Take Control or Risk it All: Urgent Supply Chain Risk Management for SMEs

General Strategy for Proactive Supply Chain Risk Management

Many companies relying mostly on reactive measures today want to improve their supply-chain risk management capabilities – and say they are willing to invest more time and resources to do so. Before diving deeper into specific strategies for dealing with different types of supply chain risks, let us first split the general approach into three phases and discuss different methods for each of these.

1. Ensure visibility, identify critical materials and Assess Risks

The first step in proactive supply chain risk management is, obviously, to identify and assess potential risks. This involves mapping out the entire supply chain, from raw material suppliers to end customers, and identifying all points of vulnerability. But for this, you need to ensure the right visibility. If not yet done, put in place the tools and the processes that will ensure that a disruption gets noticed as soon as possible. Vertically integrated ERP is commonplace, but now even AI-supported alert systems, which keep an eye on your upstream supply chain around-the-clock, are within everyone’s reach. To assess risks effectively, SMEs should:

1. Conduct a Risk Audit: Regularly review and update the risk register, ensuring all potential risks are documented. Get clear on what your critical materials An external pair of eyes can be crucial in uncovering risks that are difficult to recognize from an internal perspective.
2. Evaluate Impact and Likelihood: Assess the potential impact and likelihood of each risk to prioritize mitigation efforts. This can be done using risk matrices (FMEA/FMECA) and probability-impact graphs (heat maps) to visualize and rank the risks.
3. Use Scenario Planning: Develop and analyze different scenarios to understand potential impacts. This helps in visualizing the worst-case scenarios and preparing accordingly.

2. Develop Risk Mitigation Strategies and Build Resilience

Once critical materials and risks have been identified and assessed, we need to develop mitigation strategies. This can involve diversifying suppliers, increasing inventory levels, investing in technology, (partially) relocating production capacity, and improving communication and collaboration with suppliers and partners. For SMEs, it is crucial to tailor these strategies to their specific size and resources. Key mitigation strategies include:

1. Supplier Diversification: Avoid relying on a single supplier for critical components. Identify and qualify multiple suppliers to reduce dependency. Rigorous vetting processes ensure new suppliers meet quality and reliability standards. Regularly evaluate supplier performance and establish long-term relationships with multiple sources.
2. Geographical Diversification: Source materials and products from different geographical locations to reduce exposure to regional disasters. Identify and establish relationships with suppliers in various regions to spread the risk. Evaluate the political, economic, and environmental stability of these regions to ensure balanced diversification.
3. Inventory Buffering: Maintain safety stock of critical materials to cushion against supply disruptions. Calculate the optimal inventory levels that balance the costs of holding extra stock with the benefits of having a buffer against disruptions. Regularly review and adjust inventory levels based on changes in demand and supply chain conditions.
4. Technology Investments: Use technology to gain real-time visibility into the supply chain and enhance decision-making. Implement systems like ERP (Enterprise Resource Planning) and SCM (Supply Chain Management) software to monitor and manage activities. Additionally, investing in predictive analytics can help anticipate and mitigate risks before they materialize.
5. Production Capacity Diversification: Consider establishing additional production capacity in alternate locations or relocating part of your current capacity to regions with a lower risk profile. This can help mitigate the impact of natural disasters, political instability, or supply chain disruptions in your primary location. By distributing production across multiple regions, businesses can ensure continued operations even in the face of localized risks, enhancing overall resilience. Note: If your company already operates multiple production sites for different products, explore the feasibility of cross-training and tooling each location to be capable of taking over production from the others in case of emergency. This strategy, used by some larger corporations, allows for greater operational flexibility and can significantly reduce the downtime and impact of a disruption at one site.
6. Supplier Collaboration: Build strong relationships with suppliers to improve reliability and response times during disruptions. This can include joint risk management planning, regular communication, and shared contingency plans. Establishing trust and transparency with suppliers can lead to more effective collaboration during crises.

