Identifying dangers in the supply chain network early on

Today, many companies operate within global networks. Yet external factors, such as material backlogs, extreme weather events or trade policy disputes harbor risks in cooperation that are often recognized far too late. The consequences are serious and usually expensive. How do companies succeed in establishing the necessary transparency early on? 

These images went around the world: On the most important sea trade routes, container ships were stuck in traffic jams outside ports, waiting to be cleared. Components, spare parts and raw materials that were to be delivered just in time and further processed in other industrial sectors were instead stored in stacked containers, waiting to finally be picked up. 

“Events such as the COVID-19 pandemic or the war in Ukraine have painfully shown many companies how high the costs and losses of disruptions in the supply chain network can be,” says Canan Jungel, Principal, Staufen AG. They range from contractual penalties and production downtimes to lost sales and long-term damage to a company’s reputation. 

Supply Chain Network Management (SCNM)

Today, companies are integrated into complex value creation networks. Goods are procured worldwide, and products are distributed via ramified sales channels. The number of partners involved in value creation has increased massively across all stages, causing supply chains to grow in length and complexity. Through a lean, global manufacturing model, companies achieved massive improvements in inventory levels, on-time deliveries, and shorter lead times. Yet this operating model has unintended consequences: Complicated production networks were designed for efficiency, cost, and market proximity, but not necessarily for transparency or resilience. Currently, however, they operate in a world where disruption is a regular occurrence.

Influencing factors & drivers of the SCNM

Government policy / political stability / Corruption / foreign trade policy / tax policy / labor laws / trade restrictions and barriers

Population growth / age distribution / career attitudes / health consciousness / lifestyle / cultural barriers

Carbon emissions reduction / environmental policies / climate change / pressure from NGOs / alternative energy sources

Antitrust / discrimination / employment / consumer protection / health & safety / German Supply Chain Act – (LkSG) / EU sustainability guidelines

Economic growth / exchange rates / interest rates / inflation / unemployment rates / disposable income / labor costs

Artifical intelligence – machine learning / prescriptive analytics / data management / robotic process automation (RPA) / robotics

For the foreseeable future, neither the challenges will diminish nor the bottlenecks will disappear.

Thomas Spiess
Senior Partner, Staufen.INOVA AG

Active monitoring on all levels 

As supply chain networks grow in size and the number of partners involved increases, it becomes increasingly difficult to keep track of all influencing factors and drivers. Supply chain network risk management is therefore a must to compete in the future.  

This type of risk management is made up of several elements that interact to achieve their full effect. In some case, the elements may need to be introduced one step at a time or be added to an already existing risk management system: 

Ideally, the risk management system is made up of all products and services that the company purchases and sells. In addition. all relevant suppliers, customers and partners should also be involved. This way, we get a complete overview of potential disruptions and impacts. Depending on the status of the current system, this approach may not be possible in a single step. In that case, priorities must be set and criteria used for the selection. 

The depiction of the entire network, the “network mapping”, is the starting point for recognizing what we refer to as risk objects. This may be branch locations, offices, factories and/or distribution centers, but also highways, harbors, channels and/or airports.  

When mapping the network, special attention should be given to the supplier network. It should not be limited to Tier 1 suppliers only, because half of the disruptions occur below the Tier 1 level. The procurement and evaluation of the needed information may involved quite a bit of effort. However, computerized approaches can help to find, analyze and prepare the information. 

By creating risk categories and, where necessary, subcategories, it becomes evident just how far these categories apply to each individual risk object. Categories that are often used, for example, include financial risks, operational risks, risks relating to the market, reputation, natural catastrophes, human error, logistics or cyber security. What is important in this context is to account for the threats that have direct relevance to the supply chain network. 

Risks are evaluated based on two factors: their likelihood and effects. While the likelihood of certain risks can often be determined based on historic data, it is cumbersome to evaluate the effects. There is no “one-fits-all” solution. However, in most cases, a small number of parameters can provide a good overview. They may be: 

  • the total time until recovery; 
  • the substitutability/time required for shifting 
  • the availability of qualified alternatives 
  • the number of affected customers/markets 
  • the effects on revenue/profit margins/results 
  • one-time and ongoing costs for corrective measures 
  • effects on the corporate image 

In order to determine whether the network is at risk, current and accurate information is needed, ideally end-to-end about the entire network. Transparency flows from (real-time) information about the status of the network, including people, devices, equipment, information systems, orders, inventories, etc. Without a structured approach to collecting, analyzing, and communicating information about what is going on in the network, implementing meaningful risk management is very challenging. So, in the interaction with the risk identification step, we must always consider the means and tools that can be used for monitoring. 

Monitoring and assessing risks creates the transparency needed to develop action plans. Typically, action plans are based on preventative or responsive measures. A prevention plan is focused on preventing incidents. Risk mitigation is key to proactively managing risk. In contrast, responsive plans ensure rapid intervention in the event that a risk incident occurs. Each action plan should describe the processes to be followed if a particular incident should occur. 

Compliance is one of the essential components of risk management, and its documentation requirements should not be underestimated. For example, a company must have a complete understanding of its network, including all materials being purchased. It needs to know where this material is coming from and how it will be used. Moreover, it must be ensured that current and future regulations in each market are known and how they apply to all products in the supply chain network. These processes must be continuously documented and the results recorded. Over time, this creates ever-increasing demands within the company, especially given that the standards for reporting can also vary considerably. In this case, a degree of automation in compliance reporting can reduce the time and effort required and create synergies. 

In many companies, the word risk evokes negative associations. Attaining resilience in the network therefore requires a culture of risk awareness. It helps establish and maintain efficient decision-making processes in the face of unknown risks, and also enables faster response in times of a severe crisis or operational threat. One key task for managers in this context is to clearly define and communicate an organization’s tolerance for risk. Management and employees must feel empowered to relay bad news but also to share information about where and how risks have been successfully and proactively addressed. 

Feel free to contact us

Establishing risk management is a long-term task for corporate management that affects all levels of the organization. It should absolutely be accompanied by the digitalization of corresponding processes. We at Staufen can support you with this.

Your contact person

Canan Jungel

Practice Lead of SCNM


Phone: '+49 7024 8056 0


More on the topic of supply chain network management

Lieferkettengesetz Supply Chain

Supply Chain Act

The Supply Chain Act requires companies to take responsibility for their entire supply chain. How can companies do this?

Read more
Illustration Supply Chain Landkarte

Supply Chain Network Management

What will the stable supply chain network of tomorrow look like? An answer to this and other questions can be found in our white paper.

Read more

Supply Chain Network Management

We are thoroughly knowledgeable about the supply-chain matrix and have a solid command of every level of its requirements. We support you in optimizing your supply-chain processes, structures and networks, and in doing so we always focus on achieving the ideal output for the entire process. By initially focusing on fast and sustainable successes in pilot areas, we create a momentum towards change that optimizes the entire process.

Read more
Staufen Back To Top Button