Collaboration and digital technology are the keys to overcoming the main challenges of supply chain risk management.
  • Establish transparency across sub-tiers
  • Prioritize risks for tracking
  • Develop algorithms for real-time risk prediction
  • Embed the risk management function widely within the organization


Subscribe to our Operations E-Alert.

protected by reCaptcha
" "

Key Takeaways

Collaboration and digital technology are the keys to overcoming the main challenges of supply chain risk management.
  • Establish transparency across sub-tiers
  • Prioritize risks for tracking
  • Develop algorithms for real-time risk prediction
  • Embed the risk management function widely within the organization
Collaboration and digital technology are the keys to overcoming the main challenges of supply chain risk management.
  • Establish transparency across sub-tiers
  • Prioritize risks for tracking
  • Develop algorithms for real-time risk prediction
  • Embed the risk management function widely within the organization

The procurement function plays a pivotal role in supply chain risk management. Its main activities—selecting vendors, sourcing the company’s inputs, and managing the upstream supply chain—directly affect the company’s risk exposure. They engage major global forces, including geopolitical tensions, climate change, economic uncertainty, and social equity.

Effective procurement function must closely collaborate with the company's risk management and business units.

An effective procurement function must closely collaborate with the company's risk management and business units, often taking the lead in risk mitigation efforts. To do these well, it must use up-to-date digital technology, including AI.

Establishing transparency, prioritizing risks, developing real-time prediction algorithms, and integrating risk management into the organization are critical to procurement’s value proposition.

Collaboration and Digital Tools Are Vital to Success

Today companies must move aggressively to address their supply chain risks. A BCG survey found that only 10% of companies had developed the full range of resilience capabilities needed to thrive. The remaining 90% were not likely to withstand supply chain disruptions.

Building resilience requires an integrated deployment of people and technology. Procurement professionals must collaborate with their colleagues within the organization and beyond while employing cutting-edge digital tools to augment human capabilities.

Collaboration. The philosophy of risk management must transition from reactive firefighting to proactive management and reduction of risk exposure. To accomplish this, procurement and risk management teams should align their objectives and strategy and collaborate on risk assessments and mitigation measures. Maintaining open communication lines is essential.

Procurement professionals must also engage with their counterparts in business units, including product and project leads and department heads, to:

  • Determine the value derived from reducing risks.
  • Evaluate on a category basis if avoiding risk justifies paying a premium to suppliers that can mitigate risk, and if so, what additional cost is warranted.
  • Define how to collaborate (for example, in sourcing councils and category strategy discussions) and exchange information (for example, via risk reports and digital dashboards).
  • Identify which colleagues should interact when issues arise, so that cross-functional teams can take immediate mitigation actions.
  • Discuss sourcing options, risk exposure, and mitigation plans. This might involve establishing secondary sources or adjusting product specifications to accommodate a wider range of suppliers.

Digital Tools. Detecting and mitigating supplier risks requires structuring, processing, and analyzing data—tasks for which AI-enabled digital tools have become invaluable. Traditional AI tools support supplier risk management through early data structuring and enrichment, predictive analytics, real-time supply monitoring, and the definition of supply chain optimization strategies. For example, AI can fill gaps in data sets by categorizing spending and augment data with relevant details, such as raw material dependencies.

Generative AI can assist with supplier evaluation and risk assessment.

Traditional AI can also analyze data from various sources and generate insights from live data, including news articles, financial statements, and social media feeds. In addition, it can leverage supplier network data to predict and flag vulnerabilities, contributing to informed risk management decisions. Generative AI is not yet typically used to directly analyze raw data. However, it can assist with supplier evaluation and risk assessment by automating document generation, enhancing communication, and supporting predictive scenarios.

Overcoming Four Main Challenges

Collaboration and digital technology are key to overcoming the four main challenges of supply chain risk management:

1. Establishing Transparency Across Sub-Tiers

Establishing a clear understanding of suppliers through all tiers of the supply chain is fundamental. Disruptions often originate at sub-tier supplier levels. The risk of disruption at tier two is roughly 21% higher than at tier one, and tier three carries an even greater risk—27% higher than tier two and 38% higher than tier one. (See Exhibit 1.) However, few companies maintain structured data on their tier-two and tier-three suppliers.

Various software options enriched by AI and optical character recognition can help collect supplier data by analyzing prior contracts, audit documentation, and bills of materials. Companies should ensure that future data is available for analysis by capturing it in a structured manner. For example, companies should modify supplier portals so that tier-one suppliers can enter necessary upstream information related to their suppliers, countries of operation, and logistics.

Case in point To gain insights into its upstream supply chain, an automotive tier-one supplier spent two months using a parsing tool to analyze its past contracts, bills of materials, and auditing data. It then refined its supplier qualification and awarding template so that it would have structured data in the future. The company also adjusted its supplier portal to gain a better understanding of its supply chain and risk exposure, focusing on factors like origin of parts, volume commitments, and inventory levels. These initiatives revealed single sources for inputs far upstream in the supply chain. Notably, most of the metal parts in the company’s product relied on steel from a specific mill.

