Visibility and control: best practices in SCRM

March 2025  |  FEATURE | RISK MANAGEMENT

Financier Worldwide Magazine

March 2025 Issue

In a world of increasing globalisation, the range of financial and reputational risks that exist across supply chains has never been greater. But companies can temper such risks through effective supply chain risk management (SCRM).

SCRM, as defined by AuditBoard, is the process by which a company takes strategic steps to identify, assess and mitigate all the extant and potential risks in its end to end supply chain. The process is particularly critical in that any disruption to the materials, resources and processes involved in manufacturing and delivering a product can significantly impact a company’s performance.

For example, disruptions can slow down production, delay distribution or increase costs, ultimately affecting a company’s bottom line. An SCRM plan implements processes after evaluating both every day and edge case risks along the supply chain, with the ultimate goal of reducing company vulnerabilities and ensuring the continuity of business.

“Supply chain risks can span several categories depending on the industry and the nature of the services being provided by the supply chain partner,” says Rich Marcus, chief information security officer at AuditBoard. “Minimising the impact of these risks involves thoughtful identification and prioritisation, so that effective controls can be designed and implemented to mitigate the risks with the highest likelihood and impact.”

The reality, however, is that many companies are not as conversant with the range of supply chain risks they face as they should be. “The most fundamental mistake companies make is a failure to establish comprehensive visibility and proper inventory of their supply chain partners,” notes Mr Marcus. “The consequence is they could be blindsided because they cannot manage risks they do not see coming.”

In the experience of Adrian Ah-Chin-Kow, global commercial director at Escode, a lack of visibility and control can lead to severe and manifold results. “Unanticipated disruptions can halt production, leading to delays and financial losses,” he asserts. “Ethical breaches or non-compliance can tarnish a company’s image, affecting customer trust and loyalty, and regulatory non-compliance can result in hefty fines and legal actions. Persistent supply chain issues can erode competitive advantage, allowing rivals to capture market share.”

However, by taking a connected approach to risk management across their organisation, companies can ensure all critical supply chain partners and dependencies are identified. Ideally, any third party that supports critical business processes and objectives should be accounted for, and the most likely and impactful risk scenarios should be defined for each partner.

“Only when all organisational stakeholders are aligned on the risk landscape can a company properly prioritise and mobilise its finite risk management resources to address the most important supply chain threats,” adds Mr Marcus.

Identification

In order for a company to develop an SCRM strategy, it is important to first understand what supply chain risks potentially exist. In its 2024 analysis ‘7 Basic Types of Supply Chain Risks’, Procero highlights the most common risks that can affect companies’ supply chains.

First, financial risk. Financial risks are caused by unfavourable economic factors that involved parties can control to a greater or lesser extent. For instance, these risks include unexpected or adverse fluctuation in exchange rates, sudden cost increases, credit issues or bankruptcy of the involved company.

Second, geopolitical risk. This type of supply chain risk encompasses disruptions arising from political instability, regulatory changes or trade restrictions. Political upheavals, changes in government policies or trade wars can often surprise companies and drastically impact their budgets, profit and loss, and even prospects of staying on the market.

By taking a connected approach to risk management across their organisation, companies can ensure all critical supply chain partners and dependencies are identified.

Third, environmental risk. Environmental risk is represented by events related to natural disasters or climate changes that can disrupt supply chain operations such as delivery routes and schedules. Both suppliers and customers have to consider any associated environmental risk and environmental laws surrounding them.

Fourth, supply risk. This risk arises when requested goods or services are unavailable or suddenly become scarce, insufficient or delayed. Supply disruptions can happen for various reasons, such as  supplier bankruptcy and capacity constraints, quality problems in a batch of goods or materials, geopolitical issues or natural disasters.

Fifth, demand risks occur when customers’ demand suddenly fluctuates, leading to over- or understocking of the company’s inventory. Shifts in customer demand can be caused by force majeure situations on the customer’s side, changes in consumer preferences, new offers on the market or seasonal variations.

Sixth, cyber security risk is a newer threat to supply chain stability. With rapidly evolving technologies and supply chain digitalisation, buying companies and suppliers face the risks of attacks on supply chain networks, like data leaks or security protocol breaches. Such attacks can result in compromised classified information and operational disruptions, leading to financial and reputational losses.

Seventh, poor project definition and incorrect estimation of the scope of work can prevent supply chain agents from efficiently responding to a company’s needs. Misunderstandings about the scope of work can threaten the availability of materials and goods, delivery and production timelines, and, as a result, have cost and reputational implications.

Additional risks include legal and regulatory issues that may lead to fines and penalties, such as risks related to privacy incidents or the mishandling of regulated data under the Health Insurance Portability and Accountability Act or electronic protected health information.

