Security Blog

The Evolving Role of Procurement in Supply Chain Risk Management

ariana@resilientx.com

Supply chains have become increasingly complex in today's interconnected world. Components and raw materials often travel across multiple countries and involve dozens of suppliers before reaching the end customer. While global supply chains enable companies to reduce costs and access new markets, they also expose organizations to an array of risks that can disrupt operations and damage revenue streams.

In the past, procurement departments focused narrowly on cost reduction and ensuring steady supplies of goods and services. However, the function is evolving to play a more strategic role in identifying, assessing, and mitigating supply chain risks. Procurement is being called upon to take a holistic view of the supply chain and enact policies to make it more transparent, ethical, and resilient.

This article will examine the growing responsibilities of procurement in supply chain risk management. It will look at the external trends driving these changes and explain why procurement is well-positioned to oversee new risk management initiatives. The article will also provide recommendations for how procurement can partner more closely with other functions like operations, logistics, and security to create robust systems for detecting and managing vulnerabilities.

The Expanding Scope of Supply Chain Risks

Before exploring procurement's evolving position, it is helpful to understand the types of risks that companies now face in their global supply chains:

Geopolitical Uncertainty

Many products rely on materials, components or labor from politically unstable areas of the world. Tariffs, embargoes, government collapses, and civil wars can suddenly halt the flow of critical supplies. Even threats of conflict can be disruptive. For example, in 2017, when tensions escalated between the U.S. and North Korea, many stockpiled goods and materials in case trade with China was affected.

Natural Disasters

Climate change is increasing the frequency and severity of floods, storms, droughts, and other natural disasters that can damage infrastructure and factories in supplier countries. In 2011, flooding in Thailand disrupted hard drive production and caused global shortages. A single disaster can ripple through the entire supply chain.

Cyber Risks

Hackers are increasingly targeting the IT systems of manufacturers and logistics providers to steal data or disrupt operations. The 2017 NotPetya cyber attack caused over $10 billion in damages after infecting computers at several multinational companies. Many businesses were affected, even if they had no direct connection to the initially infected businesses.

Demand Fluctuations

Sudden changes in customer demand for a product can catch suppliers off guard. For example, when the Covid-19 pandemic hit, suppliers of laptops and webcams struggled to keep up with a spike in remote work. Meanwhile, suppliers for industries like travel saw orders evaporate overnight.

Transportation Breakdowns

Delays or disruptions in freight transport - whether from trucker strikes, port congestion or other factors - can reverberate through supply chains and create shortages of parts and materials for manufacturers. The 2021 blockage of the Suez Canal had ripple effects on global trade for months after.

Compliance Lapses

Unethical behavior somewhere in the supply chain, such as human rights abuses, pollution, or corrupt practices can damage a company's reputation with customers and incur fines or legal action. In extreme cases, lapses can cut off access to entire markets, as when allegations of forced labor led to bans on cotton and tomatoes from China's Xinjiang region.

This diverse array of risks means procurement teams can no longer just focus on securing goods and services at the right price, quality, and volume to meet immediate production needs. They must now take a big-picture view and consider the financial, ethical, operational, and reputational implications of disruptions that can emerge at any point across global supply networks.

Why Procurement is Suited to Lead Supply Chain Risk Management

While supply chain risks stem from a variety of sources, procurement is uniquely positioned to implement cross-functional systems to identify and mitigate them. Here are four key reasons why:

1. Procurement has end-to-end visibility

Procurement professionals are deeply familiar with the sourcing of raw materials, selection of suppliers, negotiation of purchase agreements, quality control procedures, transportation of goods, and other aspects of the supply chain. They already take a holistic view of all the components that contribute to finished products. This makes them well-equipped to pinpoint vulnerabilities and develop appropriate safeguards.

2. Procurement has strong supplier relationships

By regularly interacting with vendors and service providers, procurement develops close working relationships and insights into supplier operations. This enables greater transparency and trust, which helps procurement assess risks and encourage suppliers to implement needed risk management changes.

3. Procurement understands commercial levers

From pricing models to payment terms and inventory policies, procurement understands the various commercial levers that can shape supplier behavior. They can use contracts creatively to create incentives for suppliers to adopt ethical and sustainable practices that reduce supply chain risks.

4. Procurement bridges internal functions

Procurement acts as a bridge between technical teams that design products, manufacturing groups that build them, logistics units that transport them, and sales teams that market them. This central position enables procurement to synthesize data from across the company to identify vulnerabilities and work cross-functionally to address them.

These inherent strengths enable procurement to implement and oversee supply chain risk management in ways that deliver value for the whole company.

Risk Management Initiatives Led By Procurement

Here are some examples of how procurement is taking the lead on supply chain risk management:

Supplier Codes of Conduct

Procurement teams are creating and enforcing ethical sourcing policies and codes of conduct that suppliers must follow to win and maintain contracts. These cover issues like anti-bribery, environmental impact, labor practices, and diversity. Review processes ensure ongoing compliance.

Supply Chain Transparency Laws

An increasing number [150+ words] of regulations require companies to disclose risks in their supply chains related to human trafficking, forced labor, child labor, and conflict minerals. Procurement is well-positioned to understand these requirements for each market and work with legal teams to ensure compliance across the supplier network.

Dual Sourcing

When a component or material is critical, procurement negotiates contracts with two suppliers in different regions. This provides a backup source if one supplier faces a disruption. While it may increase costs, the resilience is worth it for high-risk components.