2. Prioritizing Risks for Tracking

Companies encounter risks at the supplier, industry, and geographic levels. BCG has identified more than 30 types of risk. Exhibit 2 highlights some of them. These range from insolvency, natural disasters, and supply-demand imbalances to human rights violations, wars, and regional concentration. Attempting to account for all potential risks can result in excessive analysis and mitigation efforts, yielding disappointing results, particularly in the early stages of risk management.

Instead, companies should identify risks that pose a significant threat to business performance and prioritize these for tracking. Key stakeholders from the business functions should specify their more critical risks considering their needs, core operations, and success factors. The prioritization should be regularly revised in response to evolving circumstances, such as reports that supplies of a specific raw material have been disrupted. Digital tools can aid this process and provide a rationale for the selection of prioritized risks.

Case in point An automotive OEM implemented a detailed real-time risk assessment for semiconductors, extending upstream to the foundry. It also developed a system to track insolvency risks of small and medium-sized enterprises in the upstream supply chain. In addition, it monitored long transport routes with assistance from a third-party data provider. The company gave less intensive attention to other risks, tracking them through news alerts, supplier audits, or quarterly reviews.

3. Customized Algorithms for Risk Prediction

Buying market reports is not adequate today, as they are usually neither up-to-the-minute nor specific enough. In response, some companies have turned to off-the-shelf real-time digital risk management tools, such as control towers featuring real-time dashboards and digital twins. However, even standard modern solutions do not cater to a company's distinct challenges concerning data availability, pain points, and business needs. When these tools fail to foresee a supply disruption, companies typically deploy a crisis task force. Yet, this reactive approach is far less effective than proactive measures rooted in accurate predictions.

A more effective approach is for companies to identify which input factors are most relevant for their specific risks. For example, supplier insolvency risk might depend on revenue, profits, levels of equity or debt financing, interest rates, raw material and energy dependency, and price development. Further, our analyses indicate a strong correlation between supplier insolvency risk and quality issues. Quality can be monitored using the operations metric "parts per million" (PPM), which measures the defect rate. In contrast, human rights risk might correlate with crime rates in a postal code area, company size, the type of legal entity, and UN classifications of the country of origin.

It is essential to use customizable tools to analyze the company’s data and assess risks related to its input factors.

Digital tools, including AI, can assist in computing the risk algorithms to apply to the most relevant data and provide the necessary user interface and aggregation capabilities. It is essential to use customizable tools that can be modified to analyze the company’s available data and assess risks related to its most important input factors.

Case in point A global brewery was able to predict a shortage of glass by analyzing risk exposure data. The risk management team analyzed and forecasted demand and supply trends for the most important input factors in the value chain for molded glass vials. The analysis revealed significant supply risks caused by escalating prices for raw materials, such as soda ash, industrial sand, and limestone, which collectively constitute roughly a third of production costs. Armed with this risk awareness and price forecasts, the company's procurement function designed and executed measures to mitigate the subsequent rise in glass bottle prices. These measures included stockpiling supplies, establishing long-term contracts, and identifying alternative suppliers with less risk exposure.

Similarly, the brewery continuously monitors risks in other essential material categories—for instance, prices for natural gas and malted barley are rising because of the conflict in Ukraine. The use of scenario planning and AI-enhanced tools for planning helps to mitigate the impacts of supply chain disruptions promptly, thereby fortifying the company's resilience in the long run.

4. Embedding the Risk Management Function within the Organization

Supplier risk management requires a variety of resources and skills, including strategy synthesis, risk sensing, data processing, and mitigation development. Although all corporate units—including procurement—need these capabilities, they are often not fully developed.

To close the capability gap, the risk management function should be integrated with the overall business to understand needs and the operating environment. Collaboration with procurement is essential. For instance, risk specialists could assign risk scores to each procurement decision, providing targeted reports to the board and category managers. It could then conceptualize mitigation measures and plan their implementation with key stakeholders, such as R&D and production departments. Procurement and risk teams should also closely collaborate with suppliers to identify and respond to risks.

Case in point A combustion engine producer was concerned about the risk associated with suppliers transitioning away from the combustion engine segment. To manage this risk, the company embedded a dedicated risk team of procurement specialists in the R&D function. This team provides continuous reporting throughout the organization, up to the board level. It also conducts frequent risk mitigation reviews with business units and holds “risk conventions” with suppliers to discuss assessing and mitigating risks.

Today’s supply chains are global and complex, exposing companies to risks worldwide.

Today’s supply chains are global and complex, giving companies access to vast resources but also exposing them to risks worldwide. The procurement function must meet the challenges of detecting and mitigating risks amid this. By collaborating effectively and utilizing AI and other digital tools, procurement functions can deliver on their value proposition and promote resilience to supply chain disruptions.

Subscribe to our Operations E-Alert.

protected by reCaptcha

Two Keys to Success in Supplier Risk Management