Editor’s Note: The SCM thesis Calculating Financial Business Risk to Identify Supply Chain Vulnerabilities was authored by Romain Lucas and Pik Yien Lai, and supervised by Dr. Milena Janjevic (mjanjevi@mit.edu) and Dr. Jafar Namdar (jnamdar@mit.edu). For more information on the research, please contact the thesis supervisors.
Effective supply chain risk management has become increasingly important for businesses, especially after the Covid-19 pandemic exposed the weaknesses of many supply chain systems.
Companies can approach formulating risk management strategies in supply chain by deriving actions and strategies based on the identified types of risks or by assessing based on the severity of its impact on business in terms of revenue or profit. In our research project, instead of the traditional approach to simulating risk scenarios or estimating the likelihood of risks, we looked at risk management from the perspective of identifying supply chain vulnerabilities. To do so, we worked with a global water technology company and considered how revenue, finished goods products, components, and suppliers are interrelated, and we calculated the revenue impact a supplier has on business, which we labeled the business risk value.
Defining a structured impact assessment
The process of identifying and assessing risk is essential in risk management, as it helps decision-makers become aware of potential uncertainties and manage them proactively. Our sponsoring company has a supplier risk management program consisting of two parts. First, they identify the risk levels of their suppliers by using a well-known supply chain risk management software. Second, they derive their own internal estimations of what the risk impact on the business is for each supplier.
Our objective was to find a way to improve the evaluation of risk impact on the business by moving from a subjective evaluation to a structured, objective, transparent framework that the company could adopt.
The main assumption in our framework was to disregard the types of disruption that the business faces. We also disregarded the procurement spend per supplier. We defined the company’s view of risk impact as revenue loss. The method we sought to build was to establish the connections among different data sources that contain information around the bill of materials (BOM) for each SKU, revenue for each SKU, and supplier for each BOM. By creating a network of connections between components, products, and suppliers, the link between the criticality of a supplier and revenue became clear.
The reason for this approach was that, for many large companies, evaluating all suppliers through monitoring and implementing action plans is simply not viable because resources are limited. Therefore, segmenting suppliers based on their revenue impact as a starting point in risk management helps establish where a business’s supply chain is critical.
Qualitative versus quantitative assessments of risk impact
After creating a new report that combined the different data sources mentioned above, we wanted to compare the difference between the risk impact that we established and the company’s qualitative approach. After all, there is no right or wrong approach.
Our comparison yielded two key insights:
- Procurement spending is not correlated with the revenue or profits of the company.
- Part standardization, while a good sourcing strategy to leverage volume buy and lower product cost, increases business risk impact.
When business risk impact is measured qualitatively, there seems to be a tendency to associate procurement spending with the revenue or profits of the company. The company estimated that the total suppliers with a high-risk impact represent 73% of the total spend, while our method shows that true high-risk impact suppliers represent only 28% of the total spend. We also found that the company adopts part standardization as part of its sourcing strategy. Some of these parts are from small, specialized suppliers, which, because of their low spend in relation to the total procurement spend, were not labeled by the company as high-risk impact suppliers.
These key insights led the company to discover that the blind spots of small and specialized suppliers with low procurement spending that they had assessed as low-risk-impact turned out to affect 34% to 86% of the total revenue. The risk mitigation actions they had invested in were also minimal, which means if a disruption does take place, the consequences will be severe.
Our study showed the extent to which risk management can be affected by our individual biases, especially when it comes to evaluating the risk impact. Therefore, designing a structured impact assessment will help minimize the blind spots in supply chain risk management.
Supply Chain Management Review
Every year, approximately 80 students in the MIT Center for Transportation & Logistics’s (MIT CTL) Master of Supply Chain Management (SCM) program complete approximately 45 one-year research projects.
These students are early-career business professionals from multiple countries, with two to 10 years of experience in the industry. Most of the research projects are chosen, sponsored by, and carried out in collaboration with multinational corporations. Joint teams that include MIT SCM students and MIT CTL faculty work on real-world problems. In this series, they summarize a selection of the latest SCM research.