Improving Supply Chain Resilience through Effective Risk Management

Stephen DeAngelis

October 29, 2014

“Supply chain disruption is one of the leading causes of business volatility,” assert analysts from FM Global. That’s why the company released the FM Global Resilience Index, “the first data-driven tool and repository that ranks the business resilience of 130 countries.” According to FM Global, the Global Resilience Index “is designed to help executives evaluate and manage supply chain risk. Nine key drivers of supply chain risk are grouped into three categories: economic, risk quality and supply chain factors. These combine to form the composite index. Scores are bound on a scale of 0 to 100 with 0 representing the lowest resilience and 100 being the highest resilience.” The attached map provides an overall look at supply chain resilience around the globe. You can find an interactive version of the map by clicking on the link provided above.

 

Although the first half of this year saw a decrease in supply chain disruptions, an 18-month low, is no reason to get complacent. Analysts from the Chartered Institute of Purchasing and Supply (CIPS) warns, “Ebola, sanctions imposed on Russia and wars on two fronts in the Middle East threaten to reverse improving supply chain risks.” [“Supply chain risk reaches an 18 month low in Q2 2014, but fears are rising for a reversal in Q3 given increasing political and social instability,” CIPS News, 25 August 2014] Most supply chains have become so globalized that it is the rare event that doesn’t have some impact. Because their supply chains will be impacted, companies need to ensure that their supply chains are as resilient as possible. María Jesús Sáenz, a professor at the MIT-Zaragoza International Logistics Program at the Zaragoza Logistics Center in Zaragoza, Spain, and Elena Revilla, a professor of operations at IE Business School in Madrid, report, “Many more companies now find themselves at increasing risk of supply chain disruption. A recent study by Aon Risk Solutions found that, on average, the percentage of global companies reporting a loss of income due to a supply chain disruption increased from 28% in 2011 to 42% in 2013.” [“Creating More Resilient Supply Chains,” MIT Sloan Management Review, 17 June 2014 (registration required)] “At many companies,” they add, “the resiliency of the supply chain has not kept pace with the continually rising level of logistical complexity. Most supply chain managers have yet to do much about this problem.”

 

When you study the FM Global resilience map — then add Sáenz’ and Revilla’s conclusion that most supply chain managers are not doing much about the problem — you have a really big problem. Paul Teague, U.S. contributing editor for Procurement Leaders, insists, “Risk management in procurement today is as much a necessity as a strategy.” [“Real World Risk Management,” Procurement Leaders, 12 August 2014] He continues:

“With the seemingly unending string of geopolitical problems (the potential for disruption from the events in Ukraine and the Middle East), climate events and predictions (recent research by Stanford University and the US National Center for Atmospheric Research on a potential 10% drop in some crop yields due to climate change), and a host of other issues, it can seem like any CPO who is getting a full night’s sleep isn’t reading the headlines.”

Teague notes that companies like SAP do simple things to increase real-world resilience, like dual sourcing components and having back-up generators in case of power failure. Sáenz and Revilla offer five more recommendations for making companies and their supply chains more resilient. They are: Identifying strategic priorities; mapping the vulnerabilities of the supply chain’s design; integrating risk awareness throughout the company; monitoring resiliency; and watching for events. It should be clear from that list that risk that supply chain risk management is a full-time and real-time activity. Sáenz and Revilla discuss each of those recommendations based on a case study of how Cisco’s supply chain transformed following the Hurricane Katrina in 2005. The company’s supply chain simply wasn’t capable of increasing capacity quickly enough to meet demand for replacement systems along the U.S. Gulf Coast. That transformation helped Cisco fare much better when an earthquake and tsunami ravaged Japan in March 2011. Sáenz and Revilla report:

“Although that disaster represented one of the largest disruptions to global supply chains in modern history, with total economic losses of at least $217 billion, Cisco suffered almost no revenue loss from it. In just 12 hours, Cisco risk managers identified all of their suppliers in the region — from tier 1 suppliers to suppliers of raw materials — and assessed the impact of the disaster on more than 300 suppliers, listed more than 7,000 affected parts by number, assigned a risk rating to each part and charted a mitigation response. That same day, the Cisco risk managers selected which customer teams were best positioned to communicate with customers and fielded 118 inquiries. By the time March 11, 2011, drew to a close, Cisco had deployed a very solid supply chain resiliency program that addressed the impact of external vulnerabilities stemming directly from the tsunami as well as from the aftereffects it caused to the supply chain.”

