„There Will Always Be Black Swans“
Interview with Heiko Schwarz, CEO of riskmethods, on the topic of risk management tools
It is getting harder and harder for companies to maintain an overview of the ever more ramified supply chains, but Heiko Schwarz is here to help. He has more than 20 years of experience in the software industry, including at IBM. In 2013, he founded the start-up riskmethods in Munich and is the CEO. The company uses AI-based software to identify, assess and mitigate all types of risk in supply networks. This enables companies to protect supply, meet customer requirements, protect their image and reduce risk costs. We talked to Heiko Schwarz to find out how it works and which mistakes it helps companies to avoid.
Heiko Schwarz, CEO of riskmethods
Heiko Schwarz, why can it be so dangerous for companies if they fail to maintain a comprehensive overview of their supply chain?
Companies often underestimate the level of interdependency within supply networks. In tier 1, companies are now looking beyond traditional criteria such as financial stability and focusing more on diversification: in other words not just using one supplier or suppliers from the same region. Tier 2 is a different story though. Let’s say that your company buys its ball bearings from three different companies in different regions. You might think that you’ve diversified your risk, but the steps you’ve taken don’t go far enough because all three of your suppliers might buy from the same place. If their supplier is hit by a natural disaster, then your tier 1 diversification measures will not help you.
Why don’t companies have this level of transparency and why do they simply look at their direct suppliers?
Companies have ignored the issue of risk management for a long time now; the most they may have done is running credit checks on their business partners. Only in the last ten to 20 years have there been a few impacts that have triggered a noticeable change of heart – the financial crisis and the Fukushima disaster, to name just two. Since then, many companies have started looking for ways to protect themselves against risks like these.
But they haven’t really managed it.
It goes without saying that it’s a very challenging process. Companies have to take a lot of risks, and a lot of information sources, into consideration to create a comprehensive picture. Data from credit agencies, insurance databases, media reports, platforms where supplier employees can post complaints – plus the data held by the company itself. As a general rule, the more precise the better. When it involves something like establishing the exact costs of a production failure in the supply chain, then you need complete transparency.
That sounds like an absolute mountain of data! How much actual use is all that data to companies?
Obviously raw data won’t tell you very much. You need software that can analyze this amount of data and use it to set priorities: in other words, to identify which events will have the greatest impact and which are most likely to occur. And that is where we come in. We work with our customers to create a score card in our software that gives a clear breakdown of the risks to which the company is exposed and where. This score card acts as a centralized storage point for all types of risks and for information from external and internal data sources, and it standardizes all this information to produce usable key figures and risk profiles. We also use artificial intelligence and algorithms, which could be another reason why companies haven’t had risk management on their radars before now.
Could you explain that final statement?
The technology that helps to analyze this amount of data and extract the relevant information for each customer hasn’t actually been around that long. Big data analysis has taken a huge leap forward in the last ten years. A company like ours wouldn’t have been possible before that leap as analysis on this scale, with manpower alone, would have been out of the question. Artificial intelligence ensures that the right people receive relevant, credible and up-to-date information at the right time so that they can proactively manage risks across all sectors. The AI algorithms learn which media reports on potential risks have practical relevance for supply networks, for example, and ignore anything that is irrelevant. Earthquakes, for example, can have very different effects depending on the region, industry and – of course – their severity.
What types of risk does the software display to users?
They can define the software to suit their individual requirements, as each industry will focus on different areas of importance. Production downtime is a fundamental risk for industrial companies in particular, but sustainability is also becoming increasingly important. Do my suppliers use child labor? How do they handle production waste? Our software can also take these kinds of factors into account. And the discussion about the German supply chain act means that it is becoming increasingly important topic Europe-wide and elsewhere for many companies.
Identifying risks is one thing, but drawing the correct conclusions is something completely different. Can your software help with this as well?
It can definitely indicate potential actions. If an analysis tells you that an important supplier is based in an earthquake zone, then you can either work with them to reduce their vulnerability or you can prepare emergency plans to deal with supply shortages if an earthquake happens – and, in an extreme case, the only solution may be to bring in additional, alternative sources. The software can present possible courses of action, e.g. by analyzing the extent of the damage or making suggestions, but the final decision about how to approach the situation is always down to the company.
How reliable is your forecasting model when it comes to unprecedented events?
After all, these tend to hit supply chains particularly hard: just look at Fukushima, the coronavirus pandemic, the Suez Canal blockage, for example. We wouldn’t have been able to predict Fukushima as it actually happened, but we were aware that the region was prone to earthquakes and tsunamis. So we would have issued warnings about the risks and potential mitigating measures to companies with important suppliers based in the region. Although we can’t foresee the Suez Canal being blocked up as it was, we can say that bottlenecks or intersections in the supply chain are repeatedly prone to disruption – but the extent of this particular case was definitely not predictable. But what we can do is predict the potential consequences very precisely and present potential courses of action, so that being prepared pays dividends.
And the pandemic?
There will always be unexpected events, things that are impossible to predict. Every model has its limits and I don’t dispute that at all. But these findings will obviously be included in future analyses, so the system will improve continually over time. And when the pandemic started, we were able to warn our customers in plenty of time about developments that would otherwise never have been identified. We work with an agricultural machinery manufacturer, for example, who has an important supplier in northern Italy. When the schools there were shut down, our software identified this as the precursor to a lockdown and notified the company. Our customer reacted immediately – and the supplier’s factories in the area were actually forced to close soon afterwards.
Have the events of the last year also given you a boost?
I’m reluctant to exaggerate things. Yes, the pandemic has helped raise awareness about risk management, but it has been one of the top three priorities in procurement over the years, even before COVID-19, and it’s been moving up the list. In other words, the responsible parties were already aware of the importance of risk management in their supply chain. At the end of the day, taking proactive measures can save them money and protect their reputation. Recent surveys have shown that risk management is the top investment priority for chief procurement officers, alongside digitalization.