automotive industry, which was already struggling with semiconductor shortages. Several major European carmakers relied on Ukrainian suppliers for the intricate wiring harnesses used in their vehicles.13 

Labor challenges can cause localized or widespread supply chain problems. Industrial disputes can shut factories for days or weeks, and shortages of workers have been a significant issue in many sectors in recent years. A lack of truck drivers was a major factor in delays at U.S. west coast ports in 2021, for example. At its peak, congestion at the ports of Long Beach and Los Angeles forced more than 100 loaded container ships to wait offshore for days or weeks until a berth became available. 

Governments, campaign groups, and customers are ramping up the pressure on companies to ensure that supply chain activities don’t harm the environment, workers, or communities. In January 2023, for example, a new German supply chain due diligence law came into force. It requires companies to identify, assess, prevent, and remedy human rights and environmental impacts in their supply chains, with potential fines of up to 2% of global turnover for those that fail to do so.14 

How to identify and manage supply chain risk 

An effective supply chain risk management approach must be built on a good understanding of the risks facing your supply chain, and the potential impact on your business if those risks manifest themselves. Before you can assess the risks in your supply chain, you need to understand the supply chain itself. That isn’t as simple as it sounds. Most companies can quickly generate a list of their direct suppliers, and they probably have a reasonable understanding of where their most important suppliers are and how they work.  

Things get a lot murkier further upstream. Do you know the names and locations of your suppliers’ main suppliers? What about the companies that supply those companies? Research by McKinsey & Company in 2022 found that just 17% of companies have a good understanding of their supply chains down to the third tier and beyond. The number was even lower for automotive, aerospace, and companies in other sectors with long, deep, and complex supply chains.15  

To support the world’s largest supply chains, Everstream uses artificial intelligence validated by human experts to automatically identify sub-tier supply chain structures. Our clients do not have to rely on labor-intensive survey projects, where the results quickly are out-of-date. 

diagram showing that artificial intelligence for supply chain risk management requires human expertise and guidance

Once a company has a good picture of its supply chain, it can begin to look at risks. That used to require a lot of arduous manual data collection and analysis, but the development of digital supply chain risk management platforms such as Everstream Analytics has significantly accelerated and simplified this step in recent years. 

Best practice involves evaluating supply chain nodes — which include manufacturing sites, warehouse locations, and the logistics between them — against a wide range of strategic risk criteria. Those criteria might include the historical frequency and severity of natural disasters, the political and social stability of the regions where the nodes are located, and dozens of other risk categories based on hundreds or thousands of datapoints from multiple sources. 

To simplify the analysis, it is common to adopt a scoring system for each type of risk. At Everstream, we rate risks on a 0-to-25-point scale. That scoring approach makes it possible to build strategic composite scores, providing an indication of the overall riskiness of a supply chain node while also giving users the ability to drill down to whatever level of detail they need. 

Next, a company needs to evaluate the potential impact of the risks it has identified. That is determined by the details of the organization’s overall supply chain structure, its products, and its business model. 

How critical is each supplier to the continuity of your operations? The sole supplier of a key technology is likely to be highly critical, while a supplier of commodity products produced by multiple players may be less critical. Critical parts don’t have to be expensive or complex: One of Boeing’s delays in building the 787 Dreamliner came from a simple fastener shortage. 

The same risk event could affect multiple suppliers simultaneously. That happens when many suppliers, or even entire industry sectors, are concentrated in the same region. The dominance of Thailand in hard disc production in the early 2000s and Taiwan in semiconductor production today are both examples of this. 

Combining your understanding of supply chain risks and supply chain criticality allows you focus and prioritize the most important risks, the most important components and materials, and the most important supply chain nodes. And that is the basis for a systematic approach to supply chain risk management. 

