COVID-19 has highlighted the importance of sound risk management. But what key risks do MRO leaders face and how can they ensure their risk management strategy is fit for purpose?

Risks, by their very nature, are unpredictable. Few foresaw the COVID-19 pandemic with its devastating impact on both human life and the economy.

Nevertheless, the pandemic taught us valuable lessons about risk management and those involved in maintenance, repair and operations (MRO) procurement should take note.

By doing so, we will add layers of protection on top of those already in place to manage risks identified before the pandemic. These include ever more complex supply chains, the impact of climate change, geopolitical uncertainty, the growing threat of cyber attacks and a myriad of other unknowns were all on the radar of MRO procurement professionals.

Non-economic shocks are increasing in both frequency and impact on supply-chain cost and performance, according to McKinsey, compounding the need for robust risk management planning, which has attracted renewed focus following the pandemic.

Risk management challenges
Helen Alder, Head of Knowledge at the Chartered Institute of Procurement & Supply (CIPS), says that in some organisations, pre-pandemic risk management went little further than filling in a risk log, which no one – certainly not senior management – ever looked at.

“In most companies, my impression is that there’s a risk management register and there are certain people that feed into those risks, usually heads of department,” says Alder. “And risks are fed up to the executive to define the biggest threats.”

But across industries, companies can expect supply chain disruptions lasting a month or longer to occur on average every 3.7 years, according to McKinsey’s Risk, resilience, and rebalancing in global value chains report. This fact alone is cause for a rethink of how risk factors are assessed and mitigated.

Supply chain risk mitigation strategies include evaluating and identifying current risks and prioritising them by probability and impact, according to CIPS. Risk profiles should be reviewed periodically and risks insured against them occurring. Effective due diligence is needed to ensure supplier quality and sustainability, but it shouldn’t just come down to the procurement team.

Risk management has to be a shared problem, explains Alder. Everyone must contribute, because it’s often operational teams with the budget who become aware of risks no one else can see.

“We need some way of capturing conversations and what’s happening all round the business that perhaps were overlooked before,“ she says.

Communication is key
Kate Davies, Head of Global Commercial Services at RS Components, agrees that effective communication is key. She emphasises the importance of building relationships with suppliers to mitigate risks that may be lurking in the future.

“Done well, those relationships allow you to have honest conversations and collaborate to mitigate the impact of risks in the supply chain,” says Davies. “You have to rely on transparency and rapport. Problems in the supply chain must be shared. This continues to challenge our thinking and ways of working.”

Turning relationships with suppliers into strategic partnerships helps drive a company’s competitive advantage, according to Price Waterhouse Cooper’s Supplier Relationship Management report. Enhancing supplier relationship management to focus on joint growth and value creation can help improve security of supply, manage supply risks and guarantee sustainable sourcing. And while this won’t prevent events like the pandemic from happening, it will leave procurement teams best placed to tackle the fall-out.

It’s vital to learn from pandemic-induced supply chain disruption to understand how risks can materialise apparently out of thin air. Amid the disruption of lockdowns and social distancing measures, the pandemic created challenges like an increase in supply chain fraud − particularly relating to PPE supply − and a trend towards shortening supply chains to source more from local suppliers, as examples.

“It really hit home that mitigating actions need to be formed into really well-developed plans, even for things we think will happen with low frequency, or are unlikely to happen at all”Kate Davies, Head of Global Commercial Services, RS Components

This emphasises the need to consider risks which appear to be unlikely but would have a massive impact on the business.

“It really hit home that mitigating actions need to be formed into really well-developed plans, even for things we think will happen with low frequency, or are unlikely to happen at all” says Davies, referring to the pandemic’s impact.

Culture of change
Business culture is key to getting risk management right, says Alder. Everyone in the organisation must feel empowered to speak up if they see a risk emerging.

“There needs to be an acceptance that everybody is responsible for managing or reporting risk”Helen Alder, Head of Knowledge, Chartered Institute of Procurement & Supply

“There needs to be an acceptance that everybody is responsible for managing or reporting risk,” she says. “There are probably people in most organisations that know something is happening but don’t feel it’s their job to report it and feel uncomfortable reporting it because there is no real mechanism for them to do so.”

It’s also important that procurement teams conduct their own research to understand changing trends in the markets in which their business operates. The rapid rise in environmental, social and governance (ESG) considerations shows how vital it is to identify wider business risks that affect procurement directly.

Kate Davies sees that technology and data have a key part to play in giving procurement leaders a clear picture of the risk landscape they inhabit. She urges them to use market research to help them understand the risks they face.

“One of the key challenges faced by all procurement teams, particularly emphasised by the pandemic, is around input data and the quality of that source of information,” she says. “More credible sources of risk data and trend analysis are emerging, allowing procurement teams to focus on organising and successfully managing the response.

“I can see more technology-enabled negotiations, quarterly business reviews and supplier performance meetings in future.”

If anyone still thought risk management was just a tick-box exercise, the COVID-19 pandemic has surely challenged this view. Only by facing up to known risks and getting mitigation strategies in place can we avoid a repetition of supply chain chaos. And that means involving everyone in the business, because sometimes the most junior people have the best view of what’s just around the corner.