Risk…it’s a four-letter word. And while it is not as offensive as others, it can have a far worse and much longer-lasting impact on an organization. What is most challenging though is that it can come in many forms, making risk mitigation difficult at best and financially devastating at worst. Geopolitical risk, third party vendors, hackers, terrorists, natural disasters, poorly or inadequately trained staff and other circumstances make the global supply chain vulnerable to disruption, costing businesses millions of dollars annually. This is never so apparent as it is after tragedy strikes an area. Consider Hurricane Florence or the Northern California “Camp Fire”— the damage from these devastating events will be long lasting to the communities they impacted and the businesses that supported them.
According to Resilinc’s Eventwatch report, nearly 2,000 supply chain events took place in 2017, representing a 30 percent increase over 2016. Put in context, this translates to roughly five events per day with approximately 25 percent of them requiring an impact notification. Four of the five most significant 2017 supply chain events (in terms of number of supplier sites impacted, number of parts impacted and average time to recovery) were from extreme weather conditions and include late winter storms in the northeast as well as Hurricanes Harvey, Irma and Maria. More than a year later, Caribbean islands like Puerto Rico and the U.S. Virgin Islands are still trying to recover and will likely see years pass before their economies rebound.
Yet storms like those mentioned above—despite receiving more media attention—are only a part of the equation. With so many avenues for entry, managing risk has become everyone’s job, and the sourcing organization is front and center as their direct relationship with third parties increasingly puts them in the driver’s seat. In order to be proactive and prepared, smart sourcing leaders will scenario plan not only for the “big” events, but also for those that may be lower impact, yet occur with more frequency. Data breaches provide a good example.
Like major storms and extreme weather events, data breaches are an inevitable part of doing business. And many make headline news. Between 2014 and 2016, Yahoo had several colossal breaches that (they ultimately reported) impacted all 3 billion of its records. More recently, Under Armour and Equifax reported breaches of individual data that impacted upwards of 145 million accounts each.
In fact, more than half of businesses experienced a third party data breach in 2017 according to a study conducted by the Poneman Institute and Opus. These breaches cost U.S. companies an average of $7,350,000 in fines, remediation costs and lost business. And while the impact from a data breach may not necessarily be as high as that caused by a major storm, the likelihood that any given company will experience a threat of this type is far greater.
So what can you do?
We don’t know what we don’t know, so it would be impossible to ever feel 100% prepared…but these three things can help sourcing professionals proactively address risk.
- Consistency. With possibly tens of thousands of vendors operating throughout your organization, sourcing professionals need to take a deliberate approach to manage third parties. This includes a consistent strategy, message and framework. A supplier information management portal, for example, can be a “central source of truth” for third party relationships and provide all stakeholders with critical information.
- Control. According to a whitepaper by The Hackett Group, many organizations struggle with creating a formal risk management system because they lack the resources and/or executive mandate to do so. But sourcing professionals with a systematic approach—who tightly control the spend and activities for their business units—can, at a minimum, reduce the impact that supply chain risk events have on their organizations.
- Insight. More universally, sourcing professionals must stay abreast of the world at large and in particular, how things like changing regulations or new technologies will influence their roles. Consider the General Data Protection Regulation (GDPR) or blockchain technologies. While the impact on procurement may not seem obvious at first glance, dig a little deeper. We’ve worked hard to make sure that the office of the cPO becomes known as the office of the CPO. Sourcing professionals who present themselves as forward-thinking experts and leaders will gain more respect from the other parts of the organization with whom they interact on a daily basis.
The bottom line is that every business is subject to being compromised and the damage can be devastating, so be proactive and take control of those things that you can influence.
Sarah Holliman is the Chief Marketing Officer at SIG and has more than 20 years of experience in the sourcing industry. Prior to joining SIG's leadership team, Sarah was with A.T. Kearney, leading the marketing efforts for the A.T. Kearney Procurement & Analytic Solutions unit. She also spent five years at A.T. Kearney consulting primarily to financial services companies on topics that ranged from strategic planning to procurement cost reduction to back-office operations. Before joining A.T. Kearney, Sarah was in business development at one of the largest commercial banks in the country.
Sarah has held numerous leadership positions on non-profit boards promoting children, women and educational issues, and has specific expertise in membership development, fundraising and strategic development. She currently serves on Furman University's Alumni Advisory Board and the East Bay Agency for Children Auxiliary Board. Sarah has a BA from Furman University and an MBA from the Anderson School at UCLA.