As organizations recover from COVID-19, there are changes underway that may become permanent. Some traditional ways of doing business have changed, and some of these changes may be more effective than the “old approach.” It is important to learn from the pandemic and embrace new ways of thinking. Here are five common lessons that many organizations have learned during COVID-19 recovery.
Lesson One: Many Enterprises Don’t Truly Understand Their Supply Chains
Some organizations may have discovered there were critical points of weakness in their supply chains that were not identified until they were stressed by the pandemic. Methods of managing supply chains were not sufficient for the unpredictable environment of COVID-19, including spikes in demand, partners that suddenly paused or ceased operations, and sudden material and product shortages.
Lesson Two: There’s No Hiding From COVID-19
Enterprises can’t simply replace every third-party whose performance was impacted by COVID-19, because the vast majority of suppliers in any given sector or industry were affected. This brought supply chain resilience to the fore for many organizations … often in painful ways. On its website, the World Economic Forum commented, “The COVID-19 pandemic has changed the business environment for many organizations around the globe, and has highlighted the importance of being able to react, adapt and set up crisis management mechanisms in order to weather situations of uncertainty.”
After surviving and recovering from supply chain problems and disruptions during the pandemic, many enterprises are now exploring new ways of thinking and working with their third parties to be more resilient in the future.
Lesson Three: It’s All About The Ecosystem
The supply chain issues at the outset of the pandemic illustrated the need to shift the buyer-seller relationship from “transactional” to “symbiotic.” Even the word “supply chain” seems outmoded, because the modern extended enterprise is an ecosystem of partnerships across third, fourth and even fifth parties, rather than a discrete chain of one-to-one relationships.
Some organizations may not fit well into the modern extended enterprise ecosystem – for example, there may be reduced reliance on traditional distributors, which typically operate at low margins, making them significantly vulnerable during disruptive events. Instead, there may be more direct ties between buyers and suppliers, and more focus on the value of close geographical proximity.
Lesson Four: Build A Circle Of Trust
Suppliers need to be able to communicate more openly with buyers when they are struggling, and not fear that this honesty will cause them to be cut out of the supply chain. Enterprises need to change the conversation with suppliers by making it clear they are willing to “take on a bit of risk to manage risk” by helping struggling suppliers recover. This could involve providing management and process advice, or even financial assistance.
Lesson Five: Embrace Technology For Faster Response
The pandemic exposed the need for (and shortage of) real-time, actionable third-party risk management (TPRM) data. This type of data allows firms to quickly “connect the dots” and make important, informed decisions at the outset of a crisis. Few organizations have invested in the infrastructure and master data management (MDM) processes required to create this kind of real-time TPRM data platform.
As a result, many are dissatisfied with their investments in TPRM technology, often because the underlying data is not sufficient for the TPRM technology to deliver real-time visibility into the extended enterprise ecosystem. In the Deloitte Extended Enterprise Risk Management (EERM) Third-Party Risk Management (TPRM) Global Survey Report 2020*, 72 percent of respondents said they are dissatisfied or partly dissatisfied with their third-party risk technology. This technology is evolving rapidly and providing some powerful new capabilities – but this initial MDM step is critical to enabling those new capabilities to deliver the kind of visibility enterprises need to effectively reduce the risk of disruption during a crisis like COVID-19.
COVID-19 has taught some important lessons about supply chain resilience, and organizations that put those lessons into action will be better prepared to withstand the next major disruptive event. Those that can change their approach to third parties, and adopt technology in a way that delivers true, real-time visibility into the extended enterprise ecosystem, will be able to avoid the confusion in supply chains around best practice in a crisis situation, that was a part of the onset of the COVID-19 pandemic. The big question organizations should now be asking is whether they have truly learned from these lessons and are making the necessary changes to emerge stronger and be better prepared for future risks.
Mark Bethell is a partner in the UK EERM practice. Mark rejoined Deloitte in 2015 after spending four years at a global FTSE 5 company. Whilst working there Mark led the design and implementation of a global third party risk management framework. Mark’s other roles whilst there included membership of the internal audit leadership team with accountability for all internal audit work performed in relation to the extended enterprise (contractors, suppliers and joint ventures). Since returning to Deloitte, Mark has led a number of projects to help clients across many industries manage the risks associated with the extended enterprise. He has helped his clients to design, build, and implement third party risk management frameworks and design and operate large-scale, global programs of third party audits covering a variety of risk types. Mark specializes particularly in the implementation of EERM managed services for his clients, and in the ongoing development of technologies to support automated risk screening and monitoring.