Despite operating in relative obscurity for decades, it’s become evident that global supply chains are actually quite fragile, as evidenced not just by the pandemic, but by the Suez Canal crisis and the war in Ukraine – just to name a few – within the past couple of years.

But it’s not as if procurement and supply chain leaders haven’t invested in disaster recovery and resilience for decades. Between scenario-planning, training and a seemingly never-ending checklist of certification requirements, the industry has allotted significant research, time and resources into mitigating the impact of the next crisis.

When Covid-19 hit, however, it became apparent that most of these investments ended up as check-the-box initiatives rather than dynamic and responsive efforts to realistic scenarios.

What happened? Well, according to David Wild, Principal Advisory Consultant for Supply Chain & Manufacturing at Amazon, there is a finite amount of money that procurement and supply chain teams can spend across three different categories: predicting and avoiding risk, mitigating imminent or ongoing risk, and recovery from current or recent disruption. And, despite the formulaic approaches of the past, balancing time and money across each of those should be approached as more of an art than a science.

“The way that Chief Information Security Officers (CISOs) look at cyber-security is the way that procurement leaders should look at supply chain resiliency,” says Wild, referencing a useful approach many cybersecurity leaders use to bolster their organization’s security posture. “They look at it as one, how do we harden our network to prevent people from coming in and harming our network, and two, when things do go wrong, how do you recover?” said Wild.

Avoiding risk: predicting disruption and understanding weaknesses

Procurement and supply chain leaders don’t have a great track record of predicting real-life disruptions, despite the millions of dollars invested in predictive technologies. But predicting the next crisis shouldn’t necessarily be the goal. Instead, looking to understand the weaknesses and vulnerabilities in your entire supply chain can help you prevent specific outcomes of the next disaster, whatever that may be.

For example, using the failure mode and effects analysis (FMEA) model across your entire supply chain, rather than confining the approach to manufacturing sectors, helps you act on pain points throughout the production, shipping, warehousing and retail processes. In addition, the risk priority number (RPN) calculated in the FMEA can be used as more accurate and holistic data to train AI/ML models. According to Wild, correlating RPNs with external data points, such as real-time coverage of major events, is a good step towards the predictive technologies that still seem nascent in the industry.

“What will be interesting to see is how advanced those models can get in terms of separating the signal from the noise. And how accurate can they get, not in terms of pointing out where the next disaster will be but showing what part of your supply chain could be impacted based on a number of factors and criteria,” said Wild.

Regardless of the predictive models in your current platforms today, however, understanding weaknesses allows you to start taking action to mitigate disruption as well as possible.

Mitigating risk: hardening your supply chain

Once the points of failure and their potential impact are identified, you can begin to harden your supply chain. Of course, not all risks are created equal, and there are some risks that, despite their RPNs, do not have a way to be sufficiently remedied. For example, while you can choose how you want to work with suppliers demonstrating poor cyber-security health, remedying risk in a politically unstable region where a key, single-source manufacturing plant is located is more difficult.

And when it comes to leveraging the latest predictive analytics technology, there is still a way to go.

“The problem isn’t the predictive models themselves, but rather it’s making the models real time. If the model is based on active information from the internet in real time so it’s constantly evolving, then it could predict a lot better,” Wild said. “We’re getting there, but I don’t think we’re quite there yet from a supply chain perspective.”

Therefore, while it’s critical to continue investing in better technology long-term, continuing to build strong supplier relationships and seeking objective supplier intelligence – rather than relying on subjective surveys – should remain a high priority.

Recovering from disruption: disaster recovery

When the first two pillars of avoiding and mitigating risk fail, it’s important that procurement and supply leaders have invested enough in plans B, C and D in order to get up and running as quickly as possible. It’s always more expensive to recover than to prevent, but unlike predicting global disruptions, your company has more control internally over how it reacts to disaster.

Wild suggests taking another page out of many CISOs’ books when it comes to recovery planning. “When [CISOs] look at disaster recovery, they tell their organisations to assume there is no tech. If something happens, don’t assume you can still work from your laptop,” he explains. “Assume that everything is gone, and you have to start from scratch. How do you then service the customer? That should be the same with supply chain disasters.”

How procurement leaders diversify their investment in each of those three categories differ, and there is no one-size-fits-all formula. Rather, it’s more useful to think of your investment approach as a spectrum, which will ebb and flow as you bolster certain pillars over time.