Driving supply chain risk strategy during coronavirus recovery

In parts of the world, the coronavirus pandemic appears to be waning. Yet the global economy is now stuck in the mud. Will this standstill turn into quicksand for your company?

As production ramps up again, procurement, purchasing and supply chain managers are no doubt weighed down with a heavy workload already — but you’ll also need to devote time to securing your supply chain in the future. Here is a five-point guide to drive your supply chain risk management strategy during coronavirus recovery.

CORONAVIRUS RESPONSE: Supply Risk — Mitigating and Recovering from the Grey Swan of COVID-19

supply risk

The mission of our “Coronavirus Response” series is to examine categories of relevant solutions and example providers that professionals in procurement, finance and supply chain organizations should investigate to reduce coronavirus supply risk.

We’re calling the pandemic a “grey swan” because pandemics are not unknown risks. If you look at the 2019 World Economic Forum Global Risk report, the “risk of infectious disease” came in last on the top 10 list in terms of impact and didn’t make the list in terms of probability. But, it’s on the list, as the report states:

Each month the World Health Organization (WHO) tracks 7,000 new signals of potential outbreaks, generating 300 follow-ups, 30 investigations and 10 full risk assessments. In June 2018 there were — for the first time ever — outbreaks of six of the eight categories of disease in the WHO’s “priority diseases” list. If any had spread widely, it would have had the potential to kill thousands and create major global disruption.

And guess what was included in those eight categories: Middle East respiratory syndrome coronavirus (MERS-CoV) and severe acute respiratory syndrome (SARS).

And if you look at some of the nearest risk types on the risk map, you’ll find:

  • Fiscal crisis
  • Food crisis
  • Unemployment and underemployment
  • Failure of financial mechanism or institution
  • Failure of national governance
  • Critical information infrastructure breakdown

Do these sound familiar? The report also shows how many risks are highly interconnected, and there’s a thread that runs through most of them: supply chains. Supply chain folks’ ears perk up given how often the term “risk” is uttered these days, and unfortunately not in a good light (note the last three risks in the list above). And those supply chains are highly interconnected global flows of goods, humans and machines — and viruses that can jump along for the ride. When the information systems/silos and governing systems/silos fail, that’s when the swan kicks your butt (which is in character for a swan, actually).

When corporations and governments alike don’t learn from the past, then the pain of previous risk events fade, defenses drop, preparedness falters and supply chains lose their protections which is shown well here (courtesy of Resilinc):

(Click image to enlarge)

This situation is why today’s brief focuses on supply risk management, the first of our seven procurement-centric solution categories that we’re covering:

  1. Supply risk management solutions that include supply chain risk, CSR risk, supplier financial risk, etc.
  2. Sourcing and commodity management, including advanced sourcing, direct sourcing, automated supplier discovery, and commodity management to help dynamically plan and source. (See this category’s recommended solutions for direct sourcing here.)
  3. Advanced procurement analytics to enable direct procurement and/or to perform “spend planning” when demand drops out or spikes. (Its profile for this series is here.)
  4. Procure to Pay (P2P) that emphasizes working capital, dynamic discounting, payment control and related finance priorities to help inject cash into the P2P process — especially for many cash-starved suppliers. (This category is discussed in-depth here.)
  5. Fraud, P2P and vendor management safeguards when new suppliers need to be set up quickly, and also when lowlife fraudsters try to use the pandemic as a way to steal money and IP. (Its profile for this series is here.)
  6. Providers with deep contract analytics that can analyze a contract portfolio for affected contracts from suppliers (and customers) for not just force majeure clauses, but other related clauses that tie to the multiple risks popping up at once in the pandemic.
  7. Contingent Workforce and Services solutions that are able to, at a minimum, help rapidly ramp up on-demand workers to deal with massive resource shortfalls. We are looking at four categories of solutions: for sourcing remote/online work; solutions for sourcing and managing mobile-first contract workers anywhere you need them; solutions to “direct source” and manage contract workers; and solutions for data management and analytics.

Broader supply chain issues and solutions are also clearly in play, especially related to inventory visibility, inventory positioning, demand forecasting, capacity planning, logistics planning/execution, distribution/allocations, global trade management, product design, the internet of things (IoT) and so on.

But, even though the initial seven use-case categories and solutions are only addressing a subset of the issues, the ability to respond intelligently in the short term can also help set organizations up for the future as we get back up and running.

