This is another article in our series of eWorld Procurement and Supply highlights; in this case, it was Nick Wildgoose of Zurich Insurance Services giving us some insight into supply chain risk.
The BCI / CIPS / Zurich Supply Chain Resilience Survey 2016 gave Wildgoose good material for his session – disturbing facts such as “70% of organisations have suffered significant supply chain disruption” and 2% have lost more than 50m euros in such an event.
In terms of the causes of disruption, the incidences of adverse weather or insolvency are less than you might think. It is now just as likely to be cyber-attacks, or supplier IT failures leading to data breaches or other technology problems.
It’s also interesting to note that only 41% of issues were identified as lying with an immediate supplier. 17% were second tier problems, 14% further “down” the supply chain – but 40% of organisations don’t actually analyse the source of the problem, which seems surprising. And something else to worry us – the CIPS / D&B risk index currently stands at its highest level for 22 years.
Wildgoose was interesting when he pointed out that risks are often inter-connected – for example, drought in that country caused indirectly the Syrian political crisis, which then drives a wider refugee crisis, which has political implications in western countries. and we are seeing issues such as demographics and inequality causing much wider problems.
So Zurich has a proven methodology for working with corporates. Their ”four-box model” looks at:
- where is the value?
- what are the risks?
- how bad could it be?
- how robust are the control measures?
The process looks at 23 measures of the external environment – broken into economic, geographic, political, and structural factors, as well as dealing with different stages in the procurement process. As Wildgoose explained, it is important to get the external context. “It is not enough to just ask your suppliers if they have outstanding legal cases” – that data is available from third-party sources in a much more robust form.
As he said, when an event does occur, senior procurement leaders need to be able to answer the key questions around impact – what will you say when the CEO calls and asks whether a tsunami affects your supply chain? Are your own suppliers managing risks in their supply chains? And are you a customer of choice? If there were a major problem at IBM, would Zurich be a customer of choice that would get some sort of preference?
It is also important to identify the weak link in the supply chain. For example, a haulier somewhere in the process might be the most likely point of failure. When Zurich carry out risk assessments, they find issues such as second-tier suppliers in financial trouble, or a reliance on a particular supplier that is simply much greater than appreciated, or in one case, a critical product that was dual-sourced – but from two suppliers within ten miles each other in Mexico! One incident could easily have taken out both of those suppliers.