Prospering in the New World of Supply Chain Risk Management


Corporate boards and executive leaders are waking up to a new world with the disconcerting realisation that they don’t know what they don’t know about their supply chains.

This lack of transparency marks a pivotal and pervasive challenge to the board’s strategic oversight and governance of supply chain risks, and it comes with a heavy price tag. A slew of major supply chain disruptions have triggered double-digit market share and stock valuation declines in many organisations while driving valuable customers to competitors. Both types of damage take years to overcome.

While the increasing frequency of so-called once-in-a-generation disruptions have exposed the fragility of global supply chains, the underlying problem has for years resided in the standard supply chain model, with its all-consuming and narrowly defined focus on cost/efficiency, to the exclusion of reliability, responsiveness and resilience.

“In most organisations, supply chain risk management has been conducted with all of the verve of buying insurance,” notes Michael Loveless, co-founder and CEO of intelligent supply chain risk management platform RAAD360. This contrasts deeply with other core business capabilities such as customer experience management and omnichannel selling that have leveraged innovations and technology to facilitate dramatic improvements and increases in shareholder value over recent years.

The need to update supply chain risk management now qualifies as a board priority. Under the board’s oversight, management can address this strategic imperative by assessing the weaknesses of current supply chain models, getting in place the operational and strategic components of their new strategic oversight responsibilities, and understanding the enabling competencies present in organisations whose proactive supply chain risk management approaches have helped them achieve double-digit market-share and shareholder value growth.

Supply chains are not cost centers

Boards should rethink their approach to strategic oversight and governance of supply chain risk in the face of a still emerging post-pandemic environment. They also must consider the short- and long-term effects of the Russia-Ukraine war, which has created further turmoil in supply chains and resulted in a complex scheme of supply chain-related sanctions with which impacted organisations must comply. The same historic changes should motivate executive leadership teams to overhaul existing supply chains and related risk management strategies.
As executive management and the board embark on this journey, they should keep the following context in mind:

Fragile supply chains are not a new development — they represent a longstanding issue.

The global pandemic did not break global supply chains as much as it exposed entrenched fragilities in those networks in harsher terms compared to previous disruptions, such as the United States’ imposition, during the Trump administration, of punitive tariffs and related restrictions on China in response to that country’s economic policies and commercial practices. The Biden administration has doubled down on these policies by strengthening anti-China alliances and implementing additional sanctions.

Yet regional COVID-19 surges continue to wreak havoc on supply chains. For example, outbreaks in China have resulted in lockdowns in manufacturing-heavy locations such as Shanghai, severely impacting global supply chain networks. Russia’s unprovoked invasion of Ukraine stimulated the largest, most comprehensive collection of economic sanctions in modern history.

In addition, extreme weather events in manufacturing hubs continue to place extreme pressure on supply chains designed predominantly for low-cost production rather than for reliability and resiliency.

Such disruptions painfully illustrate the need to pay more attention to the location of key suppliers, reliability of second- and third-tier suppliers, availability of qualified alternative sources of supply, how long suppliers can operate and meet obligations amid a catastrophic event, and how long companies themselves can operate amid a prolonged disruption in their supply chains. Sourcing of commodities, materials and components that are a priority from a national security standpoint, particularly related to healthcare and other strategic needs, are also receiving closer attention by both the public and private sectors, as is the concentration of key suppliers in a given country or region.


  • Fragile supply chains are not a new development – they represent a longstanding issue.
  • Supply chain risk management’s impacts to shareholder value are substantial and enduring.
  • The focus on costs has been all-consuming and incomplete.
  • A lack of transparency stems from low levels of trust.
  • Lawmakers and regulators are taking actions to ensure more reliable, responsive and secure supply chains.

Supply chain risk management’s impacts to shareholder value are substantial and enduring.

A groundbreaking academic study offers an eye-opening quantification of the magnitude and duration of the costs that publicly listed companies bear from major supply chain disruptions. The authors estimate that during the year leading up to a public announcement of a supply chain disruption, organisations, on average, experience a 107% drop in operating income, a 114% decline in return on sales and a 93% reduction in return on assets. “More importantly, firms do not quickly recover from the negative economic consequences of disruptions,” the authors conclude. “During the two-year time period after the disruption announcement, the changes in operating income, sales, total costs, and inventories are insignificantly different from zero.”[1] While this study was published in 2003, it underscores the structural flaws in most supply chain risk management approaches today. Moreover, the disruptions evaluated in this research are not of the same scale and impact as more recent supply chain upheavals.

