Achieving A Robust Risk Management Program Takes Years

If I was asked to vote for the most interesting solution set that has come to the fore over the last few years, my vote would be for supply chain risk management solutions. Supply chain risk management solutions are a form of a Multi-echelon Supply Chain Network (MESN) solution. MESN applications derive much of their power from synergies generated by the network they ride on top of. Network-based risk management solutions are one type of MSC
N solution.


Stayed Nimble During the Pandemic

For AGCO, a public company with over $11 billion in revenues, a supply chain risk management application helped the agricultural equipment manufacturer stay agile during COVID. AGCO’s risk notification and visualization solution came from riskmethods. This solution has a graphical view of the AGCO supply chain across multiple supplier tiers. If a supplier’s continued material flow becomes questionable for a wide range of reasons, the way that supplier’s components flow to various factories and nodes in the supply chain is graphically illustrated and the appropriate commodity managers are automatically notified. In riskmethods risks are elevated using heat bubble maps.

AGCO was able to predict the South Korean shut down two to three days before it occurred and accelerate the impacted suppliers’ shipments out of that nation prior to plant closures. AGCO’s ability to predict when shutdowns would occur improved over time. In forecasting lock downs, they looked at infections per million people (PPM) per country. “Once infections got to 50-60 ppm, then governments begin to act. By 100 infections PPM, restrictions are in place.” We were able to predict the Italian shut down seven days before it occurred.”

AGCO has 240 suppliers in Italy. 184 were located in the high-risk zone in Northern Italy. The seven working days lead time allowed the company to pull shipments out in front of the lock down. AGCO could do this surgically. They knew a supplier in a certain postal code had a higher priority than one 50 kilometers to the west. The shut-down forecast also allowed the company to position extra PPEs at its 3 Italian plants. Then the company worked with their Italian lawyers to get a special industry designation that allowed them to legally keep working. They got those documents quickly, and then got them in the hands of all employees and suppliers in 24 hours. This allowed key suppliers to keep operating for another two weeks after many of the companies in the affected were shut down.

The advance warnings did not mean that AGCO was not affected by the Pandemic. They had to spend extra time and money to expedite goods and production took a hit. But the hit AGCO took was much smaller than their competitors and the company gained market share.

Supply Chain Risk Management Vendors

Supply chain risk management solutions operate in a similar manner. In the case of network-based risk management solutions, a network of users is connected to carefully curated real-time alerts generated by connections to a huge number of online publications, social media feeds, and third-party purchased data. Examples of third-party data would include weather forecasts, sustainability ratings, or D&Bs on a company’s financial viability. One of the players in this market, Resilinc, is monitoring 105 million data sources.

This data needs to be curated. The curation is created by a careful mapping of a customer’s supply chain. For example, a manufacturer might have a supplier in Hanoi they purchase key components from. Those components get trucked by the Vietnamese Railways, loaded, and then transported to the Haiphong port, where a freight forwarder ensures the container is loaded on an Ocean carrier. The goods are then shipped to the Port of Long Beach, unloaded, and then trucked to a factory in Fresno.

Every step in that value chain has search terms associated with it. The names of the suppliers, carriers, logistics service providers become search terms. Those search terms are paired with terms signaling a problem – those terms might be “bankruptcy,” “plant fire”, “port explosion,” “strike”, and many, many other terms. So, the term “Haiphong” when combined in an article with the phrase “port fire” would generate an alert. And because human language lacks sufficient precision, artificial intelligence is used to help generate fewer false positive alerts over time. So, AI learns over time that the term “go belly up” can mean bankruptcy.

In last year’s MSCN study (this year’s study won’t be published until the end of September), the two main suppliers of this type of supply chain risk management solution were Resilinc and riskmethods.

