Managing Supply Chain Risks with Standards Q&A with Dr Susanna Whawell

As part of Assent’s mission to champion the consultancy industry, Jess from Assent Risk Management has been interviewing experts from all sectors of the consulting profession. In this interview, Jess talks with ISO 9001 lead consultant and auditor, Dr Susanna Whawell, who specialises in identifying sources of value through data and behavioural analysis and ensures that it is mapped to strategic growth initiatives. The discussion focuses on managing supply chain risks with standards, including why it is important to audit your supply chain, some of the risks that can affect your supply chain and how ISO can supply chain assurance. 

Why is it important to audit your supply chain?

There are a number of reasons why it’s good to audit your supply chain and I’d say probably one of the first reasons is a simple check on processes. An audit is often treated as something scary, but really the purpose of an audit is to make sure that you’re doing what you think you should be doing to achieve your business goals. And what comes from that check on processes is often a control on costs and costs in the current environment are obviously very important. From there you can find [that] when you’ve checked your processes, it’s also quite a good opportunity to have a bit of a catalyst for change. You can discover that things in the external environment have changed, so you need to change what you’re doing in your supply chain as well. And there are another couple of things which are also becoming increasingly important for businesses in their supply chain these days. Sustainability is very much on the agenda and so a good check of your supply chain and a good audit can really help to identify opportunities for driving sustainability. Also for managing any risks that might pop out of your supply chain because there’s a chance that there could be something upstream or downstream [that] you’re not fully aware [of].

An audit is often treated as something scary, but really the purpose of an audit is to make sure that you’re doing what you think you should be doing to achieve your business goals.

What risks might exist in the supply chain?

​​There are a number of possible risks. It depends very much on the nature of what your supply chain does and is. I think a lot of people think about supply chain as an extended movement of products, more so than services, so it’s probably easier to give examples from there. But I would say some of the main risks are likely to be external disruptions and unavoidably the Pandemic raised a lot of questions about external disruptions in supply chains. There were some notable examples of organisations unaware of how their external supply chains really functioned. So what we talk about with these external disruptions really are what are known as environmental risks and if you can imagine that word, environmental has two meanings. The first of those is a collective term to talk about the wider macroeconomic environment. But there’s also what we would think of as the environment in terms of sustainability and green initiatives. So, very briefly, some of the environmental things in the macroeconomic sense would include the economy, what politicians are doing, social, technological, legal and environmental.

A lot of people will be familiar with that acronym spelling out ‘PESTLE’. It can also be rearranged to incorporate those conditions in another order. It depends very much on what your supply chain is looking for. So that really if you can do a top-line overview of the risks in your supply chain, look at some of those factors and from there you’re likely to find things that pop out. Such as specifics if you’ve got an extended supply chain with maritime and piracy is an extreme example, port fires are things that might occur and you may lose all of your products and services in that way. You can also look at supply chain risks closer to home, the rising cost of fuel. Can you afford to run an extended supply chain that’s not as efficient as possible? Which then comes back to your check-on processes. Are you running your supply chain efficiently? A check and audit will reveal that.

Learn more about ISO 9001

Contact Assent to speak to an expert ISO consultant

How do we develop an audit programme?  

[It depends on the risks you think you’ve identify in your supply chain, which can follow on from the previous question]. So I would say you need to think about risks in the broadest sense and that circles back to depending on how your supply chain functions. Is it an extremely extended one, it runs halfway around the world, or is it you’re simply moving from one part of one country to another? So having identified what you think your risks are, you then design your audit programme around identifying those risks and making sure that you’re keeping on top of the risks that are most pressing to your supply chain, given the nature of your operations. One of the things that comes out of this in your audit programme is an opportunity to create visibility of these risks. There are a number of standards which can help you with this and three of the most relevant ones are probably ISO 9001 and ISO 14001 and ISO 27001, but for different reasons. 

ISO 9001 is about process control and that comes back to checking your processes, and making sure that you’re on top of the risks that you’ve identified, which is a key part of [ISO] 9001. And then we think about things like information flows, which are for service-driven supply chains, although again, supply chains are typically thought of as a physical sense. There are also service supply chains which are intangible and information flows are a critical component of [ISO] 27001, which is the Information Security standard, which is very important in this day and age. 

Then also it’s worth thinking about the standard [ISO] 14001, which is concerned with Environmental Management. An aspect of that looks at the way that you would plan for identifying any risks in your supply chain and recovering from them. Now, it does overlap a little bit with other standards about business continuity, but there is a piece in there that is specific to environmental management, which should also be part of your programme. And again, we can see that all these standards are linked together because we’re coming back to your double meaning of the word environmental when you’re looking at your risks.

There are a number of standards which can help you with this and three of the most relevant ones are probably ISO 9001 and ISO 14001 and ISO 27001, but for different reasons.

How does ISO Certification support supply chain assurance?

It comes back to these points we’ve already discussed, really, about making sure that you are continually reviewing your processes. ISO certification is not a static document. It’s meant to be a live document about the way that you manage your business and you think about managing quality and control within your business in a way which gives you assurance that your business will go on to survive and thrive into the future. So certification is a continual review of your business processes which makes sure that you’re on top of what’s happening internally and externally. And we come back to that point that I made at the beginning that an audit is not supposed to be a scary process. It is supposed to be a value-adding exercise to make sure that you’re doing what you think you ought to be doing as efficiently and effectively as you possibly can. And in this day and age, that is one of the most effective ways to make sure that you’re keeping on top of your cash flow. Now, any business will know that cash is king. So even if you think that you’re spending time and resources to conduct an audit, in the long run, you should make sure that the audit effectively pays for itself in good business management and a focus on delivering quality which will differentiate your business and ensure that you continue to attract and retain customers.

ISO certification is not a static document

Thank you Dr Susanna Whawell for taking the time to talk about supply chain risks. Contact us if you want to discuss in more detail how ISO Standards can help mitigate risks in your supply chain.

Watch the full interview here

Jessica Inglis
Jessica Inglis
Articles: 32