Over the past few years, business intelligence (BI) has been the hottest topic in risk management. In 2020, the outbreak of COVID-19 and the resulting lockdowns and travel restrictions had a huge impact on many businesses, causing huge losses. In 2022, even before the world had fully recovered from the pandemic, trade disruptions resurfaced after Russia launched an attack on Ukraine and NATO responded with a barrage of economic sanctions on Moscow.
According to Andrew Tait (pictured above), a partner at risk management firm Sigma 7 and a 30-year veteran of the risk management industry, supply chain impact and cybersecurity failures are two of the top risks from 2020 to 2022. damaged
“We’ve learned the hard way that supply chains are more interconnected and vulnerable to all kinds of risks than we thought,” Tait said. Corporate Risk and Insurance. “We are well aware that we need to increase our ability to effectively manage supply chains and broaden our view of them to include key people, technology, business channels and customer priorities. Additionally, There is a greater need to anticipate scenarios that could affect or disrupt in new ways—such as the combination of war, natural disasters, and pandemics. We know that supply chains are longer than we know them to be. With multiple relationships. We need a deep understanding of our suppliers and those who supply these suppliers multiple layers.
“With both insured and uninsured losses pressuring companies’ bottom lines in all sectors and frustrating customers, an intentional approach to resilience is more important than ever and requires careful planning. Revenue and Reputation Is in serious danger; the board of directors and the customer care.
Tate said one of the biggest mistakes many organizations and their risk management functions make is looking for blind spots in risk assumptions or not being willing to fully understand them. This lack of a holistic view of the potential impact of interventions has resulted in poor organizational risk outcomes.
“A fundamental flaw in the way we calculate and report BI details to represent global revenue minus variable costs (simplified) has created the challenges we’re experiencing today,” he said. “Limiting the communication and reporting of BI details to only insurance procurement support and focusing on annual ‘assigned’ BI, limits the ability of operational staff to understand the potentially serious impact of actual details. Without building a solid capacity to calculate and understand global impacts, including the knock-on effects from the loss of a single site, production line, boiler, business route, supplier, or technology system, companies cannot effectively Prioritize investment in supply chain protection.”
Another big mistake is that many organizations do not have operational business continuity and disaster recovery plans, which they underestimate the potential impact and the length of potential disruptions.
“Now is the time to sharpen the hatchet before the next real-world event,” Tait said. “Management hates surprises, and product supply chains are the lifeblood of what companies do – so why are we surprised by product shortages that materially affect the bottom line?”
Addressing BI errors
Having learned lessons the hard way, businesses now have an opportunity to put things right. Tate said organizations should focus on understanding their supply chains and the pressures that could affect them. Risk managers, business executives, and the entire industry must be better prepared to anticipate risk and plan for the best outcomes of risk.
“Taking an intentional approach to supply chains, understanding dependencies, and thinking through recovery options can allow companies to allocate valuable resources to focus on better risk remediation,” he said. he said.
Tate shared a sample supply chain risk planning process that consists of 10 steps:
- Identify and document priority products/product families
- Map supply chains, including key suppliers/customers (to production site)
- Measure the annual impact of losing sensitive sites, down to individual production lines
- Identify and list inventory locations, lead times, alternative sourcing strategies, parallel or redundant product standardization, key personnel, technology dependencies, etc.
- Assess the likely duration of the outage and recovery period (current and best future case and then add extra time for unexpected delays)
- Development of the risk curve over the potential return period
- Document plans to prioritize action for conservation – and communicate with management
- Conduct gap analysis and risk assessment to identify vulnerable sites/nodes
- Develop appropriate plans, policies, and procedures for business continuity/resumption
- Rinse and repeat
“In line with the above process, take the time to understand what technologies are important in the supply chain, where cybersecurity protocols and frameworks are in place, and how these protections will affect a breach or disruption in your supply chain. ” Tate said. “Partner with the Chief Information Officer/Chief Information Security Officer to model the impact of technology outages on information supply chains. It is important that technical response plans are tailored to specific business needs and take into account key international standards. Hold on to discuss current and future integrity at all levels of the organization.
Accordingly, Tait anticipates further challenges to current models of resilience, as countries move toward regional integration at the expense of global integration. With organizations increasingly relying on technology to operate, supply chain threats to businesses will grow, as will costs. He also expected a higher demand for transparency from customers, shareholders, and boards of directors, to see and understand the supply chain despite continuous improvements in equipment and services. Insurers will be more willing to reward those who better understand their exposure, resulting in increased efficiency in supply chain management.
“To all risk managers who want to make a change, we urge you to partner with operations and senior leadership to drive engagement and begin the journey to resilience.” Tate said. “To provide a little hope – it may help to avert some of the growing risks we’re experiencing from global warming, resource scarcity, and dynamic geopolitical pressures.”
What are the top risk management lessons you learned in 2022? Let us know in the comments.