In this installment of our Coronavirus Response series, Spend Matters will explore supply risk management, which includes supplier risk management, but also the broader area of supply chain risk management (SCRM) that seeks to keep critical supply lines flowing. In the case of COVID-19, these supply lines include the critical components/materials (and supporting manufacturing and logistics networks) that:

  • get assembled into the ventilators that keep sick patients alive while this viral plague sweeps through
  • are used to manufacture the personal protective equipment (PPE) that critical health care workers need to protect themselves
  • support the pharmaceutical and medical device/supplies supply chains that create the products that diagnose and treat the disease with therapies and vaccines — as soon as possible!
  • build “pop-up” hospitals and everything in them needed to treat patients, who could flood in and overwhelm healthcare workers

Broader supply risk management also includes:

  • Understanding demand-side risk when demand falls off the table when 80% of populations are sheltering in place in the short term. The demand (or lack thereof) also ripples up the supply networks and service networks — especially to smaller suppliers.
  • Considering the supply risk of contingent workers who will be critical “flex capacity” to support the physical supply chains of foods, medicines, equipment, etc. We’re covering this more here and here).
  • Financial risk that occurs when suppliers, especially smaller one with thinner margins, are starved for cash as liquidity slows in a risk-averse market of cash-strapped buyers and cautious financial-services lenders.

Specialized supply risk management solutions and services providers can support the above requirements and help to answer a range of questions, such as:

  • What countries does my company do business in with suppliers at the tier one level? Tier two? Tier three? Which of these should I prioritize as truly critical?
  • Which suppliers are affected by COVID-19 within these regions? How badly are they affected? How can we find out quickly?
  • What are my products and revenues that will be affected? And what should I do about it? Do I have playbooks defined, and if so, how do I execute (and if not, how do I create them when this horror show has died down)?
  • How is my logistics network affected directly by COVID-19 (e.g., port/warehouse slowdowns and strikes) and how is it impacting my freight? What transportation lanes are impacted to see if my freight is impacted? Can delays or other risk factors be expected further down the inbound supply chain before it reaches my facilities? For example, West Coast ports were starving for container ship capacity because so many ships are idled in China in quarantine conditions. Now, as air freight capacity is impacted by massively reduced passenger flight volumes (and respective cargo capacity lying underneath), what are my expedited freight options?
  • Is there anything I can do if suppliers are individually high-risk? Will they be financially threatened because of COVID-19? How can I get visibility into their financial health, especially if they’re privately held?
  • Which of my affected suppliers are potentially unsustainable in their supply risk practices rather than just their traditional CSR practices?

For the supply chain risk management (SCRM) scenarios and questions listed above, we’ll discuss the best-known specialists in the area: Riskmethods and Resilinc. But we’ll also touch on Resilience360, which has unique capabilities within the broader supply network vis a vis the logistics network. Sourcemap also has some supply network visualization and risk modeling/monitoring capabilities, but hasn’t been drawn into the healthcare supply chains like the others (although the CPG supply chain has also been affected — as any toilet paper shopper has discovered!). Elementum doesn’t have its own native SCRM solution (it partners with Resilinc), but it does offer a command center solution that it is now providing as a freemium “virtual war room” offering.

These specialized providers don’t have to be your only choice however. For example, we’ll cover what Sievo (a broader procurement analytics provider with roots in spend analytics) is doing with an evolving “mash-up” solution that provides a view into spending, the supply network, risk overlays, etc. Simfoni similarly has a COVID-19 risk assessment dashboard solution that it is offering for free. We’re not sure how long it’ll allow free usage, but the website page for the offering has a slick little Power BI dashboard that you can interact with that gives a flavor of its capabilities.

In terms of supplier risk management, we will cover this as we expand our coverage to broader supplier management later (and supplier/third-party management is clearly a foundational process to any procurement organization), but the one aspect that we will initiate coverage on now is supplier financial risk management. Although the credit bureaus and traditional supplier risk evaluators / content providers like D&B offer some insights into supplier financial risk that we’ll add to our coverage later, we’ll touch on two providers, Rapid Ratings and Credit Risk Monitor, who can help assess supplier financial health for critical suppliers. LexisNexis offers broader supplier risk management capabilities, but you can check out its free COVID-19 coverage from a legal perspective over at Law360.

As a side note, there are requirements here for performing the sourcing and commodity management activities required to rapidly identify new sources of supply, conducting complex sourcing events for materials, parts and components (which may be tied to broader bills of material), qualifying suppliers based on targeted requirements (e.g., for a specific line), and managing and tracking suppliers based on custom scorecarding. We cover this area (No. 2 of our list above) here, and we also explore the demand-side volatility scenarios/analytics here (No. 3 from the list above).

Let’s jump into how supply risk management can help.

Through April 2020, a special PRO Expert Survival Pack is available to procurement practitioners only* at up to 50% off — Learn more

CORONAVIRUS RESPONSE: riskmethods — our first line of COVID-19 supply risk defense

In response to the coronavirus outbreak, this Spend Matters PRO series examines selected technology providers that procurement, finance and supply chain organizations should explore to reduce and mitigate COVID-19 supply risk — and to recover faster on the upswing. The introduction to this series grouped the technology providers that we will cover into five specialty areas, with one vendor shown as an example:

* Supply risk management (e.g., riskmethods)
* Sourcing and commodity management, including advanced sourcing, direct sourcing and commodity management to help dynamically plan and source (e.g., Jaggaer)
* Advanced procurement analytics to enable direct procurement and/or to perform “spend planning” when demand drops out or spikes (e.g., Sievo. See the series profile of Sievo here.)
* P2P that emphasizes working capital, dynamic discounting, payment control and related finance priorities (e.g., Basware)
* Fraud, P2P and Vendor Management Safeguards (e.g., APEX Analytix)

Today, we profile the first essential COVID-19 procurement technology vendor: riskmethods.

