Lessons from 2022: How to Approach SCRM This Year

January 17, 2023
By Skyler Chi

Last year demonstrated that supply chain risk management (SCRM) is critical for global organizations that hope for continued growth and minimum disruptions.

Throughout 2022, numerous events caused widespread supply chain disruption, including U.S. port congestion, geopolitical attacks and widespread cyber vulnerabilities. These disruptions were compounded by new regulations that place increased focus on companies’ supply chains. It is no surprise that Gartner, the Stamford, Connecticut-based global business research and advisory firm, predicts supply chain risk management will be a key success driver for more than 50 percent of organizations by 2025.

As we enter 2023, businesses must realize the volatile risk and compliance landscape will persist. As a result, robust SCRM and third-party risk management are required to protect operations and drive continued success. With access to data and tools that enable proactive insights for SCRM, businesses can be better prepared for years to come.

Geopolitical Risk

The events of 2022 were a test case in supply chain resilience for most organizations, as disruptions impacted business as usual. Russia’s invasion of Ukraine led to immediate and longstanding supply chain effects that are still being felt in supply chain. After businesses secured their personnel and operations, they needed to look to their suppliers to assess the full impact of the invasion.

Furthermore, global sanctions added complexity as businesses swiftly worked to cut ties with sanctioned entities. Businesses needed to make quick, informed decisions within their supply chain — thus demonstrating the critical nature of supply chain visibility and SCRM processes.

Geopolitical disruption from the Russia-Ukraine war showed the world the potential impact of such challenges on global supply chains. This year, organizations must stay abreast of tightening tensions between China and Taiwan and prepare for how this may impact their supply chains. Proactive planning and determining alternative solutions can enable a quick and agile response if required.

Regulatory Action and ESG

Regulatory action highlighted the need for SCRM last year. Regulations such as the Uyghur Forced Labor Prevention Act (UFLPA) and German Supply Chain Due Diligence Act (LkSG) placed heightened pressure on businesses to have supply chain visibility to demonstrate compliance.

The UFLPA requires companies to perform adequate due diligence on their suppliers to ensure they are not importing goods made from forced labor in the Xinjiang region of China. LkSG requires organizations to identify and assess potential human rights violations and environmental risks within their supply chains. To comply with both regulations, the onus lies on the company to conduct adequate due diligence — further demonstrating the importance of SCRM.

As enforcement of these regulations evolves and more jurisdictions enact similar laws in 2023, environmental, social and governance (ESG) principles within the supply chain will be emphasized within various regions. This will likely result in ESG becoming a key focus in conversations around supply chains.

Cyber Risk

Supply chain vulnerabilities in the software supply chain also continued last year. In September, Microsoft confirmed two zero-day vulnerabilities, and earlier in the year, the Log4Shell incident showed the impact that widespread vulnerabilities in a company’s software supply chain can have.

Organizations without real-time cyber exploration and monitoring tools had difficulty detecting and analyzing the full impact of these vulnerabilities within their software supply chain. Manual processes for detecting vulnerabilities are time consuming and prone to inevitable human error, but harnessing technology can make it more efficient for firms to quickly assess and mitigate vulnerabilities in real time.

These attacks will likely persist in 2023 — with Gartner predicting that 45 percent of organizations worldwide will have experienced attacks on their software supply chains by 2025.

Begin Proactive Preparation

A strong SCRM posture should remain top of mind for all organizations, and companies need to be prepared before a widespread disruption occurs.

A robust SCRM program and framework proactively provide a clear, overarching view of an organization’s supply chain ecosystem to manage and mitigate risk and increase ROI. This allows organizations to respond with agility when disruption hits or new regulations come into effect, allowing the business to overcome disruption and continue business as usual.

Supply chain mitigation strategies like bridging and buffering can also help organizations prepare for potential disruptions. Bridging means bridging the gap with suppliers to ensure communication is strong before, during and after any type of crisis, including climate-related events. Buffering entails having inventory reserves to act as a buffer or establishing alternative supply sources in the event primary suppliers face disruption. Implementing these mitigation strategies proactively can help a business quickly act and respond in the face of disruption.

While supply chain disruptions are becoming more complex, the technology used to detect and mitigate the associated risk is also rapidly advancing. New developments, such as performing sub-tier illumination and modeling from a command center, can significantly strengthen SCRM. As this technology continues to evolve, increased predictability will forever change SCRM.

Stay One Step Ahead

There is one guarantee for 2023: The risk and compliance landscapes will continue to evolve.

But implementing robust SCRM practices armed with a comprehensive understanding of where the business is today, the risks and regulations on the horizon and real-time visibility into supply chains can help organizations remain a step ahead and continue to grow and thrive.

(Photo credit: Getty Images/Chris Sattlberger)

About the Author

Skyler Chi

About the Author

Skyler Chi is head of enterprise accounts in the New York office of Exiger, a global third-party and supply chain management software company.