The Infosys global supply chain management blog enables leaner supply chains through process and IT related interventions. Discuss the latest trends and solutions across the supply chain management landscape.

« Is “Supply Chain function” a critical function to business? | Main | Supply Chain “Proverbs-to-ponder” »

How risky is present Supply Chain risk assessment?

Assessment of Supply Chain risk is gradually evolving as the critical core competency for organizations struggling to cement their footprint. Most organizations especially the public listed enterprises have developed ways and means to identify enterprise risks and develop strategies for mitigating the same. But when it has come to supply chain risk assessment, the vision is blurred by parochial operational silos which deploy separate techniques for risk assessment. Even the spectrum of supply chain risk is limited to supply and distribution functions. The “Big Picture” image gets lost and this leads to huge risk of erroneous prioritization, procrastination and delayed action. One of the major causes of this scenario is the challenge of a system in place which enables a “comprehensive risk assessment”.

Let me drill deeper into this with some “slice-of-life” scenarios. You would observe a Sourcing Head assessing the supply chain risk related to supplier selection & development, supplier delivery reliability, supplier quality assurance, supplier technology evaluation and supplier insolvency assessment. On similar lines a Production Head is interested in assessment of risks related to raw material or bought-outs availability, machine reliability, operator productivity, production quality, inventory position and order fulfillment. They are comfortable in their own “glass houses” oblivious of the impact one risk within his territory impacting the performance of the other. Many a times these “glass houses” are so opaque, that a risk event occurring within a territory is kept under carpet till the impact has overgrown its natural size.


To take care of these types of operational silos, forward-looking organizations have invested heavily on ERP packages. What these packages do is to bring out any risk event on real-time (here processing time would be more appropriate) across the organization. But these ERP packages are designed from an accounts perspective. So, every event is assessed only on its financial merits. This limitation is slowly becoming a major challenge for any supply chain risk. The following example will drive home the point.


A global retailer faced a major supply choke due to delay in imports into USA. The issue was the absence of certain documents to meet C-TPAT compliance. The consignment was about USD 1.2 Million causing a huge risk of charges on capital blockage, demurrage charges, Port-to-DC transportation commitment payouts etc. The total risk exposure was to the tune of USD 340K. Compare this with another risk event of 3 cases of fire hazard due to a toy malfunction observed in the market. The risk exposure was as low as USD 27K including “mild recalls” and redesign costs. As both these events have low occurrence probability (due to first time events), the financial risk impact provides a natural priority to the first event. It is here that the limitation of the ERP systems come to the fore, making the "comprehensive risk assessment” techniques more relevant.


These ERP systems only support financial impact prioritization. These systems are unable to provide a holistic view of the impact. To take the above example, the following impacts were completely neglected:

§         Operational impact on distribution planning and scheduling

§         Customer impact on reputation and future revenues

§         Legal impact of contractual obligations and regulatory punishments


In the absence of these risk impact assessments, the consignment at the port takes precedence over the “perceived miniscule” incidence of fire hazard, due to the financial enormity of the former.


The financial driven risk assessments have been so much ingrained into the enterprises that they have financial wizards as Chief Risk Officers. This dominance of finance and accounts has also led to hegemony of finance techniques for risk mitigation. Any supply chain risk can be mitigated using three techniques. These are:

§         Risk transfer (e.g. insurance )

§         Risk sharing (e.g. supplier chargebacks etc.)

§         Risk avoidance

Risk transfer takes the highest corporate precedence, as financial wizards identify the risks and devise methodologies to insure these risks. But with the changing scenario as these enterprises are becoming more and more cash-strapped, their preference to put money on insurance premiums is becoming less and less likely. The focus is gradually shifting towards risk sharing and primarily risk avoidance. It is here that the Operations Heads have to pitch in. I would not be surprised if organizations have Chief Operating Officers taking up parallel roles as Chief Risk Officers as well.


