Using technology to de-risk supply chains

Supply chain risk is such a huge topic right now that even our newly-elected president is talking about it—and acting on it. In February, PresidentJoe Bidenpublished his Executive Order on America’s Supply Chains, where he talks about the need for “resilient, diverse and secure supply chains to ensure economic prosperity and national security.”

In the order, Biden points to pandemics, biological threats, cyberattacks, climate shocks and extreme weather events, terrorist attacks, and geopolitical and economic competition as some of the conditions that can reduce critical manufacturing capacity and the availability and integrity of critical goods, products and services.

“Resilient American supply chains will revitalize and rebuild domestic manufacturing capacity, maintain America’s competitive edge in research and development, and create well-paying jobs,” Biden states. “They will also support small businesses, promote prosperity, advance the fight against climate change, and encourage economic growth in communities of color and economically distressed areas.”

A fundamental redefinition of risk management

The pandemic may have put a brighter spotlight on the term “supply chain” over the last six months to 12 months, but anyone who runs one of these intricate networks was assessing and addressing potential risks long beforeCOVID-19reared its head.

“There’s been a fundamental redefinition of risk management in the supply chain as a result of the pandemic,” says Steven Melnyk, Ph.D., professor of supply chain and operations management at Michigan State University.

Companies that didn’t realize how interconnected their operations were with their supply chain partners, for example, got a harsh wakeup call when their Tier 1, 2 and 3 suppliers struggled to keep up with demand during the early stages of the pandemic. This, in turn, led to product stockouts, delivery delays and other disruptions.

Of course, it doesn’t take a global pandemic to turn a supply chain on end. Known for having relatively poor visibility into their Tier 2 and Tier 3 suppliers’ operations and financial health, many companies take unexpected hits when one of those companies goes out of business, are affected by a major weather event, or suffer a cyberattack. The latter can be particularly debilitating. “Most cyberattacks are supply chain-related,” Melnyk explains, “and involve a lower partner that’s typically a small- to mid-sized business.”

Wanted: More resilient supply chains

Citing a recent Gartner survey, Koray Köse says 90% of organizations plan to put money and time into making their supply chains more resilient over the next two years.

“Companies generally are more inclined to invest in their resilience,” says Köse, senior director, supply chain research and advisory at Gartner, “and with that comes, of course, the investment into supplier risk
management software.”

With 48.9% of all supply chain disruptions involving Tier 1 suppliers, and the remaining 51.1% concerning suppliers in Tiers 2 and lower, Köse says any commitment to improving resilience must include a larger focus on sub-Tier 1 suppliers.

“The weakest link in the supply chain right now is the fact that visibility beyond Tier 1 is extremely low,” Köse points out. Relying too heavily on one vendor to provide critical supplies is another problem to watch out for, says Köse, who points to the current semiconductor chip shortage as proof of this point.

The chip shortage is forcing automakers to reduce production and may eliminate $61 billion in auto industry revenue in 2021, according to Bloomberg. This is just one example of how putting too many eggs in one vendor’s basket can drive up a shipper’s risk profile.

“Taiwan Semiconductor Company delivers about 70% of the chips for the global automotive industry, but those sales only make up about 4% of the manufacturer’s total revenues,” Köse explains. “That doesn’t give the automotive sector much leverage to pressure Taiwan Semiconductor, which is more concerned about the other 96% of its revenues.”

Monitor, analyze, mitigate, learn

供应链软件市场的一个角落里的焦点ed specifically on identifying and addressing risk, the risk management software segment helps companies do a better job of finding potential issues and fixing them before they turn into debilitating problems. Operating in a fragmented market where best-of-breed options still reign, risk management software vendors generally focus on supplier performance, events, financial capacity, or compliance.

All risk management software helps companies identify, assess, and mitigate risk within their supply chains, but that’s where the similarities across the platforms end. Some focus on events or supplier assessments. Others emphasize a supplier’s financial health or their environmental, social, and governance (ESG) track records. The list of potential areas of vulnerability goes on from there, with most vendors centering on just one of them and then building out their platforms from there.

