Benchmark Your Supply Chain Risk Management Maturity

When virtually all organizations are taking at least some action to hedge against risk, the extra steps that mature organizations take could spell the difference between competitive advantage and scrambling to play catch up when a major disruption occurs.

Adobe Stock 305151974 (2)
Summit Art Creations/stock.adobe.com

Organizations are steadily building resilience against supply chain risk, and that’s good news. Through survey research carried out with 316 global organizations, APQC found that nearly all organizations are taking at least some action to build resilience through investments in areas like technology, governance and supplier management.

While most supply chain organizations are on this journey, relatively few have reached a level of maturity or sophistication that is appropriate for the dynamic risk landscape that organizations are facing now. In this article, we provide insight into the steps that leading organizations carry out and highlight areas where other organizations have opportunities to mature their approach to risk.

Get Deeper Visibility into Disruption

Technology is reshaping the ways that supply chains prepare for and react to risk. For example, APQC found that a large majority of surveyed organizations (81%) use some kind of system to continuously monitor for global supply chain disruptions. The same percentage of respondents also said that they have a system that provides a risk profile of their suppliers, materials, supplier manufacturing sites, categories, and products. These technologies provide deeper visibility into global risk to help organizations build resilience against disruption.

While many organizations now have these technologies for their supply chain, there is always room to improve and optimize their use. For example, fewer than half of respondents (46%) said that their system provides insight into the potential impacts of a disruption on the business. While there’s some value in knowing about disruptions at a broad level, there’s far more value in knowing what that disruption means for your business specifically.   

Drive Accountability for Risk Governance

Given the nuances and sensitivities of potential disruptions, organizations shouldn’t rely on technology alone to manage risk. Even with the best risk monitoring and profiling systems in place, someone still needs to be accountable for acting on the data and making decisions that drive supply chain resilience while building stronger relationships.

Risk governance teams—bodies that manage organizational risk through a defined set of policies and procedures—are the people who typically make these decisions. Fortunately, a significant majority of organizations (91%) have risk governance teams in place.

Why Mature Risk Governance Matters

Risk governance teams usually have enterprise-level visibility into risk and authority to coordinate the work of risk mitigation. These capabilities are critical for managing risk in the supply chain. However, it’s just as important for these teams to track and report performance on measures related to the risk environment and to work to continuously improve an organization’s resilience against risk.

Many organizations have an opportunity to mature their approach to risk management in these ways. For example, only 38% of respondents said that their risk governance teams regularly track metrics, report progress, and continuously review gaps for improvement.

Business continuity planning and engaging with insurance providers are two examples of risk management activities that benefit from the work of mature risk governance teams.

Business Continuity Planning

ApcqfigAPQC Fig. 1A business continuity plan (BCP) ensures the continued delivery of products and/or services at acceptable levels following a disruption. It’s not only important for your business to have a BCP, but also to verify that your most critical suppliers have them as well.

Nearly all organizations (91%) are taking at least some form of action to gather BCPs from suppliers. However, many organizations still have opportunities to increase the sophistication of the process for doing so. About a third of respondents (32%) say they are either developing a process or have a process and are currently collecting BCPs from suppliers. Another 27% have already collected BCPs and are reviewing any gaps that they find (Figure 1). 

Only 36% of respondents have a mature process that not only includes gathering and reviewing BCPs but also has an element of continuous improvement built in.

Engaging Insurance Providers and Increasing Coverage Based on Risk

Apqcfig2APQC Fig. 2Insurance coverage is another area that shouldn’t be left to run on autopilot in today’s risk landscape. To prevent incurring high costs from an unexpected or unforeseen event, it is critical to regularly review coverage and increase coverage when necessary. Half of surveyed organizations say they carry out these steps, while about another half (45%) are just leveraging supply mapping information to review their coverage with providers (Figure 2). 

Supply Chain Risks are Dynamic—Your Approach to Risk Should Be Too

Supply chains are complex networks, and the landscape of potential disruptions is continually shifting. Leading organizations have developed an approach to managing risk that is just as dynamic. Their risk governance teams not only help to collect continuity plans and review insurance coverage, but also work to continuously improve based on any gaps they find in these areas. Leading organizations also invest in technology that goes a level deeper than just showing evidence of supply chain disruption to providing fine-grained intelligence about the impact of a given disruption on the organization’s business.

When virtually all organizations are taking at least some action to hedge against risk, the extra steps that mature organizations take could spell the difference between competitive advantage and scrambling to play catch up when a major disruption occurs. At the very least, mature organizations are able to continuously improve in response to shifts in the risk environment, which means their resilience against risk will continue to grow over time. 

Latest