Fortifying Supply Chain Security and Resilience: Internal Audit’s Role

The intricate web of supply chains crisscrossing the globe has now become the backbone of global commerce. Yet, recent years have revealed inherent vulnerabilities in these supply chains, leading organisations to reevaluate their strategies and adopt proactive measures to safeguard against disruptions. The need for robust supply chains has never been more apparent and organisations have been compelled to reassess and fortify the security and resilience of their supply chains.

Download the full Chartered Institute of Internal Auditors and AuditBoard report, Supply Chain Resilience and Security: Harnessing the Potential of Internal Audit — and read on for a high-level look at strategies to build supply chain resilience, and a deeper dive into specific approaches internal audit can take to help their organisations identify, assess, and mitigate risks while ensuring business continuity.

Supply Chain Security and Resilience Strategies

This strategic shift is evident in various approaches adopted by companies across industries, each tailored to mitigate specific vulnerabilities and align with broader corporate objectives.  

1. Diversification Strategies

One prevalent strategy is diversification. We have seen technology giants like Apple and HP demonstrate geographical diversification strategies within their supply chains. Apple has initiated the transition of some of its production facilities from China to India, a move aimed at reducing reliance on a single region and spreading risk. Another diversification strategy being employed is to reduce the reliance on a single supplier and increase the range of suppliers for critical materials. Car Manufacturer Tesla recently signed a long-term supply agreement with Vale for the supply of nickel for its batteries. With this agreement in place, Tesla has a total of seven nickel suppliers, spread across multiple regions.

2. Localisation Strategies

A strategy gaining momentum is onshoring or reshoring. For example, in the automotive industry, General Motors is investing in domestic battery production and mining facilities in the United States. This shift not only secures a domestic supply of critical components but by manufacturing domestically, it also addresses the sustainability concerns of long-distance transportation and nullifies the geopolitical global risk exposure from sourcing abroad. Similarly, HP is expanding its manufacturing base to include locations like Mexico, enabling the company to buffer against potential disruptions and leverage the benefits of localised supply chains.

3. Utilising Technology

The integration of advanced digital technologies is revolutionising supply chain management. Companies are employing tools like blockchain, artificial intelligence, and the Internet of Things (IoT) for enhanced visibility and responsiveness. In the pharmaceutical industry, firms like Pfizer have used advanced tracking systems to ensure the integrity of temperature-sensitive products like COVID-19 vaccines, demonstrating the value of technological integration in managing complex supply chains. Sports goods company Nike accelerated a supply chain technology program utilising radio frequency identification (RFID) technology to track products through outsourced manufacturing operations. The company employed predictive-demand analytics to lessen the impact of store closures in China. This approach enabled Nike to boost sales while its major competitors experienced more significant drops in sales.

These strategies signify that organisations are taking a comprehensive approach to supply chain resilience. Internal audit offers oversight and insights into potential risks and provides assurance on the effectiveness of these strategies. Internal audit recommendations can help the strategic adjustments made by organisations so they are not only responsive to current challenges but also sustainable and aligned with long-term organisational goals.

Internal Audit’s Role in Fortifying These Supply Chain Security Strategies

Organisations that embrace comprehensive supply chain security strategies and leverage

the expertise of internal audit will be better positioned to navigate the complex and evolving challenges that lie ahead. The strategies outlined here represent a wide range of approaches that can enhance supply chain security and resilience, enabling organisations to identify, assess, and mitigate supply chain risks while ensuring business continuity.

Diversification and Dual-sourcing of Suppliers

Organisations are increasingly diversifying their supplier bases and embracing local sourcing strategies to mitigate the risks associated with relying on a single source or a limited number of suppliers for critical components or products. This shift in approach reduces the organisation’s vulnerability to disruptions originating from a single geographical location and enhances supply chain resilience.

