By Andrew K. Reese
Supply chain risk management has been a hot topic and a top draw on the industry conference and Webcast circuit for several years already. Entire events have been devoted to identifying and managing risk. Practice areas have sprung up within consultancies to advise clients on supply chain risk. Blogs have appeared covering risk, including one started by supply management solution provider Aravo at http://atrisk.net/.
In many ways, SCRM has taken on the characteristics of a critical discipline for supply chain executives. And all these trends have only been exacerbated by the recession, which highlighted the treat of supplier insolvency and supply chain disruption at a time when most enterprise executives were already feeling vulnerable.
And yet, in spite of all the ink and bytes that have been devoted to supply chain risk management (mea culpa, as this magazine has contributed its share to the conversation), a consensus remains elusive as to what exactly SCRM entails, how it should be defined, what kinds of strategies are necessary to address it, even who in the enterprise should address it. It seems that, to date, anyway, how you view supply chain risk, and how you manage it, still very much depends on where you sit in the supply chain.
Toward a Definition
The Supply Chain Risk Leadership Council (SCRLC), established in 2006 and counting among its member companies many of the leading brands across a variety of industry sectors (Cisco, Boeing, Procter & Gamble and Bank of America, just to name a few), defines SCMR as:
The practice of managing the risk of any factor or event that can materially disrupt a supply chain whether within a single company or spread across multiple companies. The ultimate purpose of supply chain risk management is to enable cost avoidance, customer service, and market position.
The all-encompassing nature of supply chain risk implied by that definition — "any factor or event" — has perhaps contributed to the generally slow pace at which a framework has been established for dealing with these risks. Noha Tohamy, the vice president of supply chain research at AMR Research (recently acquired by Gartner), has written and spoken extensively about SCMR and is perhaps the top analyst covering risk. She notes in a recent research report ("The Supply Chain Risk Leadership Council: Growing Influence, Growing Pains," March 04, 2010) that while the SCRLC has been effective in raising awareness of risk management, companies still need "practical advice" for how to incorporate risk management into their enterprises. "There's a critical need for a working framework that spans the major supply chain risks and the processes underlying them that can guide ... companies with advancing the concept of supply chain risk within their organizations," Tohamy writes.
The need for a precise understanding of what activities and what threats should and shouldn't be included in a company's supply chain risk management strategy is not trivial. As Anurag Dixit, vice president of marketing for spend management solution provider Zycus, writes in a recent whitepaper on risk: "In absence of a standard definition and framework [for risk management], people will have to rely on their experience and many times their gut-feel to assess risk they bring into the system when they choose a new supplier, move to a new supply market or redesign their supply chain. It is bound to lead to surprises and the chances are high that many of these decisions will not be positive.
"Moreover," Dixit adds, "this black-box approach prevents knowledge sharing at a larger department and enterprise scale."
In 2008 the Supply Chain Council (SCOR) recognized the conundrum that companies faced around supply chain risk. In the report "Managing Risk in Your Organization with the SCOR Methodology," the Supply Chain Council Risk Research Team noted that "less than half of enterprises have established metrics and procedures for assessing and managing supply risks and organizations lack sufficient market intelligence, process, and information systems to effectively predict and mitigate supply chain risks." The research team set out to fill that gap by not only offering a comprehensive definition of risk but also incorporate that definition into the SCOR model as a standard against which organizations can benchmark their own SCMR efforts.
Perspectives on Risk
However, even with the efforts of groups like the SCRLC and SCOR, the broader supply chain community has yet to form a consensus around strategies and best practices for supply chain risk. Sundar Kamakshisundaram, senior solutions marketing manager with spend management solution provider Ariba, suggests that, in part, this is because different groups within the enterprise have traditionally focused on specific areas of risk. Within many enterprises, for example, Finance may be tasked with looking at supplier financials as a signal of viability, Procurement may be primarily concerned with issues around contract compliance, and supplier performance may be the purview of Quality. "Whenever you talk to different people within an organization, you get different answers for what risk means," Kamakshisundaram says. "Different individuals focus on various operational metrics, and so companies are not taking a holistic approach to risk management."
So again, one's perspective on risk still appears to depend largely on where one sits in the supply chain, and within which function in the supply chain one sits.
On the demand management side, companies are struggling to understand how demand for their products is going to evolve in the post-recessionary economy, says John Vaughan, director of industry solutions with Patni Computer Systems' Business Consulting Services Group. "The largest risk that has to be managed now is the risk of demand patterns changing," Vaughan says. "When growth reappears, it's really not certain that it's going to be growth in the same categories as before. So risk mitigation right now has to be around understanding whether your customers are going to be buying the same things as before."