3. Implement and Monitor

Implementing risk mitigation strategies is only part of the process. Continuous monitoring and adjustment are crucial to ensuring the effectiveness of these strategies. This is especially important for SMEs, where resources are limited and the ability to adapt quickly can be a significant competitive advantage.

Steps to ensure successful implementation include:

1. Set Clear KPIs: Define key performance indicators (KPIs) to measure the effectiveness of risk management strategies. These KPIs should be specific, measurable, achievable, relevant, and time-bound (SMART).
2. Regular Reviews: Conduct regular reviews and audits to ensure strategies are working as intended. This includes quarterly risk assessments and annual comprehensive reviews to adjust to new risks and changing conditions.
3. Continuous Improvement: Be prepared to adjust strategies based on new information and changing circumstances. External risks never stop evolving, and new risks arise today that did not exist yesterday. Stay agile and open to adopting new methods and technologies.
4. Organizational Support: Establish a clear organizational approach for managing risks. This could involve appointing a Head of Risk, creating a Risk Management department, or making each department responsible for their own risk management, with central coordination by the CEO. Clear communication of the approach ensures everyone understands their role in risk management.

Proactive Approaches for Different Types of Supply Chain Risks

All risks are not created equal, and they cannot be mitigated in the same way. This small matrix plots different risk types according to their potential impact and their predictability:

Impact / predictability matrix

Risks with low-predictability risks will need to be dealt with in a more reactive way, while risks that are easier to foresee can be prepared for in a more proactive way.

Our Risk Management Strategy, however, needs to be proactive for all types of risk. We need to proactively and strategically build our supply chain resilience, in order to be able to react fast or to absorb, to be agile and flexible in our sourcing and production choices.

1. Natural Disasters

Wildfires, floods, hurricanes/tornados, volcanic eruptions, earthquakes and even tsunamis : natural disasters can cause significant disruptions to supply chains all over the world.

Extreme weather events are the top risk facing supply chains in 2024, according to an annual outlook report from Everstream Analytics.

Proactive strategies to mitigate these risks, focusing on building resilience, involve:

• Geographical Diversification: Where possible, source the most critical materials and products from different geographical locations to reduce exposure to regional disasters. This approach helps spread the risk across multiple areas, reducing the impact of any single event. As an added benefit, for some commodity materials, this approach can help you continuously shift volumes to optimize cost, based on regional price fluctuations.
• Inventory buffering is particularly useful for gaining time during temporary delays. Evaluate materials based on potential delay time to calculate their ideal buffer, and then assess the associated costs. This allows you to make informed decisions about the cost-risk trade-off for each material.
• Develop comprehensive Disaster Recovery Plans that include alternative sourcing options and logistics arrangements. Conduct regular drills to ensure preparedness and identify potential gaps in the plan.
• Collaborate with experts in disaster risk management, to create robust contingency plans. These experts can provide insights into best practices and help tailor plans to your specific risks and requirements.

2. Transportation Risks

Transportation disruptions can occur due to various factors such as carrier insolvency or logistical bottlenecks, but also accidents or weather-related shipping delays.

Proactive strategies that build your capability to react fast, include:

• Carrier Diversification: Use multiple carriers to reduce dependency on any single transportation provider. Evaluate and establish relationships with different logistics providers to ensure flexibility.
• Implement real-time tracking systems to monitor shipments and quickly respond to delays. This provides visibility into the supply chain and allows for proactive management of disruptions.
• Develop flexible logistics plans that can adapt to changing conditions and disruptions. This includes having backup routes and alternative transportation options.
• Partner with logistics experts to optimize transportation routes and contingency plans.
• Other potential partners are companies that offer real-time monitoring or continuous routing optimization tools.

3. Supplier Risks

Supplier-related risks can stem from various factors such as financial instability, social unrest or strikes, accidents/fires, quality issues, or capacity constraints.