Köse says most risk management solutions address problems by using this four-pronged approach: monitor (provide visibility into risk events through dashboards, reports, maps, alerts and notifications); analyze (measure the potential impact on suppliers and provide an impact summary); mitigate (mitigation efforts through action plans, workflow, and recommendations); and learn (apply machine learning to fine-tune future recommendations and impact analysis).

Right now, Köse says more companies are turning to risk management software for help in all of these areas. That trend was already underway pre-COVID thanks to an increase in disruptions, but then accelerated significantly when the pandemic emerged. Many times, Köse says shippers will invest in event monitoring (e.g., weather events, earthquakes, etc.) and financial risk management (for a better understanding of a supplier’s financial health) solutions, both of which are fairly fundamental and easy to comprehend.

Köse says other solutions go deeper by addressing capacity risk, compliance risk, performance management, and/or cybersecurity. And while no single solution addresses all of these different vulnerability points, vendors are using application programming interfaces (APIs) to integrate multiple systems into multifaceted platforms.

“At this point, the solutions market is so fragmented that while some solutions are very good in one or few use cases,” says Köse, “there’s really no single, comprehensive solution.”

Looking ahead, Köse expects some of the strategic sourcing software providers and procure-to-pay platforms developing broader risk management applications. He points to Coupa, Ariba, and JAGGAER as three vendors that are “evolving into that space” with the goal of creating software suites that tackle multiple aspects of risk management.

Köse also sees the recent convergence of DHL Resilience360 and Riskpulse (now “Everstream Analytics”) as another example of how software vendors are approaching and integrating risk management into their solutions. “DHL Resilience360 started with event monitoring,” says Köse, “and has since broadened out to include visibility, supply chain planning and supply chain execution.”

Gaining momentum

From the global pandemic to the subsequent supply disruptions to Texas’ recent, catastrophic weather events, supply chain risk can rear its ugly head at any time.

To best prepare themselves to identify and thwart these issues,William Brooks,Capgemini’s VP, NA transportation portfolio, says more companies are turning to technology for help. “Risk management software is getting more attention lately and definitely gaining momentum in terms of adoption rates,” says Brooks.

The solutions are also coming down in price, says Brooks, and becoming more affordable for a wider range of companies. This, combined with the growing need for the software, is also helping to drive up adoption rates. As this continues, Brooks expects to see more software as a service (SaaS) offerings emerge within the risk management software sector—a trend that may drive its costs down even further.

“SaaS will make the software more accessible to an even larger number of companies, while concurrently providing access to cutting-edge technologies,” says Brooks. Other trends to watch include tighter integrations between companies’ risk management software and theirenterprise resource planning (ERP)solutions, and enhanced functionalities that help shippers address new disruptions and challenges.

“This is definitely a software sector where necessity is the mother of invention,” Brooks points out. “Anytime a new issue arises, there’s going to be someone there to rise up and help companies address it. This momentum will continue over the next two years to five years, with a lot of vendors coming up with even more cost-effective solutions targeting a larger pool of prospective customers.”

Collaborate risk management

Looking ahead, Melnyk sees collaborative risk management becoming more mainstream in supply chain circles, where sometimes just knowing what your key suppliers are up to, how they’re faring, and what challenges they’re grappling with can truly be a risk mitigation superpower.

Fully leveraging this superpower requires strong collaboration and information-sharing, both of which can help boost organizational resilience.

“Most companies do a poor job of managing the entire risk associated with their supply chains, which is why collaborative risk management is beginning to emerge as a strong defense against potential disruption,” says Melnyk. “It’s not simply you; it’s you and your supply chain. By working together with your supply chain partners, you’ll be able to identify, evaluate and act collectively. Otherwise, by the time the problem gets to you, in many cases it’s already too late to do anything about it.”