5 Tips for Identifying and Mitigating Risk in 2014

It’s time to hone your procurement risk mitigation strategy for the coming year

By Bridget McCrea

Image of 5 Tips for Identifying and Mitigating Risk in 2014Cyber security, supplier viability, natural disasters, intellectual property theft and other numerous risks are taking jabs at today’s global supply chains and leaving organizations scrambling to develop contingency plans. In many cases, these events necessitate a reactive approach to the problem – be it a key supplier that went out of business overnight or a natural disaster in a critical market. But with some careful planning, these challenges can be identified and mitigated in advance.

Here are five tips that procurement agents should factor into their advance planning for the coming year:

  1. Acknowledge, identify and look out for new risks. If the very public breach of 40 million customer credit cards and 70 million individuals’ personal information taught us anything, it’s that hackers aren’t just movie characters.

    According to reinsurance firm Marsh & McLennan Companies’ recent emerging risks report, Tomorrow Never Knows, cyber risks come with real and damaging consequences. On the surface, they can result in significant financial loss and reputational damage to an organization, but the threat is multifaceted and varies from disgruntled or negligent insiders to external hacking (ranging from individuals and small groups to state-sponsored activity).

    Out of 621 breaches studied last year by the Internet Security Alliance, 92% were attributable to external agents, and 14% implicated insiders. Business partners were responsible for about 1% of the data breaches. “If I were a buyer right now,” says Jeff Karrenbauer, president at supply chain planning solution firm INSIGHT, Inc., Manassas, Va., “I’d be keeping a close eye on how my company’s data was being shared – particularly payment information – with vendors and business partners.”

  2. Image of Jeff Karrenbauer, president at supply chain planning solution firm INSIGHT, Inc., Manassas, Va.
    “If I were a buyer right now,” says Jeff Karrenbauer, president at supply chain planning solution firm INSIGHT, Inc., Manassas, Va., “I’d be keeping a close eye on how my company’s data was being shared – particularly payment information – with vendors and business partners.”
    Educate yourself on your firm’s cyber vulnerabilities. According to Marsh & McLennan, 92% of cyber criminals used some form of hacking or malware, and 29% leveraged social tactics to steal information. Their most favored avenues of attack include malware inserted into software or hardware; vulnerabilities found by hackers poking and prodding software; compromised systems that are unwittingly brought in-house; and counterfeiting.

    Looking specifically at compromised systems being brought in-house, for example, prominent manufacturers like Apple, Hewlett-Packard, Sony and others have all shipped pre-owned laptops, hard drives and other devices that contain viruses, worms and Trojans, according to the Internet Security Alliance. Getting out in front of this potential risk requires 1) proper identification of the potential threats; 2) categorization of these risks (which are most likely to happen based on the business’ model and operations); and 3) putting systems in place to quickly identify and mitigate problems before they arise.

  3. Keep an eye on your organization’s intellectual property. Collaboration and sharing are key aspects of a smooth-running global supply chain, but that doesn’t mean you should be sharing all of your firm’s internal secrets with business partners and customers. In fact, the high-tech field is particularly prone to intellectual property theft (the stealing of everything from trade secrets and proprietary products and parts to movies, music and software).

    According to the Federal Bureau of Investigation, intellectual property theft costs U.S. businesses billions of dollars a year and robs the nation of jobs and lost tax revenues. “No one worries about intellectual property theft when they are selling coal,” says Karrenbauer, “but for buyers in the electronics/high-tech field, the odds that your trade secrets may be stolen and used are pretty high.”

  4. Factor in random acts of nature. You may not be able to predict where the next hurricane or tsunami will strike, but you can diversify your supplier base to the point where such events don’t bring down your organization’s operations.

    Karrenbauer tells procurement agents to map out exactly where their critical raw materials come from and determine how vulnerable those areas are to potential threats. Next, use contingency, disaster and scenario-planning strategies to figure out what would happen if, say, a key supplier were out of commission for a month.

    “The electronics industry got clobbered by the Japanese tsunami in 2011,” says Karrenbauer. “A buyer may not be able to dictate where the raw materials are actually made, but a red flag should go up if a high concentration of those items is being produced in an area that’s prone to disasters.”

  5. Diversify your supply base. “If you’re buying more than 50% to 60% of your products from a single supplier,” Karrenbauer says, “you’re putting your enterprise at risk.” One labor strike, bankruptcy or building fire could put your company’s own operations in peril and leave you struggling to find a last-minute replacement (at a time when your competitors are probably doing the same thing).

    Having backup suppliers in case of emergency is one way to tackle this risk point, states Karrenbauer, who advises purchasing agents to look closely at the expense related to a possible supplier shutdown (versus the time it would take to seek out and align with alternative supply sources). “Too often, companies will just ‘wing it’ until something happens,” says Karrenbauer, “but that in itself is pretty risky – and potentially expensive.”

Disclaimer: The opinions, beliefs, and viewpoints expressed by the various authors and/or forum participants on this website do not necessarily reflect the opinions, beliefs, and viewpoints of Digi-Key Corporation or official policies of Digi-Key Corporation.