Supply Chain Risk and Contracts: Three (Difficult) Lessons Learned for a Post-Pandemic World

By Vivek Bharti

It's been one year since COVID-19 sent shock waves through the world's supply chains, creating disruptions at a scale few thought possible. Indeed, the last 12 months have served as an unfortunate wake-up call for companies that black swan events can and will happen, and they have to be ready to respond immediately when they do.

As we approach the anniversary of the World Health Organization declaring a pandemic, companies should step back and examine what lessons they can bring forward into the "new normal."

From my perspective, the biggest lessons that have emerged revolve around supply chain transparency, supplier risk, and contract operations.


  1. We don't have the supply-chain visibility we think we do.
  2. It's not enough to manage risk. You must prevent it.
  3. Contract deviations can be an early sign of risk (but only if you can detect them).

Let's examine these each more closely.

Lesson 1: We don't have the supply-chain visibility we think we do.

Prior to the pandemic, surveys consistently showed that procurement leaders felt confident that they had sufficient visibility into the supply chains. Six months after the pandemic struck, those who said so dropped dramatically.

The reason companies were so confident before the pandemic was because supply chain transparency was not fully understood. In other words, it was false confidence.

Companies thought it was sufficient to understand who their Tier-1 suppliers were; in fact, effective supply chain management requires visibility down multiple tiers to understand how different disruptions/failures will ripple out to them.

Historically, suppliers have been reluctant to share details of their own sourcing strategies for fear the buyer will circumvent them. However, Blockchain technology now enables all participants of a supply chain to upload their supplier contracts to a restricted consortium that can extract information like location and compliance documentation while not divulging sensitive information.

A year ago, this may have sounded like futuristic technology for procurement leaders. But the tech exists now, and the pandemic has shown the need to move fast on advanced digital solutions like these.

Lesson 2: It's not enough to manage risk. You must prevent it.

Another business assumption that was sorely tested by the pandemic was that risk was inevitable, and it was procurement's job to manage it (i.e., manage the consequences of a supplier failure, etc.). This approach only makes sense if you assume global, catastrophic disruptions can't happen. We now know they can, which means companies can't just manage risk; they must prevent it.

Companies should look to the very beginning of a supplier relationship—the process of selecting a supplier and getting them under contract—as a key moment to prevent the injection of risk into an organization. This should include understanding the supplier's inward supply chain for lower tiers to understand the ultimate sources of supply—having multiple suppliers for the same commodity if they depend upon the same ultimate source may not be a useful de-risking strategy.

With today's software, companies can link public information sources like D&B to their contract management system. This means potentially risky suppliers get flagged early in the process before any agreements are signed.

More advanced contract management software can actually monitor contract negotiations in real time and provide risk scoring associated with language modifications. This powerful AI technology gives procurement leaders the intelligence they need to stop risk before it enters the system.

Very mature procurement organizations can unify all this information into an Integrated Supplier Risk Assessment, which serves as a single source of truth for the risk potential of every relationship so sourcing leaders can build a much more resilient supply base.

Lesson 3: Contract deviations can be an early sign of risk (but only if you can detect them).

Of course, risk is still inevitable in business, so the question then becomes how best to identify problems in the supply chain so companies can address them. As we learned last year, early detection of supply chain failures is critical to quickly respond, develop contingencies, and stay out in front of a crisis.

One of the most effective ways to detect risk early is by monitoring contract compliance. If a supplier begins to deviate from their contractual commitments, it can be a sure sign that there are problems that should be addressed immediately.

Yet contract deviations can be difficult to detect if contracts are not connected to operational systems (e.g., the material delivery system). That's why it is an emerging best practice to connect contract data to the systems where transactions occur. By doing so, terms can be enforced, and deviations can be addressed before bigger problems emerge.


Ultimately, advanced procurement departments are moving to a set of processes in which their entire supply chain is visible, supplier risk is closely monitored and optimized, and supplier failures are detected early and addressed immediately before bigger problems emerge.

These processes make companies more resilient and ready to respond to both black swan events like we had last year as well as more common challenges that have long caused leakage and risk for procurement organizations.

For more information about how Icertis leverages its unmatched CLM technology to help procurement operations improve speed, compliance, and performance in their operations, please download our eBook: Streamline Your Sourcing Process with Contract Intelligence