6 Questions for Greg Schlegel, Supply Chain Risk Management Expert

The Resilient Enterprise | The riskmethods Blog

Greg Schlegel literally wrote the book on supply chain risk management, and I had the chance to pick his brain about his thoughts on the topic. Read on to benefit from the insight that Greg's own experience with supply chain risk management has given him.


I’ve held a lot of positions in my years in the working world, but my first job was as a bookseller, and my second job was as a book editor. So it shouldn’t be a surprise to anyone that the first thing I did when I accepted a position at riskmethods was: buy a book about supply chain risk management.

Specifically, I bought Supply Chain Risk Management by Gregory L. Schlegel and Robert J. Trent. (I’ll leave you to imagine the laughs I got when I toted it to a Florida pool during my pre-new-job vacation. “Not really a pool read, Kelly.”)

Pool read or not, the book did exactly what I needed it to do, which was to take me on a fascinating and easy-to-understand spin through the discipline of supply chain risk management. Now, almost a year and a half later, I’m thrilled to have had the pleasure to speak with Greg directly and ask him some questions about supply chain risk management and his work in the field.

What is the #1 thing you wish every company understood about supply chain risk management?

Here’s the thing that I wish every single C-level executive would get through his or her heads: If you don’t prepare for supply chain risk, your team, your supply chain and potentially your division—or entire company—can perish. This may sound dramatic, but it’s absolutely true. In fact, out of all companies who experience a catastrophic event, 20% go out of business within 15-18 months after the event. But that’s not all: Another 15% go out of business about 2.5 years after the event. Bottom line: Supply chain risk is not just a problem for the supply chain.

In your book, you suggest that supply chain risk management provides a competitive advantage. Why do you think this?

For those who haven't read it or don't remember, here's the story: Two CEOs are walking in the woods and encounter a bear. In response, the first CEO leans over to tie his running shoes. The second CEO says, “What are you doing? You can’t outrun a bear!” And the first CEO replies, “I don’t have to outrun the bear. I just have to outrun you.” 

It’s a shame that more companies don’t buy into this concept, but this is why I love this analogy—it shows the importance of staying ahead of your competitors when it comes to a risk. Okay, so an encounter with a bear probably isn’t the thing that’s going to send your company under. But imagine this scenario instead: You and your competitors are hit with a regional disaster, like a hurricane. If you can Identify the risks, assess those risks, develop (or already have) mitigation plans for that disaster and manage those risks better than your nearest competitor, that is a strategic advantage.

Why? Because if you can recover faster than your nearest competitor, their customers will invariably  turn to you for price and delivery of the product they need—and if you can deliver, 7 out 10 customers that come over to your company will stay with you when your competitor gets back online. That’s called garnering additional market share—and it’s something every company wants.

How has supply chain risk management evolved as a discipline?

There’s no question that supply chain risk management is growing worldwide. In my work, I’ve come across about 250 companies that are what I would call SCRM exemplars, meaning that they do everything we recommend in our book, and sometimes more. I also know that over 15 universities are using our book to teach SCRM in undergraduate and graduate level supply chain courses. And the SCRM Consortium that I founded started with 5 companies in 2014—and now is made up of 24 companies and over 1,200 professionals. In the meantime, more and more books are coming out covering the topic, and all the major consultancies are writing about the concept on a regular basis. Institutions are also getting involved: new standards are coming out of ISO and ASIS, and I’ve recently co-authored a new Certificate in SCRM with APICS, now ASCM, and co-developed a Certification in Supply Chain Resiliency, SC-R, with The Logistics Institute of Canada. Just recently, the SCRM Consortium has launched a first-of-a-kind online course called “Supply Chain Risk & Resiliency,” culminating in a new certificate, SCR&R, from Lehigh University.

Where do you see supply chain risk management in 5 years?

The next five years will see even more changes. First and foremost, I hope to see a taxonomy developed, so that there’s universal agreement on all the terms and definitions that are involved in supply chain risk management. Second, software solutions are needed to identify global risks expeditiously, and new metrics and methodologies will be required to assess those risks. And finally, additional education forums will be needed, such as universities, credentialing organizations, new standards, more global workshops, adult executive education classes and enterprise-wide projects, including multiple departments, to ensure new, rich and robust case studies. One outstanding issue that will probably need more time is the ROI play, so there is more concrete evidence around the clear return on investment that an SCRM program provides. I suspect there will be more work to be done in this area and are confident consultancies, universities and exemplar companies will contribute to shoring up this issue, along with more assessment tools and perhaps risk simulation games as well.

In your opinion, what key stakeholder should ultimately be responsible for SCRM?

This depends a lot on the size of an organization and their approach to risk. Many of the SCRM exemplar companies have VPs of SCRM with titles, team members, etc. By observation, they tend to report to the CEO or general manager and sit right between the two powerhouses of manufacturing: Finance and Supply Chain.

However, because this discipline is so new, it will take more time to solidify where the ideal spot might be. Remember, pure risk management has been a discipline and a profession that has been in existence much, much longer than supply chain risk management, and the risk purists are still vehemently arguing about Chief Risk Officer (CRO) titles, responsibilities and corporate positioning!

In the short term, it doesn’t really matter, as long as the topic is at the forefront of the conversation. My goal is to ensure the visibility and viability of the concept in order to sustain the SCRM focus and journey.

In your opinion, what’s the #1 benefit that an SCRM program brings a company?

There are so many! But if I must pick one, I’d have to say: business continuity and sustainability of the company brand in a very complex, global supply chain environment fraught with risk.

My thanks to Greg for taking time to sit down with me and get nerdy about supply chain risk management! I look forward to continuing to follow his work—and maybe even read future books. (I’m always in the market for pool reads.)

Subscribe now to the riskmethods newsletter and never miss out on new, interesting insights!

More from The Resilient Enterprise Blog

Back to top