Historically, the bonds between procurement and risk management have been very strong. In today’s risk-conscious business environment the two functions are aligning even further and helping organizations identify, address and even head off issues across the supply chain. One tool that buyers are using is known as enterprise risk management, or simply “ERM.” By addressing the full spectrum of its risks and managing the combined impact of them as an interrelated risk portfolio, ERM serves as a strategic business discipline that supports the achievement of organizational objectives.
Carol Fox, director of strategic and enterprise risk management for The Risk Management Society (RIMS), New York City, says buyers can play a key role in their organizations’ ERM efforts. Consider, for example, that procurement professionals have their very fingers on the pulse of a firm’s exposure points. They know where suppliers are located (and if they are in areas of high risk, for example), how effectively they fulfill orders and requests, and what those suppliers’ vulnerabilities are (being prone to outages or labor shortages).
“Buyers are well positioned to be early identifiers of areas of risk within the supply chain,” says Fox, who points out that ERM is a business discipline and not an exercise contained within and handled by the risk management department.“Buyers are well-positioned to be early identifiers of areas of risk within the supply chain,” says Fox, who points out that ERM is a business discipline and not an exercise contained within and handled by the risk management department. “It covers all risks for a particular organization – whether those issues are strategic, operational or regulatory in nature.”
Global supply chains are getting a lot of headlines these days as an increasing number of organizations view them as critical components for acquiring, receiving and delivering products and services to end users. The increased attention puts pressure on buyers to better grasp their companies’ exposures at every stage of the supply chain today…and in the future. A buyer may diversify suppliers in order to avoid purchasing from a single source that’s located in a tornado zone, for example, or take other measures to mitigate the severity of such disruptions.
When such moves are made, Fox says buyers often wind up creating strong partnerships within their own organizations. Corporate leaders in particular rely on their firms’ various departments to consistently scan for and alert others to areas of potential risk. “Some organizations have set up teams – which include representatives from procurement, risk management and finance – to do proactive scans for possible threats,” says Fox.
Going a step further, buyers may also be asked to develop supplier profiles and then prioritize those vendors based on 1) their critical nature to the organization itself and 2) the potential for risk when working with those suppliers. “Purchasing agents can create supplier ‘score cards’ based on the various risk categories,” says Fox, “and then not only use that information when making procurement decisions but also share it with other organizational departments.”
Take them to lunch
From an operational perspective, Fox says examining key measures like delivery reliability and product quality/reliability can help buyers make better, risk-averse decisions going forward. Other good points to consider are supplier performance and health. The latter can be particularly telling, says Fox, who advises purchasing agents to look at supplier health from the financial, location, and recovery potential perspectives. In other words, ask yourself questions like, “Can this particular supplier sustain itself financially, is it located in a high-risk zone, and/or does it have the potential to recover quickly in the event of a disruption?”
As one faction within a larger, enterprise-wide unit dedicated to identifying and reducing supply chain risk, purchasing agents should also think outside of the four walls of their own offices and get face-to-face with other departments on a regular basis. “Take the risk management team out to lunch and talk about what your departments are working on and how you can collaborate,” says Fox. “This seemingly simple gesture can help strengthen an organization’s ERM initiatives and make those efforts more effective.”
What’s So Special about ERM?
According to New York City-based RIMS, Enterprise Risk Management represents a significant evolution beyond previous approaches to risk management in that it:
- Encompasses all areas of organizational exposure to risk (financial, operational, reporting, compliance, governance, strategic, reputational, etc.);
- Prioritizes and manages those exposures as an interrelated risk portfolio rather than as individual “silos”;
- Evaluates the risk portfolio in the context of all significant internal and external environments, systems, circumstances and stakeholders;
- Recognizes that individual risks across the organization are interrelated and can create a combined exposure that differs from the sum of the individual risks;
- Provides a structured process for the management of all risks, whether those risks are primarily quantitative or qualitative in nature;
- Views the effective management of risk as a competitive advantage; and
- Seeks to embed risk management as a component in all critical decisions throughout the organization.