Five Things to Do and Five Things to Avoid when Managing Supply Chain Risk

Stephen DeAngelis

October 31, 2011

The past couple of years have witnessed some unprecedented natural disasters that have created major disruptions to supply chains (e.g., volcanic eruptions, earthquakes, tsunamis, and flooding). The most recent disaster is flooding in Thailand that has closed manufacturing plants there. The disastrous events in Japan earlier this year probably received the most press and the supply chain disruptions that followed were intensively studied. Not too long after those events occurred, supply chain analyst Bob Ferrari wrote about reading an article published in the Financial Times [“Industry Left High and Dry,” by Peter Marsh, 12 April 2011]. He penned:

“The article outlines the far-flung nature of today’s global supply chains by profiling an interview with David Cox, the head of operations for San Francisco based Blue Coat, a manufacturer of internet equipment with a worldwide supply network of more than 1000 companies. Beyond the specific incident of Japan, Mr. Cox asks a profound question, one that came to my mind, and was probably on the mind of many in our community. What if this type of tragedy actually occurred near China’s Guangdong province, the heart of manufacturing for many different high and low-tech industries? Beyond the far-reaching scope of the impacts to supply, how would individual companies be able to quickly respond to a disruption of that magnitude and scope? It is an interesting and timely question that perhaps has been posed in your own organization. If it has not, assure the best you can, that it is raised.” [“Supply Chain Risk Has Much More Meaning and Lessons to be Learned,” Supply Chain Matters, 20 April 2011]

In addition to recommending that companies take risk management seriously, Ferrari hoped that they had learned how important it is to have “access to timely information relative to the complete supply chain footprint, supply risk profiles, revenue vulnerability and alternative sources of supply.” He asserts that such access “will become mandatory for globally stretched supply chains.” Another lesson he hoped had been learned was “that procurement and finance can no longer [be] view[ed as] cost reduction targets without some linkage to operational risk and capability.” His final observation was, “In the end, the loyalty of suppliers to long-standing customers may be the key differentiator to crisis mitigation. … Supply chain risk and resiliency are unfortunately the new table stakes for today’s globally based supply chains, and skills and process competencies need to be directed at identifying and mitigating risk on a much timelier basis.”

 

If your company is still wrestling with how to deal with risk management, Nathan Pieri, Senior Vice President of Marketing & Product Management at Management Dynamics, Inc., recommends “taking proactive measures [that] can ensure rapid and effective crisis management.” [“Five Ways to Prepare for Global Supply Chain Disruptions,” Supply Chain Digest, 14 April 2011] From the date of his article, you won’t be surprised to learn that it was the events in Japan that triggered his thoughts. He begins:

“Even if you have an overall planning process in place with established long-term goals, short-term contingency plans tend to receive less considered thought. Rarely do they result in quick and decisive action when it is most needed. Below are some measures you can take proactively to limit risk exposure and enable rapid and effective crisis management.”

As Pieri points out, the real value of contingency plans is in exercising them. No plan will get all of the details right, but by exercising the plan, participants are much better prepared to take “quick and decisive action when it is most needed.” The first thing to do, of course, is develop a plan. Pieri writes:

1. Develop a Plan — Form a contingency team composed of key supply chain partners, (e.g., from the OEM, manufacture, logistics sides); and identify contingency scenarios:

  • Re-examine sourcing partnerships and identify alternatives
  • Model the impact of disruptions on your sourcing and inventory strategies
  • Identify a core contingency inventory strategy – in what form and quantity across the entire procurement, manufacturing, and distribution network – to be fine-tuned as the need arises
  • Develop a list of appropriate immediate and follow-up actions to achieve an optimal outcome for each contingency scenario, and, most important, appoint a point person to take charge of each contingency”

Obviously, simply appointing a person to take charge in case of a contingency is insufficient. That individual also needs some specialized training and learned skills that need to be tested under stress. Actually trying to implement “appropriate immediate and follow-on actions” may reveal that a little tweaking is in order. Pieri next turns the subject of visibility. He writes:

2. Create Visibility — It is essential that all networks linking trading partners support end-to-end visibility and that all network partners participate in contingency strategies. In this way you can monitor supplier performance in real-time and address any variances in your risk management system.”

