Optimising supply chain management through robust governance and risk management practices
Global | Publication | March 2021
Robust governance and oversight arrangements are critical to the operation of an effective and efficient supply chain, regardless of business sector or geographical footprint. These should be augmented with strong risk management practices to provide suitable visibility and control over supply chains that senior management can monitor over time.
In addition, the COVID-19 pandemic has further highlighted the need for flexibility across governance and risk management frameworks to enhance visibility and keep Boards abreast and informed about any upstream or downstream impacts (see our hub, Beyond COVID-19: what are the impacts on supply chains?). This is vital to enable businesses across sectors to navigate these challenging and turbulent times, regardless of their position within a supply chain.
What this briefing covers
This briefing:
- Examines key concepts and considerations relating to implementing effective supply chain governance and risk management.
- Considers governance and risk management impacts across the customer journey.
Content
- How can governance be effectively established within the supply chain process?
- How can risk management protocols be embedded within these governance measures?
- What information is required to facilitate effective governance, oversight and risk management?
- Retaining a focus on the end customer
- What are the key legal issues?
How can governance be effectively established within the supply chain process?
Accountability
It is vital that all parties involved in a supply chain understand their individual roles and responsibilities, where they start and stop and how they relate to other parties across the chain. This is particularly important in instances where supply chains extend into multiple jurisdictions and/or where outsourcing arrangements are in place.
Roles and responsibilities of parties in the supply chain should therefore be defined and documented, for example through the use of a responsibility assignment matrix (RACI matrix). Using a RACI matrix can also help businesses to identify any potential underlaps or overlaps within a supply chain and determine actions to address these.
Governance forums
The implementation of governance forums can be important tools for businesses to retain oversight and control over the supply chain end-to-end.
It is important that any forum implemented has the right balance of stakeholders in attendance with the right level of seniority and experience to make informed decisions with respect to the operation of the supply chain. This can be achieved through the development of terms of reference (ToR) for each forum to help ensure there is sufficient independence and a clear delineation of responsibility. A ToR should typically articulate the role of the forum and how often it will convene; its composition; key inputs and outputs; and the escalation pathway within which the forum sits.
As well as specific designated duties, governance forums can also support:
- Articulating the purpose, strategy and vision of the supply chain.
- Developing key risk indicators (KRIs)/key performance indicators (KPIs) to monitor the activities conducted throughout the supply chain.
- Approving policies, processes, procedures and standards to optimise the operation of the supply chain, and overseeing the correct application of these in practice.
It is also vital that governance forums receive and discuss relevant information to inform their decision-making and level of oversight. In order to do this, appropriate management information is considered to be an enabler of effective governance – this is discussed in more detail below (see Management Information).
Outsourcing
Supply chains often feature outsourcing arrangements as a means to reduce cost and optimize efficiency. However, it is important for businesses to remember that while they can outsource processes or activities, they do not outsource the risk exposure or any regulatory responsibilities they may have.
Prior to entering into an outsourcing relationship, businesses should consider how to select an appropriate outsourced partner/provider. They should undertake due diligence on the proposed provider and take steps to gain comfort that the provider:
- Has the ability to deliver the services required to the standards expected by the business (through appropriate resourcing, systems and controls, processes, etc.).
- Has sufficient experience to perform the required activities, including the right level of quality as well as quantity, and has a good track record of doing so.
- Is financially sound (including its Directors and any other parties who can exercise control over the party).
- Does not present a conflict of interest (to the detriment of the supply chain and the end customer).
Once a provider has been selected, the business should then define how to monitor and oversee these relationships. This may involve, for example:
- Implementing appropriate service level agreements (SLAs) or other contractual arrangements to govern the activities being undertaken by an external third party, and assessing on a regular basis that these are being adhered to.
- Determining any due diligence to be applied on an ongoing basis (for example, documentation reviews and site visits), including how often third party relationships should be formally reviewed.
- Designing and delivering training - both internally and to external third parties with regard to the standards required by the business. In particular, this should include training relating to key compliance-related challenges and supported by issuing guidance on how to identify and mitigate relevant compliance risks.
- Performing reviews to monitor the performance of outsourced parties on an ongoing basis, and taking corrective action as required to address any instances of failures to meet required standards. It is also important for governance forums to track actively and to monitor the resolution of these actions to ensure they are addressed in a timely and sufficient manner to remediate any underlying issue identified.
Case study: Governance in outsourcing relationships
It is important for businesses to have oversight over any activity performed by an external third party with whom an outsourcing relationship is maintained. This is particularly important where an external third party is interacting with customers on behalf of another business.
Robust governance and oversight arrangements over the activities of the third party will help to give comfort that the third party is operating in accordance with agreed policies and procedures, and where relevant, the outcomes delivered to customers are fair and appropriate.