Jill Dalton, managing director at Aon Global Risk Consulting, writes, “One lesson learned from the series of large-scale natural disasters that occurred in various parts of the world in recent years is that managing catastrophic risk requires more than effective planning and crisis management. Good management also requires a thorough knowledge of a company’s most significant risks.” [“3 essential steps to quantify supply chain risk,” Property Casualty 360°, 22 September 2014] She continues:

“Businesses that depend on complex international supply chains cannot underestimate the implications of a regional disaster event or the potential downtime of a key supplier. To prepare for such events, risk managers and supply chain and operations executives must take great care in quantifying exposures and then prioritize them based on magnitude and probability. By knowing precisely the values at stake, they can prioritize and apply resources against the firm’s most serious vulnerabilities. Risk quantification also uncovers opportunities for cost savings, identifies potentially serious gaps in insurance coverage, reveals critical business interdependencies and can improve the overall efficiency of a company’s supply chain.”

She also recommends educating clients “on what could go wrong — and how to prevent it.” In some ways, her recommendations mirror those of Sáenz and Revilla. Sáenz and Revilla recommend identifying strategic priorities whereas Dalton recommends making a financial impact evaluation. Sáenz and Revilla recommend mapping the supply chain’s vulnerabilities and Dalton agrees that a company should conduct process mapping. Sáenz and Revilla recommend integrating risk awareness throughout the company and Dalton recommends developing a team approach. Dalton recommends that the team should involve any or all of the following:

 

  • supply chain management
  • risk management
  • operations
  • accounting/finance
  • marketing and sales
  • communications
  • transportation/shipping/logistics/inventory management
  • legal/government relations
  • information technology
  • human resources
  • product development
  • procurement, and
  • senior management.

 

I agree with Dalton that the team should be inclusive rather than exclusive. Individual subject matter experts will bring with them new perspectives, new ideas, and new approaches to handling risk management. You can’t possibly identify every potential risk that could create a disruption; but, the more you discuss potential risks and strategies the better prepared your company will be when the next catastrophe hits. Greg Duncan writes, “Risk is everywhere within a supply chain, regardless of who ‘owns’ it. Given the increased scope and complexity of supply chains, the key to creating supply chain resiliency lies in taking a more strategic approach to deal with the causes of disruption (i.e., the vulnerabilities) rather than purely the symptoms (i.e., crisis management and insurance).” [“How Supply Chain Resiliency Increases Your Market Share,” Risk Management, 1 April 2012] He continues:

“Once those vulnerabilities are identified, they can be managed appropriately. This requires companies to change their mind-set toward supply chain risk: resiliency must become an organization-wide effort. Company management must view supply chain risk management as a way to earn competitive advantage.”

Sáenz and Revilla report that some companies understand the importance of risk management are very proactive. They write:

“Procter & Gamble planners have realized that in order to reduce the potential effects of vulnerabilities from an external dynamic global environment that is difficult to control, they must deploy reactive mitigation tools. P&G has installed monitoring tools to map the nodes and flows in the organization’s global supply chain, in order to increase threat awareness and activate warning systems. P&G and Cisco are not anomalies. Learning to combine supply chain management and risk management within not only your company but your entire value chain will increasingly be a key factor for corporate survival in the face of a major catastrophe — whether the catastrophe is a market crash, a storm or a tsunami.”

If your supply chain has not kept pace with the continually rising level of logistical complexity, you’ve got a lot of catching up to do. Duncan concludes, “As the world continues to rapidly change, uncertainty is the norm. Those who manage that uncertainty will be the winners.”