Understanding, Managing and Mitigating Supply Chain Risk

Understanding, Managing and Mitigating Supply Chain Risk

By and | January 26, 2023

Join Alex Studd, Sphera product marketing manager for operational risk management, and Heiko Schwarz, Sphera’s global supply chain risk advisor, as they discuss how companies can better identify, manage and mitigate supply chain risk.


The following transcript was edited for style, length and clarity.

Alex Studd: 

Welcome to the SpheraNOW ESG Podcast, a program focused on safety, sustainability and productivity topics. I’m Alex Studd, one of Sphera’s product marketing managers focused on operational risk management. Today we’re joined again by Heiko Schwarz, global supply chain risk advisor here at Sphera. Heiko is the former CEO and founder of riskmethods, a company that specializes in supply chain risk management, which was acquired by Sphera back in October of 2022. Welcome back to the show, Heiko.

Heiko Schwarz: 

Thanks, Alex. Hi, everybody. 

Alex Studd: 

So Heiko, in this episode, we’re discussing how companies can better understand and respond to supply chain risk. Global pressures, such as the ongoing effects of the COVID-19 pandemic, the war in Ukraine and inflation are all driving companies to create greater resilience and transparency in their supply chains. Of course, these pressures are significant and are tough to manage, but there are solutions and strategies out there that can help companies turn supply chain risk into competitive advantage. Heiko, to get things going, how have the supply chain challenges that I just mentioned affected companies? 


Third Party Risk Management
Everything You Need to Know About Third-Party Risk Management
When you understand the threats posed by suppliers, vendors and other companies, learning to manage third-party risk is as easy as 1-2-3.


Heiko Schwarz: 

Unfortunately, the new normal is having a supply chain crisis ongoing. The events that you highlighted are ones that everybody knows from TV and radio because they’re very popular and they have massive impacts on the global economy. Nonetheless, there are also other ones behind the curtain that are still very critical for manufacturing firms in particular, including shortages of plastic, semiconductors and other materials or finished products that are critical to compile the final product within these industries. As risk events come in rapid succession, supply chain disruption becomes more frequent. 

The consequences of these challenges mean that production goes down. It means that revenue gets lost. It means that market share gets lost. It means that shareholders and other stakeholders around the enterprise are losing their trust in the ability to deliver on time, in quality and in quantity. And that also leads to low customer satisfaction. So, to sum it up, there are huge financial and economic impacts to all these struggles of the supply networks around the globe that we’re experiencing currently and will also experience in the future. 

Alex Studd: 

With all those potential consequences that you just mentioned, Heiko, how has supply chain risk management become more important? 

Heiko Schwarz: 

If I look back, the discipline started back in 2008 after the financial crisis, and its importance has grown since then. More than ever, companies need to stay ahead of risk. Once again, referring to the very big, recent risk events that you mentioned, there are ongoing topics and issues like manmade disasters, including fires or explosions, that will not go away. Health and safety regulations and pressure from regulators are increasing.  

Natural hazards increasing due to global warming will also not go away. They will remain and they will put even more supply chains at stress than today. And that means that enterprises have to switch gears from being reactive and responding to those threats to being more proactive and preventive, to be better prepared for the risk, to have a plan B and to know how to respond or even to avoid that risk, or at least to reduce the impact of those incidents. 

Alex Studd: 

This, of course, reminds me of the German Supply Chain Due Diligence Act that we talked about on the previous episode. I guess my next question for you, Heiko, would be, what can companies do now to cope with these challenges? 

Heiko Schwarz: 

First of all, transparency is required to understand the exposure of the entire supply network. Where is the risk? Where is risk, in an inherent way, already built into my supply network, and where are the exogenous risks that come from external risk factors that influence the exposure of my supply network? Exposure also means what are the consequences if a certain supply chain is disrupted—what is the impact on the enterprise? Will it hit my most important and largest customers? Will it hit a cash cow product, or will it maybe just hit a lame duck? How can I handle a potential disruption with minimal financial or reputational impacts? 

This can be achieved by understanding threat exposure and impact and having an organization in place that oversees mitigation tasks. Mitigation should be understood, once again, as the fastest crisis response possible, meaning reactive, for unpredictable situations. But also, mitigation means, in the sense I use the term, to be prepared to start with preventive actions. This includes influencing either the probability of the risk hitting me, the impact, or for the consequences to be lower and minimized by activities, insurances or whatever is the appropriate medium to fight a threat. And that also means time and money. Enterprises need budgets and smart people to execute these mitigation tasks, which very often come together through collaboration with the suppliers or out of their supply network. 

In order to understand real-time exposure, understand the impact and have a well-orchestrated mitigation strategy in place, technology can be the enabler. The transparency to react fast and become more proactive is only possible through technology that automates the task to capture risk information, to keep it up to date and to provide the insights about the consequences to enable these folks to succeed and master risk at the end of the day. 

Alex Studd: 

Yeah, it’s interesting you’re bringing up being proactive. I remember before we started recording, we were talking about these potentially risky situations such as supplier clusters in geographic areas that are prone to flooding. 

