Six questions boards need to ask leadership about risk oversight.

Because of supply chain disruptions, the transition of the global economy and pressures on global trade as a result of economic sanctions imposed on Russia in response to its war with Ukraine, many organizations are reassessing their supply chain strategy with a focus on building resilience, assessing potential risks and creating long-term value.
 
Concurrently, ESG issues and the evolving role of businesses in society are increasing pressure on corporations to move toward more sustainable business models. These demands are coming from all directions — investors, ratings and research firms, employees, customers, regulators, governments and the media. The SEC’s recent climate disclosure proposal will accelerate timelines to operationalize ESG strategy. 

The Impact of ESG and Cyber Issues

ESG will be a driving factor in decision-making as companies plan for the future of their supply chains. From a boardroom perspective, a top priority should be managing the range of ESG risks in an organization’s supply chain, including climate change and other environmental risks; human rights issues, such as forced labor and child labor; worker health and safety; and diversity, equity and inclusion.
 
In addition, the pandemic highlighted cyber risks as a major potential threat to supply chains  — one that can halt the global economy. Cybersecurity operations are secure only when the entire end-to-end supply chain is protected from potential threats and vulnerabilities. Building cyber resilience into the supply chain is a board and business imperative.
 
To oversee supply chain risks and sustainability efforts, a board must address a challenging and complex set of issues, such as reputational damage and deficiencies in resilience, in the short term and long term. To overcome these challenges, we see boards engaging more robustly with management teams about building and maintaining sustainability in operations. Developing and executing a supply chain strategy that addresses ESG issues and prioritizes cybersecurity can create value, mitigate risk, build stakeholder trust and deliver a competitive advantage.
 
To transform their supply chains to be more resilient and future-proof, companies should consider: 
•    Developing more local and regional supply chains. 
•    Reexamining the structure and footprint of their supply chains. 
•    Diversifying their supplier base. 
•    Updating risk and vulnerability assessments. 
•    Deploying technology to improve visibility and risk management. 
•    Developing plans to address future disruptions.
•    Tightening cybersecurity to reduce the risk of data breaches and high-profile ransomware attacks. 

In the near term, a key role for boards will be oversight of significant projects to rethink, rework and restore critical supply chains — a difficult task with complex layers of pain points.

Questions Boards Need to Ask

To stay informed on how their businesses are managing their supply chains and supply chain-related projects, boards should consider asking the following questions:

Does management have a clear view of the end-to-end supply chain, and how are they monitoring the supply chain? Mapping the supply chain from end to end and being able to track products at each point are integral to building resilience. Without high-level and low-level tracking to provide a clear view of the supply chain process, solving issues during a disruption becomes much more difficult. For each part of the supply chain to work efficiently, the right technologies must be deployed, and there must be a clear line of sight into roles and responsibilities. It is essential for boards to provide oversight to help management teams identify gaps in supply chain resilience, such as vulnerability to cyber threats and ESG risks. Being able to monitor the end-to-end supply chain is the first step toward ensuring overall operational resilience.

How robust is the process for identifying the broad range of ESG risks and vulnerabilities across the supply chain? For boards, effective oversight of an organization’s supply chain includes monitoring progress on ESG initiatives to help manage risks and opportunities and drive long-term value creation. Close monitoring through continuous risk and exposure assessments can identify vulnerabilities so that contingency plans can be developed. 

How effective is the company’s supply chain risk management framework and process? The right level of coordination among an organization’s compliance, risk, cybersecurity and supply chain teams creates important synergies, especially in times of disruption. Risk mitigation plans should include all those functions to help ensure they can collaborate efficiently and effectively to resolve any challenges. Furthermore, protecting partner ecosystems and supply chains is just as important as building a corporation's own cyber defenses. A vulnerable supplier can have a major impact on a company’s operations.

What protocols are in place to assess suppliers’ sustainability practices? A set of metrics to assess suppliers’ sustainability practices can help define requirements more clearly for vendors across the supply chain. Especially in today’s market conditions, when corporations may need to quickly find supplementary suppliers to meet shortages, a standard can ensure ESG remains a priority.
 
Boards should understand what measures management teams have in place to help strengthen their supplier ecosystem. For example, training suppliers, providing benchmarks, using third-party verification, performing audits and promoting collaboration with and among suppliers can all help strengthen the overall supply chain.
 
What steps are the organization taking to reduce the environmental impact of its supply chain? Long-term planning requires the right technology solutions and strategic considerations to help businesses build more sustainable supply chains. Board oversight should focus on building end-to-end visibility, investing in automation and other advanced technologies, and building agility into an organization’s network of suppliers and partners. Other initiatives, such as carbon offsets, sustainability standards and certifications, and third-party collaboration, should also be a part of the conversation about ways to reduce a supply chain’s environmental impact.

How robust are supply-chain-related disclosures in a company’s overall ESG and sustainability reports? Many organizations elect to voluntarily disclose their ESG efforts to show how they are progressing toward their goals. After supplier ESG metrics and codes of conduct have been established, accounting for the supply chain in ESG disclosures can unveil new supply chain risk management opportunities. Boards should also consider peer, competitor and external sentiment analysis of supply-chain-related ESG disclosures to highlight  existing blind spots and potential reputational risks.

Board Understanding of the Supply Chain

As supply chain issues continue to draw scrutiny, it is increasingly important for boards to understand how their corporations are managing their supply chains and integrating them into their operational, strategic and risk management processes. Especially in times of crisis, well-operating supply chains become essential business enablers.

Boards should challenge management to think differently when it comes to monitoring, managing and reporting on the supply chain. Beyond complying with regulatory mandates such as potential climate disclosure requirements, fostering a sustainable supply chain and building cyber resilience can unlock value, deepen stakeholder trust and position an organization to better navigate the challenging global environment ahead.  

Tandra Jackson is vice chair of growth and strategy and John Rodi is audit partner and leader of the Board Leadership Center for KPMG U.S.