Supply Chain Risk Management Best Practices: Nokia

Executive Summary

Supply chain risk management continues its ascent from back-office functionality to competitive

differentiator in many organizations. The ability to effectively identify, manage and mitigate risk

is now a critical business objective for the world’s leading brands. While it has become a priority

objective, many have struggled with the level of complexity that today’s global supply chains

represent. Traditional methods of tracking and managing supply chain risk have failed to keep

pace with rapidly changing business conditions.

In this paper, you’ll learn why Nokia is a model for supply chain risk best practices. Find out

how they implemented a program to better mitigate supply chain risk through greater visibility

and transparency. Then explore how Nokia made a commitment to improving its data and

analysis capabilities and how it successfully integrated technology to better map, monitor and

assess global performance and improve management of its global operations. By learning from

Nokia’s example, you’ll see how you can start to bring better supply chain risk management

practices into your own organization and why that’s going to help you.

Who is Nokia?

Nokia develops and delivers the telecom industry’s only end-to-end portfolio of network

equipment, software, services and licensing that is available globally.

Their customers include service providers whose combined networks support 6.1 billion

subscriptions, as well as enterprises in the private and public sector that use their network

portfolio to increase productivity and enrich lives. Nokia also serves consumers with technology

and devices. Through their research teams, including the world-renowned Nokia Bell Labs,
Nokia is leading the world to adopt end-to-end 5G networks that are faster, more secure and

capable of revolutionizing lives, economies and societies.

Why Supply Chain Risk Management

Became a Priority for Nokia

Nokia is a global provider of products and services with a highly-complex supply chain. With a

supplier base of nearly 30,000 and orders exceeding 10,000 per day and originating from more

than 120 countries, their supply chain is a perfect example of true complexity. To add even more

layers to an already-complex organization, a sharp increase in acquisitions nearly doubled the

company in terms of size and distribution. Currently, Nokia operates nine global distribution

centers and maintains a physical presence in 100 countries.

When they decided to implement a supply chain risk management program, Nokia knew that

global supply networks were getting more complex. They looked at past events like the

Fukushima nuclear disaster, which was caused by a tsunami that followed an earthquake, and

they looked at their own history in 2014, for example, they had a challenging year due to

component shortages. Given their past experiences and future uncertainties, Nokia recognized

that a new approach to risk management was needed to keep their promises to customers and to

limit the level of impact to their bottom line in periods of crisis. They needed a new system in

place that would help them to identify and deal with risks in the supply chain more quickly. With

that, the decision was made to formalize Nokia’s supply chain risk management process and its

journey to more effective risk management began.

Nokia’s Journey to Supply Chain Risk Management

Early in 2015, Nokia began building a systematic supplier risk management process to turn the

focus of risk management from reactive to proactive. They started with a relatively small sample
size of 500 suppliers and began conducting risk assessments using Excel sheets while also

beginning to pilot the riskmethods Solution.

In 2016, Nokia elevated the program. With the help of The riskmethods Solution, Nokia began

monitoring their suppliers for their top 150 revenue-generating products. By 2017, they were

monitoring 1000 sub-tier locations using The riskmethods Solution.

In 2018, Nokia continued moving towards fully automated risk management by further

automating key supplier risk assessments to lessen the load of manual work on category

managers. Nokia also has robotic process automation (RPA) in place, taking them closer towards

automated and touchless supply chain risk management. Throughout their entire risk

management process, Nokia identified two core tenets that drove their vision: balancing

proactive vs. reactive risk management and recognizing the importance of data.

Proactive vs. Reactive Risk Management

Although previously Nokia had been managing risk by reacting to events after they happened,

they recognized that a key element of their supply chain risk management strategy had to be

finding a balance between proactive and reactive risk management. Accordingly, they divided

their suppliers into categories: Their key suppliers now receive proactive risk management

measures, which include regular risk assessments and deep dives into supply chain sub tiers. The

goal of these activities is to reveal trends and patterns and to define risk prevention strategies for

their key suppliers.

For their less strategic suppliers, Nokia adopted a more reactive approach to risk, relying on real-

time monitoring to notify them of emerging risks and enabling them to take fast action. By

balancing proactive and reactive strategies, Nokia has been able to identify shortcomings or

problem spots in its supply chain, shorten reaction times to incident resolution and increase the
effectiveness of its risk mitigation strategies, achieving the optimal level of risk mitigation for

their organization. The growing complexity of Nokia’s supply chain made balancing proactive

and reactive risk management an absolute necessity.

The Data Factor

It’s all well and good to have the intentions of managing risk—but without the right data, it’s

virtually impossible to actually do it. Nokia quickly realized that they were suffering from the

fact that they had no central source of data for risk management. Silos had been created with

disparate information from various sources spread across the organization. This made creating a

single view of the supply chain difficult and accurately assessing risk nearly impossible.

To combat this, Nokia set forth a course to establish and define a meaningful set of KPIs that

would inform risk managers about the performance of the supply chain. Using data analytics for

greater levels of transparency and risk management became a rallying call within Nokia’s risk

management operation. Information was analyzed from every conceivable angle to provide the

most accurate and consistent forecasts possible. Everything ranging from macroeconomic data to

market fluctuations to impacts on other markets was considered when determining most likely

outcomes for Nokia’s operations.

