Best Practices for Supply Chain Risk Governance
The growing volume and increased range of transactions in global supply chain networks have weakened geographic barriers and heightened company exposure to issues that, until recently, were just distant concerns. A concrete governance mechanism to periodically review supply chain risks and define mitigating actions improves and ensures the resilience and agility of the supply chain. We spoke with RANE Experts David Robillard, founder of the firm MultiLatin Advisors, and Tony Pelli, Supply Chain Risk Consultant at BSI Supply Chain, to discuss best practices regarding supply chain risk management.
An effective supply chain risk management mechanism includes a cross-functional “risk board” with participants representing every node of the value chain (Procurement, Auditing, Security, Human Resources, Operations, Legal, etc). It typically includes line managers who double-hat as the lead for their function, making them the “owners” of risk identification and mitigation. In many cases, the risk board receives additional support from a central risk-management function, staffed with experts to provide supplemental guidance on risk mitigation and identification.
- An effective board will meet quarterly or bi-annually to review the top risks in the supply chain and to define mitigation actions. The participants will then own the execution of mitigation actions for their respective functional nodes. For example, if the board decides to qualify and onboard a new supplier for a critical component, the procurement representative on the board will own the action and ensure its execution.
- Robillard says that, for many companies, the risk board will also make recommendations to improve the agility and resilience of the supply chain, including reconfigurations of the supply network, innovations in the reduction of lead times, or collaboration with suppliers to help optimize operations.
Pelli believes that a strong governance program will establish named individuals responsible for conducting activities associated with each step of the risk management process. These individuals should be from across a variety of internal functions (procurement, IT, General Counsel, etc.) to ensure that those overseeing the risk management process have the requisite subject matter expertise to effectively manage the program.
- Pelli posits that the decision of which personnel to allocate the power to should be largely based on what the concern is: “If you want to prevent overall interruption/disruption of the supply chain, then business continuity people will be the most successful. If it’s security more narrowly, then a corporate security person would be the best fit.”
Having your full team on board when it comes to your governance program is crucial in ensuring the viability of the program. Robillard believes that companies often treat the security function of a governance program as a reactive function, but it generates the biggest value when it is proactive, picking up new risks, and sharing them across the company.
- Robillard tells a story about a major US electronics retailer entering Mexico. The company moved their product in the US in branded trucks, with the branding a decision pushed by the marketing team. The marketing team wanted to do the same in Mexico in order to gain visibility for the brand. However, doing so in Mexico would mark them as a target for theft. If the security function had not been part of the discussion, the marketing team could have made a decision that put their product at risk.