Riskmethods is a fit-for-purpose, real-time global event monitoring solution that can be “loosely coupled” from an integration perspective, allowing rapid deployment. It showcases the ability to analyze COVID-19 event impact, identify mitigation approaches, define plans and enable the ongoing monitoring of countries, regions, suppliers and facilities — among other capabilities.

Let’s dive in.

Through March 2020, a special PRO Expert Survival Pack is available to procurement practitioners only* at up to 50% off - Learn more

Riskmethods: Vendor Analysis (Part 3) – Competitive and Summary Analysis


There is no single market segment for supply chain and supplier risk management solutions. Both the sector (providers) and use cases (for practitioners) are varied based on approach, specialty, industry requirements, capabilities, embedded market intelligence and roles. riskmethods is a provider that combines elements of application (cloud-based) supply chain visibility and supplier risk monitoring, planning and remediation software. It then adds aggregated information sources, both machine (AI) and human-based analysis and intelligence to mine and prioritize “events” and an evolving network-based connectivity/visibility model to further connectedness and value for different tiers of participants. But what is riskmethods? Is it software like SAP? Is it a data service like D&B? Is it a network like Ariba? It’s something much different, in fact, where the sum of the parts can add up to much more than the individual contributing elements. This final installment of our multipart Spend Matters PRO Vendor Snapshot series covering riskmethods offers a competitive analysis and comparison with other procurement technology providers (suite and otherwise). It also includes a user selection guide, user interface and user experience (UI/UX) analysis and summary evaluation and selection considerations. Part 1 and Part 2 of this PRO research series provide a company and deep-dive solution overview, a SWOT analysis, product strengths and weaknesses and a recommended fit analysis for what types of organizations should consider riskmethods.

Riskmethods: Vendor Analysis (Part 2) — Product Strengths and Weaknesses


riskmethods is particularly strong at supply chain threat assessment (and includes capabilities designed to minimize false positives and avoid false negatives) and the provider has increasingly been building out capabilities to help organizations assess impact and take action to mitigate and manage risk elements in manufacturing supply chains. Procurement organizations have been the primary customers of the solution to date. Secondary users include operations/supply chain, corporate social responsibility (CSR) and insurance departments within organizations. Customers using riskmethods can start benefiting from the solution within days of signing an agreement with the provider (although it becomes increasingly more valuable the more users interact with it and configure/upload more granular information). This Spend Matters PRO vendor snapshot explores riskmethods’ strengths and weaknesses in supply chain risk management area, providing facts and expert analysis to help procurement organizations decide if they should shortlist the vendor as a potential provider. Part 1 of our analysis contained a company and detailed solution overview and a SWOT analysis, as well as a summary recommended fit suggestion for what types of organizations should consider riskmethods. The remaining parts of this multipart series will offer a user selection guide, user interface (UI/UX) analysis, competitive alternatives and evaluation and selection considerations.

Riskmethods: Vendor Analysis (Part 1) — Background and Solution Overview


riskmethods, which Spend Matters estimates is the fastest-growing supply chain risk management provider based on customer acquisition and year-over-year percentage revenue growth as of Q3 2016, is more than just a cloud-based provider of supply chain risk management software. It is a new type of supply chain intelligence utility. riskmethods combines risk management application functionality (i.e., management of risk types, monitoring, recovery workflows, etc.), a graphical cockpit, aggregated/curated market intelligence, machine learning algorithms (e.g., to reduce occurrences of false positives), human flagging/reviews/scoring, and guidance/recommendations. It is sort of the equivalent of a Bloomberg terminal for managing a risk portfolio in the supply chain – as opposed to managing a stock portfolio in the financial markets. Until recently, riskmethods was focused entirely on European sales, but earlier this year, it expanded into North America, and as of Q3 2016, riskmethods told Spend Matters the region represented over 20% of overall revenue less than four months from launch (which for a company with a subscription revenue model is all the more impressive). While the provider is still too small to have a solution that is “going viral,” given its limited sales and marketing footprint to date, its growth gives it a unique position in the market. This Spend Matters PRO Vendor Snapshot explores riskmethods and its methodologies, processes, technology and intelligence to support supply chain risk management, including strengths and weaknesses in the market, providing facts and expert analysis to help procurement organizations decide if they should shortlist the vendor. Part 1 of our analysis provides a company and detailed solution overview and a SWOT analysis, as well as a summary recommended fit suggestion for what types of organizations should consider riskmethods. The remaining parts of this multipart series will offer a user selection guide, user interface (UI/UX) analysis, competitive alternatives and evaluation and selection considerations.