Heiko Schwarz: 

Correct. It is unknown where the next disruption will come from. It might be around the corner. This risk awareness, having plans and the capability to react fast to unpredictable scenarios is going to change the game for organizations and will drive competitive advantage, which is really interesting. I think it’s a very exciting perspective as well. Procurement folks are tasked with supply chain risk management, and traditionally this function has been the negotiating function that squeezes the last penny of savings out of the supply network. 

Now, this function can also prove that they can contribute to the success and the competitive advantage of the enterprise in order to avoid revenue losses, turning risk into a competitive advantage and delivering when the competition is not able to deliver. This allows companies to win market share and to protect their reputation when it comes to human rights or sustainability topics, making sure that their own brand is not damaged because of non-compliance within the supply network. 

Alex Studd: 

There’s a lot that you just mentioned there, Heiko, and there’s a lot to unpack, but what are some other trends within supply chain risk management that our listeners should be aware of? 

Heiko Schwarz: 

Over the years, the market has switched gears and is looking for approaches and methodologies and technologies that enable organizations to switch from reactive to preventive behavior and capabilities. In the past, you have been waiting until the risk materialized, and competitive advantage even then was driven by reacting faster than others.  

Now, since technology came up and provides capabilities to enterprises to better understand trends and patterns in order to be prepared for the next risk event, only being reactive is no longer driving competitive edge. You have to be ahead of the risk to anticipate what’s coming, to be prepared to minimize the potential impact, to erase even the likelihood of a risk event materializing. And that will bring real value to the enterprise. 

Besides this, compliance and sustainability topics are on the rise. The last years also showed that regulation or regulatory pressure significantly increased through new supply chain laws that were released in the U.S., U.K. and in Germany.  

The European Union is working on a harmonized sustainability and human rights law for the supply chain, so there’s a lot that has happened over there recently. There will be much more coming on this end, which means that organizations have to learn to profile the compliance and sustainability profile of their supply networks, leaving the box of their own four walls, and now extend this to the entire supply chain. 

One more thing. If you think about the traditional approaches to profile financial risk of business partners—in the past, organizations acquired a credit rating profile once they onboarded a business partner, and then potentially received an update of the financial health profile once a year. Meanwhile, you can sense the entire world understands what’s happening in the context of this important business partner for which you received a financial health profile maybe six months or nine months ahead to understand.  

Is the CFO leaving the company? Are there issues with regulators and penalties or even market exclusions that will lead to significant revenue losses to this business partner? Are their product launches delayed? Did they lose patents? Have there been sites closed or business units spun off or sold to private equity? All of these indications might be not critical because they are part of doing business, but technology can sense if they come in a context within a specific timeframe of maybe one or two years, and all together, they will raise a red flag in terms of financial health.  

Here, this is really changing the game if you start to combine those hard facts coming out of a balance sheet, out of a profit and loss statement, together with those soft sensors that give you an advantage in terms of early warning signals to be much better prepared. Last but not least, understanding the sub-tier structure of a supply network has become more and more important. The implications of the COVID crisis opened the eyes for business leaders on how critical this transparency across the different tiers of the supply networks is.  

And because enterprises learn the hard way that it’s not always the suppliers that put the supply network under stress, it might be the suppliers of the suppliers or even their suppliers. And understanding the structure, the dependencies, understanding where the spider in the web is, which might put the entire system at stress, is helping enterprises to be better informed and be capable to collaborate with our own business partners to mitigate those systematic and systemic risks within the supply networks. 


German Supply Chain Law: Driving Due Diligence and Transparency
People have long speculated, “If a tree falls in the forest, and no one is...


Alex Studd: 

I’m going to be honest with you, Heiko, everything that you just mentioned related to those trends, it sounds overwhelming, right? It sounds like there’s a lot that businesses are going to have to overcome in the coming years. The good news is there are tools and software solutions out there that can help these businesses address these challenges and help put best practices into place. Can you talk about them? 

Heiko Schwarz: 

Definitely, yes. As we learned over the past minutes, supply chain risk management is a very challenging task. There are huge complexities that are hidden within the supply networks that need high scale in terms of information capture and updates and transparency, so digital technology has to be a part of a holistic supply chain risk management approach. There is no way around this or to do this at home. 

Organizations are not always at a maturity level that can immediately deploy a full-blown holistic supply chain risk management approach. But here, modular structures of technology allow companies to introduce, stepwise, a solid, professional supply chain risk management methodology in a very efficient way. To start with risk identification is the first step.  

Then enhance the perspective with the potential impacts that the threats that are identified might lead to. Then think about the highest exposures in terms of threat and impact and start to design standardized mitigation actions that are structured in an either reactive or in a preventive manner. Then start to embrace the suppliers as part of the solution to drive more transparency within the entire network down the different tiers. 