Proactive approaches to manage supplier risks include:

• Regularly audit suppliers to ensure they meet quality and performance standards. This involves onsite inspections, reviewing financial statements, and assessing their risk management practices.
• Monitor the financial health of key suppliers to anticipate and mitigate potential disruptions. Use credit reports, financial statements, and industry analysis to stay informed about suppliers’ financial stability.
• Contractual Safeguards: Include clauses in contracts that outline penalties for non-compliance and ensure clear communication of expectations. Contracts should also have contingency clauses that allow for flexible adjustments from your side in case of unforeseen disruptions.
• Identify and maintain relationships with backup suppliers to quickly switch in case of disruption. Regularly engage with these backup suppliers to ensure they are ready to step in when needed.

4. Cybersecurity Risks

With the increasing reliance on digital systems, cybersecurity risks have become a major concern decades ago, but especially ransomware attacks are increasingly frequent.

Source: Statista

Supply chain cyber-attacks have quadrupled in number since 2020, but the attacks are also increasing in size and severity. The landscape of protection products is huge and can be confusing with many different but overlapping solutions. Proactive safe-guarding approaches to manage cybersecurity risks include:

• Conduct regular audits of IT systems to identify and address vulnerabilities. It is advisable to use third-party experts to perform penetration testing and vulnerability assessments.
• Employee Training: 75% of hacks start with an email. Train employees on cybersecurity best practices to stop phishing attacks and prevent data breaches. Implement and regularly repeat training sessions and simulated attacks to keep awareness high. Many standardized e-trainings exist.
• Develop and test Incident Response Plans to quickly address cyber threats. Ensure that roles and responsibilities are clear and that response teams are well-coordinated.
• Ensure a solid back-up strategy is in place, including best practices like the “3-2-1” rule.
• Based on the audits, expert advice and chosen strategy, invest in advanced cybersecurity technologies to protect against evolving threats. This includes firewalls, intrusion detection systems, and encryption technologies.

5. Geopolitical Risks

Political instability and wars, trade disputes, and regulatory changes can disrupt supply chains. To manage these risks, SMEs should adopt a ‘monitor and prepare to react’ approach:

• Stay Informed: Keep abreast of geopolitical developments that could impact the supply chain. Regularly review reports from government agencies and industry groups.
• Diversify Markets: Reduce reliance on suppliers and markets in politically unstable regions. This may involve exploring new markets and diversifying customer bases to spread risk.
• Consult with legal experts to navigate regulatory changes and trade compliance. Ensure contracts and operations are adaptable to changing laws and regulations.
• Negotiate flexible contracts that allow for adjustments based on geopolitical shifts. This includes clauses for price adjustments, delivery terms, and other contingencies.

Business Continuity Planning

Business Continuity Planning (BCP) is a critical aspect of proactive supply chain risk management. It is an overall framework for creating the Plan that ensures that essential business functions can continue during and after a disruption. For SMEs, BCP should include:

1. Risk Assessment: Identify potential disruptions and their impact on business operations. This includes evaluating the likelihood and severity of different types of disruptions.
2. Critical Functions: Determine which business functions are critical and need to be prioritized during a disruption. Identify the required processes, resources, and personnel to maintain these.
3. Recovery Strategies: Develop strategies to recover critical functions, such as alternative suppliers, backup facilities, and emergency staffing plans. This includes establishing agreements with alternative suppliers and ensuring that backup facilities are ready to be activated.
4. Communication Plan: Create a communication plan to keep employees, customers, and stakeholders informed during a disruption. Ensure that communication channels are established and that key contacts are identified.
5. Regular Testing: Regularly test and update the BCP to ensure its effectiveness and address any gaps. Conduct drills and simulations to evaluate the plan’s readiness and make necessary adjustments.

Applying the framework of a BCP helps organisations to approach Risk Management like a project, and at the same time facilitates the creation of this detailed roadmap, or “Business Continuity Plan” which can be easily communicated, regularly updated, and activated when risks materialise.

