“The Resilience Operations Center” updates supply chain security for a new world of risks
Note: The following is the foreword to our just-released book, The Resilience Operations Center: A New Framework for Supply Chain Risk Management. Get the full digital version here.
Risks Have Evolved—Why Hasn’t Your Risk Management?
When I began working in supply chain risk management (SCRM) over 20 years ago, third-party risk management (TPRM) was not a boardroom concern. The task was a begrudging necessity, a checkbox in the compliance process. This mentality persisted even as businesses became more interconnected and mutually reliant on a vast network of partners across the globe.
Those interdependencies, coupled with their growing complexity, introduced a litany of risks across the supply chain ecosystem. Except among a small cadre of risk management professionals and technology leaders, these risks were largely invisible, deprioritized, or ignored.
Then came COVID-19, SolarWinds, and the Suez Canal backup. The fragility of global supply chains became painfully apparent, the repercussions of which continue to reverberate across virtually every industry and corner of the globe. So many shocks so close together has made “Black Swan event” an outdated term. Such disruptions are no longer rare, unpredictable, or even shocking. It is not a matter of if similar events will occur, but when.
Operational Resilience: A Business Imperative
Recent events have exposed the symptoms of unchecked vulnerability:
- Scrambling to cope with events as they happen
- Wasting resources because of siloed teams, duplicated efforts, or poor communication
- Brand damage from product or service disruptions or slowdowns
Being unprepared for such events is costly. That high cost, and the velocity and depth of disruptions, have triggered a reset in enterprise SCRM strategies, prompting dramatic re-evaluations of global interdependence and production. Organizations are trying to balance just-in-time production strategies with resilience recommendations, while also overcoming all manner of risks through better planning and more agile processes. The good news is that with continuous monitoring and the correct technologies, all are achievable.
As part of this reset, forward-leaning organizations are adopting new approaches to SCRM and setting their sights on Operational Resilience—the ability to continue providing products or services in the face of adverse market or supply chain events. While the path to achieving supply chain continuity and security varies by industry, the benefits are clear and universal. Organizations that achieve Operational Resilience can:
- Continuously monitor for potential risks and proactively make adjustments to minimize and potentially prevent disruption
- Quickly identify disruptive events to evaluate exposure, find alternatives, and respond fast
- Anticipate, model, and plan for possible scenarios and build the organizational skills to address and respond to these challenges
Businesses and organizations targeting Operational Resilience recognize the need to monitor a wide range of risk factors, including financial, cyber, regulatory, operational, geopolitical, and environment/social/governance (ESG). But the complexity goes even deeper, as they must also operate in an environment of ongoing digital revolution, climate change, the global resurgence of authoritarianism, and the push for sustainable procurement. These and other sweeping changes are upending business ecosystems and the systems of risk management upon which they are built.
The Rise of the Resilience Operations Center
Existing SCRM systems are outdated—the spreadsheets and questionnaires are inadequate for risk detection, and they certainly can’t help modern, competitive organizations mitigate damage and loss. A new framework must be brought to bear on this seemingly intractable problem—the need to gain solid footing and foster resiliency amid ongoing and increasingly complex disruptions.
The Resilience Operations Center (ROC) meets these needs and more. It represents a new approach to modern supply chain security and continuity, delivered through an enterprise-wide framework that ensures risk management objectives are tied to organizational goals. It brings previously siloed groups together to form agile and informed teams that are empowered to use data intelligently and react quickly to changing circumstances. We’ve seen the ROC framework deployed in a variety of industries, and our customers are using ROCs to dramatically change outcomes for the better.
A ROC is so effective at fostering Operational Resilience because it helps organizations overcome difficult internal challenges, including:
- Shifting behavior from response to prevention. Deep, comprehensive planning helps teams anticipate events, evaluate alternatives, prevent disruptions, and model all scenarios and options. Reacting to events as they happen is not sufficient in today’s competitive market.
- Making risk management an organization-wide job, not the domain of one person or team. Most approaches to managing risk are siloed within business units, such as procurement, supply chain operations, and IT, or in single focus organizations, such as information security and compliance. When everyone is a stakeholder, organizations improve how they coordinate, collaborate, prepare, and respond.
- Managing risk beyond the walls of your company. Organizations rely on an extensive network of suppliers and partners for developing and producing their products and services. Identifying relationships in the extended supply chain to the Nth tier helps organizations decide if those connections are good or bad business choices, thereby identifying and preventing potential risk. And, most importantly, remember that you are a third party to myriad other organizations, which are now looking at you through their own risk management lens.
Operational Resilience—It’s Simply Good Business
Through years of experience seeing client challenges up close, I’ve became even more convinced that cutting-edge technology can help organizations modernize and reset their approach to third-party risk management. This led me to create Interos, the world’s first multi-tier, real-time SCRM solution.
But technology, no matter how efficient, can only go as far as individuals and organizations are willing and able to take it. While our platform is a powerful engine for improving risk management and gaining transparency across the supply chain ecosystem, without a complementary organizational framework, the problem remains unsolved.
There is no one-size-fits-all approach to risk management. The concerns of a multinational manufacturer are vastly different than those of a mid-size financial services entity, but the ideas and principles contained in this volume can be modified to suit the needs of almost every organization. It contains ROC tactics, techniques, and procedures organizations can use to determine the proper scope of their risk management activities, construct plans for those activities, and execute on them. It provides a foundation that multiple stakeholders—including procurement officers, finance professionals, cybersecurity personnel, and compliance leaders—can use to plant their feet firmly and begin the important work of securing the continuity of their enterprises.
There is an urgency to adopt a more robust form of third-party risk management to mitigate the continuing fallout from COVID, SolarWinds, and the other inevitable shocks yet to come. That, of course, is the aim of this book. With a focus on providing clear, concrete, and actionable steps, we believe this guide will help you begin to build Operational Resilience into your organization and throughout your supply chain. Because Operational Resilience is simply good business. So, let’s begin.