Risk mitigation in supply chain management 

Getting risks under control is a multi-stage process. And because the performance of the business is intimately linked to the performance of its supply chain, supply chain risk management decisions must be made in the context of its overall business strategy. 

diagram showing that leading companies are tackling supply chain risk management and measuring the results

Many organizations find it useful to conduct scenario planning and “what-if” modeling to investigate the implications of different supply chain operating models and risks management approaches. That has become easier thanks to the development of powerful analytics systems. Leading companies develop detailed “digital twins” of their supply chains, which they use to support both real-time operations and long-term planning. 

At its simplest, companies can think about two types of actions to manage risks in their supply chain. 

Strategic actions lead to resilience in supply chain risk management 

The setup of the organization’s supply footprint has a big effect on its risk profile. Taking risks into account while qualifying new suppliers or choosing production locations can reduce a company’s exposure to many sorts of risk, whether that’s avoiding flood-prone locations or reducing exposure to trade disputes or geopolitical tension. 

Network design and sourcing decisions can also help to mitigate risks when they do occur. That might involve dual sourcing for critical components, so that one supplier can fill in if another runs into problems. Or it might involve the careful choice of inventory locations to ensure products can get to key customers if the normal logistics lanes are disrupted. 

Shorter supply chains have less of a “risk surface” than long ones, which encourages companies to develop regional supply networks or pursue “nearshoring” strategies for key components. 

Inventory policy has a big effect on a company’s resilience in the face of supply chain disruption. Large buffer stocks of critical parts allow production operations to continue even if supply is disrupted. Those decisions come with costs, however, which include tying up capital in inventory, higher operating costs for warehouses, and the risk of being stuck with excess stock if customer demand patterns shift. 

One recent innovation is the emergence of specialist insurance for supply chain risk. Because supply chain risk is a complex area, it can be tricky for insurers to price policies and for companies to understand the level of coverage they need. In practice, the more an organization understands its own supply chain, the easier it is for both parties to agree to mutually acceptable terms, and dedicated insurance may have an important niche role to play in the risk-management strategies of more businesses in the coming years. 

Effective supply chain risk mitigation requires tactical actions 

Certain risks can’t be designed out of the supply chain. For others, the cost of doing so may outweigh the benefits. To handle these residual risks, companies need strong tactical risk management capabilities. 

Tactical risk management requires good planning. High-performing organizations create playbooks of responses to common supply chain disruptions, such as logistics delays or problems at a supplier facility. Those plans might include alternative transport routes or systems to re-allocate inventory to maintain production until normal service is resumed. 

Tactical planning also requires vigilance. The best time to respond to a supply chain disruption is before it occurs. The second-best time is as soon as it occurs. You can only do those things if you are watching your supply chain closely for signs of problems. Once again, digital tools have changed the landscape. Everstream Analytics can provide supply chain risk management teams with tailored alerts on a wide range of risks, from extreme weather events to labor unrest, allowing companies to act early and decisively to keep their supply chains flowing. 

And because you can’t plan for everything, leading organizations develop the capabilities to respond to unexpected events in a systematic way. That might involve setting up a cross-functional supply chain “war room,” for example, where senior staff from the supply chain, logistics, manufacturing, and other relevant functions have access to all the available data to make quick, effective decisions in a crisis.  

Benefits of adopting supply chain risk management 

There are many financial and operational benefits to implementing a supply chain risk management strategy. Here are three ways Everstream clients found efficiencies and savings.  

Step 1: Enhancing visibility 

Only 48.9% of disruptions happen in Tier 116 and a comprehensive supply chain risk management strategy gives you visibility to the rest of your supply network. An external-facing supply chain risk assessment in conjunction with an internal risk-tolerance analysis will help your team decide what level of risk to accept and how much is worth investing in risk mitigation. Personalized analytics keep operations within that range by supporting faster, smarter, more profitable decisions. 

For example, American chemicals firm DuPont gathered full supply chain insights from Everstream Analytics to gain an end-to-end understanding of their complex global supply chain. The study from Everstream Analytics focused on seven risk categories deemed most likely to impact DuPont’s supply chain: strikes, power outages, telecoms outages, industrial fires, terrorist attacks, IT failures, and the financial stress of suppliers. 

