According to a new report published by the Institute of Risk Management, businesses responding to supply chain scandals with additional rules and regulations leave workers even more vulnerable.
The Institute of Risk Management (IRM) report entitled ‘Extended Enterprise: Managing Risk in Complex 21st Century Organisations’ argues that the ‘modern commercial obsession’ with systems and processes obscures the real problem – failure to understand and predict human behaviour and build trust.
The report urges companies to prioritise behavioural risk over ‘tick box compliance’ in order to tackle the ethical uncertainties present in today’s complex delivery networks.
Peter Neville Lewis – one of the report’s authors and an IRM member – explained: “Ticking boxes is easy – and dangerous. Boxes were ticked at Rana Plaza, in Rotherham and at BP. Developing a sophisticated understanding of ‘personal risk management’ may be a somewhat harder task but, as companies as diverse as John Lewis and Tata Industries have shown, it does help to create the ethical behaviour that controls risk across an organisation however big or complex the operation may be.”
Back in August, a Chartered Institute of Purchasing and Supply survey of UK businesses revealed that nearly 75% of supply chain professionals admitted to having ‘zero visibility’ of the first stages of their supply chain. Shockingly, 11% acknowledged it was ‘likely’ that slave labour was used at some point in the process.
Human cost of wilful blindness
The IRM’s technical director Carolyn Williams – who authored the new report – pointed out: “This is the human cost of wilful blindness in extended enterprise risk. It’s time businesses stopped expressing remorse and started tackling the behavioural uncertainties at every stage of their operations.”
Shareholders have a direct interest in whether a company takes a tick box or behavioural approach to organisation-wide risk management. A 2013 report published by the World Economic Forum highlighted the fact that significant supply chain disruption cuts the share price of affected companies by an average of 7%.
‘Extended Enterprise: Managing Risk in Complex 21st Century Organisations’ marks the transition from risk management of a single organisation to a coherent programme which meets the global and interdependent challenges of today’s joint endeavours.
Made up of IRM practitioners together with academic experts, the report’s project group has skilfully developed models, tools and techniques to help risk practitioners understand and manage risk across extended enterprises.
“Today’s extended enterprise environments achieve amazing outcomes but also display many of the characteristics of complex systems, with all of the potential for volatility and uncertainty that implies,” continued Williams. “By modelling the extended enterprise in practice, we provide risk practitioners with the tools such that they can begin to understand organisational exposure to extended enterprise risks – wherever in the chain they may be.”
Williams went on to comment: “By their very nature, complex systems cannot be managed or controlled. However, they can be influenced so, in terms of the future risk manager, this will demand new skills around leadership and when it comes to the understanding of culture, ethics and behaviour.”
Methodologies and tactics for addressing risk
The report offers recent multi-agency examples to demonstrate why there should be concern around extended enterprises. These include the scandal in the UK when horsemeat appeared in some beef supply chains, the management by some banks of their outsourced IT providers, failures in care homes and child protection in the UK and the tangle of responsibilities that became evident following the Macondo well disaster in the Gulf of Mexico.
As well as supporting organisational performance, the IRM report claims that a better understanding of risk across the extended enterprise is also vital in tackling wider problems such as slavery, abuse, environmental damage and dangerous working conditions. The report argues that wilful blindness by organisations to these issues within their broader networks is unacceptable.
Put simply, companies must now ask themselves whether any claims that they make about their values hold true across their extended enterprise.
Richard Hibbert – CEO of cloud-based Governance, Risk and Compliance (GRC) solutions provider SureCloud (who sponsored the report) – stated: “This is a thought-provoking study which highlights the risks posed by relationships across extensive networks of suppliers, partners and associates. It also offers methodologies and tactics for addressing risks and harnessing the benefits.”
*The new report was officially launched at a conference held at Cass Business School in London on Thursday 9 October