In search of nirvana: How to identify, measure and manage supply chain risk

Supply chain risk has shot up the corporate agenda in recent years as the dual trends of globalisation and relentless pressure on cost control have posed a serious threat to the ability of apparently sophisticated, and well-managed, multinational corporations to deliver their basic product and service, on time and to the quality required. Recent events such as the Thai floods and fires at key auto-sector suppliers served as a stark reminder of the risks that multinationals are running as they seek to maximise profits by running as lean an operation as possible. Risk and insurance managers have an increasingly important role to play in this area.

To investigate what the entire risk and insurance management community could and should do to help more effectively manage this risk, Commercial Risk Europe brought together a group of experts for a discussion during the GVNW Symposium in Munich. This conversation, sponsored by Clyde & Co, generated a lively and thought-provoking debate. Adrian Ladbury reports on some of the key risk management issues discussed.

Adrian Ladbury [AL]: Supply chain risk has become increasingly important for multinationals in recent years and risk and insurance managers are finding themselves involved in this business-critical area. But this is a very broad area that can be difficult to define. What actually is supply chain risk and why has it become so important?

Juergen Mueller [JM]: You can have structures in place to minimise the risk and buy insurance, but at the end of the day it is a third-party risk and you need to rely on them. This makes it a very hard risk to manage. The risk is certainly talked about more now, but the risk is the same as in the past. As a supplier, companies want to know more about how we are managing the risk – do we have redundancies etc? In the past, people relied on a good name, but now companies want to see what you are doing to manage the risk and will check this. So, we check our suppliers more and, as a supplier ourselves, we are checked more.

Thomas Keist [TK]: For large corporates, this has always been a big topic. But we see that companies are growing and the value chain has become much more diverse during the last 50 years, with sourcing now taking place all over the planet because of globalisation. In addition, the values at risk have also grown alongside the growth in world trade. We don’t have a good answer to this from an insurance perspective as yet. That is why the risk has become bigger in people’s mind.

Volker Muench [VM]: I think the exposure has increased because there is less redundancy within companies to manufacture at multiple locations. The same applies to all suppliers. We are talking buffer stock and whether the stock can be reproduced if a supplier goes down. In addition, industries are more intertwined. There is less in-house manufacturing. There are big reputation risks. The question is: how many times can you interrupt manufacturing before customers lose faith in you? And the same applies to suppliers that cannot deliver.

Otto Kocsis [OK]: I would say supply chain risk has started to become an important topic since the mid-1990s. In 2011, there were the big interruptions such as the Tohoku earthquake and the Thai floods. But how much were we able to improve supply chain risk management since then? It is still difficult to manage these interruptions from the procurement side, which primarily focuses on cost. Risk is not the first consideration when sourcing suppliers. I don’t think the task of mapping and managing the risk can be done manually in complex supply chains. This is too costly. To bring supply chain risk management to the next level, we need digital support to manage this risk properly.

Jurgen Wieman [JW]: We see an increase in disruptive business interruption (BI) scenarios. I think the need for economies of scale leads to a concentration of risk. You often see in peak scenarios that suppliers are dependent on a small number of global supply plants. If one plant fails, you can immediately lose 50% of the global supply. That cannot be overcome. So, going for efficiencies carries a cost. You don’t get redundant processes for free, there is no free lunch. In many companies there is a failure at c-suite level to recognise this.

Nigel Todd [NT]: There has been an economic boom in most developed economies during the past few years. This doesn’t help in terms of redundancies, because suppliers are extremely busy. Being able to quantify the risk and the potential financial impact to an organisation will be an important function of a risk manager.

[JM]: How many redundancies do we want to have? It is a cost issue. No one wants to pay for backups because it increases the price of the product. Contingencies put the price of the product up.

[VM]: There is a different maturity between companies when assessing supply chain risk. The more sophisticated risk managed companies I see are factoring in how many products might be impacted and the amount of profit they could lose. But opportunity costs are not always factored in.