One of the primary goals of this project for Nokia was advancing its supplier performance

prediction models. The concept was to use supplier data and analytics to more accurately predict

performance using machine learning. By continually evolving its models based on KPIs and

input, they became far more accurate in their forecasting capabilities, which has led to stronger

risk management analysis and the ability to head off potential issues before they reach crisis

proportions.

How Nokia Uses Riskmethods

Nokia began integrating and piloting riskmethods technology early on in its development of a

comprehensive risk management program. riskmethods was identified as the one solution

capable of providing the level of visibility and automation that was needed to manage a supply

chain as complex as theirs. It was also the solution they needed to best balance proactive and

reactive risk mitigation, because it helped them map out their different categories of suppliers

and then act according to these categories.

“The riskmethods Solution is an integral part of our supply chain risk mitigation activities. It

gives us the visibility we need to understand our risk exposure and take the right actions to

address it.” – Tomi Hardén, Risk Manager

Nokia is currently running riskmethods technology to manage a multitude of important risk areas

across its supply chain, including viability, delivery, market, image and compliance, and quality

and performance. An organization’s viability can be affected by numerous risk events, such as a

supplier’s lack of financial stability or operational capability. Delivery can be impacted by

natural disasters, political strife and lack of material and services ability. Wages and currency

changes can have a big influence on the market, while issues around labor and safety,

environment and sustainability, and cyber security threats can all impact an organization’s brand

reputation and be cause for compliance concerns.

Taking all of these different risk areas into account, riskmethods has enabled Nokia to create a

digital twin of its supply chain, allowing for better analysis into its connected pieces and how

they impact one another. Using The riskmethods Solution, Nokia maps their most critical

suppliers for top-selling Nokia products, which gives them the insight they needed to readjust

supply strategies to avoid certain risky practices.

In the beginning, one of the greatest benefits of The riskmethods Solution for Nokia was the

visibility it gave them into their supply chain. Bringing their existing data into The riskmethods

Solution helped them to map out their suppliers and identify complexities, bottlenecks and

problems in their supply chain that they hadn’t been aware of.

Thanks to The riskmethods Solution, Nokia now has the ability to track the value stream of one

component and follow the upstream and downstream paths of specific suppliers. They have

segmented their supply chain into tiers, and configured The riskmethods Solution system so that

if something happens in tier two, the people responsible for the relevant tier one suppliers will

also be notified. Now that Nokia has achieved this visibility, their greatest benefit from The

riskmethods Solution is the extensive monitoring it provides for a wide range of risk events all

over the world. Without this assistance, Nokia’s risk management operation would have to

manually monitor for major events, which would increase workload. This is especially handy

when they get requests from leadership about major risk events that have hit the news. The risk

management team has now implemented a process where, anytime a major event occurs, they

send a status update to leadership based on whether or not they’ve received any riskmethods

alerts.

“When we see a major event on the news that might impact our supply chain, we no longer have

to worry—if we haven’t received riskmethods alerts, we know that we’re safe.” – Tomi Hardén,

Risk Manager

As an added bonus, The riskmethods Solution’s visualization of the Nokia supply chain gives

Nokia’s risk management department the ability to create the “wow” effect by showing

stakeholders how seriously they’re taking the problem of risk. In addition to active monitoring of

their current supply chain, The riskmethods Solution is also helping Nokia manage supplier
assessments. As part of their move toward touchless risk management, they’re cutting down on

the manual processes that were previously used for supplier assessments—that is, filling out

surveys periodically—and replacing it with riskmethods functionality. By doing this, they’re able

to automate the supplier assessment process, while also making sure they’re always up to date,

instead of only accurate when they are initially completed. At the end of the day, The

riskmethods Solution gives Nokia the peace of mind that comes from knowing that their supply

chain is secure.

The Journey Forward

Nokia has made considerable strides in improving its risk management and risk mitigation

capabilities. However, the journey is far from over. Risk is a continuously evolving landscape

with new threats emerging daily.

During the next five years Nokia expects trends in risk management to focus on these critical

areas:

GREATER TRANSPARENCY

 The ability to visualize and profile supplier risk

 Using data to identify relevant threats

 Assess and understand interdependencies in the supply chain

A SENSING AND SELF-LEARNING SUPPLY CHAIN

 Risks sensed by technology and actions prepared automatically

 Emphasis and mandates on risk managers

 Consideration of risk is embedded in every strategy and sourcing process

NEW WAYS TO MITIGATE RISK

 Risk analysis is shared with both customers and suppliers

  Network resilience is prioritized

Riskmethods has worked closely with the team at Nokia to provide a new level of visibility and

transparency into its supply chain. The ability to create visual representations of the supply chain

and to alert risk managers to potential dangers is helping to transform not only the way Nokia

manages risk, but how they conduct global operations.

Conclusion

Nokia operates a very complex supply chain and they understood that evolving risk would soon

inhibit their ability to execute on their vision as a company if they didn’t get a better handle on

risk management. Through a dedication to data, technology and creating a higher level of

visibility and transparency in the organization, they were able to create a new risk culture for the

business. Rather than dealing with events after the fact, Nokia now has a balanced approach to

risk that allows them to identify and mitigate threats before they ever impact operations. Nokia

has become symbolic of how organizations can change business outcomes through effective risk

management.