That may be a bit of wishful thinking. Real disasters almost invariably disrupt communications along with everything else. That means that “real-time” information is not likely to be available. Nevertheless, the end-to-end visibility that was available prior to a disaster should provide a foundation on which to build mitigating responses following the disaster. As soon as communications are restored, every effort needs to be made to achieve the kind of visibility that was available before the disaster. Pieri next turns to another oft-discussed characteristic of good supply chains — flexibility. He writes:

3. Build Flexibility — An agile supply chain can help mitigate risks. Look at opportunities to alleviate current supply chain bottlenecks, model alternative transportation network configurations and look for alternative sources of supply.”

In other words, Pieri seems to be recommending that your company engage in some “what if” exercises. To learn more about why such exercises are important, read my posts entitled Modeling “What If” Scenarios and Examining the “What Ifs” in Life. Pieri next discusses decisive response.

4. Respond Decisively — Proactively link contingency plans and business objectives; and assure that point people have previously obtained corporate authority and buy-in for the rapid execution of your strategy.”

It’s Leadership 101 that you shouldn’t give someone a significant responsibility if he or she isn’t also given the authority to execute those responsibilities. In a contingency situation, the last things you need are turf fights or confusion. Pieri’s final recommendation is to follow up.

5. Continuously Improve the Plan — Continuously update the plan against long-term business objectives as well as changing market conditions, supply constraints, changing demand patterns, and other country-risk scenarios.”

If you never exercise the plan, I can guarantee that you won’t “continuously update the plan.” I would have probably stated that the plan should be routinely updated rather than continuously; but, that’s really just a matter of semantics. Your company can’t be obsessed with risk management but it must be actively involved in it. Bindiya Vakil, President & CEO, Resilinc and Hannah Kain, President & CEO, ALOM, assert that, in addition to things that you should do, there are mistakes that should be avoided when trying to manage supply chain risk. [“Five Mistakes Companies Make When Trying to Effectively Manage Supply Chain Risk,” SupplyChainBrain, 25 July 2011] They write:

“Supply chain resiliency is the ability of a company to recover from a disruption, as determined by the time and cost of recovery. It is a function of everyday decisions such as which suppliers the company sources from, how the volume is split between sources, where manufacturing facilities are located, how much inventory and second sourcing has been put in place, etc. Yet, there are many factors eroding the resiliency of today’s supply chains. Over the last 15 years companies have adopted lean and just-in-time practices as well as build-to-order type capabilities in a big way. This means that global supply chains are overly optimized to operational parameters such as lead times, and often have low levels of buffers that would help to withstand disruptions. In addition, business metrics focus heavily on cost reduction and inventory turns – short-term incentives tied to these metrics further result in decisions at every level, which further erodes resiliency in the supply chain.”

I have noted on a number of previous occasions that supply chains can be too lean. Lean supply chains are brittle. Yet almost every supply chain analyst, like Pieri, talks about the importance of supply chain flexibility. Vakil and Kain assert, “A growing focus on cost, inventory reduction and lean in the backdrop of a globally dispersed and multi-tiered supply chain has resulted in small disruptions causing a big impact.” In their mind that is one of the mistakes that companies make. They continue:

“Traditional supply chain management practices leave vast gaps in resiliency because supply chain risk management is fundamentally different from everyday operations management. When companies fail to recognize and appreciate these differences, they fail to manage risk effectively.”

They go on to outline “five mistakes commonly made in managing supply chain risk and ways in which companies can improve the resiliency of their supply chain.” You won’t be surprised to learn that there is some overlap between their recommendations and Pieri’s. Their first mistake involves impact.

1. Quantifying Everything by Spend and Not by Impact — Supply chain functions are typically prioritized by spend. When asked to name critical suppliers or parts, most supply chain professionals will identify the top 20 percent of parts or suppliers that constitute 80 percent of the total spend. … Over the past 15 years, the global dynamics have changed. With the ease and cost to set up offshore operations and outsource parts of the supply chain to subcontractors, companies now have multi-layered supply chains spread across the globe. Often, disruptions occur in the long tail – the 80 percent of suppliers representing 20 percent of the spend – especially if the low-spend category relies mostly on single-sourced or custom material.”

