Integrating Digital Supply Chain Risks on Board Agenda

Share on

Technology & Automation

Integrating Digital Supply Chain Risks on Board Agenda

Faced with the imperative of formulation of strategic guidelines that address the challenges of Digital Transformation (DT), business models based on Digital Platforms stand out in the composition of the Strategic Plan. In this context, new risk management implications threaten the organizations and the board of directors (BoD) must diligently deal with decisions at the frontier of knowledge, writes Alexandre Oliveira, Digital Transformation & Corporate Governance Expert…

Digital Transformation leads to changes in organizational processes and business models driven by the digital behaviours of companies and individuals. This phenomenon is studied across various fields such as economics, administration, social sciences, corporate governance, data science, supply chain management, mathematics, philosophy, and psychology. The interdisciplinary nature of Digital Transformation can be approached in multiple ways, requiring coordination among various fields. Strategic thinking in corporate governance enhances corporate risk management, value preservation, creation, and continuity.

To fully grasp the impact of digital transformation on the supply chain, supply chain managers and directors must master six knowledge dimensions:

Digital Transformation Strategies: Some of the concepts that need to be deepened include symmetric and asymmetric competition; Customer network, network effects, and customer journey; Platform business models, governance models; Channel conflicts, value chain architecture; Data strategies; Startup ecosystems; Value Proposition Roadmap and Digital Transformation Roadmap.

Industry 4.0 solutions: Some of the concepts that must be deepened, all applicable to supply chain processes, include: Robotic Process Automation (RPA); Additive manufacturing; Blockchain and smart contracts; Robotics ecosystem; Artificial intelligence; Machine learning and deep learning; Supply chain analytics; IoT; Augmented reality and virtual reality; Digital twin and Cybersecurity.

Supply Chain Processes: How to combine strategic concepts and technologies to get the best out of supply chain processes? How should such processes be redesigned to offer more to your business? Which processes are changing more rapidly? Some of the processes that have been impacted include demand forecasting; procurement; Inventory management; production planning; transportation; warehousing; manufacturing; customer logistics and international logistics.

People savviness: Who in my team will do what? Do I need a data scientist? Should managers be trained on Blockchain? Today most managers and directors are unprepared to allocate resources to the responsibilities associated with digital transformation in the supply chain. When area leaders have no basic literacy of the strategies or technologies, they won’t build a process roadmap or manage their teams. The teams are anxious, lost, and distressed. They are mismanaged or neglected. There is a management gap resulting from the inability (due to lack of knowledge) to decide.

Industry sectors: This avalanche impacts all industry sectors. Leaders (managers and directors) need to balance the first dimensions (strategy, technology, processes, and people) and adapt them to the reality of their companies’ sector.

Culture: Digital transformation has to do with mindset… with business models… with a value proposition. It also has to do with technology – all of them well balanced. We must respect the time of people and organizations. The change is inexorable, but the way it will be conducted determines its success.


The impact of 5G, when compared to 4G, will be perceived by companies and users in three critical ways:

  • The number of simultaneously connected devices per square km will increase 100 times, enabling a massive IoT environment
  • The response time to the requested for data (latency) will reduce 100 times, facilitating mission-critical activities, such as remotely operating equipment
  • Traffic speed will increase 100-fold, benefiting data-intensive firms such as financial institutions.

The benefits of each business will be delivered, as management bridges the gap between these solutions and business goals. For example, realtime data interactions will benefit the healthcare industry – so 5G technology will be helpful to the business model. Sectors that benefit from solutions that can better perform with 5G should be alert to opportunities. Not taking advantage of these opportunities will expose competition risk if your competitors are early adopters. Some of the sectors that will benefit the most from this process are telecom operators, equipment manufacturers, retail, health, the transformation industry, finance, transportation, and education.

The term 'Power by the Hour' was first used in 1962, when Rolls Royce introduced a complete engine and accessory replacement service based on a fixed cost per flying hour. Today, this business model, known as the 'Subscription Economy', is prevalent in various industries. Companies like Amazon, Netflix, Zipcar, and others have adopted this model.

Airlines do not have to pay for the engine upfront, which requires a different project finance design and higher working capital from the manufacturer. However, suppliers can increase the customer base, improve profitability, and create a more resilient model to withstand economic downturns, when engine usage drops by 10-20% and sales are completely interrupted.

Thanks to IoT (Internet of Things) and the Artificial Intelligence ecosystem, this 60-year-old business model now offers better value. The following are some of the benefits of this IoT-based business model:

Accounts Receivable and Cash Flow: Engine manufacturers receive near-realtime information from the equipment installed in airlines and can issue daily invoices. The enabling technologies may include IoT and RPA, leading to reduced accounts receivable and improved cash flow and financial performance.

