Mitigating Supply Chain Risk with a Single Strategy

For many companies, recognising and addressing supply chain risk can seem like an impossible task. But a unified approach can chart a clearer course of action.

Key takeaways:

  1. Many companies’ approach to supply chain risk differs from department to department. But a more efficient and effective approach is possible.

  2. A single supply chain risk strategy helps unify every department under a common goal and identifies risk scenarios — and the actions needed to address them.

  3. Data and analytics can improve visibility and decision making when it comes to a single supply chain risk strategy.


Supply chain issues have been pushed to the top of the news agenda over the past few years. The Russia and Ukraine conflict has sparked a significant and long-term impact on the supply and cost of food across the world. Car manufacturers have taken measures to ensure that they can keep up with the demand for new cars despite an acute chip shortage. As companies triage these and other similar situations, they will inevitably expose themselves to risk.

While supply chain risk has become one of the most important issues for business leaders to tackle, it’s also often misunderstood. For companies to overcome these problems, they must first develop a unified and comprehensive understanding of their risk profile and appetite.

Richard Waterer, global risk consulting leader for Aon, discusses how companies can mitigate risk by formulating an understanding of their supply chain, leaning on data and analytics to avoid issues and setting long-term risk-management goals.

Q: What challenges do businesses typically face when managing supply chain risk or disruption?

Richard Waterer: One of the big challenges facing any company that has exposure to the supply chain is the fact that it feels too broad to get your arms around. An automotive company might have 30,000-plus parts in each vehicle coming from all over the world. That’s a huge risk.

Risk is defined in different ways in an organisation depending on the stakeholder. A procurement director would approach supply chain risk by applying the right due diligence when they onboard a supplier. They would negotiate a contract that pushes as much liability to that supplier as they can in the event of issues around quality, cost or time. But they don’t consider where the risk is in their supply chain. It is a supplier-led view rather than an exposure-led view. The issue with approaching risk as separate initiatives is that it’s inefficient, and it may not focus the firm’s resources on the right areas that can have the biggest impact.

Q: How does this traditional approach differ from having a single strategy for supply chain risk?

Waterer: A single strategy for supply chain risk is about a single version of the truth — a taxonomy of supply chain issues that the firm agrees they face consistently and, most importantly, a consistent understanding of the impacts of supply chain risk on the business. If we know what it will cost our business, we can take the necessary steps to invest in making sure that it does not happen or its impact can be minimised.

The concept is not entirely new: forward-thinking firms have been doing enterprise risk management for decades. That entails understanding the most significant threats to an organisation and its ability to trade, profiling those and then understanding how those scenarios would impact the organisation and managing them. An enterprise view of supply chain risk would follow similar steps.

Q: What are the first steps in building a unified supply chain risk strategy?

Waterer: From a risk strategy point of view, it starts with an understanding of where the risk is in the supply chain and quantifying it. If you have a picture of your top risks and an understanding of your level of exposure, that will frame the decisions that you want to make as an organisation. Those decisions could be around insurance, risk management or supply chain reengineering if the exposure’s significant enough.

It’s about getting to the heart of what matters most to the company. That could be a set of product lines that generate the most earnings, a set of products that are key to a particular geography or a set of products that are important to the future direction or strategy of the firm. If they can agree on what matters most, then they can start to understand what comprises the bill of materials that traces back from that product line and which suppliers are producing which products. That is key to understanding risk exposure better. Then, companies can build scenarios and understand the “what ifs.”

Q: How can data and analytics help a company identify and assess supply chain risks?

Waterer: Data and analytics can play a critical role in improving visibility in a company’s supply chain. We have seen this help in three scenarios. First, the company already has information on its supply chain and wants to revisit their insurance program to see what kind of coverage they have and if they can cover the losses they incurred because of an interruption from a third-party supplier.

Second, the company is uncomfortable accepting the risk and they want to put stronger risk management around it. Data and analytics can audit suppliers to make sure they are well risk-managed, understand their levels of utilisation and determine their fallback position in the event of an interruption. This type of analysis helps companies decide whether they need to find a dual source supplier.

Third, the company has recognised that the size of risk exposure is significant, so they address it in their supply chain strategy by bringing production closer, changing suppliers, assessing deal sourcing and inventory management or holding more stock.

That visibility helps companies analyse the areas they want to focus on, where risk sits in the supply chain and what the impact of those risks would be should they materialise. I think all firms would benefit from a single strategy on supply chain risk, but that strategy could be owned by different stakeholders and played out through different projects and initiatives that are driven by a common set of data and analytics.

Q: What advice would you give to leaders who want to improve their supply chain risk management?

Waterer: A balance between efficiency and resilience is the goal. There is a level of investment that’s required to keep that risk managed within your own risk appetite, but at some point, that level of investment could drop off because you’ll be spending more on managing the risk than you are on driving value for the organisation. Success looks like striking a balance between those two very broad sets of measures.

No sector has absolutely cracked this — but it’s also less about the response and more about the thoughtfulness and investment that companies are willing to put into their supply chain risk posture. We are seeing that happening a lot more now. There’s been a shift to creating a more open and collaborative culture about risk in many organizations, but there’s a long way to go.

This website contains general information only and does not take into account your individual needs or financial situation. It is important to note that limits, excesses, terms and conditions and exclusions apply to the products and services outlined on this website. Please refer to the relevant policy documents for details of cover, the provision of which is subject to the insurer’s underwriting criteria that apply at the time. Please contact us if you have any questions.