Supply Chain

Risk Management
From challenges to advantages:
Supply network optimisation

March 2023
Brochure
Supply / report
Chain Risk title goes here||Table
Management Section title goes here
of Contents

Table of Contents
Thriving in Supply Chain Disruption................................................................. 3

Key Considerations ............................................................................................... 4

How we could assist............................................................................................. 7

Further enquires ................................................................................................... 9

2
Supply Chain Risk Management | Thriving in Supply Chain Disruption

Thriving in Supply Chain Disruption

Supply chain disruption take place when one component of your supply chain fails to provide its good or service to the
following process in the chain. By identifying the key business activities that could be affected by disruptions to your supply
chain, you can prepare a plan of action to minimize the impact of supply chain disruption.

Example of Supply Chain Disruption

Climate Change & Natural Disaster Global Health

In 2011, Thailand suffered the worst flooding In 2020, 150+ of the Fortune 1000 have Tier 1
in 50 years with many regions under 3 meters suppliers and 900+have one or more Tier 2
of water. Flooding lasted 30 to 60 days, suppliers in highly impacted areas of China
disrupted global electronics, automotive and
food supply chains, and resulted in losses
totaling $40 billion to $50 billion

Operational Risk Cybersecurity

In 2020, net income before taxes fell by 40% In 2021, Brenntag (chemical distribution
over the prior year to $2.9 billion due to company) suffered a DarkSide Ransomware
reduced shipments to wholesalers, labor attack that led to the organization paying a
shortages, and other “supply chain effects” $4.4 million ransom in Bitcoin
for Nike.

Geopolitical Financial Crisis

Brexit, US tariffs on imports from the Sales and demand reached all-time lows and
European Union, the South Korea–Japan trade sourcing departments were faced with losing
dispute, and the US-China trade war suppliers and entire supply chains to bankruptcy

3
Supply Chain Risk Management | Key Considerations

Key Considerations
Arising risks Risk Strategy (Avoid, Transfer, Mitigate, Accept)

Poor supplier performance Transfer:

Assess alternative supplier arrangement through a risk
This is the most fundamental risk and businesses should
assessment on the options and financial impact
prioritise it above all others. A supplier’s financial health is
a main indicator of their performance, but throughout the
Mitigate:
evaluation and selection phase, management should also
Audit on due diligence, supplier
evaluate other criteria such as production capabilities,
management and contract management
compliance with relevant regulations and industry
standards, etc.

Demand planning complexity Mitigate:

Process optimization by assessing the material resource
A successful demand planning enables a company to find
planning model such as forecasting, past consumption,
the perfect balance between sufficiency and surplus.
safety stock model, inventory categorization
This was easier when consumers’ demand is predictable,
and businesses functioned on a just-in-time (JIT) basis.
However, many companies experience supply and
demand shock during the pandemic. Demand patterns
shifted as people were confined to their homes. Now,
companies may not rely on internal historic data alone
to make predictions, but rather to pay more attention to
evolving consumer behaviors through granular as well as
external data.

Skilled labor shortage Transfer:

Assess alternative supplier arrangement through a risk
The market, in particular the manufacturing, construction,
assessment on the options and financial impact
and transportation industries are facing a skilled labor
crunch. Due to the increased competition for skilled
Mitigate:
labor, companies may need additional resources or even
Audit on due diligence, supplier management and
hire ill-suited candidates just to keep pace with demand.
contract management
Eventually, this would result in lower revenue and slow
growth for businesses.

Rising inflation Transfer:

Assess alternative supplier arrangement through a risk
High inflation not only reduce the purchasing power of
assessment on the options and financial impact
consumers, but also driving up direct costs, making it
more expensive for businesses to produce, store, and
ship their goods.

4
Supply Chain Risk Management | Key Considerations

Arising risks Risk Strategy (Avoid, Transfer, Mitigate, Accept)

Economic volatility Mitigate:

Process optimization by assessing the material resource
The global economic volatility has spiked since the last 2
planning model such as forecasting, past consumption,
years, making it more crucial for businesses to become
safety stock model, inventory categorization
responsive and take proactive measures in addressing
supply chain disruptions. For example, the outbreak and
geopolitical issues have caused in changing lead times
and supply shortages. Businesses need to ensure they
have enough inventory to fulfill demand, simultaneously,
not holding too much if the market declines.

Complex sanctions and regulations Mitigate:

Identify regulations in the region where the company
The recent Russian sanctions have increased businesses’
operate, leveraging on Subject Matter Experts in our
awareness of their suppliers’ ultimate beneficial owners,
geographic network
directors, and shareholders to prevent bad actors from
damaging their supply

Geopolitical risk Transfer:

Assess alternative supplier arrangement through a risk
Political crises on a global scale, such as the Russian
assessment on the options and financial impact
invasion of Ukraine and China’s zero-Covid policy, have
subverted the supply chain and losing hundreds of
Additional considerations:
millions of dollars’ worth of sales. To mitigate this risk,
Risk Management to assess business disruptions impact
businesses need to consider having alternative suppliers
and identify ongoing or mitigating controls
to ensure they have options during a disruption.