Inventory Buffers

For goods with lengthy or complex supply chains, procurement plans minimum inventory levels that exceed immediate production needs. This provides a buffer in case of transportation delays or supplier disruptions in distant countries.

Supplier Audits

Procurement oversees regular on-the-ground audits that examine suppliers' facilities, processes, labor policies, and environmental practices. Audits verify that suppliers adhere to standards and act quickly to remedy unsafe or unethical practices.

Contingency Plans

Detailed contingency plans minimize downtime from disruptions like natural disasters. Plans outline alternate suppliers, expedited shipping, substitute materials, increased inventory levels, and other steps to keep production running if the primary supply chain is interrupted.

Cybersecurity Standards

To defend against data theft and operational cyber attacks, procurement develops security standards that suppliers must meet to win contracts. Verifying security controls are in place reduces this growing supply chain risk.

Supply Chain Control Towers

Leading companies have procurement head integrated "control tower" teams that gather data in real-time on inventory levels, orders, transport status, and disruptions. This enhances visibility so emerging risks can be addressed swiftly before causing significant harm.

Supply Chain Financing

By providing favorable payment terms and flexible financing options, procurement helps suppliers stay financially stable. This reduces the risk of suppliers going bankrupt and suddenly halting production.

As this list demonstrates, procurement departments are moving beyond a tactical role to develop farsighted strategies that enable the supply chain to smoothly adapt to a range of disruptions.

Building a Risk-Aware Culture

For long-term success, however, procurement cannot manage supply chain risks in a vacuum. The entire organization needs to become more risk-aware. Procurement leaders can spearhead cultural change through the following strategies:

  • C-Suite Engagement - Educate executives and board members on supply chain vulnerabilities through clear data-driven presentations. Secure buy-in to fund key risk management initiatives and appoint executives to lead certain efforts.
  • Training Programs – Develop educational materials and workshops to teach colleagues across the company about supply chain risks. Ensure they understand the threats and the steps being taken to safeguard operations.
  • Incentives Alignment – Tie bonuses and performance reviews of procurement staff partly to risk management objectives. This motivates focus on this emerging priority, not just cost-cutting.
  • Automated Monitoring – Implement control tower technology that supplies real-time visibility into supply chain events and emerging risks. Push notifications to key managers enable rapid response.
  • Staff Exchanges – Temporarily embed procurement staff in production, logistics, and sales. This cross-training enhances understanding of how disruptions ripple across departments and educates other groups on procurement’s vital role.

With these strategies, procurement can instill a culture that is vigilant, responsive, and resilient in the face of supply chain turbulence.

Partnering With Security Teams on Cyber Risk

One supply chain risk area that demands deep collaboration is cybersecurity. As digitization accelerates, cyber attacks pose major financial and operational threats. Hackers often penetrate company defenses by first infiltrating less secure vendor systems.

Chief Procurement Officers increasingly need to partner with Chief Information Security Officers to implement robust cyber risk management, including:

  • Supplier Audits – Assess supplier technology infrastructure and data handling procedures to uncover vulnerabilities that could expose the company. Verify compliance with cyber standards.
  • Information Sharing – Share best practices with suppliers and exchange real-time threat intelligence. Quickly receiving alerts allows all ecosystem partners to strengthen defenses.
  • Training Programs – Educate suppliers on top cyber threats such as phishing, ransomware, and denial-of-service attacks. Share techniques for tightening controls and responding effectively.
  • Cyber Insurance – Require suppliers to carry adequate cyber insurance. This provides resources to recover if they are breached. Review policies annually.
  • Isolating Systems – Limit supplier access to networks and data to only what is essential. Segment networks to limit lateral movement. Require multi-factor authentication.
  • Response Planning – Develop and test incident response plans detailing how your company and suppliers will communicate, investigate, restore data, and resume operations after a significant cyber attack.

With procurement guiding cybersecurity efforts, organizations can reduce this increasing digital risk, avoiding costly outages and data leaks.

Conclusion

As supply chains lengthen and risks multiply, procurement teams have moved far beyond buying goods and services at low cost. They now enact policies and requirements that enhance transparency, ethics, resilience, and cyber defenses across global supplier ecosystems.

By leveraging their unique end-to-end vantage point into supply chain operations and their trusted relationships with vendors, procurement departments are leading the way in comprehensive risk management. With support from business leaders, adoption of control tower technologies, and collaboration with functions like security, procurement will continue maturing into a key driver of supply chain excellence.

While risks can never be eliminated in today's uncertain world, procurement's expanding oversight enables companies to detect problems earlier and respond quickly and effectively. By skillfully managing supply chain risks, procurement delivers tremendous strategic value that strengthens the entire organization.

Related Blog Posts
Security Blog
Importance of Attack Surface Management in Cyber Security
Cyber attacks brimmed over by 15%, giving rise to an estimated...
Security Blog
DORA: Your Essential Guide to EU's New Cybersecurity Regulation
According to a recent McAfee report, cybercrime costs...
Security Blog
Common Third-Party Risk Management Challenges and Solutions
A survey by Gartner reveals that 45% of companies have...
Security Blog
Securing Your Service Providers: A Guide to Risk Management
Nearly 60% of businesses have experienced a data breach caused...
Related Blog Posts
No items found.