I attended an interesting ICSA event this week about supply chain governance.
This got me thinking about the traditional reference to risk ‘management’ and how it works within an increasingly complex environment.
With the of modern extended supply chains (outsourcing, sub-contracting, licensed intellectual property and cloud-based systems)large companies are operating within an enterprise structure that is multi-tiered and global.
This structure means that boards no longer have direct control over their risks, so are effectively placing their reputation, amongst other things, in the hands of third-parties. Can they manage these risks effectively, or should they adopt a dual manage and leadership approach?
Increase resilience through collaboration
If third-party incidents can dramatically impact business performance, and the following are held to be true:
- A material threat can come from any sized supplier (e.g. even a third party IT Developer who collaborates with other freelancers).
- Companies acknowledge that the greatest challenge is a lack of appropriate resource (people, technology, and processes).
…then surely large companies should look to support the smaller companies within the supply chain to increase resilience?
This goes beyond simply asking about a supplier’s values as part of a questionnaire or audit. It suggests a supportive role that leads the way towards establishing a culture which adopts a robust and lasting governance framework.
If a lack of resource challenges large companies, then how is the IT Developer supposed to have the resource or knowledge to build a strong governance framework around their engagements with third parties? Lead by example and influence a sustainable risk culture.
Increase awareness and knowledge
I’m not proposing an authoritarian approach, but one which provides support and tools. This approach leverages the resource which large companies already have at their disposal:
- policy templates
- online training sessions
- employee campaign asset templates
Establishing a leadership approach through the development of collaborative relationships based on values and communication helps ensure oversight of interconnected businesses. Bring together numerous businesses to achieve outcomes that each company could not achieve on its own.
Lead your risk communications
The more complex the extended enterprise, the more important clear communication becomes. It ensures a uniform purpose, shared ethics and a strong governance framework.
If you would like assistance creating a risk leadership campaign, we can help devise a clear communications plan, complete with content and design assets, and help you circulate and promote it.
Don’t react in response to an incident – be influential and lead risk through strong communication. Contact us to start the process.