Developing and Implementing Strategy for Managing Risks in the Supply Chain

Published: February 01, 2013

Developing and Implementing Strategy for Managing Risks in the Supply Chain

An interview with John Brown, Director, Risk Management, Supply Chain & Technical at Coca-Cola

The past three years have seen a number of man-made and natural disasters bring risk management demands to the forefront of executives and board directors. Fat-tail risks that have a low probability, but a very high impact to the organisation, such as the Japanese tsunami, the Gulf of Mexico oil spill or the Eurozone liquidity crisis, have been front and centre, creating a renewed interest in enterprise risk management (ERM) practices.

John Brown, Director, Risk Management, Supply Chain & Technical at Coca-Cola answered a series of questions from marcus evans before the forthcoming 6th Annual Enterprise Risk Management Conference, March 19-20, 2013 in Chicago, IL.

All responses represent the view of Mr Brown and not necessarily those of Coca-Cola.

When it comes to quantifying risks within the supply chain, are there sure-fire approaches or methods to apply? Why or why not?

John Brown: The sure-fire approach is to map your supply (value) chains, delineating the flow of value contribution from each node (value-adding operation) and through each link. As is normally the case, however, the sure-fire approach is not easy to implement, especially since the ‘map’ must extend to tier 2, 3 and beyond suppliers, and downstream through customers to end consumers. The effort and resources it takes to complete this mapping is insurmountable for most companies. Some excellent work is taking place to visualise value chains by mining data in enterprise applications, such as SAP. But there are challenges even in this approach, which at best captures tier 1 suppliers. I am hopeful that elegant (and affordable) solutions will be developed in the next few years.

What are some of the vital steps an organisation must take to mitigate risks in the supply chain associated with fat-tail risks like Hurricane Sandy?

JB: Interesting question, and no easy answer. Risk management is essentially prevention, and few company reward structures are geared to prevention activities (as compared to reaction, such as crisis management). Part of the difficulty is that it is next to impossible to demonstrate that risk management activities prevented an uncertain event from occurring. The steps most companies can take today include understanding where they have critical dependencies, such as single-sourced materials or services, suppliers who are susceptible to external events, or vulnerable transportation/logistics links. And then establish arrangements to avoid a major disruption in the value creation chain. The challenge with this approach is that it ultimately increases your cost-of-goods, relative to a steady-state environment. Where it pays off is if you experience a disruption and are able to flex with it. A more fundamental approach is to design products and services with a view of minimising exposure to disruptions.[[[PAGE]]]

When it comes to risk buckets, how is The Coca Cola Company currently managing risks within the supply chain?

JB: You would think that the beverage industry is relatively simple. Yet it is an amazingly complex system, especially for a globally diverse company. Our approach has been to develop a common methodology and tools to identify, analyse and mitigate risks at every locally relevant business entity. We then use technology to create an aggregated view of risks at successively higher organisational levels. This approach ensures that risks are identified and managed at the local level, which in itself is true risk management across the enterprise. The sweet spot is where we can identify systemic risks across multiple entities and then apply higher level resources to solve these risks once, instead of multiple times, and with sometimes different approaches. Likewise, some risks that are seen at higher organisation levels (which tend to be more strategic in nature) can be communicated to local entities as a watch-out. The strategies and processes we developed in the supply chain and technical areas have been adopted by the ERM team, so we have a single, unified approach to risk management across the company.

What are some of the types of risks that are overlooked when it comes to the supply chain?

JB: Supply chain organisations tend to be focused on sourcing, making, moving and selling—and as such sometimes have a blind spot relative to external events that can significantly impact value chains. Some of these risks exist in the political and social arenas, human resources, public perceptions, large-scale economic changes, and sometimes in the critical linkages in global value chains. The Fukushima earthquake (and the ensuing tsunami and nuclear power impacts), the Thailand floods, the Eyjafjalla volcanic eruption, and the Middle East unrest all exposed weaknesses that crept into value chains as we continued to find ways to increase productivity and reduce costs. It will always be a challenge to employ risk prevention in the face of constant pressures to reduce costs.

As a speaker for the 6th Annual Enterprise Risk Management Conference, what do you look forward to most about attending this event?

JB: Learning about the strategies, tools and techniques companies are using to implement risk management programs, with a focus on effectiveness and efficiency. Risk management is an evolving discipline, with many approaches and espoused best practices. Over the last few years I’ve seen a gradual move towards a common set of guiding principles, with a focus on identifying and preventing risk events. This is a critical step in my view, and ISO 31000 has provided a foundation. Too many risk management programmes focus on compliance or reaction. So, the move towards a focus on prevention is welcomed.

Sign up for free to read the full article

Article Last Updated: May 07, 2024

Related Content