Getting Started with Proactive Supply Chain Risk Management

1. Assemble a Cross-Functional Team

Build a team with representatives from critical departments like procurement, operations, finance, logistics, and IT. This team is crucial in developing and executing your risk management strategy. Ensure that they have the resources and expertise needed. Consider adding an external risk expert if internal knowledge gaps exist, or as facilitator/coordinator.

2. Develop a Risk Management Plan

The risk management plan is a structured roadmap that will guide the identification, mitigation, and monitoring of risks. It should cover:

1.       Identify Risks (Building a Risk Register)

• Departmental Input: Organize sessions with each function (procurement, operations, finance, etc.) to identify risks specific to their areas. What threats do they see in suppliers, transportation, production, or technology?
• Brainstorming & Workshops: Conduct cross-functional brainstorming sessions. Using structured techniques like SWOT analysis (Strengths, Weaknesses, Opportunities, Threats) can help cover more ground.
• Scenario Planning: Imagine worst-case scenarios, such as a critical supplier going out of business or a natural disaster. What would be the impact on your operations?

2.       Once the risks are identified, evaluate their likelihood and potential impact:

• Scoring: Each risk should be scored based on its likelihood and potential impact on the business (e.g., financial loss, supply chain disruption, reputational damage). Use a simple scale (e.g., low, medium, high) or more sophisticated tools like quantitative risk models.
• FMEA/FMECA (Failure Modes and Effects Analysis / Failure Modes, Effects, and Criticality Analysis): Use these frameworks to assess the severity, occurrence, and detectability of each risk. This will give you a risk score for prioritization.

For each identified risk, particularly those assessed as Critical or High Risk, the next step is to develop mitigation plans.

3.       Explore Mitigation Options:

• Identify your options. For example, use the approaches listed in the “Proactive Approaches” chapter above to get you started, or define your own depending on your specific situation.

4.       Evaluate Feasibility and Cost:

• Assess Business Capabilities: Weigh the feasibility of each mitigation option within the context of your business resources, budget, and capacity. For instance, while dual sourcing might mitigate supplier risks, it may also increase costs.
• Cost-Benefit Analysis: Calculate potential savings or avoided costs against the expense of each strategy. Choose solutions that offer the best return on investment in both the short and long term.

5.       Assess Feasibility and Choose Best Options:

• Feasibility and Cost: Weigh each mitigation based on your business’s resources, capacity, and budget.
• Selection: Choose one or more feasible options for each critical risk. Prioritize mitigations that offer the best return in terms of risk reduction and business continuity.

6.       Implementation Timeline:

• Plan a phased rollout based on your team’s capacity and the urgency of each risk. Some actions (e.g., securing alternate suppliers) may take time, while others (e.g., adjusting inventory) can happen faster.

3. Secure Top Management Communication and Support

Ensure that top management clearly communicates their support and the importance of proactive supply chain risk management. This involves:

• Clear Communication of  the potential impact of supply chain disruptions on the business and the benefits of risk management: highlight that the importance of proactive risk management is crucial for the future of the company and, consequently, everyone’s job. Top management should also visibly support and drive risk management efforts. This includes participating in risk management meetings, reviewing progress, and endorsing risk management initiatives.
• Securing the necessary resources, including budget and personnel, to implement risk management strategies. Ensure that the allocation of resources is aligned with the company’s strategic priorities.

4. Implement and Monitor the Plan

Implement the plan and continuously monitor its effectiveness. This involves as a minimum:

• Conducting regular reviews of the risk management plan to ensure it remains relevant and effective. Adjust strategies based on new risks and changing conditions.
• Foster a culture of continuous improvement where lessons learned from past disruptions are used to refine strategies. Encourage feedback from employees and stakeholders to identify areas for improvement.
• External Audits: Engage experts to review the risk management plan and provide independent assessments. Audits can uncover risks that are difficult to recognize from an internal perspective.

