In its own words, fast-food giant KFC had “a hell of a week” as it scrambled recently to manage a supply-chain disruption that left most of its 900 franchise stores in the United Kingdom with no chicken. 

KFC blamed the disruption on “a couple of teething problems” with its new U.K. delivery partner, DHL, which explained that numerous deliveries had been incomplete or delayed because of unspecified operational issues.

It is interesting that, in the 21st century, when critical risks are assumed to be strategic or cyber-related, a good old-fashioned risk like supply chain could wreak such havoc. The incident offers a couple of informative lessons for internal audit in supply chain and crisis management.

Supply-chain disruptions must rank among the top risks for any restaurant chain, much less the world’s second largest. So, when KFC and DHL announced their new partnership last year, they did so with a promise of “putting greater focus on innovation, quality and service performance.”

According to a DHL news release, “Key areas of focus will be reducing logistics-related emissions to net zero over the life of the contract, optimizing delivery scheduling to provide a faster turnaround of orders, and greater integrity of food during transportation allowing for even fresher products upon arrival at KFC restaurants.”

A spokesman for QSL, a food-logistics company that is the third partner in the new distribution process, said, “With DHL, we are confident of establishing a new benchmark for quick-service restaurants in the U.K.” 

Improving efficiency and long-term sustainability are laudable goals for any company. But any time an organization makes significant changes to a core business function, such as supply chain, there is a risk of significant disruption. Indeed, changes to any of the practices and processes that support corporate goals and objectives come with a level of risk that should be clearly understood by management and communicated to the board.

This should be of particular concern to organizations making a push to innovate. Organizations should understand the risk/reward components to innovation from the outset. In such instances, it serves the organization well to involve internal audit on the front end to help identify any potential pitfalls.

Internal audit’s unique and holistic view of the organization also helps provide assurance on agreements that turn over key operational functions to third parties. In KFC’s case, DHL’s promise to “rewrite the rule book” and “set a new benchmark for delivering fresh products to KFC in a sustainable way” should have raised a risk flag.

One silver lining from this incident is how well KFC handled the fallout. The company wasted no time in taking responsibility and offering an apology, primarily through social media channels. It quickly set up a website where customers could search for the nearest open KFC restaurant. One almost has to wonder whether the crisis management plan was built in as a contingency to the rollout of the new supply-chain arrangement.

KFC then took out full-page ads in two of the U.K.’s largest newspapers with a clever and sincere apology. One public relations professional described it as, “A masterclass in PR crisis management.”

Of course, the best form of crisis management is to avoid the crisis in the first place, and that is what great internal auditing helps the organization do.

As always, I look forward to your comments.