John Verver, CPA CA, CISA, CMC
John Verver, CPA CA, CISA, CMCAdvisor to ACL
Like it? Share it! Facebooktwittergoogle_pluslinkedin
transforming risk

Supply chain risk management (SCRM) is incredibly complex and supply chain failures can have enormous impacts, not just on an organization’s finances, but also its reputation. Adding to the complexity is the fact that in most cases, there are numerous third-party component providers, vendors, businesses and services that can all add significant risks into your supply chain.

Over time, SCRM processes have evolved to reflect changes in the wider business and political environments, including new products, business lines, and regulatory requirements. While this adds to the complexity, it also provides the opportunity to re-think and transform processes, making them more consistent and dependable. There are various ways that current technology can support this transformation in SCRM, by better supporting key stages. The following are some examples of the ways that technology can be used to organize and connect the entire SCRM process.

Identify all potential risks

The challenge is to comprehensively identify risks throughout the supply chain, categorize them, and show the inter-relationships and dependencies among them. This includes risks relating to regulatory compliance failures. SCRM should be one major part of an overall risk management process within an organization. So, risks should also be capable of being categorized and included among a broader set of enterprise and functional risks.

Supply chain risks are not static, and an additional component of creating a complete risk universe is the identification of new risks. Data analysis technologies can play a key role in identifying new risk trends and indicators. For example, supplier shipments can be tracked against POs to detect increasing delays in meeting delivery dates for critical product components, as well as increasing instances of sub-standard quality.

Simplify risk assessments

Risk assessments consider aspects of corporate risk tolerance, as well as the controls in place to mitigate risks and their effectiveness. The practical challenges of using traditional techniques in this process are significant. For example, keeping on top of what controls are in place to address compliance risks for regulations such as conflict minerals, employee health and safety, and environmental protections, as well as impacts when weaknesses are detected in controls.

SCRM technology simplifies the process by specifically linking the risks to related and over-lapping controls, including instances where multiple controls and risks are inter-linked. The results of automated monitoring of activities to assess control effectiveness can also be tied directly back to risks to provide updated assessments.

Implement more comprehensive controls

The design and description of control processes is critical to determining whether they are effective and can be understood. Control systems can include automated routines that prevent or flag transactions and activities that are likely to be damaging. As with many other aspects of risk management and compliance, there are increasing numbers of external control and compliance frameworks that can be used to support the design and implementation of controls. By using software to manage and connect items identified as applicable within the specific controls’ framework, it is easy to get a comprehensive view of how external requirements are being addressed.

Automate survey and certification data collection

Obtaining and collating responses from control owners based on questionnaires and certification sign-off is typically a very lengthy, resource-intensive process. Automation can dramatically reduce the effort involved, not only in collecting responses, but also analyzing responses. Common use cases for this could include, for example, individual employees confirming their understanding of sanction lists and that relevant controls have been tested to determine that no business takes place with vendors on a list.

Alleviate the challenge of monitoring

Ongoing monitoring of supply chain control effectiveness is usually very difficult to achieve when wholly dependent on manual testing and review activities. Big data analysis technologies increasingly play a key role in SCRM monitoring, using a combination of tests designed to provide indicators of control breakdowns, together with predictive and statistical analytics that identify potential risks for which no controls currently exist.

Improve investigation and issues management

A common area of breakdown in SCRM processes is the response to problems and control exceptions that are revealed through monitoring processes. The questions are often around who is responsible for addressing an issue, the status of follow-up, and how much risk exposure exists from response delays. Current technologies provide workflow capabilities so that, for example, individuals receive emails informing them of issues that need to be addressed, and automatic escalation of unresolved issues.

Gain detailed reporting and visual dashboards

One of the biggest challenges of using traditional spreadsheets or other homegrown SCRM systems is getting an insightful overview of the state of supply change risks and the ways they are being managed. This is where a well-integrated technology-driven approach produces large, highly visible benefits. Visual dashboards provide senior management with reliable, consistent assurance and understanding whenever needed.

Integrate with enterprise-wide risk management

While it is important to be able to look at the entire SCRM process holistically, it is also important to be able to put it into the context of enterprise-wide risk management. Achieving a truly enterprise-wide approach to risk management can itself be an overwhelming undertaking. While the process challenges can be great, they are manageable when driven by technology.

For many organizations it makes sense to be able to manage SCRM and compliance using the same basic processes and technology that drive risk and compliance in other areas of the organization. This, of course, allows senior management and the executive suite to gain a broad view of corporate and organizational risk management—and to see where SCRM fits into the overall picture.

WATCH! 7 Key Trends in Enterprise Risk Management


In this 60-minute webinar, John Verver discusses:

  • 7 key trends in ERM
  • 6 major components of a high-performance data-driven ERM process
  • 15 functional capabilities of ERM software that are critical for success

Watch the webinar here >>

Sign up to receive email updates from ACL

Subscribe Now