Organizational Support

Effective supply chain risk management requires a clear organizational approach. SMEs can choose from different organizational structures to manage risks, for example:

• Decentralized Approach: Make each department responsible for managing its own risks, with central coordination by the CEO. This approach ensures that risk management is integrated into all areas of the business and that there is a clear understanding of responsibilities.
• Head of Risk: Appoint a Head of Risk who is responsible for coordinating risk management across all affected areas. This role also ensures that risk management is integrated into all business processes and that there is clear accountability. For smaller companies, this role can be in combination with other responsibilities.
• Dedicated Risk Management Department: Slightly larger companies could also establish a dedicated department responsible for coordinating risk management efforts across the organization. This department should have clear authority and access to necessary resources.

Budget Considerations

“Obtaining funding for supply chain risk management can be difficult because it’s a cost avoidance, not a cost savings.  However, with the recent events of the pandemic and wars, supply chain risk management is on the minds of executives much more than ever” (Dave Waters).

Investing in supply chain risk management generally involves upfront costs. These can be viewed as similar to taking out insurance. The benefits of mitigating risks and avoiding potential losses far outweigh the costs of these investments. Budget considerations include several cost drivers, mainly:

• Managing More Suppliers: Simplifying one’s supplier base can generate savings. However, for critical materials, the benefits of reduced dependency and increased resilience can be justified. Diversifying suppliers may involve additional costs for managing relationships and qualifying new suppliers. It is about striking the right balance.
• Inventory Buffering: Maintaining higher inventory levels incurs holding costs, depending on the buffer time required. These costs need to be compared with the protection they procure against supply interruptions.
• Risk Management Resources: Allocating resources for risk management personnel, external experts and technologies is essential for effective risk management. Ensure that the budget for these resources is aligned with the company’s strategic priorities.

Conclusion

Proactive supply chain risk management is essential for SMEs to navigate the uncertainties of today’s business environment. By identifying and assessing all the distinct types of risks, developing and implementing mitigation strategies, and continuously monitoring and improving these efforts, SMEs can protect their operations and ensure long-term success.

Investing in risk management may involve upfront costs, but often the benefits of enhanced resilience and continuity far outweigh these expenses.

Engaging with external experts can provide valuable insights and will greatly increase your chances of identifying all your critical risks, as well as ensure that risk management strategies are robust and effective.

Ultimately, it is only a proactive approach to supply chain risk management that will enable SMEs to beat the odds, and steer safely through the situations of adversity that are almost certainly coming our way. Act now, and protect your business from the next disruptions.

