Bringing Risk Management into the Heart of the Supply Chain
When supply chain executives are asked about the amount of contact they typically have with their chief risk officer, the answer is typically, "Not much."
And they might add that their interaction usually involves providing input into enterprise risk management (ERM) for an update to their board. When asked whether the ERM team plays an active role in helping manage supply chain and procurement risks on a regular basis, usually the answer is "No."
Risk management teams in most organizations are often unable to comprehend the operational aspects of the function whose risks they are supposed to help manage, according to "Road to Ruin: A Study of Major Risk Events," a report by the Association of Insurance and Risk Managers in Industry and Commerce (AIRMIC).
"Many risk managers and internal auditors will feel uncomfortable working in the areas highlighted in this report unless they have been able to gain the skills and experience necessary to question and discuss corporate strategy and senior management's leadership styles in an effective way," the report states. "Furthermore, many of these risk areas are difficult for risk managers and internal auditors to explore, let alone report on."
One regularly witnesses this phenomenon in business. It takes a great program manager to understand the risks of a complex program. It takes a great IT architect to spot the flaws in a system design. It takes a great mathematician to spot errors in the technical aspects of an analytics service. This phenomenon suggests that the best risk managers in any field may be those who themselves have mastered the field.
Yet how often is that the case? How many people charged with overseeing risk for a major product company have truly mastered the many and complex operational aspects of that business? In other words, how many CROs are former CEOs, CFOs, or CPOs?
Not every CRO needs to be a former C-level operations executive — but there would be nothing wrong if they were. And if they are not a former C-suite executive, it is the firm's challenge to help them truly understand the aspects of the operational environment where risks must be understood and managed.
"At least some risk professionals will need to extend their skills so that they are — and feel — competent to identify, analyze, and discuss risks emerging from their organization's ethos, culture and strategy, and their leaders' activities and behavior," the AIRMIC report notes.
In addition to the skills issue, there is also the question of status. Taking on powerful executives and reigning in unwise risk-taking is often challenging for mid-level managers. What better person to play that role than a recently retired chief financial officer or chief procurement officer?
This is not as yet the trend — but it should be. Managing the many and complex day-to-day risks of a global supply chain is a lot to ask of anyone who has a full grasp of areas such as procurement, distribution, and logistics. Asking someone who has never worked in those fields to oversee risk management activities in those areas may be asking too much. This person might be able to suggest common frameworks or governance mechanisms, but they will never become an integral part of the supply chain team — which is precisely what is needed today in most global operations.
In sum, it's time to start bringing risk professionals into the heart of supply chain management —and vice versa. Only in this manner will supply chain risk management evolve from the generally reactive, continuity planning function it is today into a comprehensive, proactive, and integral part of managing every global network.