Daily Archives: March 27, 2024

The Supply Chain is Full of Hidden Risks

A recent article in the Supply Chain Management Review by Avetta provided Insights for Procurement Leaders on tackling hidden risks in the supply chain. As per the article, supply chains are full of:

  • Geographic Vulnerabilities
  • Cybersecurity Threats
  • Ethical and Compliance Issues
  • Financial Instability
  • Environmental Recklessness

… and all of this poses a major risk to your supply chain. Avetta‘s baker’s dozen of recommendations are to:

  • conduct due diligence on all level of suppliers
  • identify alternate sources
  • monitor geographical developments
  • prioritize cybersecurity measures
  • conduct regular risk assessments
  • foster a culture of cyber awareness
  • establish clear codes of conduct
  • regularly audit supply chain partners
  • prioritize transparency and accountability
  • rigourous financial due diligence
  • monitor key financial indicators
  • prioritize sustainability initiatives
  • establish robust contingency plans

And these are all good, but most of the risk results from one thing:

  • lack of timely, accurate data on
    • the physical supply chain (people, plants, product, vehicles, etc.)
    • the financial supply chain (the financial state of suppliers, contractors, employees, etc.)
    • the information supply chain (completeness, accuracy, security, etc.)

This says that if you really want to tackle the hidden risks, you need to start with the following as you can’t tackle anything you can’t identify:

  • supply chain visibility — map every entity in your supply chain
  • external risk monitoring — whenever a geographical, political, environmental, or cyber disruption happens anywhere, and is reported, you need to detect that, identify all entities that may be affected, confirm which entities in your supply chain are affected, and take an appropriate mitigating action
  • cyber network monitoring — you need to monitor your entire network, every server, every client (desktop, laptop, tablet, AND cell phone), every router, every API end point, and every wire … your weakest link is your effective security
  • cross-system and account financial monitoring — money disappears when there are holes for it to fall into; holes exist when you have disconnected P-Card, e-Procurement, and AP systems, especially across divisions and you aren’t correlating balances between transfers, bank accounts, and investments on at least a daily basis
  • activity monitoring — all waste, loss, and fraud is the result of a bad actor, whether or not the bad acting was intentional (hint: if the loss is significant, it usually is intentional; incompetence often only results in minor loss); but you can’t monitor everyone, even if you wholly operate in a jurisdiction where doing so is legal; but, when everything is digitized, you can monitor every action, whether or not is in accordance with policy, flag everything that isn’t, and escalate any actions that are against policy that should be investigated

As you detect issues and disruptions, you can start with standard mitigation actions, and as you identify patterns of commonality, you can identify additional contingency plans, which you should already have for every product or service that is critical to your operation.

Note that Sourcing Innovation has published a list of 55+ Supply Chain Risk Vendors that already have solutions that do a lot of this monitoring. There’s no excuse for your organization not to have at least an 80% solution in place today.