Professional Risk Management

For too long, companies have paid very little attention to risk management. The coronavirus crisis has meant that some of them have been forced to deal with the consequences of this mindset. Let’s take a look at the lessons that companies have had to learn.

In the end, it was a small, yellow digger that freed the 400-meter-long Ever Given, looking like a toy alongside the gigantic tanker. The Ever Given spent six long days blocking the Suez Canal at the end of March this year, bringing the most important sea trade route between Asia and Europe to a standstill. It was carrying goods worth around 2.9 billion euros and more than 450 other ships are thought to have been delayed as a result of the blockage.

Egypt claimed 900 million euros in compensation for lost canal fees, as well as for maintenance costs and the work to free the Ever Given. Many companies waited months for their goods to arrive.

Very few companies were prepared for this scenario, which clearly demonstrates how vulnerable global supply chains with their many branches have become. Although a good risk management system obviously will not prevent this kind of occurrence, it will help identify similar risks at an early stage and give companies the chance to put alternative countermeasures in place.

An effective risk management system is worth its weight in gold

In a situation like that, being able to act quickly is paramount. A proactive risk management department would have been able to immediately identify which goods were affected, the consequences the delay would have for the company, what they still had in stock, which alternative supply routes the company should switch to and which alternative suppliers could help fill the gap.

For a long time, risk management was a very abstract concept that companies hardly cared about. It does not mean avoiding risks completely, as they are an inevitable part of entrepreneurial activity, but it does mean identifying risks at an early stage and being able to react quickly. The term has become significantly more tangible for many companies over the last year. The recent risk management survey conducted by INVERTO indicates that some 42 percent of participants surveyed were affected by unexpected supplier failures in the past six months.


For example, a northern Italian supplier’s pandemic-related closure caused supply bottlenecks and, as a result, production downtimes lasting several days for one chemical manufacturer. The company was forced to source alternative products from other suppliers until their main supplier was back up to speed again. The chemical manufacturer subsequently changed its inventory parameters and also set up a task force, which now monitors similar risks on an ongoing basis and creates emergency plans for important supplier products.

The chemical company is not alone with its problems; there is also great uncertainty in other sectors. For example, most companies currently dependent on wood are accepting horrendous prices to secure their supplies. In the steel sector, there are currently no long-term supply contracts and prices fluctuate widely. And for deliveries by air or sea, even existing price agreements have been revoked. Companies have no choice but to accept the new conditions.

Companies are now more aware of the importance of a good risk management system than ever before. Of the participants in the INVERTO risk management survey, 61 percent indicated that they are systematically identifying their risks – up 23 percent on the previous year. There were 11 percent who did not answer, while 27 percent are only identifying their risks at irregular intervals, if at all. Despite this, almost every company needs to take action. “Systematically” most definitely does not mean the same to everyone and it is high time for the 27 percent who are still failing to identify their risks to address the issue.

Companies are now more aware of the importance of a good risk management system than ever before.

Risk Management Process:

Risk Identification

Identification of all potential events that might not run as planned and have a significant impact on pricing, supply reliability or quality.

Risk Assessment

Assessment of the probability of events occurring and evaluation of their potential impact on the company’s performance. Tests run for emergency situations.

Risk Monitoring

Monitoring all risks and taking appropriate action against any impending deviation from targeted objectives. Setting up a risk control tower in order to be able to act quickly

Risk Management

Implementation of strategies to make risks manageable: Risk prevention, risk taking, risk spreading, risk transfer

Four steps to optimizing risk management

For companies, efficient risk management means taking a good look at their own attitude to risk and making a dispassionate assessment of their position. It all boils down to four steps: first, identifying risks; second, assessing them; third, managing them; and, finally, monitoring them. These steps create a cycle that repeats at regular intervals because risk management is an ongoing process of regularly updating the risk identification and assessment steps.

Procurement is better placed to take on supply chain risks than any other department as it has the most direct contact with suppliers and can therefore spot risks in the supply chain as early as possible. But efficient risk management also involves ensuring the company’s own departments are in close contact with each other: finance, legal, R&D and logistics departments can all help assess the risks. Production can determine how important individual suppliers are for safeguarding supply reliability. For example, in order to manage risk efficiently, procurement must work with the other departments.

Reacting before the traffic light turns red

Spotting potential supplier insolvency at an early stage can save companies a great deal of money and stress. Companies can predict the future if they start early enough and take proactive measures, as demonstrated by an example from a mechanical engineering company.

To the article

Suppliers slipping into insolvency have long been a theoretical risk for many companies. Transparency about these suppliers and early warning systems that raise the alarm when the first problems arise were – and still are – far too rare.

Identifying risks in the most detailed way possible

The first step for identifying the risks a company’s supply chain is exposed to is to gain an overview by analyzing its product groups and suppliers. For example, product groups where there is a high proportion of raw materials or an anticipated shortage of a particular raw material can present a potential risk that needs to be monitored by procurement.

The responsibles for procurement have to be able to distinguish between five different risk types: supply risks, risks of supplier failure, quality risks, price risks and compliance/sustainability risks. Supply risks occur when deliveries are disrupted or delayed; for example, when primary products are not available from upstream suppliers or there are interruptions in the logistics chain. Risks of supplier failure include supplier insolvency and suppliers being threatened by legal or political consequences in the country where they are based.