As you can imagine, this is a non-trivial mistake. When I’ve done risk assessments for large organizations, I’ve always started by helping them identify their critical assets and processes. Based on their above comments, Vakil and Kain wouldn’t be surprised to learn that executives often don’t really know which of their assets and processes are most critical for organization survival. As Vakil and Kain point out, “In order to ship a product, every single part needs to be present – this is the fundamental challenge for supply chain practitioners.” Obviously, the missing part always has the greatest impact. I’ll have more to say about this particular point in a future post. The second mistake is not having enough supply chain visibility.

2. Not Getting to the Root Cause of the Problem – Visibility — The fundamental challenge with risk management today is the lack of visibility across global supply chain dependencies. The answer to ‘what is my true supply chain?’ is incomplete at best. There is often no visibility into where parts come from or who is building them. Are dual-sourced parts truly dual-sourced or are there single-sourced dependencies one or two levels up the supply chain?”

It’s impossible to read an article that discusses the characteristics of a good supply chain without somewhere in that article reading about supply chain visibility. One of the reasons that my company’s products have been so well received is that they are focused on increasing supply chain visibility. So in my opinion, you just can’t talk enough about this subject! Vakil and Kain admit, “While there is widespread acknowledgment of the problem, very few have done what is needed to gain visibility and enable control.” The next mistake companies make, Vakil and Kain claim, is not taking the long view.

3. Consistently Putting Risk Management Under Immediate, Short-Term Priorities — The world of supply chain management is highly dynamic. Organizations must constantly address operational challenges such as shortages, demand increases, excess, supplier issues, delivery delays and quality problems, while often being under intense budget constraints. As a result, organizations often must flit from one issue to another; always reacting or scrambling to address problems. Key decision makers lack the time to step back and assess the supply chain proactively or take efforts to gain greater visibility and control.”

I read an article recently that talked about how quickly many large companies are burning through CEOs. Executives are aware of this trend and, in order to keep their jobs, it is no wonder that they focus on short-term wins. As Vakil and Kain note, “Rewards and incentives are also tied to achieving short-term goals.” Unfortunately, ignoring the long view is never in the best interests of a company. Their next mistake involves accountability.

4. No One Person is Accountable for Risk Management — A 2008 Procurement Strategy Council report indicated that the vast majority of CEOs hold the Chief Procurement Officer (CPO) accountable for response to supply chain disruptions. However, it is not at all clear who the CPO holds accountable in his/her organization. Most companies do not have this responsibility assigned to a person or group within the supply chain or procurement organization – i.e., someone who can take leadership at an operational level. This means, when there is a crisis, there is a large amount of confusion and lack of coordination as extraordinary response actions fall outside the normal scope of activities.”

There is an old adage that goes: “When everyone is responsible, no one is responsible.” That is certainly true when it comes to risk management. As Vakil and Kain put it, “Every crisis needs a leader for effective response coordination and recovery.” That leader, they say, needs to be strong, “appointed in advance, [and be] trained and equipped with information.” He or she also needs to be given “tools and a solid crisis response infrastructure.” To describe their final mistake, Vakil and Kain use a sports metaphor.

5. Subconsciously Endorsing the Diving Catch Approach — A crisis, even a small one with low to no impact, is an opportunity to learn and take proactive steps for risk management. However, this critical point is not sufficiently appreciated. Often we think we got lucky when we are not impacted or are able to recover quickly. A crisis war room is also perceived to be the place where employees get exposure to top executives, only adding to the resistance to dedicate resources to proactive risk management. … While necessary in extraordinary times, this type of ‘diving catch’ approach for every situation has a dramatic impact on profitability.”

Like Pieri, Vakil and Kain recommend that companies take time to learn lessons and revise plans. They conclude:

Supply chain risk management has to be thought of as a strategic investment and viewed in the context of long-term gains. To be effective, it needs a fundamentally different approach from traditional supply chain management. As long as these differences go under-appreciated, companies will not focus efforts where they are truly required, nor will they solve the visibility-related issues that are at the root cause of the problem. In the end, companies are not empowering or encouraging people to make resilient choices proactively, which means they will be in a reactive mode in every disruption – scrambling to catch up.”

In a post that included a discussion about Munich Re, a reinsurer, I noted that the company’s analysts report that, as a result of climate change, they are seeing an increasing number of more intense natural disasters. That means that companies with extended supply chains can no longer put risk management on the back burner. In fact, Vakil and Kain believe that “supply chain risk management is on the fast track to become a corporate governance issue requiring the attention of not only the CPO but also the CEO and eventually the board.”