Reputational risk Mitigate:

Audit on environmental, social, and
Sustainable sourcing has never been more important
corporate governance.
than it is in the last decade. Businesses have no option
but to integrate social, ethical, and environmental
Additional considerations:
performance factors into the process of selecting
Risk Management to assess ESG related risks and identify
suppliers. Deficiencies in corporate governance, and
ongoing or mitigating controls
environmental or social responsibilities may hinder
businesses from safeguarding their brand reputation.

5
Supply Chain Risk Management | Key Considerations

Arising risks Risk Strategy (Avoid, Transfer, Mitigate, Accept)

Natural disasters and climate risk Additional considerations:

Risk Management to assess business disruptions impact
Natural disasters can create detrimental impacts that
and identify ongoing or mitigating controls
affect the whole supply chain. Businesses are required to
ensure balanced supply and demand, as well as finding
alternative ways to keep its supply chain operational
during emergencies.

Cyber risk Mitigate:

Audit on Cyber, such as performing an IT Security
Cyber risk is an emerging threat that focusing on weak
Risk Assessment
points in a company’s supply chain. Because weak points
in a supply chain, e.g., third party suppliers, are an easier
target for cyber criminals, it has elevated the importance
for businesses to be aware on their own cybersecurity
and that of their business partners.

Pandemic risks Transfer:

Assess alternative operational model through a risk
The COVID-19 pandemic has accelerated the existing
assessment on the options and financial impact
issues in the supply chain, making it more important
for businesses to be agile, flexible, and resilient. The
pandemic caused many to anticipate more disruptions
to come on the supply chain. Hence, businesses are no
longer able to operate the old ways but always prepared
to respond to changes.

Insolvency risks Transfer:

Assess alternative operational model through a risk
From natural disasters to political, economic, and social
assessment on the options and financial impact
events, businesses around the world are exposed to
losing their suppliers as suppliers become unable to
operate or honour their obligations.

6
Supply Chain Risk Management | How we could assist

How we could assist

Risk Strategy Suggested areas we could assist

Transfer: • Spending profile on suppliers

Assess alternative supplier arrangement through a risk • Key suppliers/critical items
assessment on the options and financial impact • Consider alternative and perform cost analysis on
identified suppliers or products

Transfer: • Current model to identify risks area due to disruption in

Assess alternative operational model through a risk the company’s supply chain
assessment on the options and financial impactw • Assess the impact and the recovery time
• Consider alternative model and impact on cost
and operation

Mitigate: • Supplier on-boarding assessment and financial

Audit on due diligence, supplier management and due diligence
contract management • Periodic reviews of supplier credit standing
• Retention / termination of supplier accounts
• Supplier incentives programme management
• Continuous control monitoring of supplier accounts
for suspicious activity transactions (please refer to our
digital continuous control monitoring or ask us)
• Assess contractual terms and purchase commitments
• KPIs are outcome-based and are clear, measurable
and achievable
• Monitoring of supplier’s obligations against
contractual requirements
• Quality assurance for goods supplied and
services performed
• Leverage on data analytics to identify performance gaps
such as high occurrences of delay

Mitigate: • Identification of critical equipment/inventory

Process optimization by assessing the material resource • Inventory planning (demand and supply) including
planning model such as forecasting, past consumption, delivery lead time for critical, and consumables
safety stock model, inventory categorization • Setting and monitoring of inventory levels for parts
(including obsolete and slow-moving items)
• Monitoring of inventory warranty period
• Minimal quantity for critical inventory and regulatory
requirements are maintained
• Shelf-life monitoring

7
Supply Chain Risk Management | How we could assist

Risk Strategy Suggested areas we could assist

Mitigate: • Compliance with key Company’s policies

Identify regulations in the region where the company • Compliance with applicable law and regulations such as
operate, leveraging on Subject Matter Experts in our permits and licenses
geographic network • Operations are monitored and inspected on a
periodic basis

Mitigate: • Reporting metrics for data collected for

Audit on environmental, social, and corporate sustainability reporting
governance (“ESG”) • Data for sustainability reporting is collected and
reported accurately, timely and complete
• Review and Reporting of ESG and climate related risks
• Identification, Monitoring and Reporting of regulatory
requirements and non-compliances

Mitigate: • Privileged User Access Control

Audit on Cyber, such as performing an IT Security • System Security
Risk Assessment • Malware Pwrotection
• Network Security
• Patch and Vulnerability Management
• Security Event Monitoring

Additional considerations: • Identify potential impact and likelihood of the risks

