ICYMI: Tackling the Complex, Multifaceted “Hairy Beast” of Risk Management

risk Brian Jackson/Adobe Stock

Last Friday, Spend Matters Founder Jason Busch and Chief Research Officer Pierre Mitchell teamed up to present the webinar Risk and Compliance Management: Embedding Risk Management in Procurement and Supply Chain. Kicking off the webinar, our VP of Client Services Sheena Smith said, “I don’t think there’s anyone out there who could make procurement as interesting as they do or, frankly, who geek out as hard as they do.”

All of us at Spend Matters know that to be true.

Busch and Mitchell began with a segmentation of the types of supplier and supply chain risk and compliance management technologies out there, before moving into the topics of how to embed these technologies throughout your procurement and supply chain functions. They discussed the best ways to create linkages with other areas of procurement technologies, as well as how to create a procurement culture that is risk-aware.

Supply risk management is a complex and multifaceted area, Busch warned. “There are so many different groupings of solutions. Unlike areas like procure-to-pay or source-to-contract, there’s not a single provider or even a handful of providers who touch all bases. That might change in the future, but you’ve got to think about developing your own procurement information architecture around risk,” he said.

Risk management is extremely important, but the area is still not prioritized as much as it should be. “Our research indicates that less than a third of organizations have procurement as accountable for risk management,” Busch said. “And even if they are, many have too few funds chasing too many risks.”

Categories, Categories

As Busch, Mitchell and Michael Lamoureux wrote in the recently published Supply Risk Management and Compliance Landscape Definition and Overview, the supply risk management solutions market can be split into the following seven segments:

  • Stand-alone supplier and supply chain risk management, monitoring, and optimization solutions
  • Supplier management solutions
  • Spend analytics solutions (inclusive of risk / financial data enrichment)
  • Risk information / content originators (e.g., supply market intelligence providers)
  • Governance, risk and compliance (GRC) vendors
  • Commodity management solutions
  • Supply chain planning, (re-)design and optimization

And what about the risks themselves? Here are some of the main risk categories that were discussed on the webinar:

  • Supplier financial viability
  • Disruption-related risk elements, such as natural disasters
  • Political, country and trade risk
  • Brand and reputation risk
  • Fraud
  • Banking/credit risk

Among those, supplier financial viability is perhaps the most popular area to go after for procurement organizations seeking to tackle risk. Included in this area are bankruptcy, declining balance sheet health, ability to meet obligations in a timely manner and so forth. Bankruptcy rates are in fact down, Busch pointed out, but it’s still a key supply risk area.

Notable Quotables

On political risk: “That’s a huge one if we look at what happened in the second half of 2016, not only with changing trade tones within the U.S. but also Brexit.” — Jason Busch

On reputation risk: “Anyone who lived through the era of low-cost-country sourcing remembers all the various scandals associated with counterfeit products, ingredients and parts.” — Jason Busch

On risk management in general: “A lot of times risk is really pegged to rewards and supply performance. What are you trying to get out of your supply chain, what are you trying to get out of your suppliers, and what are those things that are important that you want to protect? If it’s around innovation, you’re going to be really strong on IP protection. If you’re in a volatile commodity market, you’re going to want to protect price.” — Pierre Mitchell

On commodity management… and memoirs: “Someday I’m going to write the memoir that I married a metals trader, which is in fact true. The world of true commodity management is actually really different from the world of procurement. We can probably count 100 people in the world who are true experts in procurement and commodity management.” — Jason Busch

On hedging: “Not many organizations from a procurement standpoint hedge today. You don’t have to be in the business of hedging. A lot of businesses have a no-hedge policy. There are different ways of hedging without using hedging. I know it sounds like a funny statement but it’s true. You can enter into longer-term agreements with suppliers.” — Jason Busch

More on hedging: “Really everyone hedges whether they call it hedging or not. If you choose one-year versus two-year contracts, you’re making a hedging strategy.” — Pierre Mitchell

On supply chain planning: “My senior research thesis was actually in this area. I think the big thing here is the idea of really bringing that risk decision-making into the sourcing process… Formally model risk into sourcing itself rather than [saying], ‘Oh right, here’s our existing supply chain, now let’s do the risk analysis.’” — Pierre Mitchell

On tackling supply risk holistically: “The number one challenge of supply risk is that it’s generally decoupled from business strategy, which in turn is decoupled from procurement strategy. As a result of this, we tend to marginalize the importance of risk at the executive level until after the fact – My gosh, there’s a negative headline. My gosh, we’ve got to shut down a line because our supplier isn’t shipping for whatever reason or a container was held up.” — Jason Busch

On ghostbusters — or lack thereof: “In lots of areas you can call a preferred massive consultancy and they can bring you a solution. Maybe it’s not a perfect one, but they can address needs for a given area. There’s not one ghostbuster to call for supply risk here, unfortunately.” — Jason Busch

You can now download a recording of Risk and Compliance Management: Embedding Risk Management in Procurement and Supply Chain for free. This is a complex, messy topic, so we encourage you to take an hour and learn how to take your risk management efforts to the next level.

First Voice

  1. Digby Barker:

    As you say “This is a complex, messy topic”. That being so I think it important to start by getting the terminology clear. The list under “some of the main risk categories….” would in my view be better referred to as ‘the list of categories of potentially adverse events’; I say ‘potential’ because some such events may turn out to present opportunities rather than problems. There’s also the need to be clear about the distinction between Threats and Risks. This may appear to be pedantic but when one of the strategic issues for all organisations is inculcating and maintaining a culture where considering the ‘down sides’ of undertakings is seen as a positive we need to make sure the undergrowth has been cleared first.

Discuss this:

Your email address will not be published. Required fields are marked *