A number of businesses utilize external third parties to support the delivery of customer servicing. In such instances, joint governance forums (supported by a clear ToR) are particularly effective where there is appropriate senior representation from both the business and the external third party. Such bi-party representation enables the business to oversee the activities the third party undertakes on its behalf, supports the prompt identification, assessment and mitigation of any risks/issues, and promotes joined-up working generally between the two organizations.
How can risk management protocols be embedded within these governance measures?
Issue escalation
As well as providing steer and oversight, the governance mechanism(s) established should be used as a channel to raise, track and close any issues identified within the operations of the supply chain.
A business should document which individuals/forums are involved in the escalation pathway. There should also be documented escalation protocols/procedures which are cascaded throughout the supply chain in order to ensure that all parties:
- Are aware of how to raise issues.
- Understand when escalations should generally be expected to take place.
Businesses should also consider when different parties within the escalation pathway should be notified by developing criteria/thresholds that indicate when escalation is required and how this should happen in practice.
Consideration should be given to the use of templates to escalate issues so that management and governance forums receive the information they require in a consistent format. This will help management when it comes to assessing and prioritizing issues that are escalated.
All issues raised through escalation pathways should be documented, discussed and tracked to resolution.
Case study: Effective issue management tracking
In general, effective issue management tracking focuses on operating a clear escalation process understood by both senior management and staff. This can help to ensure timely and appropriate issue management and closure.
Sound practice with respect to issue management tracking typically includes elements such as:
- Assigning an owner to an issue and relevant actions identified.
- Assigning a target completion date to each action identified.
- Tracking the status of the action against the target completion date (for example, by using a red-amber-green rating system) at relevant forums.
- Where an action is considered to be complete, tabling it at a relevant governance forum along with supporting rationale/explanation to support its formal closure.
- Formally documenting discussions held at governance forums relating to actions, including agreement to mark actions as closed, in order to maintain an audit trail.
What information is required to facilitate effective governance, oversight and risk management?
Management information (MI)
In order to track effectively and to monitor the performance of the supply chain end-to-end and inform decision-making, the right MI needs to be available at the right time.
In order to generate MI which is of most benefit to senior management and other parties within the supply chain, businesses should consider:
- What are the important things that they want to measure and have “line of sight” over?
- What combination of information will provide senior management with this view? For example, businesses should consider a combination of quantitative and qualitative information supported by explanatory narrative.
- Who should receive MI – which governance forums and/or individuals need to see certain information? Businesses should consider whether different recipients need information to a different level of granularity.
- Timings of MI provision – when is MI produced (real time, near real time or historic), and on what frequency is it shared? It is important that MI supports the proactive management of a supply chain, therefore it is necessary to consider forward-looking information where possible (e.g. trends and forecasts).
- Where does MI come from – can it be automatically generated via a system or does it need to be manually extracted?
- Are there any barriers to the production or sharing of MI – such as cross-border information sharing to/from jurisdictions with stricter data privacy laws?
Businesses should also consider how MI can be used to enhance business processes. For example, by undertaking root cause analysis exercises, businesses can seek to understand the drivers of any trends or patterns identified through MI, and use this to take remedial action to rectify the source of issues (rather than just dealing with the symptoms of the issue).
Case study: Management information and root cause analysis
Undertaking root cause analysis (RCA) can be a very important exercise for businesses to understand the underlying drivers of issues that occur. It is a particularly useful exercise because, in understanding and addressing the driver of an issue, it should in the long run reduce time and effort a business would otherwise have to spend in addressing the symptoms relating to that issue.
For example, if MI indicates to a business that there is an increase in the number of complaints made by customers, RCA can be used to understand the specific driver(s) that may be triggering the complaints in the first place. This can help the business to determine whether this increase is the result of, for example, a process issue, a staff training need or other matter, and to establish the appropriate corrective course of action to be taken.
Wider impacts
There has obviously been an increasing societal and business focus on climate change in recent years, and much has been said elsewhere about environmental, social and governance (ESG) concerns. Given such concerns, and Board-level attention to them across all sectors, it is vital from a governance perspective that consideration is not only given to efficiency and productivity, but also to sustainability and broader ESG impacts associated with operating the supply chain.
Businesses should therefore consider the holistic impacts of their supply chain and the protocols they have in place to monitor and measure these. A sound approach to sustainability and ESG matters can also serve as a competitive advantage for businesses, given business customers and consumers place far greater importance than ever before on issues such as climate change and an undertaking’s “green” credentials.