Risk management to assess business disruptions impact • Assess ongoing mitigating controls, and additional
and identify ongoing or mitigating controls mitigating controls
• Assess the risks, including consideration of the overall
company’s risk appetite

Additional considerations: • Identify potential impact and likelihood of the risks

Risk management to assess ESG related risks and identify • Assess ongoing mitigating controls, and additional
ongoing or mitigating controls mitigating controls
• Assess the risks, including consideration of the overall
company’s risk appetite

8
Supply Chain Risk Management | Further enquires

For further enquires, reach out to:

Cheryl leads the internal audit and enterprise risk management practice in Deloitte Singapore. She has
over 16 years of experience in providing statutory audit, internal audit and Risk Advisory services. She is
the Project Partner delivering internal audit and Risk Advisory services for a number of listed, government
linked as well as multi-national corporations. She also provides SOX consulting and attestation services to
US and Japanese multi-national corporations.

Cheryl has a proven track record in serving clients from a range of diversified industries such as energy
(including oil & gas), real estate (REIT and Asset Management), government, hospitality, gaming, food and
beverage, manufacturing, port management, and energy.
Cheryl Lim
In relation to supply chain management, her clients include petrochemical logistics services providers, a leader
Executive Director
in the supply chain industry and a multi-geography integrated specialised logistics provider.
cherylim@deloitte.com

Andy has over 12 years of professional work experience in the area of Auditing (internal controls and
financial), Enterprise Risk Management (advisory and implementation), corporate governance, business
process review, establishing policy, implementing control self assessment framework and information
system implementation. Andy is exposed to various industries such as the energy, resources and
industrial, internet content & information, real estate, food & beverage, consumer (for online retail),
pharmaceutical, and the public sector.

Industry specialisation: Energy, resources and industrial

In this industry, he has performed services on internal controls, business process review, regulatory
Andy Wee related audits, risk assessment to identify auditable areas, assurance map, and control self-assessment.
Director The generic processes where he had been involved in this sector are revenue, procurement & payment,
awee@deloitte.com contract management, supply chain management, cash management, human resource, incident
reporting, environmental and sustainability, business continuity planning, due diligence and managing
anti-corruption, enterprise risk management, and spend analysis. The Industry specific processes he has
covered are project management on renewable energy, investment on renewable assets, compliance
with electricity and gas market, retail business on sales, portfolio effectiveness for energy, fuel &
inventory management, trading office involving physical and hedging, chemical management, operations
& maintenance, and construction.

Other specialisation: Supply chain management

In this area, he has audited companies in the industry of energy, manufacturing, food & beverage,
consumer (for online retail). Besides identifying internal control weakness, he shares insights on potential
cost savings practices. In his earlier employment, he was in the aviation/defence industry for 8 years
where he was involved in managing optimal inventories to support requirements which involves 20,000
types of inventory, and considerable value per inventory item. This involves dealing with users, suppliers,
and logistics support. He was also involved in the company wide upgrade of SAP which require setting the
governance, strategy and operational aspects such as controls to prevent misuse of data, critical data to
import, data cleansing.

Project management
In terms of project management, Andy is accustomed to handling multi-projects and plays a pivotal
role in execution the audits and managing clients’ requirements. He has worked with the regulators on
compliance matters such as providing independence review on inventory management, revenue and
procurement. Andy was part of implementing ERM within an organisation, and provided ERM consultancy
to organisations.

Andy was part of an agency’s Risk Management team where he was involved in facilitating discussion with
project risk owners on risk relating to ongoing/future projects.

9
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”),
its global network of member firms, and their related entities (collectively, the
“Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each
of its member firms and related entities are legally separate and independent
entities, which cannot obligate or bind each other in respect of third parties.
DTTL and each DTTL member firm and related entity is liable only for its
own acts and omissions, and not those of each other. DTTL does not provide
services to clients. Please see
www.deloitte.com/about to learn more.

Deloitte Asia Pacific Limited is a company limited by guarantee and a member

firm of DTTL. Members of Deloitte Asia Pacific Limited and their related
entities, each of which are separate and independent legal entities, provide
services from more than 100 cities across the region, including Auckland,
Bangkok, Beijing, Hanoi, Hong Kong, Jakarta, Kuala Lumpur, Manila, Melbourne,
Osaka, Seoul, Shanghai, Singapore, Sydney, Taipei and Tokyo.

About Deloitte Singapore

In Singapore, financial advisory services are provided by Deloitte & Touche

Financial Advisory Services Pte. Ltd. and other services (where applicable) may
be carried out by its subsidiaries and/or affiliates.

Deloitte & Touche Financial Advisory Services Pte. Ltd. (Unique entity number:
200205727K) is a company registered with the Accounting and Corporate
Regulatory Authority of Singapore.

© 2023 Deloitte & Touche Financial Advisory Services Pte. Ltd.

Designed by CoRe Creative Services. RITM1355417