Quality risks relate to consistent product or service quality, while price risks can be caused by shortened payment terms, exchange rate fluctuations or soaring raw material pricing. Compliance and sustainability risks occur when a supplier breaks the law, flouts environmental requirements or fails to observe social standards. Supply chain laws such as the German Supply Chain Act, which will soon be enforced, will increase these risks for companies, and the need to reduce CO2 emissions in the supply chain – referred to as Scope 3 emissions – thus increasing sustainability risks for many companies.

The greatest challenge lies in creating transparency, which ultimately determines the success of risk management. Therefore, strategic considerations are the focus at the beginning. Procurement must evaluate where and how it can obtain the necessary data. And once transparency has been created, a continuous process must be established to maintain this state in the long term.

Close exchange with suppliers is indispensable during this step. Only through regular discussions, self-disclosure and on-site audits with suppliers can buyers gain a true impression of the supplier’s individual situation. Companies also need to analyze information such as business figures, certificates of compliance with environmental standards, press releases or news reports. In individual cases, it may also be necessary to look at selected production plants of the supplier during an on-site audit. Determining which procedure is appropriate also depends on the relationship with the supplier.


Most companies worry about their supply reliability

The weighting for individual risk groups will vary from company to company. The risk management survey conducted by INVERTO indicates that most participants are most likely to engage with supply risks, with 79 percent stating that this risk is currently their top priority. The figure was just 57 percent in last year’s survey. Second place on the list goes to supplier failure risks at 56 percent (57 percent last year). Compliance risks are at the bottom of the list, with just 8 percent giving them top priority (down from 25 percent last year).

But is that justified? Quantitative data – such as procurement volumes, shares of raw materials, or sales figures – is a good basis for determining the risk. If a company cannot pass increases in raw materials costs onto their customers, for example, they are at a higher risk. If a company only obtains a specific product from one supplier, then it is exposed to a higher risk of supplier failure or having to accept price increases.

Companies should introduce a standardized evaluation matrix – such as a scoring or ranking procedure – to assess the likelihood of a risk occurring and this will also enable them to compare different risks against each other. One common approach is a point system from 0 to 100 based on a range of quantitative criteria, including regularly measurable delivery delays or price fluctuations. Qualitative criteria can also be incorporated, such as a supplier’s capacity for innovation. This should be assessed through consultations between procurement and the relevant department.

Big data will also become more important in the future: for example, to compare supplier data, individual company requirements and macroeconomic developments, and to assign them a representative overall score. This will then give procurement an increasingly broad basis for decision making – although staff will also have to gain specialist data management skills and have the relevant tools.

Merging different data sources creates transparency
(example of insolvency risk)

“What measures do you use to deal with procurement risks?” (Multiple answers possible)

Standard Regular supplier evaluations
Implementations of dual-sourcing strategies
Long-term framework contracts
Security stocks
Specialized measures Predefined contingencies or emergency plans
Use of a risk early warning system
Hedging strategies
Spend analyses und forecasts for trend identification
Support programs for suppliers
Supplier monitoring (Big Data, AI)

Managing risk to separate the wheat from the chaff

Effective risk management requires concrete action plans. How companies handle a particular risk will depend on the case in question and they will need to find a balance between acceptable effort/expenditure and likelihood of that risk occurring. Market analysis is one option for identifying alternative suppliers and regular inspection of alternative materials can also minimize risks. Companies that have a good relationship with their suppliers could also opt for vendor-managed inventory.

The risk management survey shows that companies currently tend to use standard tools to manage risk, with 81 percent carrying out regular supplier evaluations and the same number implementing dual-sourcing strategies. When it comes to pricing stability, 72 percent use longterm framework contracts, while just 43 percent have reserve stocks to cope with bottlenecks.

Significantly fewer respondents implement the more sophisticated measures; only around 34 percent have pre-prepared emergency plans and the same number utilize an early-warning system for risks. 11 percent also have support programs for suppliers – which really come into their own in crises like the coronavirus pandemic – and just eight percent use big data solutions to monitor their suppliers.

Effective risk management requires concrete action plans.

Even companies that have so far managed without, will no longer be able to avoid the issue of effective monitoring.

Everything converges in risk monitoring

Companies with an efficient risk monitoring system can react quickly and are in the best possible position to act at an early stage. Even companies that have so far managed without, will no longer be able to avoid the issue of effective monitoring with supply chain laws being enforced. A risk monitoring system can only operate properly if procurement maintains a regular dialog with suppliers, so it can reassign risk categories on an ongoing basis and prepare emergency plans.

Risk monitoring brings all the various threads together. Procurement should also share the results with the relevant departments, such as controlling and/or quality assurance. It is crucial that risk management is seen as an ongoing process; results must never simply be filed away in a drawer.

To this end, companies should set up an IT-supported risk control tower that bundles and illustrates all relevant key figures and information. It is important that all relevant departments and the management are connected to this system on a cross-functional basis so that everyone involved has access to the latest information at all times.

Introducing this kind of system on a permanent basis can help create a supply chain that is more stable and resilient in the long-term and to minimize the associated risks. This approach to risk monitoring will also build stronger supplier relationships, as both parties will have a better understanding of each other’s needs.




Philipp Mall

is a Managing Director at INVERTO in Cologne. As Head of the Competence Center for Procurement Management, he is an expert in procurement organization and controlling, risk management, and digitalization. He is responsible for the annual risk management survey.


Experts on Risk-Management Tools

Supply Chain Laws