Some of the major Supply Chain disruptions for the period 2014-2024

• July-Oct.2024: Unusually active hurricane season in U.S. Gulf Coast with already 5 hurricanes so far: Beryl, Debby, Francine, Helen, Milton, impacting energy and food supply chains.
• Sep. 2024: U.S. East and Gulf Coast dockworkers strike by ~45,000 dockworkers halted operations at major ports, costing $5 billion per day.
• Aug. 2024: Severe heatwaves in Southern China, Chengdu(Sichuan), leading to droughts and hydropower generation cuts, causing factories to shut down, including Toyota and CATL.
• Mar.-Aug. 2024: Red Sea conflict, attacks on ships in the Gulf of Aden, caused soaring ocean freight rates, longer routes to avoid the area, and significant port congestion.
• Mar. 2024: Baltimore Key Bridge Collision, container ship MV Dali struck a pillar of the bridge, disrupting maritime traffic and causing billions in trade losses.
• June 2023: Canadian wildfires, disrupted both air and road transportation across Canada and into the U.S.
• May 2023: Yellow River floods affected production and disrupted logistics in major industrial regions of China.
• Mar. 2023: U.S. rail strike negotiations, delayed freight movement across several states, creating bottlenecks.
• Oct. 2022: Australian floods, slowed agricultural output and export operations, affecting global commodity prices.
• Aug. 2022: Cyberattack on Toyota supplier, forced production shutdowns, halting automotive supply chains.
• Aug. 2022: Pakistan Flooding, devastated infrastructure and logistics, hindering agricultural exports and manufacturing.
• July 2022: Rhine River drought, limited shipping capacity on one of Europe’s most important internal trade routes.
• June 2022: U.S. West Coast port strikes disrupted global trade, with many shippers forced to divert to other ports.
• April 2022: Shanghai COVID-19 Lockdown, major disruptions to manufacturing and shipping from one of the world’s largest logistics hubs.
• Mar. 2022 – … : Russian Invasion of Ukraine, disrupted global energy markets, agricultural exports, and critical raw materials like neon gas and palladium.
• Aug. 2021: Hurricane Ida hitting U.S. Gulf Coast caused widespread damage and disrupted semiconductor production.
• Mar.23-29, 2021: Ever Given Suez Canal Blockage, blocked global trade for 6 days, disrupting $9.6B of goods daily.
• 2021–2022: Port of Los Angeles Congestion, backlog due to container shortages, labor shortages, and increased consumer demand.
• Feb. 2021: Winter Storm Uri in Texas, disrupted energy, petrochemical, and semiconductor supply chains due to extreme cold.
• Dec. 2020: Brexit, new trade barriers, delays, and increased paperwork caused bottlenecks in UK-EU trade.
• Oct. 2020: Hurricane Zeta, caused shipping and port delays in the U.S. Gulf Coast, impacting energy and food supply chains.
• Aug. 2020: Beirut Port Explosion, destroyed the largest Lebanon port, disrupting regional trade and aid supply chains.
• Mar. 2020: COVID-19 Pandemic, global lockdowns, factory closures, and logistics backlogs affecting nearly all sectors.
• Feb. 2020: Canadian Rail Blockades, protests against a pipeline caused rail blockades, disrupting Canada’s supply chains.
• 2019: U.S.-China Trade War, increased tariffs and tensions disrupted global supply chains, particularly in technology and manufacturing.
• Oct. 2019: California Wildfires caused regional disruptions in electricity, transportation, and agriculture.
• Oct. 2019: Hong Kong Protests, disrupted transportation and logistics in and around a key global trade hub.
• Aug. 2019: Typhoon Lekima, affected ports and manufacturing in China, disrupting electronics and textile exports.
• July 2019: Japan-South Korea Trade Dispute, export controls on chemicals needed for semiconductors disrupted tech manufacturing.
• Dec. 2018: Yellow Vest Protests in France, transportation blockades and strikes caused fuel and delivery shortages.
• Aug. 2018: Typhoon Jebi, disrupted Kansai Airport in Japan and impacted the flow of goods through the region.
• Oct. 2017: Hurricane Harvey, major flooding and damage disrupted U.S. oil, gas, and chemical supply chains.
• Sep. 2017: Hurricane Maria, devastated Puerto Rico’s infrastructure, severely affecting pharmaceuticals and medical supplies.
• Aug. 2017: Mexico Earthquake, disrupted logistics and manufacturing in southern Mexico, impacting the car industry.
• Mar. 2016: Hanjin Shipping Bankruptcy, collapse of one of the largest shipping companies stranded goods at sea and disrupted global trade routes.
• Dec. 2015: Paris Climate Agreement created new regulations that impacted global supply chains, especially in heavy industry.
• June 2015: Port of Tianjin Explosions, damaged China’s 10th largest port, disrupting chemical exports and manufacturing supply chains.
• 2014: West Coast U.S. Port Labor Dispute, slowed down cargo processing at major U.S. ports, causing prolonged delays.
• 2014: Ebola Outbreak in West Africa disrupted global supply chains, especially for medical supplies and commodities like cocoa.
• April 2014: Malaysia Airlines Flight MH370 Disappearance, disrupted shipping and air cargo in Southeast Asia.