You need a plan: managing risk in the supply chain


Increased complexity in supply chains means increased risk, coupled with unprecedented visibility from social media and a lowered public tolerance for disruption – in other words, a perfect storm. For my last session of ISM2015 day two, I’ve come to find out about what supply chain professionals can do to weather the storm and become their organisations’ risk-management experts.

Hannah Kain speaks earnestly and authoritatively, with a dry sense of humour. She’s the president and CEO of ALOM, a global supply chain services provider that has been operating for almost 20 years primarily in the electronic and technology space. It’s headquartered in the Silicon Valley and works with tech, automotive and medical companies – in short, cutting edge players that use Kain to solve their complex supply-chain challenges. Kain’s here today not just to lay out the challenges involved in operating supply chains in the age of social media, but to give the audience some solid and invaluable advice on minimising risk.

The context

Procurement professionals have to navigate more layers, more partners and more regulations than ever before. They’re dealing with globalisation, compressed timelines and increased customer expectations around speeds, prices and visibility. Corporate boards and the public are no longer just interested in what supply chain professionals are doing, but how we are doing it. The reason behind this is that procurement is moving from the back to the front of organisations. Visibility has changed, expectations have changed, along with the nature of communications and global immediacy. We’re not used to this level of scrutiny, but it isn’t going to go away.

Brand risk factors include social responsibility, cultural sensitivity, cybersecurity (40 per cent of data breaches happen through the supply chain), personal conduct, customer service, ethics, regulatory compliance, sustainability and, of course, quality. It’s important to understand that we’re all stakeholders in our organisations’ brand, from the board of directors through to shareholders, customers, suppliers, the community and employees.

Social reputation

Millennials are very concerned about the social reputation you have as a company. Kain’s blunt observation that “if you have a poor brand reputation, you have a hiring problem”, made me think of the NSA and its recruitment woes after Edward Snowden.

An example of a well-executed risk strategy was Adidas’ enforcement of its workplace safety policy in 2014. The company drove standards aggressively amongst its Asian suppliers, issuing 66 warning letters, dumping 13 suppliers for non-compliance and rejecting 104 new suppliers over safety concerns. No doubt this was a costly and difficult process but the flow-on effect is a greatly improved public perception of Adidas’ social responsibility, and of course a lessened risk of supply chain disruption through accidents in the supply chain.

Ensuring regulatory compliance is now a significant part of a procurement professional’s role. Kain praises some of the laws that have been passed recently in the US, making the point that rather than seeing regulations as a headache, CPOs should embrace them as a well-structured way to minimise risk. The Conflict Minerals law, for example, exists to ensure raw materials are not sourced from the Democratic Republic of Congo, where rebels are using indentured labour and channelling the revenue to fight a brutal war. US public companies are required to trace the origins of their metals all the way back to the smelter level – in practise this means auditing as many as six levels back down the supply chain.

Similarly, if you sell over $100 million of product in California, you have to certify that no child labour has been used in your supply chain – a very high standard to meet. As with Conflict Minerals, it’s a huge but worthwhile task to audit an entire supply chain. The real headaches start, however, when your company has two suppliers of a product to avoid disruption, or even three – this means the size of the auditing task is doubled or even tripled. In consequence, CPOs are now concentrating their supply base, often to a single trusted supplier. These regulations really delve into the “how” rather than the “what” of supply chains and illustrate Kain’s point about unprecedented transparency.


Kain divides risk-management strategies into two categories; preventative and reactive. Both are equally important and I soon learn that risk-management is a lot more complex than I’d thought.

Preventative risk-management strategies

  • Preventative strategies are best for stable industries, public companies and high-profile organisations with good alignment, a culture of planning, strong conceptual corporate supply chain staff and reward planning.
  • Put in place a SCOR (Supply Chain Operations Reference) model: create objectives, KPIs, measures, targets, KRIs, loss tracking initiatives. Assign numeric value to disruptions.
  • FMEA (Failure Mode Effect Analysis) method: identify failure points and causes, predict the potential frequency of failure, assign numerical probability and severity factors resulting in a Risk Priority Number (RPN), document your mitigation strategy and response actions.
  • Manage based on data: establish a dashboard and a supply chain event management system with alerts and pre-alerts on the state of your suppliers.

Reactive risk-management strategies

  • Reactive strategies are best for fast-moving, smaller and innovative companies with a culture of agility, resourcefulness, entrepreneurship. These organisations reward resourceful fire-fighting and focus on minimising disruptions that have occurred.
  • Have a communication plan on social media: the response should come from senior management level. Acknowledge the problem, know the facts, be truthful initiate a solution and define escalation actions.
  • Poor reaction: Lululemon’s reaction to customer complaints on social media about transparent fabric was to blame the issue on customers’ weight, rather than taking responsibility for the quality. The result? A social media storm, sending the stock price tumbling 15 per cent in one day, followed by a two-year recovery process.
  • Good reaction: In response to reports on unsatisfactory working conditions, Apple’s CEO regularly visits Chinese iPhone suppliers to meet with employees, management and government officials.

Kain’s eight tips for putting out fires on social media

  • Prepare for the worst – have a plan
  • Take responsibility
  • Put consumer and work safety first
  • Respond quickly, sincerely and truthfully
  • Be real – personally respond and take it offline if possible
  • Respond privately to personal inquiries
  • Fix mistakes expediently
  • Arguing with social media users is always a bad idea.

Kain concludes with a reminder that your supply chain and brand are intertwined. Risk is always present and disruptions are inevitable – you need to be both proactive and reactive to minimise and deal with events as they happen.

Founded in 1915, the Institute for Supply Management (ISM) is the first and largest supply management association in the world. A not-for-profit association with 47,000+ members and 140+ affiliated organizations around the globe.