So organizations across industries are either investing of their own or enabling research agencies to develop complex algorithms for “comprehensive risk assessment”. The prioritization is slowly getting shifted from a financial decision making to a holistic decision making involving all aspects of impact. Even the ERP product vendors who have the advantage of setting up platform technologies across the organization functions are taking up this challenge to develop product enhancements which are bolt-on solutions to incorporate “comprehensive risk assessment” techniques. As enterprises become increasingly resource-strapped a correct approach for deploying these limited resources across multiple risk events which may occur simultaneously, would be the most critical decision making need in supply chain risk management.   


And for those who wanted to know what happened due to the erroneous prioritization, the retailer spent a fortune to free the consignment. But by the time this was done, the “neglected” cases of fire hazard in the market had been blown beyond proportions in the media and legal forum, dealing irrevocable damage to its brand reputation. And that is not the end but the beginning of it all……


You are making a very valid point here in saying that the big picture is getting lost. Risk management NEEDS to address the big picture, since, in a worst case scenario, well-handled supply chain risk translates into business continuity, whereas an ill-handled supply chain risk may result in business-discontinuity, as many businesses sadly have experienced.

That said, and speaking of the 'big picture', there are three more ways to deal with risk. Risk Acceptance, Risk Exploitation and Risk Ignorance.

I find Ignorance to be particularly interesting. It's a notion of unwillingness to deal with risks, a “see-no-evil-hear-no-evil”-strategy where many businesses willingly overlook the risk they are exposed to.

Any thoughts?

Whatever is focused on is created.
Finance/Credit managers live in a "silo" where the avoidance of risk is paramount as illustrated by use of DSO (days sales outstanding) and % bad debt performance measurements.
Failure by Finance/Credit to consider the "Product Value at Time of Sale" in all its different possible applications results in the denial or limiting of new sales and the obstruction of repeat sales.
Beyond the lost sales opportunities, this "risk silo" worldview results is future bad will and a diminished return on the marketing investment and on customer retention.

Until companies move away from measuring performance based on risk and to measuring base on profit there is no real incentive for change on the part of finance/credit.

I agree with Jan on the 3 aspects of risk mitigation strategies and the pre-dominance of enterprises on "risk ignorance". This is mainly borne out by the fact that enterprises/ and its managers have 2 main handicaps :
1. They are not able to justify the cost of incurring an investment for avoiding risk
2. They find their arguments weak for transferring risk to either insurance/ suppliers

So the most convenient way is to ignore, as it does not affect anyone's direct compensation.
So the remedy here is to link compensation to risk.

It is here that Abe's comments should be studied in detail. The silo of Finance/credit has to be "broken" to bring them into mainstream operations for realizing value of lost opportunities or loss of goodwill in market. These speculative non-tangibles cannot be quantified directly. Profit is one measure, but profit primarily depends on market forces which govern prices and internal efficiencies which govern costs. So cost would be a better measure than profit, as controlling external market forces is "more Euclidean" than pragmatic.

The best way is to approach all risk events with a cost-value scenario. As risk is defined as a weighted product of OCCURRENCE and IMPACT. Here the occurrence score would be derived from historical data of events. The Impact score should be derived from a cost break-up of each of the costs associated with the risk event, including risk mitigation cost, risk assessment cost, risk avoidance investment cost and the cost of resources & capital for lost opportunities etc. This has to be a structured enterprise-wide activity to identify each possible risk event and quantify the associated cost-value. This way each risk event will have a monetary value attached to it, and the occurrence of a risk event would be gauged by the actual "sunk costs" instead of any notional guesstimates.

This way we can expect to bring in the Finance/ credit persons to be pulled into the mainstream and the "procrastinators" to be booked for each "non-action".

I have seen many risk-prone organizations (in Logistics management and Construction management) already initiating such enterprise-wide initiatives, which I am sure will fetch them strong results and help reduce their risk exposure in future.

Thanks to Jan Husdal and Abe WalkingBear Sanchez for those deep insights.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Follow us on

Blogger Profiles

Infosys on Twitter