While the COVID-19 pandemic is far from over, enterprises are looking beyond the current crisis with the hope of pandemic-proofing their supply chains and operations to build resiliency. But that view is too limited to build true resiliency. The next global business disruption crisis might be a pandemic, but it might also be something entirely different or so novel it's never been considered. Today's resilient enterprises need to embrace a mindset shift to view risk through a much wider lens. Those on the leading edge will embed this new risk mindset across all business functions, including sourcing and procurement.
The Need for Real-Time Risk Intelligence
In today's rapidly changing business environment, resilient enterprises require real-time intelligence. Point-in-time data is merely inadequate. Take, for example, the current COVID crisis. Relying on stale data from last year, last quarter or even last month is virtually worthless or even counterproductive when making sourcing or risk mitigation decisions today. The situation is evolving too quickly. Today's world simply moves too fast to make effective decisions based on stale point-in-time data.
Traditionally, sourcing and procurement have been forced to rely on point-in-time data for decision making during the entire sourcing lifecycle. Every step from identifying the possible universe of suppliers, through narrowing down the alternatives, due diligence, supplier selection, contracting, onboarding and ongoing governance, could benefit significantly from real-time intelligence.
Enterprises must recognize that in order to be reliable, intelligence needs to be not just real-time but also independent. Relying on data provided by the supplier or even an external source with questionable independence does not support resilient decision making.
Independent, real-time intelligence enables a comparison of a supplier’s current capabilities and limitations. It enables sourcing and procurement to understand the current state of a supplier's inherent risk profile. Areas that need to be addressed during the contract process or as part of the service level agreements, will be uncovered with real-time intelligence.
COVID has made clear that the degree to which a supplier is able to manage risk has clear benefits for an enterprise's supply chain and continuity of operations. A supplier's risk management capabilities should be a selection criterion that is considered during the due diligence and selection process. Real-time risk intelligence enables comparison of this competitive differentiator across suppliers.
Looking Beyond Financial and Cyber
The supplier selection process traditionally has been very limited to considering only financial and cyber risks. Our current and future risk landscape requires looking at a much broader view of risk. Sourcing and procurement should consider a supplier's ability to manage all risks of disruption not only from financial vulnerabilities and cyber susceptibility. COVID has highlighted many supplier vulnerabilities including people risks from absenteeism and attrition; client risks due to lost revenue; solutions maturity risks due to underfunding as a result of financial pressures; governance, regulatory and compliance risks due to changes in government regulations and possible legal action; and a myriad of location-based risks.
The vast majority of supplier due diligence fails to consider how the external environment could affect the supplier's ability to meet contractual obligations. According to the 2020 World Economic Forum Global Risks Report, in terms of likelihood and impact, leaders should be concerned with disruptions due to natural and environmental disasters, extreme weather, climate action failure, global governance failure, information infrastructure breakdown and as well as disease outbreaks. These location-based risks represent a significant part of an enterprise's risk landscape.
Take, for example, a technology services supplier located in Guadalajara, Mexico. In the past, due diligence would most likely include a review of their financial statements and cyber susceptibility, but an actual risk evaluation needs to include the risks that occur in the location from where the services will be provided. The service provider in Guadalajara would be vulnerable to different risks of disruption than a similarly qualified supplier in Bangalore, India, due to location-based risks. A comprehensive due diligence risk framework should include political, natural disaster, extreme weather, epidemic, legal, financial, scalability, macro-economic, infrastructure, business and quality of life risks.
To illustrate the importance of location intelligence, let's look at our current COVID-19 crisis. As with all disease epidemics, it started as a location-based risk. In this case, in Wuhan, China, before it spread from location to location around the world. The effects of this pandemic have varied widely in different areas due to local infection rates, local healthcare infrastructure, local government policies and restrictions to control the spread of the pandemic. In this crisis, the facts applicable to a supplier in one location have had little bearing on a similar supplier’s ability to operate in a different location, sometimes even within the same country.
On-Going Proactive Risk Management
It's pretty clear that resiliency in the face of rapidly developing risk scenarios requires real-time risk intelligence. Long gone are the days when not much happens between periodic assessments. Today, events that at first seem insignificant can quickly morph into serious disruption risks before your next assessment is due. The current ever-evolving, rapidly changing risk environment requires continuous monitoring.
As we've experienced during this pandemic, suppliers risk profiles have been consistently in flux as facts, policies and the cascading effects change from day-to-day. It’s critical that suppliers are monitored continuously. Continuously monitoring suppliers across a broad risk framework provides the critically important real-time risk intelligence resilient enterprises need to stay on top of their suppliers changing risk profiles.
As a reaction to COVID-19, enterprises are looking to build resiliency and disruption-proof their supply chains and operations. The problem is no one knows what form the next global business disruption will take, but there is a solution. Enterprises need to integrate a proactive, continuous risk monitoring approach across the entire sourcing lifecycle. Continuously monitoring a broad view of all the supplier and location risks discussed here will provide enterprises with the real-time intelligence and early warning required to ensure resiliency whatever comes next.