Every month the Federal Reserve publishes the Global Supply Chain Pressure Index (GSCPI), which is a metric that tracks international cost data specific to ocean container freight, air freight and manufacturing operations in the United States, Europe and Asia. The index did not demonstrate much volatility in the first 20 years of its existence. From 1997 to 2019, supply chain disruptions were limited to specific regions and industry sectors. This changed in 2020 with COVID-19, water shortages in the Panama Canal and military conflict near the Suez Canal. Supply chain volatility became part of the public’s consciousness and everyday nomenclature. We have now returned to a GSCPI reading that we were accustomed to pre-COVID. From a supply chain perspective, things appear to be returning to normal, but with a caveat. The GSCPI provides a short-term, retrospective view of the global supply chain’s resiliency, not a forecast of future conditions. The risk in our global economy is that supply chain disruptions are guaranteed to continue, but no forecast exists to tell us when or how they will transpire.
Supply chain disruptions can take on an infinite number of permutations. However, one of the most plausible and existential threats to the U.S. economy is a cyber security attack on our national infrastructure. In April, FBI Director Christopher Wray confirmed malicious hackers (via a campaign referred to as “Volt Typhoon”) had gained access to numerous American companies in the telecommunications, energy and water sectors. Wray went on to say that these cyber adversaries “plan to land low blows against civilian infrastructure to try to induce panic.” Echoing this concern is Manny Cancel, Senior Vice President of the North American Electric Reliability Corporation, when he told Politico that there has been a “dramatic increase in malicious cyber activity” within the North American power grid. Cancel went on to say that that nation state adversaries of the United States “absolutely possess the capability to disrupt critical infrastructure here in North America.” And once emergency reserves of food, water, medicine and fuel are depleted, the scenario severely worsens. Most American companies are not prepared for a disaster scenario of this magnitude.
In July 2022, the American Institute of CPAs and North Carolina State University issued a report that surveyed 560 CFOs and senior finance leaders regarding their organizations’ enterprise risk management (ERM) processes. The survey disclosed that only 33% of the respondent’s organizations have complete ERM processes in place and only 29% of the respondents would rate their organization’s ERM oversight at “mature” or “robust.”
Below are some tactical strategies Colliers Supply Chain Solutions suggests to improve your enterprise risk management capability without a capital outlay.
- Construct a Risk Assessment Model in which cross-functional leaders identify the top 10 scenarios that could impair business operations. The model should quantify the probability of occurrence for each event and your company’s level of preparedness for said events, such as a prolonged enterprise-wide power outage. Prioritize scenarios with a high probability score and a low preparedness score and assign responsibility to draft and implement a response protocol.
- Develop a Disaster Preparedness and Business Continuity Plan for disruption scenarios that could impact operations anywhere in the business or property portfolio. For each potential disaster category or scenario, such as a natural disaster or a cyberterrorism event, the disaster recovery plan should include preparation and prevention requirements, employee roles and responsibilities, response methodology and approach, and a contact list and notification hierarchy.
Both the Risk Assessment Model and the Disaster Recovery Plan should be reviewed as an annual training exercise for all employees. Large-cap organizations frequently have redundancies built into their supply chains along with a dedicated risk management department to prepare for unforeseen disruptions. Small to mid-cap organizations frequently do not have these capabilities in place due to perceived time and capital constraints. However, there is no better investment than to protect your organization from the next black swan event that could endanger human life and render your business inoperable.
Learn more about Colliers Supply Chain Solutions.