Risks: Supply Chain Management
Recent times showed an increase in risks to supply chain management. These risks can be categorised into internal and external risk exposures. Examples of internal exposures are fraud and corruption, inadequate supply chain management processes, non-adherence to supply chain management policies and sub-standard systems. External exposures relate mostly to events outside the control of an organisation such as floods, fires, drought, earthquakes, unprotected strikes, corruption involving third parties, cyber threats, and pandemics.
Recent incidents that influenced South Africa more specifically are the Covid-19 pandemic, the KZN floods, the Eastern Cape drought, the failure of Eskom to provide a continuous supply of electricity and the recent unprotected strikes, as well as the strike of truck drivers at Mooi River. These incidents caused serious damage to the supply chain management processes which subsequently also negatively affected the country’s economic status as a whole and the survival of individual organisations. The Covid-19 pandemic also caused an increase in cyber risk on a global basis, affecting many countries and organisations.
It is evident that supply chain management is affected by various operational risks, which include the risk factors such as internal processes, people, systems, and external events. Therefore, it is crucial that organisations must have a risk management framework as a platform to ensure an embedded risk management culture, risk management strategies, risk management structures and risk management processes.
A risk management culture will create an awareness approach to risk management and the risk exposures faced by the supply chain. An integrated approach between strategic management and risk management is crucial to ensure that the strategies are formulated within realistic risk appetite tolerance levels. This should ensure that risk appetite statements can be defined to a degree that will allow organisations to monitor the business strategies and proactively address the risk exposures, which includes the supply chain processes. It is furthermore important to have an effective risk management structure that ensures dedicated staff and committees to manage the risks faced by an organisation and is imperative that all staff are involved in risk management.
Also important is an established risk management process that will ensure the identification and assessments of risk exposures and threats to the organisation and supply chain and to define effective risk control measures that should be monitored on a continuous basis. Two control measures are explicitly important for supply chain management, being business continuity management (BCM) and information security management (ISM). BCM aims to ensure that should an organisation experience a risk incident, that the effect is minimised, and that the organisation can recover and continue with its business within an appropriate timeframe. ISM is similarly important, especially in the latest trends of increasing reliance on information technology and the related cyber risks.
From an operational risk management view, it is evident that countries and organisations should establish and embed a risk management framework to ensure adequate management systems, including the supply chain management systems and processes. As such, it is also important that all organisations should also embark on establishing management principles, included in policies, to ensure the effective management of supply chains.
Prof Jackie Young
22 July 2022