Understanding and Managing Digital Supply Chain Risks
Moving along the digital supply chain leadership road map introduced in Chapter 4, there is one crucial, and often overlooked, step remaining before we implement and scale new supply chain segments in our businesses. This step is to identify, assess, and manage business performance and compliance risks that are inherent and emerging as a result of our digital supply chain actions. Business risk management is not, of course, a new topic, even as seemingly novel examples of risk emerge in cybersecurity, health and safety, and compliance. New types of risk will always emerge as business, political, regulatory, and world health situations change (Dolgui et al., 2018). A global pandemic, for instance, was not on many business leaders’ lists of risks to manage nearing the end of 2019 (Moss, 2020). COVID-19 has now become one of the most disruptive events in modern history, wreaking havoc on lives, economies, and supply chains. The reason the leadership road map includes risk management is not because there are new or increasing risks that have emerged, it is due to the nature of the digital supply chain itself: the complex and interactive nature of business value creation becomes more dependent upon shared activities and outcomes as it becomes more integrated, collaborative, and broader.
Why Is Business Risk Different in Digital Supply Chains?
Consider two figures shared in this book thus far. Figure 3.2 illustrates potential data sources in the supply network and Figure 6.1 shows the end-to-end UnderArmour ArchiTech example. These two figures show the degree of potential increase in data complexity, as well as the interconnectedness of data sharing across supply networks.
Increase in Data Complexity
The digital supply chain relies on large amounts of data from a wide variety of sources, including internally generated and managed data, as well as external data. Customer data, supplier data, third-party logistics firms, not to mention internal transaction system data from supply chain functions, are just a very few examples of the digital information streams flowing in supply chains. Data can be gathered from transactional system data stores, along with identified, curated data made accessible from less structured, but still strategic, sources. Data governance practices should set strategies for how data are identified, accessed, stored, and provisioned for use. Data governance may well include risk and compliance factors in managing enterprise information, but as the number, size, and disparity of data sources increase, so does the risk of being compromised. The digital supply chain may unlock transformational levels of business performance, but to do so requires a higher degree of data sharing, fluidity, and accessibility across networks, value chain partners, and business model actors. It is readily clear that the element of business risk increases significantly as these digitally enabled data models take hold in firms.
Increase in Data Connectedness
Just as the number and volume of data sources increase in the digital supply chain, so too does the degree to which data and information are shared both inside and outside the firm. This sharing can be a conundrum for while our goal in the firm may be to increase supply chain performance by implanting digital supply chain segment designs, doing so may rely on or require data from an increased number of entities or domains. Some data sources which may unlock performance increases, such as access to customer data, are high value and extremely sensitive. High value data sources must be protected from exposure to outside actors, for obvious security reasons, as well as compliance, and competitive threats. While this may be indisputable on some level, it is up to supply chain leaders to ensure that risk management procedures are designed and implemented consistently in the most business-critical areas. Risk management in organizations can quickly become decentralized, misaligned, reactive, and fall out of compliance if left to itself. New, potentially competitively advantaged and connected business models may deliver exciting new business revenues and reach new customers. They will also likely bring new business and compliance risks along with them. Risk management is included in the digital supply chain leadership road map because addressing these new risks may not be second nature as with more traditional business models that rely less on interconnectedness. Until these more connected business models become normalized, supply chain leaders must continue to push for a more proactive risk management culture in their organizations.