[OK]: At the end of the day, companies compete on market position. Ultimately, it is about managing costs in the supply chain versus risk. But which companies have these two information dimensions available on one screen? On transparency of costs, we are quite elaborate. But I see few companies understanding and managing the supply chain risk, represented by a simple risk price tag. The supply chain risk exposures are often so high. Supply chain risks show the characteristic of a heavy tail, meaning that a few large interruptions cause huge impacts. Knowing this, if the supply chain risk is not transparent and managed correctly, how can we, as insurers, help with risk transfer? We need to help our customers so that risk severity is lowered. It is all about transparency. Currently we don’t yet receive the right information.

Martin Vinkenflügel [MV]: We, as insurers, keep asking our clients to make their supply chains more transparent. But what do we do to help them do this? We ask for the addresses of all first-tier suppliers, but in this ever-changing world that is extremely difficult to do. The second and third tiers are even more difficult to make transparent to insurers. So, the risk is not understanding your supply chain. If you understand it, you then need to be prepared for disruption.

[JM]: We were asked to provide the names and addresses of our suppliers, but this simply isn’t available. The main reason is suppliers don’t know, or say, where their supplies come from. In some instances, it changes day by day.

[AL]: What level and depth of information is really necessary? What information does the risk manager really need to effectively help manage this threat and provide potential insurers with information they need to comfortably transfer elements of the risk?

[VM]: We don’t necessarily need to know all the suppliers, we need to know those that could impact a company severely. I don’t think most supply chains are overly dynamic and changing on a daily basis. When assessing BI, the issue is less about physical assessment and more about how companies are managed so you are aware when something might have gone wrong.

[OK]: The big challenge is that we are producing in global supply chains, but we carry out risk management mostly on single locations. We do not have the transparency on the size of dependency from critical suppliers. We need to better understand the knock-on effects of supply chain disruption. It would be helpful to know how much business is at stake from the critical suppliers, understanding which suppliers are critical because these can hurt insureds and ultimately insurers. Some companies are able to link supplier with a price tag of risk.

[TK]: This is the problem with insurance products. If you want to have transparency and understand the risk, you need to carry out thorough analysis. Usually insurers provide this service, but there is a cost. Then, when transparency is achieved, customers usually shy away from paying the price to transfer the risk, often because it is a significant amount.

Dogu özden [DO]: I believe there is a mutual awareness gap between insurers and manufacturers. There is also a mutual awareness gap between the producers and suppliers in lower tiers. I know my tier one suppliers very well and have 150 to 200 major named suppliers where most of the risk sits. But, I don’t know tier two and their suppliers. My tier one knows tier two very well, but I don’t.

[AL]: Whose job is it to identify, quantify and manage supply chain risks?

[DO]: It is a combined job. Firstly, the board of directors. In our company we present our top 15 to 20 riskiest suppliers to our board. We then take their insight. In some situations, they take a decision and say, ‘this is our limit, our risk appetite, on that supplier’. If we go above that, we stop working with that supplier or dealer. So, it is a strategic issue. Procurement also has a role. In our company, most suppliers are well known by procurement specialists. They are the ones that get closest to them. So, we get some intelligence from our procurement specialists. Risk management also needs to be involved – it is vital. The business continuity manager is the other one. Ultimately, procurement heads are on the line if something goes wrong, and the next in line would be risk management.

[JW]: We find it is a spread of responsibility. This therefore provides a good opportunity for risk and insurance managers to facilitate the discussion and spread information through to the insurance market. We need someone to bundle this together.

[JM]: In our company, the risk managers would be the one to contact for that. They are the catalyst to bring together purchasing and the insurance world. As in Dogu’s company, the responsibility for managing supply chain risk lies with the procurement department. They have strict rules and guidelines to follow from management. But we in the risk department speak to them regularly.

[OK]: Supply chain risk management has to be done wherever supply chains are being shaped, so mostly in procurement, of course aligned with risk management. You need to manage costs and risks simultaneously in the supply chain. We need to make risks digitally transparent to support and ease this.

[MV]: One of the biggest concerns I hear about is that communication between procurement and risk management isn’t always as good as it should be.

[JW]: We need to help clients raise risk awareness within their companies. We can help by using our knowledge through scenario planning and the like. We need to give feedback on the financial and reputational impact if something goes wrong. This will further raise awareness.

Back to top button