The focus on costs has been all-consuming and incomplete.

The traditional view of supply chains as a cost center produced substantial efficiencies but, at the same time, created substantial risks. In many organisations, treating cost of goods sold as the dominant performance measure drove a series of decisions and behaviors that ultimately resulted in relying on a core contract manufacturer in one country — frequently, that country was China. Decisions to decrease inventory levels, use a sole-source or single-source supplier or vendor in countries on the other side of the world, and adopt just-in-time manufacturing and delivery techniques saved money; that is, until a major disruption — an earthquake, trade tariffs, a global pandemic, a regional ice storm, a fire in a single manufacturing plant, a new COVID-19 outbreak, and so on — inflicted expensive losses in organisations without more diverse supplier bases and other “just-in-case” buffers.

Measures such as cost of goods sold reflect an incomplete accounting of total costs because they fail to address costs related to business continuity management, logistics workarounds, customer satisfaction declines in response to delays, and more. Additionally, a cost-dominant approach to supply chain risk management tends to neglect or, at the very least, short-change the significant value derived from designing and operating more reliable and responsive supply chains.

A lack of transparency stems from low levels of trust.

Over the years, the supplier and vendor community developed resistance to requests for information-sharing issued by their sourcing counterparts inside customer companies — often because this information was used, or perceived to be used, to extract lower prices and other concessions from suppliers. Vendors avoided these requests or responded with vague information in order to protect themselves in subsequent negotiations. The good news is that a growing number of supply chain leaders and CEOs recognise that communication and collaboration models are fundamentally broken and need to be redesigned to enable greater reliability and responsiveness.

Lawmakers and regulators are taking actions to ensure more reliable, responsive and secure supply chains.

Global rules-makers and regulators continue to increase and enhance requirements for greater visibility into internal practices related to cybersecurity; national security; ESG standards, including specific measures and policies as well as human trafficking concerns; and other business practices among all tiers of suppliers. Institutional investors, shareholder activists, consumers, employees and regulators are driving companies to look upstream at their supply chain as well as downstream to their distribution channels to reduce the carbon footprint in their value chains and product lifecycles. Similar attention and pressure focus on human rights abuses in global supply chains, driving the need for more robust human rights due diligence.

The SEC’s recent carbon footprint disclosure proposal will potentially have a direct impact on shareholder valuation and require much greater supply chain visibility and more detailed reporting. The evolving global sanctions against Russia implemented as a result of its war on Ukraine must be monitored not just by financial services organisations but also those in most industries, as there are far-ranging impacts on supply chains. Recent supply chain-related price increases also have stimulated investigations into accusations of price gouging and monopolistic practices designed to keep supply constrained and prices high. This concern motivated the U.S. Federal Trade Commission to perform months-long audits of nine large consumer products companies in late 2021 and earlier this year.[2]

Boards and senior leaders should recognise that supply chain risk management increasingly affects the customer experience. Customers dissatisfied by the lack of reliability and sustainability in cost-dominant approaches to supply chain management inevitably will turn to alternatives that may cost more but deliver higher levels of service, increasingly real-time visibility into supply chain and logistics activities, reduced ESG footprints, and on-time delivery guarantees.

Supply chain oversight equates to shareholder value

From a strategic oversight perspective, boards need to know whether the organisation can get goods to market when disruptions strike. Addressing that risk raises other governance-related questions about the organisation’s fundamental approach to supply chain risk management:

Given their accountability for shareholder value, boards also will want updates from their CEO, CFO and COO regarding how tradeoffs involving supply chain cost increases affect profitability. Are higher costs eaten from a margin standpoint, or are they passed on to customers? If the latter option is used, how is that projected to affect customer experience and profitability?

Intelligent supply chain risk management

Another question looms large for boards and executive management: What approaches and practices distinguish leading supply chain risk management capabilities from the rest of the herd? RAAD360 research on supply chain risk management exemplars and Protiviti’s experience working with boards and C-suites to help improve and optimise supply chains show that organisations with leading supply chain risk management capabilities typically do the following:

  • Look beyond traditional cost evaluations: While cost is an important risk consideration, it should be evaluated and monitored in conjunction with supply chain reliability and responsiveness. Managing the supply chain based on revenue assurance requires a comprehensive understanding of the costs of disruptions as well as the investments needed to ensure access to supplies.

