Address Supply Chain Risk with Strong Risk Councils

Ongoing disruption has put a spotlight on the challenges of managing supply chain risk. According to Gartner research, 53% of supply chains surveyed report that disruptions severely impacted their supply chain in terms of cost, services or sales at least half of the time in 2022. As a result of these dynamics, CSCOs are being asked by organizational leadership to provide assurance on supply chain risks. This includes describing control activities and potential financial, operational and reputational impacts.

In response, CSCOs must strengthen supply chain risk governance to ensure effective management of supply chain risk and accurate reporting. These committees, or risk councils, bring together supply chain risk owners and other subject matter experts to analyze current risks, plan for emerging ones and evaluate control effectiveness.

Here are four steps CSCOs can take to ensure that risk councils act as a conduit for accurate reporting, in addition to ensuring that supply chain risks are effectively managed.

1. Establish risk council purpose and authority

The supply chain risk council should oversee risk management activities within the supply chain that support delivery of business strategy and objectives. This will ensure that prioritized risks are being identified and monitored and explicitly linked to the delivery of organizational goals.

To set expectations that the risk council oversees risk management, CSCOs should consider if the governance structure allows members to make decisions on risk, commit resources to further risk mitigations and reporting structure for the council. Following discussion of these aspects, develop a formal charter for the council and confirm content with all members.

2. Invite representatives from Across the business

Many risks cut across both the supply chain and the wider organization. To evaluate risks and responses holistically, draw support by inviting representatives from relevant supply chain risk owners and functional areas.

These representatives must include relevant supply chain operational and functional areas such as central teams within business units and teams from planning, procurement, manufacturing, logistics, supply chain strategy and finance. Additionally, include company stakeholders responsible for risks with consequences that directly impact the supply chain, such as strategy, organizational finance, sales, marketing, sustainability, technology, HR, security, legal, audit and enterprise risk

During the development of the charter, determine who has decision-making authority and who attends to provide information only. This can be determined by assessing ownership for each of the risks. CSCOs should also set strict criteria for those attending from relevant stakeholder groups outside the supply chain organization. These criteria should include decision rights and decision escalation. This will ensure that decisions are made by the right part of the organization.

3. Define council objectives and activities

Council objectives and activities should be defined and outlined in the formal charter. This will provide a high-level view of the activities of the council including: Risk strategy and governance, risk identification, assessment and mitigation and risk assurance and reporting.

Risk owners should be prepared to discuss their risks. To provide these updates, gain an understanding of risks by leveraging horizon scanning activities to see current trends and potential likelihood of risks. Also, conduct a risk impact analysis to quantify the total impact should a specific risk and linked risks materialize and detail risk mitigation plans for flagged risks where more control may be required and potentially executed.

4. Evaluate council effectiveness

CSCOs need to identify success measures to track progress and effectiveness of the risk council. Risk councils tasked with reducing both the risk and impact of risk can demonstrate that this has taken place by carrying out trend analysis. Furthermore, the council should demonstrate that any risks that materialized and became issues were dealt with effectively.

A biannual effectiveness review can address achievements, if everything in the charter was covered, what unexpected risks materialized and more. Additionally, the review can evaluate council administration and member participation, to understand if goals were met, scheduled meetings occurred and if all those involved played an effective role. This feedback will help to continue shaping the council to drive value for the organization.

Pulling it all together

As organizations experience an abundance of compounding and coinciding risks, there is an increasing need for oversight on end-to-end risk management within the supply chain. Risk councils are an important component of a risk governance and management strategy, but only with the necessary ingredients, including a charter, stakeholder engagement and executive support:

About the author:

Heather Wheatley is a senior research director in Gartner’s CSCO Enablement team. Heather’s research interests include supply chain risk strategy, risk identification and assessment, risk reporting, sustainable supply chain, and risk assurance.

SC
MR