Customer Loyalty: Operational data from airlines worldwide feeds descriptive machine learning models and develops operational scenarios to enhance the passenger experience.

Unexpected Conditions: The data lake generated from IoT flows enables predictive models to recommend maintenance when necessary, balancing performance and lifetime total ownership costs. Advanced solutions use AI-embedded digital twins that can automatically react to unexpected situations, such as changes in weather conditions.

Operational Costs: Operational NRT data combined with GPS information is fed into machine-learning algorithms that predict optimal parameters during take-off and landing, reducing fuel consumption. Predictive models create recommendations for pilots or automatically adjust aircraft systems.


The responsibility of formulating strategic guidelines and plans, as well as ensuring effective risk management practices, falls on the Board of Directors (BoD).

Consider the scenario where the BoD sets the Strategic Guideline for engagement in the Digital Transformation journey. Incorporating such guidelines into the strategic agenda can be achieved through Digital Platform Business Models (DPMs), which create and distribute value through interactions among stakeholders, enabling the exchange of goods, services, or social currency. The BoD must possess the necessary knowledge for diligent monitoring and control in designing, launching, and implementing a DPM. The following risks require the attention of the BoD:

Value: The sustainability of DPMs is dependent on the continuous creation of value for all stakeholders. The identification of the Value Proposition for each stakeholder requires engagement with internal and external parties. The diligent BoD will identify any imperfections in this process and conduct additional studies as needed.

Access: Deciding who should participate in the ecosystem is a crucial decision in DPM design. For example, deciding whether to allow competitors in a marketplace is crucial for attracting consumers. The BoD must carefully monitor the process of choosing stakeholders, as well as potential risks and conflicts that may arise.

Network Effects: DPMs should encourage interactions between stakeholders that generate value and minimize undesirable interactions. The BoD must identify the main Network Effects and monitor their performance.

Value Distribution: The value generated by the DPM should be distributed based on each stakeholder's contribution and expectations. The BoD must evaluate the DPM structure and its impact on sustainability.

Data: Digital platforms generate, capture, process, and use data in various organizational decisions. The data strategy, DPM architecture, technological solutions, and stakeholder culture largely define the level of cybersecurity risk exposure. The BoD should understand that the data strategy can point the company in different directions and ensure that board deliberations align with the Strategic Guidelines.

Conflicts: DPMs may house stakeholders with complementary and conflicting interests. The BoD must be capable of foreseeing conflicts, establishing rules for mitigation, contingency, and resolution, and ensuring that such governance is in place and followed. 

Technological Solutions: The BoD should monitor the acquisition of technological solutions by the directors, ensuring that a value proposition has been defined before acquiring any solutions. The BoD should also encourage minimal organizational knowledge about the benefits and applications of mature market solutions.

In the context of formulating Strategic Guidelines for Digital Transformation, DPMs play a crucial role in the Strategic Plan. New risk management implications pose a threat to organizations, and the BoD must make informed decisions at the forefront of knowledge.


Cybersecurity is a critical topic with practical implications for supply chains. The digital landscape imposes vulnerabilities in the flow of information between companies, including suppliers, customers, and service providers.

According to the NIST (National Institute of Standards and Technology, USA), key cyber supply chain risks include:

  • Third-party service providers with physical or virtual access to information systems, software code, or IP
  • Poor information security practices by lower-tier suppliers
  • Compromised software or hardware purchased from suppliers
  • Third-party data storage or data aggregators.

Best practices in managing cyber supply chain risks include incorporating security requirements in RFPs and contracts, limiting access to information systems and software by vendors, and ensuring that all vendors are authorized and escorted.

The role of leadership in managing cybersecurity risks is associated with fostering a security culture throughout the organization. The CEO and the Board of Directors are ultimately responsible for the organization's cybersecurity. They should be aware of the risks and take necessary measures to mitigate them. The Chief Information Security Officer (CISO) should have direct communication with the CEO and Board of Directors. If a CISO is not in place, an external company can be hired to support the development of an Incident Response Plan. This plan should address critical questions such as the most likely threat scenarios, the steps to be taken in case of a breach, the notification procedure for various stakeholders, communication strategies to maintain trust and reputation, and data restoration plans.


A company's image is linked to its short term perception, while its reputation is built through its interactions with stakeholders and society over time. Reputation can account for more than 25% of a company's market value, worth over $16 trillion in market capitalization on the major stock exchanges. Although valuable, reputation is a delicate asset that is easily ruined and recovery can be slow and costly, if not impossible.

More on Technology & Automation