Maybe also think about incentivizing them. Here, again, technology can be a driver. Technology can provide very valuable risk insights to the business partners, free of charge even, and incentivize them to enhance their own risk exposure, which means that the tier-two level of your network gets more resilient. Technology, especially AI-driven solutions, make life much easier for the commodity managers, lead buyers, supply chain managers and for CSR (Corporate Social Responsibility) responsiveness because of the entire data capture and processing the harmonization of all those different scales.  

Think about the rating scale for financial health next to a cyber risk score next to probability of occurrence for an earthquake coming from an insurance company. I mean, there is not a single person out there that understands all those different scales and can interpret them, but technology can harmonize all this information and keep it up to date all the time. 

There’s just no way to do this with manual efforts. If you are lucky and find great solutions, you can automatically acquire with those solutions the success factors that are needed to excel with a supply chain risk management practice, such as noise cancellation. One of the biggest mistakes you can make in risk management is to alert too much or alert too little, right? You’re not doing your job either way, because no one will listen anymore if you alert three times a day and nothing happened at the end of the day. You’re also not doing your job if you call out an alert and finally it turns out that it’s not impactful or relevant for the business. 

Same, you don’t get the value out of the entire discipline if the users are not adopting the technology, which means simplification. “Fun to use” is another critical factor to be successful with the practice. The approach should be holistic, embrace all actors and objects along the supply chain. I have been mentioning very often now the word “supplier,” but it’s only one player within the network. Seaports, airports, warehouses, distribution centers, their own operations, even the customer or the sub-tiers are relevant aspects as well. Also, the entire bandwidth of risks should be considered: manmade disasters, environmental, social, regulatory, cyber, financial and so on.  

All of that should find its place in a holistic approach. Also start making the supplier part of the solution and not the problem, meaning collaboration capabilities, digital hubs where information can be shared, and mutual collaboration on mitigation actions can happen together within suppliers in a very efficient and effective manner. 

Alex Studd: 

The other thing that you said that really stuck out to me, I think you said it at least once, maybe twice, helping make the supplier part of the solution. 

Heiko Schwarz: 

We’ve been learning this over many years that pressure is clearly one element of the interaction within business partners. You are the customer, you pay money to get that service in time, in quality and with the right quantity as it was promised and contracted. No doubt about this. But once a supply network is disrupted because of, let’s say, a tier-two problem, the supplier was not the root cause of the issue. 

Then you have to team up to find ways and solutions for how the business partners collaborate with you to bypass a supply shortage. Maybe by identifying business partners down the different tiers and interacting with the quality department, design department, or R&D and the manufacturing teams to make sure that the activation of these business partners can happen in the most efficient and fastest way. 

Another way of teaming up could also be bringing these business partners into their own sphere of knowledge about the risk exposure of the entire network, so they become aware that they are part of this exposure, and they can start mitigating their own risk scenarios to become also more resilient. Because as the term says, the supply network is a chain.  

Supply chain is the name of what we talk about, and the chain breaks at the weakest link. It doesn’t help you only to have built your own sphere of resilience. If your suppliers did not do this, then you’re just exposed to the extended risk exposure of your suppliers. With that mindset, organizations can grow their sphere of resilience down the different tiers. There’s no easy button for it. It takes time. 

Alex Studd: 

Yeah. It sounds like it. Any final thoughts to share before we wrap up? 

Heiko Schwarz: 

Well, Alex, in your introduction, you mentioned greater resilience and transparency. I think we covered what that means in terms of the implications to businesses once resilience is not there, once transparency is lacking, but we also covered that there are technology levers that can be combined with the right methodology organization set up, and to form a strong foundation to foster resilience within the supply network. And also that there are ways to extend this to the lower tiers by embracing the business partners to be also part of the solution, not only the problem. 

We also learned that risks don’t stop. We live in a world full of risk. It’s the new normal that disruptions happen, wherever they’re coming from, whether financial health, cyber, ESG or CSR, and sustainability-related non-compliance within the supply networks. Wherever the next big thing is coming from, we don’t know, but we know it’s coming. Disruption has become a constant, meaning we have to be better prepared and switch from reactive to proactive. 


Beginners Guide Cover thumbnail
E-bookA Beginner’s Guide to Supply Chain Risk Management
Supply chain risk management may seem like a complex topic, but the basic elements of it can be boiled down into three steps: identify risk, assess risk and mitigate risk.


Alex Studd: 

I like that. Well said. Risk will always be inherent, but with the right technologies and right set of protocols set up, you can have greater risk awareness, which is really all you can do. Right? 

Heiko Schwarz: 

Definitely. It’s turning risk into competitive advantage. It’s all there, we just have to embrace this opportunity. 

Alex Studd: 

That’s terrific. Heiko, thank you so much for your insights on this and for joining us again for another SpheraNOW ESG Podcast. 

Heiko Schwarz: 

Thanks, Alex. It’s been a pleasure. 


The Best of Spark Delivered to Your Inbox
Sphera is the leading provider of Environmental, Social and Governance (ESG) performance and risk management software, data and consulting services with a focus on Environment, Health, Safety & Sustainability (EHS&S), Operational Risk Management and Product Stewardship.