Case study: ASOS plc’s Fashion with Integrity program
ASOS plc (a British online fashion and cosmetics retailer) launched its Fashion with Integrity (FWI) program in 2010 with the aim “to transform the impact of fashion on people, animals and the environment”. The FWI program focuses on ASOS’s products, business, customers and community, insights in relation to which all inform their core business strategy and supply chain.
As part of its ongoing FWI program, ASOS reports that:
- As at December 2020, 34% of all fibers used in its “ASOS Brands” products come from sustainable sources.
- In early 2020, it replaced its paper returns slips with an “all-digital returns process” to save 320,000kg of waste each year.
- All packaging from returns placed in the UK is recycled and made into new ASOS packaging.
- In June 2019, it launched a “responsible edit” line on asos.com to raise awareness to customers of more sustainable products.
For more information on ESG, see our hub, Environmental, social and governance, and our human rights due diligence and supply chain management study in conjunction with BIICL.
Retaining a focus on the end customer
Synchronizing the supply chain with the customer journey
Customers (whether consumers or businesses) across a range of industry sectors are increasingly demanding a seamless experience that is easy to use/engage with, and businesses need to take steps to deliver this in order to remain commercially relevant.
Businesses should therefore seek to gain a comprehensive understanding of the customer journey and map this to their supply chain. As part of this process, time should be taken to identify the intended outcomes at each stage along with potential risk areas or challenges to achieving these. In particular, it is important for parties within the supply chain to understand where there are “hand-ins” and “hand-offs”, especially where these extend across multiple jurisdictions. This exercise can also help to design appropriate controls to mitigate risks or challenges, and align to the wider risk management framework.
Case study: Ocado Zoom
Consumers are increasingly time poor and are looking for the most straight-forward, seamless and often digitally available, experience.
In March 2019, British online supermarket Ocado launched a one-hour delivery service called Ocado Zoom, aimed at customers requiring an “immediacy offering” (that is, a smaller basket of goods, with a minimum value of £15, delivered within one hour of ordering). Ocado Group commented that this service was launched as a direct result of customer feedback, and required Ocado to employ flexibility in its supply chain to deliver a selection of around 10,000 items to customers which would typically be up to ten times the choice typically available from a small local supermarket outlet.
The service is currently available to customers based in certain London postcode areas; however, Ocado is reported as planning to expand the reach of the service, especially given its uptake and popularity during the COVID-19 pandemic.
Delivering a consistently good customer experience
Businesses should consider the consistency of the customer experience across the supply chain, and in particular, in instances where the customer interfaces with different parties within it. In order to achieve such consistency, businesses may benefit from introducing common principles, such as for handling complaints or customer queries, in order to provide the customer with the desired seamless user experience.
What are the key legal issues?
What are the key legal issues for a business in seeking to optimise supply chain management through governance and risk management practices of the type described here?
In general, businesses (regardless of sector or jurisdiction) are required to abide by certain legal obligations with respect to governance and risk management. Speaking broadly, topics focused on by regulators globally include:
- Sustainability (including ESG issues such as impact on the community and the environment). For more information, see our hub, Environmental, social and governance.
- Human rights (including modern slavery). For more information, see our publication, Around the Globe: Business Human Rights Update.
- Board responsibilities. For more information, see our hubs, Corporate governance and What are the impacts on supply chains?
- Bribery and corruption. For more information, see our hubs, White-collar crime and Business ethics and anti-corruption.
- Sanctions compliance. For more information, see our hubs, Sanctions and Sanctions and export controls.
- Financial resilience (such as solvency provisions). For more information, see our hubs, Operational resilience: navigating through, What are the risks to corporate viability giving rise to solvency concerns? and What are the impacts on financial arrangements?
However, specific governance and risk management legal obligations are both sector and jurisdiction specific. For example:
- Sector-specific: In the maritime sector, there are specific governance and risk management issues to consider – see our publication, Global implications for charterparties.
- Jurisdiction-specific: In the UK, the Financial Reporting Committee (FRC) is responsible for promoting high quality corporate governance and it sets the UK’s main corporate governance code, while Directors’ duties and other corporate governance requirements are set out within the UK Companies Act 2006 and other legislation such as the Corporate Insolvency and Governance Act which came into force in 2020.
Therefore, businesses must ensure they are fully aware of the obligations which they must abide by in relation to their specific business activities, wherever these are undertaken. They are strongly advised to obtain legal advice specific to the jurisdictions covered by their respective supply chain(s), and in relation to the goods or services that are intended to be supplied.
For more information on:
- The legal issues affecting supply chains in particular sectors and jurisdictions, see our hub, What are the impacts upon supply chains?
- Consumers and supply chains, see our hub, Consumer markets.
The future of supply chains
Subscribe and stay up to date with the latest legal news, information and events . . .