Resiliency and Supply Chain Risk Management

Stephen DeAngelis

January 27, 2016

Nowadays you hear and read a lot about resiliency. Resiliency is a great term because it contains layers of nuanced meanings. It can refer to the power or ability of something to return to its original form or position or it can refer to a thing’s ability to recover readily (i.e., to be a survivor). Both of those definitions are based on the notion that something bad has or is going to occur that requires the “thing” in question to bounce back. When I started Enterra Solutions®, resiliency was a primary focus and we helped organizations implement Enterprise Resilience Management? solutions (focusing on Enterra’s patented Enterprise Resilience Management Methodology®). Although Enterra® has expanded the range of its offerings, resiliency remains a part of every solution.

Most pundits agree that resiliency is an essential characteristic of a good supply chain; which means, most pundits are sure that bad things are routinely going to pop up to disrupt supply chains. That begs the question: What kinds of bad things are supply chains (or the larger enterprise) going to face? Frankly, any list of risks one could create would be long and incomplete. My friend and former colleague Dr. Thomas P.M. Barnett (@thomaspmbarnett) now works at Resilient Corporation as its Vice President for Communications. That company suggests there are ten major categories of Resilient Performance Indicators (RPIs) that every company needs to address. They are: Disaster management; ecosystem; financial stability; human capital; information security; legal & regulatory; public relations & media; operational risk; strategy & culture; and supply chain & procurement. In the following video Barnett provides a brief description of each of these RPIs.

As the video makes clear, there are a lot of risks that a company must take into account as it traverses the business landscape — and supply chain and procurement risks are just part of the picture. Supply chain risk management is therefore only a part of a company’s overall risk management process. Supply chain risk management professionals, however, face a unique conundrum. They are simultaneously asked to optimize the supply chain and make it resilient. Aaron Burman and Michael Rockett, Supply Chain Design Consultants with LLamasoft, ask, “Supply chain optimization is a widespread term, but did you know that an optimized supply chain is not necessarily a resilient one?”[1] Although I suspect that most supply chain professionals know the answer to that question, Burman and Rockett go on to note that optimization shouldn’t trump resilience because almost every company experiences supply chain disruptions. “Seventy-four percent of businesses, they write, “experienced at least one supply chain disruption in [the] last 12 months, and 38 percent reported a loss in revenue.” Kaitlyn McAvoy adds, “The majority of companies that experienced a supply chain disruption in the last year cited either a tier 1 or tier 2 supplier as the predominant source of the disruption, according to 2015 Supply Chain Resilience Report from the Business Continuity Institute and Zurich Insurance. Half of all respondents in the report cited a tier 1 supplier, the immediate or direct supplier, as the major source of the supply chain disruption and an additional 21% cited their tier 2 supplier, the supplier of the OEM’s tier 1 supplier.”[2]

That’s why Burman and Rockett stress the importance of resiliency. “Supply chain resiliency,” they write, “focuses on designing your business and supply chain to quickly bounce back from disruptions.” McAvoy points out, however, that you can’t design a supply chain risk management process if you don’t really understand (i.e., have visibility into) your supply chain. She writes, “The [BCI/Zurich] report also showed the majority (72%) of organizations lack full visibility into their supply chains. What is troublesome, too, is that nearly 1 in 10 (9%) of the more than 500 companies surveyed for the report do not fully know who their key suppliers are. This can no doubt make supply chain risk management even more difficult for firms that lack proper oversight on who exactly their suppliers are.” It’s almost unfathomable that a company would not know the identity of their key suppliers. I’ve heard supply chain analyst Lora Cecere (@lcecere), founder and CEO of Supply Chain Insights, insist, at a minimum, companies should strive to have visibility from a supplier’s supplier to a customer’s customer. I go a step further and insist the need goes beyond end-to-end supply chain visibility and requires a new System of Insights layer that is developing between a corporation’s Systems of Record and its external data. Fortunately, Enterprise Cognitive Systems are now available that enable these Systems of Insight to improve visibility, execute decisions, integrate data, and support corporate alignment.

Burman and Rockett point out that supply chain professionals are often caught between a rock and a hard place (the rock being resiliency and the hard place being optimization). Sunil Chopra, the IBM Distinguished Professor of Operations Management at the Kellogg School of Management at Northwestern University, and ManMohan S. Sodhi, a professor of operations and supply chain management at Cass Business School at City University London, explain, “Most managers know that they should protect their supply chains from serious and costly disruptions — but comparatively few take action. The dilemma: Solutions to reduce risk mean little unless they are evaluated against their impact on cost efficiency.”[3] This prescription for inaction is in nobody’s best interests. Chopra and Sodhi continue:

“Supply chain efficiency, which is directed at improving a company’s financial performance, is different from supply chain resilience, whose goal is risk reduction. Although both require dealing with risks, recurrent risks (such as demand fluctuations that managers must deal with in supply chains) require companies to focus on efficiency in improving the way they match supply and demand, while disruptive risks require companies to build resilience despite additional cost.”

Chopra and Sodhi note, “Managers can reduce risk by designing supply chains to contain risk rather than allow it to spread through the entire supply chain.” One way to do that, they explain, is to segment supply chains (i.e., make sure that you don’t have only way to move resources and products). “Large companies can segment their supply chains to improve profits and reduce supply chain fragility,” they write. “For high-volume commodity items with low demand uncertainty, the supply chain should have specialized and decentralized capacity. For its fast-moving basic products (typically, low margin), it may be worthwhile to … source from multiple low-cost suppliers.” Another way to contain risks, they explain, is to regionalize supply chains. They explain, “Containing the impact of a disruption can also mean regionalizing supply chains so that the impact of losing supply from a plant is contained within the region.”

Burman and Rockett recommend that companies use modeling and analytics to make their supply chains more resilient. “Supply chain design technology enables businesses to build digital models of the end-to-end supply chain to evaluate and compare dozens of scenarios side-by-side and test them under real-world variability for better decisions around site selection and product flows.” Of course, in order to model your supply chain, you have to have good visibility into it. Burman and Rocket write, “There are four steps businesses can apply to understand and improve the resiliency of their supply chain network.” Those steps are:

Assess: Use all modeling and analytics to identify areas of risk. You can use network design models, company KPIs and other metrics to get a holistic look at your supply chain.

Prioritize: Use the information from the assessment to prioritize scenarios to test further with optimization and simulation technology.

Analyze: Use sensitivity analysis and scenarios to test network designs that may increase resiliency. Examples: moving inventory to alternate locations, changing supplier relationships.

Plan: Develop strategies for resiliency-building supply chain changes based on scenario analyses, or develop contingency/response plans for potential disruptive events.

Resiliency and optimization are going to remain uneasy bedfellows for supply chain professionals; however, failing to balance resiliency and optimization will eventually end up hurting profitability. Supply chain risk management professionals know that dealing with risks is a full-time occupation. The risk management process is so complex that advanced monitoring and analytics must be used to address it. Fortunately, new technologies, like cognitive computing, are maturing to the point that they can be leveraged to achieve the balance between resiliency and optimization that has plagued supply chain professionals for decades.

Footnotes
[1] Aaron Burman and Michael Rockett, “Using Modeling and Analytics to Design a Resilient Supply Chain,” Talking Logistics, 7 January 2016.
[2] Kaitlyn McAvoy, “Poor Visibility Puts a Majority of Organizations at Risk for Supply Chain Disruption,” Spend Matters, 7 December 2015.
[3] Sunil Chopra and ManMohan S. Sodhi, “Reducing the Risk of Supply Chain Disruptions,” MIT Sloan Management Review, Spring 2014.