While the core supply chain risk management platforms are similar, one key difference that is becoming increasingly important is the ability to track a disruption at the part level. Supply chain risk management vendors provide an impressive solution set for discovering problems back to the Tier 1 suppliers. But the further back you go in an end-to-end supply chain, the more difficult it becomes for this technology to detect problems. The vendors admit this.

And yet a failure at a Tier 2 or 3 supplier, could lead to a company losing hundreds of millions or even billions in revenues. Semiconductor shortages across multiple tiers of the automotive industry led to huge losses of revenue. One article claims it cost the auto industry hundreds of billions of dollars!

But solving the multitier visibility problem is difficult. It is often not enough to know my supplier has a plant in Hanoi and that company had a fire at their plant. It might be that the supplier operates several plants. An OEM needs to know if the Hanoi plant is the one that makes parts that eventually end up going into their products!

The perceived importance of part traceability is increasing for both regulatory reasons and because many companies have learned from the supply chain chaos of the past few years just how important a mature risk management program is.


riskmethods has an interesting game plan for tackling the sub-tier visibility problem. Through their platform, their customers are actively monitoring over 800,000 suppliers. Supplier collaboration through the solution includes workflow collaboration for action planning, risk assessment surveys, and data sharing via the supply chain network.

In 2021, the company released riskmethods Supply Risk Network, which allows their customers to collaborate with their Tier 1 suppliers and garner sub-tier supplier information. The company has managed services to help garner sub-tier information and the sub-tier suppliers are incented with a version of the solution that allows those suppliers to monitor upstream risks in their own supply chains. In short, sub-tier suppliers get free technology if they participate in the program.


When it comes to mapping a multitier supply chain at the part level, Resilinc is the current leader. They have been at it for years and have strong customer references.

Resilinc firmly believes their technology is not sufficient; users need to know how to effectively use the technology. The company purchasing their solution needs to implement new processes to get the full value from their platform. Resilinc has developed best practices around a supply chain risk management (SCRM).

Developing a robust supply chain risk management program typically takes 3 to 5 years. It is not an easy journey. And even after a company has reached a high level of maturity, backsliding is very possible. Managers must constantly work to refine the program and communicate its benefits internally to retain C-level support and the participation of category managers and functional teams.

A mature risk management includes mapping the supply chain at the part level back through several tiers. A company would typically start by mapping what they believe are the components that, if they were not available, would put the most revenue at risk. But once they begin mapping their extended supply chain, they may find other components they did not know were problematic that could also have a dire impact on revenues if they became unavailable. Once companies begin tracking back, they realize their supply “chain” is really more of a supply “network” where Tier 1 suppliers supplying both the OEM and Tier 2 and 3 suppliers.

Resilinc believes that it often takes 3 years to get to get to a place where the OEM – the customer with the risk management program – is able to map components at a level that achieves better than 80% site/component visibility across multiple tiers of the supply chain.

Resilinc assists on the journey. Resilinc spent an hour explaining the steps they take to help their customers on this journey – what they do and what they need their customers to do. It is a program based on communication, reassurance that the data will not be used against the company providing it, and a demonstrated willingness not to replace sub-tier suppliers but rather to work with them to improve. The full explanation is beyond the scope of this article. Suffice it to say, they have well thought out best practices and services in this area.

Final Thoughts

While Resilinc leads, achieving maturity with this platform usually requires three years. What is unknown is if riskmethods’ methodology can accelerate the identification and participation of sub-tier suppliers.

There are also new supply chain risk management suppliers, heavily funded with venture capital, that gather huge amounts of data. They promise that AI can be used to quickly identify problem sub-tier suppliers. I am skeptical. The way supply chains tree out, like the way a family tree branches out, I can only believe that an AI-centered methodology would generate huge numbers of false positives. These solutions are OK for companies that just want to check the box and prove to regulators a certain level of due diligence. But if companies are serious about supply chain risk management, recognize that this is labor intensive process, it is not easy, and that achieving maturity will take time.


This website uses cookies. By continuing to use this site, you accept our use of cookies.