“Minimising the impact of these risks requires a holistic approach that integrates risk management into the core business strategy,” advises Mr Ah-Chin-Kow. “Companies need to develop comprehensive risk assessment models, invest in technology for real-time monitoring, and foster strong relationships with all stakeholders to enhance collaboration and responsiveness.”

SCRM action

Once supply chain risks have been identified, companies need to assess said risks and take appropriate action to address them in the form of an effective SCRM programme. Doing so can help prevent disruptions that could lead to increased costs, lost revenue, delays and a decrease in brand reputation.

According to the Chartered Institute of Procurement and Supply’s ‘Steps in a supply chain risk assessment’, the key steps outlined below can help guide companies to take a deep dive into their entire supply chain and identify suppliers that have a high-risk profile.

First, map the company’s supply chain. The first step is for companies to identify where their suppliers are located and what they do. Contractors and labour providers will also need to be identified. “Supply chain risk identification should include both proactive and reactive strategies,” says Mr Marcus. “To be proactive, an SCRM programme needs to be implemented in the processes where new supply chain risk is created, depending on the nature of the company’s business.

Second, target high level risk factors. High level risk factors could mean poor legal systems in a specific country, geopolitical unrest or high levels of poverty. Other factors could be security issues or types of workers. Companies can source this high-level information from research agencies or United Nations agencies.

Third, consider individual risk profiles. Companies will also need to consider each supplier specifically, to understand their risk profile and look at their workforce, location and practices. This information can be collected directly from the supplier through feedback forms.

Lastly, prioritise risks. Prioritising risks is important to identify the risk impact and rank the risk based on seriousness. How serious would it be on the community or individual? How widespread would the impact be? How hard would it be to put right? How likely is it that the issue may occur?

“These processes should be supplemented by regular surveying of key stakeholders by asking them to identify the key supply chain partners that are most critical to their business objective,” attests Mr Marcus. “While a reactive strategy may identify partners that are to blame for root causes at the heart of the most impactful incidents, a less painful strategy is to observe those involved in incidents among competitors or across the industry more generally, and learn from their mistakes.”

Also beneficial is for companies to bolster the awareness of supply chain risks across their operations by ensuring that all employees are trained in risk management practices and are aware of their roles in maintaining supply chain resilience.

Utilising technology

In this world of increasingly complex, intricately connected and dependent supply chains, companies are turning to technology to enhance their SCRM systems, making them more stable and robust in the face of crises and unexpected changes.

Indeed, technological innovations such as blockchain, the internet of things (IoT), artificial intelligence (AI) and predictive analytics are reshaping traditional risk management approaches by providing real-time visibility, data-driven insights and proactive mitigation strategies.

For example, blockchain technology can help companies with secure and transparent supply chain transactions, IoT sensors for real-time monitoring of goods in transit, AI algorithms for predictive risk modelling, and predictive analytics for identifying and mitigating potential disruptions before they escalate.

“Critical data is proliferating outside of organisational visibility and control at an accelerating rate – aided by important technological innovations from cloud transformation and the software as a service revolution to the explosion of emerging technologies like AI,” adds Mr Marcus. “Protecting data in this increasingly interconnected world requires new collaborative strategies and a renewed emphasis on key controls such as third party risk management, data governance, data security, access control and continuous monitoring.”

The road ahead

While 2024 was undoubtedly a complicated year for company supply chains, the challenges ahead are expected to be numerous and diverse, placing significant pressure on companies to continue to bolster their supply chain against volatility and disruptions.

“2024 was a year dominated by third party supply chain breaches and the ripple effect of those incidents across the companies they serve,” points out Mr Marcus. “Risk leaders are acknowledging this emerging risk category by increasing investment in supply chain risk identification, and this trend is sure to continue in 2025.

“We are also likely to see more robust supply chain partner inventories aided by automated discovery technologies such as software bill of materials and continuous monitoring of key supply chain controls,” he concludes. “We are also likely to see companies get smarter about reducing their exposure to supply chain risks by shedding unnecessary supply chain partners and consolidating their dependence around fewer, more reliable partners.”

As the world becomes increasingly interconnected, the range of risk factors that have the capacity to disrupt supply chains is likely to expand exponentially. Although these risks are ever present and expanding, if the challenges of recent years have taught us anything, it is that resilience is key to minimising disruption and maximising the attainability of a seamlessly operating supply chain.

“Supply chains are fraught with a multitude of risks, each posing unique challenges to a company’s operations, reputation and financial health,” concludes Mr Ah-Chin-Kow. “With the SCRM landscape evolving significantly, driven by technological advancements and emerging global trends, companies with global operations need to understand and address these complexities – a crucial requisite if they are to maintain resilience and ensure their long-term success.”

© Financier Worldwide

BY

Fraser Tennant

©2001-2025 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.