3 critical areas of risk management for metals companies

Jay Reid
| 1/6/2023
3 critical areas of risk management for metals companies

Cybersecurity has been the primary risk concern for the past three years in our Crowe technology in metals report. Unfortunately, cybercriminals are targeting the manufacturing industry, and it appears no one is immune.

It’s hard to miss the frequent headlines that tell tales of companies held for ransom by cyberattackers. But thankfully, many metals companies choose to invest in technologies such as cloud-based enterprise resource planning (ERP) systems backed by the technology provider's expertise and automated security updates.

Given all the attention cybersecurity has received of late, it can be easy for metals companies to miss other equally important risks. While these risks might not grab the headlines or raise anxiety for leaders in the metals industry, they can have similar damaging effects on reputation and revenue if they are left unchecked.

Insights in your inbox
Discover cutting-edge strategies to grow and improve your metals business. Stay on top of the latest Metals 4.0 insights by subscribing to our blog.

What areas of risk should metals companies pay attention to?

1. Compliance

Over the past decade, compliance requirements have grown for metals companies, notably with the Occupational Safety and Health Administration (OSHA). But worker safety is only one of several areas with increasing standards. Other compliance standards include data protection, IT safety and security, and product safety – and failure to comply can result in costly fines.

While a painful fine is an obvious risk, what’s less obvious are the costs associated with staying in compliance. Metals companies are struggling to keep up with common challenges, including:

  • Manual procedures. Compliance can be maintained through manual checklists and processes, but those can be time-consuming and costly. In addition, human error and dependence on internal company knowledge that can be lost over time are concerns. Besides, it’s often too much for one person to monitor hundreds or even thousands of controls.
  • Decentralized processes. Metals companies with separate factories, facilities, or locations might need a standardized way to maintain compliance. While one site might have comprehensive processes, others might lack the experience and be wide open to inefficiency – or miss standards altogether.
  • Limited visibility. Maintaining compliance over several locations also can be challenging with only a partial view of processes. It’s hard to be confident without a complete and accurate view to monitor and maintain compliance.
  • Slow reporting. Manual checklists, multiple locations, and disjointed processes can make it seem impossible to report accurately. If accuracy is possible, it is often slow, painful, and labor-intensive.

Given the number of challenges metals companies face, combined with an increasing focus on compliance and the need for additional controls, it’s understandable that many are turning to technology as a solution.

For example, with advances in internet of things technology, metals companies can automate the monitoring of machines and set compliance triggers – rather than having an employee perform manual checks periodically. In addition to helping companies avoid noncompliance, automation can be a significant cost-savings mechanism.

Another way metals companies can simplify compliance is to invest in holistic technology solutions to help create efficiencies through compliance process standardization. In addition, one centralized system can unify compliance processes and track progress across multiple locations. Such centralized visibility can help teams decrease compliance risks by making changes across the entire company and focusing on the most critical areas first, potentially leading to the creation of a global control mechanism.

2. Vendor supply chain management

Supply chain disruption and questions about the economy continue to be a concern for metals companies, particularly when it comes to vendors. For example, if customers require on-time delivery of products that are dependent on parts from a vendor, what happens if the vendor fails to deliver? When working with third parties, metals leaders should ask themselves these questions:

  • How dependable is that vendor?
  • Is the vendor financially viable?
  • What if the vendor misses a deadline or goes out of business?

Metals companies that don’t have a vendor supply chain management plan can be at risk of failing to deliver for their customers and, worse, losing business.

With integrated risk management, vendor risk management, and procurement service management solutions, metals companies can make a comprehensive assessment of each vendor’s risks as part of the onboarding process. In addition, solutions like these can offer accurate visibility into dependencies, monitor the vendor relationship across the entire company, and determine vendor replaceability if needed.

While technology can help in significant ways, if a metals company is not quite ready to invest, it can ask these key questions about its vendor supplier risk:

  • What vendor agreements are needed?
  • What vendors are supporting critical functions?
  • Who are the backup vendors?
  • What is the financial viability of the vendors being used?
  • What are the dependencies attached to the vendors?
  • What is the cost to the company if a vendor goes out of business?
  • How long has the vendor been in business?

Answers to these questions can help metals company leaders create backup plans and contingencies should the vendor supply chain be disrupted. Some businesses constantly monitor their vendors and present data to determine potential risks.

3. Business resiliency

No one likes to use the words disaster or downtime in the metals industry, but the past has shown that they must be planned for. Disaster recovery and business continuity management are both types of business resiliency plans that can help companies be proactive in the event of unforeseen events or disasters. Solid business resiliency plans can help metals companies maintain revenue and a good reputation.

An effective business resiliency plan determines the minimal technology, processes, and systems required to keep the company operating. Metals companies need to determine the parts of the company that need to be up and operating quickly following a downtime or disaster. Or, simply put, what needs to get back online the quickest to maintain services and manufacture products?

The bigger challenge for metals companies is not just knowing the most important technology and processes; it’s having a written plan (with built-in contingencies) to get them back online. To avoid the risk of costly downtime and reputational decline, it’s essential to craft an effective business continuity plan to get back up and running quickly.

You don’t have to get caught off guard by risk. We can help.

While risks other than cybersecurity might not draw the most attention from leaders in the metals industry, they can be equally damaging to reputation and revenue.

In addition to our metals team, Crowe offers teams specializing in integrated risk management, ERP implementation, and cybersecurity. Let us help you decrease your risks and plan for a more confident future.

Jay Reid
Jay Reid
Principal, Consulting