Here’s what organizations with leading supply chain functions do

  • Look beyond traditional cost evaluations
  • Measure risk across multiple dimensions
  • Redesign supply networks
  • Treat technology as a facilitator while recognizing humans still matter
  • View CFO-COO unity as a crucial risk management enabler
  • Measure risk across multiple dimensions: Exemplars identify and measure risk across all operations and regions, and they do so with greater frequency than other organisations. They also assess risk across different time dimensions — current risks as well as those likely to pose challenges to short-term and long-term operations based on the organisation’s strategic trajectories. These risk assessments and ongoing scenario planning activities are conducted in a proactive manner.
  • Collaborate across the organisation: Leading organisations recognise that many different factors can affect supply chain operations, including issues that reside beyond supply chain processes in other parts of the enterprise. As such, exemplars involve numerous organisational leaders and functions in supply chain risk management planning and execution, including finance, legal, compliance, sourcing, customer management, and credit management, among others. This collaboration, which is centered on identifying risk triggers throughout the organisation, helps establish and sustain true resilience.
  • Redesign supply networks: As the cost advantages of offshoring, outsourcing, single-sourcing and the like continue to dissipate in the face of more frequent large-scale disruptions that reverberate globally, leading organisations are diversifying their portfolio of suppliers, production locations and distribution channels. These network redesigns are far more comprehensive than, for example, moving from China to Southeast Asia, a shift that does little to address logistics-related disruptions. We see more companies rethink network design based on far-reaching supply chain risk analyses that put more options on the table, including near-shoring and reshoring as well as building factories and distribution centers closer to where products are sold.
  • Treat technology as a facilitator while recognising humans still matter: Supply chain risk management exemplars treat technology — including advanced tools — as a facilitator, rather than the primary driver, of supply chain risk management improvements. Consider artificial intelligence, which does an excellent job of ferreting out and filtering risk data from external feeds and then identifying patterns. Optimising those insights requires human input — especially from supply chain professionals who have forged relationships with suppliers, work onsite in warehouses and troubleshoot in supply depots. Those experiences and insights are rarely, if ever, captured by enterprise systems and the advanced tools that pull from those systems. Technology should not hinder human input into supply chain risk and the overall value chain risk.
  • View CFO-COO unity as a crucial risk management enabler: Inside organisations with more advanced supply chain risk management capabilities, CFOs are collaborating with COOs and other supply chain leaders more directly, frequently and effectively. Leading CFOs are contributing their insights and expertise to supply chain planning on a monthly, if not more frequent, basis. (While CFOs and COOs have long worked together to address supply chain risks, we see a more unified approach to this collaboration among exemplars.) This sense of shared purpose helps organisations respond to new disruptions faster and more effectively. For example, when Russia recently agreed with China to convert from U.S. dollars to the yuan in its trade with China, leading CFOs immediately reached out to their supply chain counterparts to discuss the implications of this currency issue, which may or may not provoke an international trade transformation.
In light of current occurrences around trade barriers, 42% of organisations are moving to diversify their supply chain to numerous regions.
Source: Protiviti 2021 Global Finance Trends Survey
Companies can’t keep hobbling along with short-term fixes for their supply chain woes, even if such measures do help ease pressure and aid in getting goods to customers. They also need to stop playing “kick the can” when encountering fundamental supply chain problems that demand long-term solutions. Operating the supply chain as a cost center, prioritising leanness and cost-effectiveness above all else, and continually putting off supply chain network redesigns are not sustainable approaches in this volatile environment.
David Petrucci

COVID-19 continues to be an albatross around the neck of global supply chains as outbreaks and lockdowns create backlogs and delays worldwide. These challenges, together with those sparked by Russia’s war on Ukraine, painfully illustrate that the shortcomings of traditional supply chain risk management need to be addressed. Supply chains governed by a cost-dominant mindset have been extremely fragile for the past two decades, verging on a breaking point that hit home during the recent flurry of these latest “once-in-a-generation” disruptions.

Organisations have performed dramatic transformations of their customer experience approaches, sales channels, finance functions and other strategic capabilities. It is time for senior leadership teams to conduct a similar overhaul of supply chains and how their supply chain risks and costs are identified, quantified and managed in a comprehensive and coordinated manner. As that transformation progresses, boards will need to rethink their approach to strategic oversight and governance of supply chain risks.

1. “An Empirical Analysis of the Effect of Supply Chain Disruptions on Operating Performance,” Kevin B. Hendricks and Vinod R. Singhal, July 2003:

2. “FTC Launches Inquiry into Supply Chain Disruptions,” Federal Trade Commission press release, November 29, 2021: