Expert Insights: Supply Chain Transparency and Risk Monitoring
In an environment where disruptive events and new regulations are the norm, achieving transparent supply chains and managing risk is no easy feat. Marie Johnson (ESG Risk Leader and Partner) moderates a discussion with EY colleagues A.J. Spalding (Managing Director, Risk Management), Jonah Hessels (Manager, Climate Change and Sustainability Services), and Mihir Patel (Manager, Supply Chain and Operations) on how to streamline your supply chain risk management, including:
- The value of supply chain transparency in achieving sustainability.
- How companies are leveraging data and analytics for transparent and risk-controlled supply chains.
- Real-world examples and recommendations for achieving sustainable and compliant supply chain practices.
Watch the full conversation, and read the can’t-miss highlights below.
Why is transparency in supplier relationships so important?
A.J.: When we think about transparency, we’re thinking about driving that ability to adjust when disruptions occur. As we think about the pandemic, wars, and disruption within our supply chain, transparency allows us agility to make better supply chain and supply planning decisions. And ultimately, reducing risk and being compliant.
Jonah: For me, I might be thinking about trying to decarbonize a supply chain and that transparency would allow me to identify the intensive aspects of your scope three emissions. Mihir comes from an operations view so he might be looking at transparency data to help him remediate a specific issue that you might be having with the supplier and finding a replacement.
At its core, it’s really knowing who, what, and where with what’s going on in your value chain. The origins, the movements, who are handling products, and what facilities are involved all the way from the raw materials and commodities down to your final customer.
Why is it so hard to gain visibility into supplier relationships?
Mihir: The supplier networks of today are very complex. You might know your immediate tier one or tier two supplier, but that same tier two is buying products from a tier four supplier, which might be a direct supplier to your tier one. The complexity of the current supply chain networks makes it extremely difficult to have any sort of visibility.
Lately, we have been hearing a lot about the information gap and the limited transparency in terms of not all suppliers having equal incentives and motivation to provide you with all the information that you need. That’s where the gaps come in and it becomes very difficult to say, where did this product come from or what did the supplier use to provide us this component?
Jonah: All of those different factors compound against each other to make it really complicated. There is a large manual undertaking to try to get a handle on your supply chain and currently, companies are doing things like surveys and audits which is time intensive.
How are companies trying to solve these problems?
A.J.: Segmentation of your supplier and your third-party population is critical in understanding, who are my most critical suppliers, who are the highest-risk suppliers to my organization, and starting there. We’re starting to look at external data; providers are getting richer with those areas of data. There is going to be a requirement for humans to perform audits, assessments, and due diligence but external data is really giving us an upper hand and an advantage of being more efficient and effective with this process.
Mihir: Employing risk intelligence at the company level is not just about collecting that data, but how you employ that data to identify risk early or to identify potential risks that could impact your supply chain.
What are some examples of key risks that you see associated with supplier relationships?
A.J.: I think there are two ways to look at it. It’s the risk to my organization, but also the risk of that company continuing to stay viable as a supplier. Internally, you’re looking at concentration risk and business continuity considerations. When you look at the supplier lens, you’re thinking about their financial viability, cybersecurity if they’re accessing our systems, their reputational risk because they are connected to us as our suppliers, and then some of those ESG risks as well.
What are some supply chain risks related to sustainability?
Jonah: From an environmental standpoint, you’re looking at things like resource depletion, and physical risks to your operations. It’s important to know who’s handling your goods and what facilities they’re at because you think about drought flooding or water scarcity. Those are going to get more common as the years go on based on all the climate models. Knowing where your facilities are, and knowing what your supply chain looks like will allow you to better plan for those risks.
Then for social and governance risks, you’re looking at things like workers’ rights and forced labor, compliance with regulations, and then governance, you have management and oversight risks like corruption and bribery.
Let’s talk about the changing landscape as it relates to regulation. What are some of the most important regulations to be aware of?
Jonah: Yeah, what used to be driven by commitments or maybe even goodwill or mitigating risk is now business imperatives. In order to do business, you’re going to need to comply. I’d say one of the broadest, most applicable ones is the Corporate Sustainability Due Diligence Directive. That’s a much broader one aimed at mitigating and tracking any negative human rights or environmental impacts in your supply chain.
You also see very targeted ones like the UFLPA in the United States saying you cannot import any goods that have a suspicion of forced labor used in any goods coming out of the Xinjiang region in China. New ones, like California State Bills 253 and 261. Those are U.S.-based but they involve reporting.
The great thing about all of these regulations is that they mitigate harmful effects on people and the environment and ensure sustainable business practices. The tough thing is that there are so many of them and they’re new, they’re changing, and they’re tough to keep track of. I was on a call with a client who just found out that they were subject to a Canadian reporting standard that they weren’t aware of.
The ever-changing standards and regulations coming out is a common sentiment across clients and there are some growing pains. One good thing is that there is a ton of overlap between the standards and what we’re talking about here — if you have a good handle on your supply chain, good data, and good management, you can ensure that you’re compliant with these regulations with pretty minimal business impact.
What are some of the challenges related to gathering and using data to manage supply chain risks, and how are companies solving them?
A.J.: As we think about that data side, there’s data from the third party, but then there’s that external data concept as well. Some of the challenges that we see are simply receiving that data and the validity of that data. But the other is the concept of that translation layer.
It’s critical that if you’re using external data providers you have a methodology in place to say, when I see these types of scores or flags, what does that mean to my organization? What are the next actions that I need to achieve after we’ve identified those risks? That’s often where organizations fall down we may receive a bunch of data, but we don’t know how to catch, receive, and interpret it. Data is not everything.
Mihir: The other one that comes to mind is just the manual process of collecting the data. Companies are dependent a lot on supplier surveys and supplier audits. Often these are self-reported. The other challenge that comes with this is when your suppliers are in a different country and you do not have local support to ensure that the data you’re collecting is accurate.
To mitigate that, some of the best practices that we are seeing is having automation through contracts and other technologies that can provide you data that you feel confident leveraging in your risk methodology. Leveraging independent third-party data can be a huge plus if you are able to get that kind of data into your system. Obviously, the challenge with that is not everybody can afford it, so you have to make a business case for it.
Looking for more thought leadership? Check out our on-demand webinar library for more leaders and experts discussing timely issues, insights, and experiences.