After mapping and visualizing the DuPont entire supply chain, Everstream gave each entity risk exposure and severity ratings. The analysis also created resilience ratings based on the available alternative capacities, time-to-recovery, and the importance of the entity to DuPont business. The analysis identified risk hotspots and choke points as well as appropriate risk mitigations. 

Step 2: Driving flexibility 

Building flexibility into your supply chain requires an appetite to invest in resilience. This means building operational processes that evaluate and optimize flexibility, so managers can see the right option at the right time. Risk visibility data allows risk to be quantified and prioritized. When managers have visibility into risk, they can transform that risk into opportunity. 

An example is German truck manufacturer Schmitz Cargobull. The company needed better supply chain visibility and transparency on logistics flows, right down to component level (e.g., axles, tires, etc.)—a considerable challenge in an automotive sub-sector characterized by extremely short lead times. 

The trailer subsector of the automotive industry features high demand volatility, requiring just-in-time and 100% make-to-order inbound supply chain processes. Schmitz Cargobull needed a global yet detailed view of high-risk events (strikes, weather alerts, etc.) impacting their own production sites or their global supplier base. 

Schmitz Cargobull created end-to-end supply chain visibility at the component level, and it paid off almost immediately. The organization was not impacted by strikes in Germany and Turkey because supply chain managers were able to proactively increase buffer stock before the disruption could affect operations. 

Network visualization also helps Schmitz Cargobull to reduce logistics costs by identifying potential supplier ex-work transformation and supplier consolidation projects. Schmitz Cargobull also saves on travel costs by rationalizing its worldwide supplier audit activity. 

Effective flexibility strategies can also lead to reduced freight, inventory, and material costs, along with improvements in on-time performance and customer satisfaction. 

Step 3: Hitting speed goals 

Demand, Sales & Operations Planning (S&OP), sourcing, production, and distribution all can be affected by ongoing events. These impacts can be profound and long-lasting, as illustrated by long recovery times for companies affected by COVID-19 supply chain problems. Modern technology can provide near-real-time risk information (specific to the individual company’s supply chain and products) and speed up crisis management and response.  

For example, supply chain managers who understood very early the potential effects of 2022 Winter Olympics in Beijing drew in buffer stock early and mitigated risk successfully. Those who did not anticipate the events scrambled to find alternative supply or logistic routes. Those challenges were worsened by the Chinese New Year holiday.  

Overall financial wins in supply chain risk management 

Even last-minute scrambles can be smoothed over with real-time and connected visibility on threats, inventory, and shipments as issues evolve. Artificial intelligence helps businesses quantify the value of proactive responsiveness to supply chain disruptions. At Everstream, we regularly run value analyses for our customers, who include some of the world’s largest manufacturers, distributors, and producers. 

diagram showing business benefits of a supply chain risk management strategy

For example, we analyzed the impact of a single day of downtime for a large manufacturer, including lost revenue, working capital, and expedited freight costs to make up for the delay. We also dug into less obvious costs, including customer satisfaction and return on human capital. 

The gross margin impact of a single day’s disruption at a single manufacturing site was calculated at almost $275,000. In this case, this “minor” disruption translates to a drop in shareholder value of over $6M. This loss also creates non-quantifiable sinking public perception and consumer trust, which are compounded when competitors avoid delays and seize market share. 

A tumultuous few years have helped prioritize the topic of supply chain risk with senior management in many businesses. Companies seeking to avoid the high costs and long-lasting damage that can arise from significant supply chain disruption are now working hard to build their supply chain risk management capabilities. 

Effective supply chain risk management is built on a detailed understanding of the supply chain, ongoing monitoring of risk and risk events, and a combination of strategic decisions and tactical actions designed to minimize, mitigate, and manage those risks.

Click here to download the full white paper PDF 

Share this post