Dual sourcing, the practice of maintaining two or more suppliers for critical items, further strengthens supply chain resilience by ensuring that if one supplier faces challenges, an alternative source is readily available. Organisations are also recognising the need for alternative sources of critical raw materials and components, which can further reduce their reliance on specific suppliers or regions. Internal audit teams can help evaluate the effectiveness of these strategies. By assessing the organisation’s risk assessments, supplier portfolios, and the overall execution of these strategies, internal audit helps the organisation achieve its intended objectives. This includes evaluating the organisation’s ability to identify and prioritise critical suppliers, establish clear selection criteria for new suppliers, and effectively manage supplier relationships. 

Criticality Assessments

Criticality assessments help organisations identify crucial materials and assess their availability. By understanding the potential impact of disruptions to critical supplies, organisations can prioritise their efforts to secure essential materials and implement appropriate risk mitigation strategies. Internal audit can evaluate criticality assessments to determine if they are fit for purpose and recommend actions to strengthen these assessments.

Contractual Safeguards

Strong contractual safeguards such as escrow agreements provide organisations with protection during supply chain disruptions. Escrow agreements are financial arrangements where a third party holds and regulates payment of the funds required for two parties involved in a transaction, ensuring that the terms of the deal are met before the payment is released. This mechanism provides a layer of security in transactions, mitigating risk and enhancing trust between suppliers and buyers in complex supply chains. During the early days of the COVID-19 pandemic, organisations with robust contractual agreements in place were better positioned to secure essential supplies. Contractual safeguards provide a safety net for organisations, ensuring the availability of critical supplies, even in the face of supplier challenges. Internal audit can examine the strength and adequacy of contractual safeguards. It can assess the organisation’s ability to enforce these agreements when needed so that they are regularly reviewed and updated.

Supply Chain Mapping

Organisations are increasingly using supply chain mapping software to gain visibility into their supply chain structures. This enables them to identify vulnerabilities, dependencies, and critical components. Pharmaceutical companies utilise supply chain mapping exercises to identify critical ingredients and dependencies, ensuring a steady supply of materials. By creating detailed supply chain maps and conducting comprehensive risk assessments, organisations can pinpoint areas of potential disruption and develop targeted mitigation plans. Internal audit can verify the accuracy and completeness of supply chain maps and assess the effectiveness of risk assessments. It can help with adequately identifying critical components and dependencies and setting mitigation plans in place.

Scenario Planning and Criticality Assessment

As supply chain disruptions become increasingly prevalent, organisations are turning to scenario planning as a proactive approach to risk management. By simulating potential disruptions, organisations can identify vulnerabilities, develop contingency plans, and enhance their overall resilience. Effective scenario planning involves identifying potential disruptions, developing and testing detailed scenarios, assessing organisational resilience, formulating response strategies, and regularly reviewing and updating scenarios. By implementing scenario planning, organisations can strengthen resilience to disruptions, improve decision-making, enhance business continuity, and foster a risk-aware culture. Internal audit can assess the effectiveness of scenario planning initiatives and support organisations in maximising the value of this exercise.

Just-in-Case Approach and Building Redundancy

Organisations can adopt a “just-in-case” approach by identifying critical supply chain points and building redundancy in those areas. This approach involves stockpiling inventory, and provides a safety net for organisations, allowing them to weather disruptions by maintaining backup inventory and diversified supplier networks. Internal audit can assess the effectiveness of the just-in-case approach and ensure that any redundancy plans are well-documented and regularly reviewed.

Digitalisation and Supply Chain Analytics

The adoption of supply chain analytics technology and the recruitment of digital talent are essential steps in improving supply chain transparency and resilience. These digital tools enable organisations to proactively monitor and respond to potential disruptions. Retailers are using advanced analytics to monitor consumer demand patterns and optimise inventory levels, ensuring products are available when and where they are needed. By leveraging digital technologies, organisations gain real-time visibility into their supply chains. They can predict and mitigate disruptions, enhancing overall resilience. Internal audit can assess the organisation’s adoption of digital supply chain tools and the effectiveness of supply chain analytics. It can develop measures that demonstrate technology investments adequately align with supply chain resilience goals and that data security and privacy measures are in place. We will explore this topic further in the next part of this report.

For a deeper dive into the topic, download the full report, Supply Chain Resilience and Security: Harnessing the Potential of Internal Audit.