The Overview 

Risk management has evolved and must be a core competency, leaving behind traditional monitoring-based approaches that only focus on a few critical Tier 1 suppliers and one or two risk factors. The world is too complex, and we know supply chains, not suppliers, compete. Failing to evolve leaves organizations in a perpetual crisis management cycle.  

This article is the first in a series to provide simple steps to evolve supply chain risk management from an endless series of crises to a methodical and balanced process. In doing so, your team will fuel the innovation required to move the whole organization forward. The goal is simple: drive sustained performance rather than effectively manage crises. 

The steps that follow focus primarily on what is required for change management and less on risk management. Please note, without change management and transformation, any improvements to the risk management process itself are at risk of being temporary. 

Step 1: Engage Stakeholders Early and Often 

1. Take a leadership role. Procurement and supply chain management (SCM) lives at a crossroads of internal and external stakeholders, such as suppliers. Take ownership of the process.
2. Identify all stakeholders. Scope both internal and external stakeholders who will be involved in the process.
3. Seek alignment. Meet with the stakeholders to gather information and perspectives on corporate goals and objectives. Understand concerns and risks, and who is working on the issues.
4. Document information. Make note of similarities and differences. Share the information with all stakeholders.
5. Draft an initial problem statement. See step 2 for details. This may be done concurrent with this engagement step. There is some thought that Step 2 should begin before engagement, however, Procurement should be building the relationships with stakeholders as a general best practice because of the strategic nature of their work and breadth of initiatives.
6. Prepare for a risk management workshop. Seek input from stakeholders on participants for the workshop. The workshop should consist of a smaller working group with good representation across different functions and groups.

Step 2: Problem Statements

Follow a standard problem statement definition methodology and set a project charter. The key is to understand the end state that is trying to be achieved. The goal at this point is not to define solutions and how to address risk — it is to fully define risk management and a clear problem statement. Only then can the team determine actions to support the people, improve processes, and ensure the right enabling technologies are leveraged to drive supply chain risk management. A few questions to keep in mind during this stage: 

• What does the team need to solve the problem?
• Are the impacts quantifiable?
• What is the current state of the process?
• Does the full team know what the organization is trying to solve for?
• Does the organization have a common definition of risk management?
• Is there consensus on goals for revenue, margin, or other targets/metrics?
• Is there clear prioritization?

Step 3: Alignment

This step is key and often ignored — even organizations that have engaged stakeholders and established a clear problem statement overlook alignment. Understanding the company’s overall goals and objectives is paramount: revenue, growth, margin, and/or market share.

Best practice proves that after an initial stakeholder engagement and problem statement definition, it is still important to have an alignment meeting.

Validate that the working parameters and definitions, as well as priorities, match the current state, as understood. Sometimes time has lapsed since the first conversations and new issues, concerns, or factors are in play.  

Consider:

• Are the goals and measurements well understood?
• Are they specific, measurable, achievable, realistic, and timely (SMART)?
• Does each team member understand how they impact the goals and how risks may affect the ability to achieve them?
• Does the problem statement adequately and accurately align to the organizational goals?

It is important to note that we have made no mention of functional goals. For risk management, and specifically supply chain risk management, to be fully effective, the alignment must be to organizational goals.

It’s also important to note that alignment takes multiple forms, including:

• Goals
• Functions
• Stakeholders
• Measurements
• Problem statements

Ultimately, alignment of the solutions should come together to solve the root cause.

In Step 1, we spoke about engaging stakeholders early and often. Alignment continues this engagement. Importantly, “stakeholders” doesn’t refer solely to management or leadership. Stakeholders may be broad both vertically and horizontally across the organization, possibly including external parties. Consider how to keep various parties informed. Various stakeholder groups can help to test assumptions and gather feedback during the process.

Step 4: Measurement

Often, organizations undertake changes to processes, tools, and team structures with an inadequate definition of the metrics they will use to measure progress and success. They set goals with no baseline to start from. This step is critical.

It may also be time to change the measurement and KPIs. For too long, success has been measured on a short-term basis. This drives priorities but perpetuates the crisis management cycle. If success is measured in quarters, and single year increments, the impetus to evolve the process to drive change is muted.

Many organizations are measured on a quarterly and yearly set of metrics. In fact, many executives are motivated and rewarded on this basis. To make the step change to a proactive holistic risk management process requires a multiple year, longer-term focus. The investments to structurally design a more resilient supply chain take a long-term approach.

As stated in step 3, are the metrics SMART? If not they need to be. Test the metrics to make sure they align to the problem statement.

Step 5: Governance

While the other steps are important, this may be the most important.

After you follow steps 1-4, as a unified team, present to all the respective leaders, in a single meeting, and:

• Communicate the message
• Provide supporting evidence
• Ask for them to serve as a Risk Management Steering Committee

This elevates the activities and drives accountability for the change and outcomes. Ultimately, this helps ensure that success will be team-based.

Step 6: Taking Real Action

One common pitfall that we see is when organizations do things without taking real action. It would be a mistake to believe that any of these things indicate an organization taking action:

• Monitoring
• Analyzing
• Collecting data
• Mitigation plans and business continuity plans

These things are activities, but real action is turning to long-term design and affecting the future by changing your organization or supply chain. What does this mean?

Failure to act means crisis after crisis is met with costly impacts, including but not limited to:

• Negative working capital – inventory stocking levels
• Higher expediting costs
• Delays impacting customer satisfaction, cost, quality, delivery, revenue, and margin
• Higher oversight costs
• Increased travel costs

Five Part Crises Management Blog Series

In each of the next three blogs, Avetta will break these steps down into more detail. Once completed, organizations will have a guide for transforming from a crisis management shop looking for heroes to a strategic supply chain risk management organization. Additionally, we will provide insights on how to integrate technology like Avetta’s solutions into the process to drive informative strategies that design sustained performance into your operations.

Our primary focus will be on process and people versus technology. However, we will draw attention to where technology provides value both in terms of workflows and verified information. Throughout this discussion, the emphasis will be on information, not data, which is a raw material. Risk management requires information. In this series, we'll provide information to help your organization transform.