Supply Chain Risk Management: Big Data and Black Swans

Stephen DeAngelis

April 16, 2014

I have written about so-called “Black Swan” events in the past (see, for example, a post entitled “Black Swans, Dark Clouds, and Silver Linings“). As I noted in that post, the term “black swan” came into common usage thanks to Nassim Nicholas Taleb, author of the book entitled Black Swan. Russ Banham provides his definition of the term:

“Black swans are, of course, those highly improbable but painfully consequential events that strike from the blue — or from the streets of Cairo, or from an offshore oil rig, or from a poorly designed car part. They can destroy a company’s reputation, cripple its financial performance, and perhaps even kill it outright. Because they are rare and almost impossible to predict, black-swan events tend to fall outside the scope of most companies’ risk-management programs (assuming a company has such a program at all).” [“Disaster Averted?” CFO Magazine, 1 April 2011]

In an even earlier post — entitled “How Important is Supply Chain Forecasting?” — I noted that Ann Grackin, from ChainLink Research, insists that just because some events are rare it doesn’t mean that we can’t or shouldn’t forecast them. Grackin writes, “Creating a resilient enterprise is critical to customer protection and employee welfare, as well as securing the financial viability of the company. Yet many firms think that since rare events are unpredictable, then there is no sense in doing much about them other than ‘risk transfer’ (purchasing a risk product, if one is available, such as product liability, property and casualty and so on). … Modelers and forecasters look through a faulty lens; they discount these events because they are rare.” [“Black Swan? Hardly! Revolutions and Tsunamis Come and Go!” 5 April 2011] Renee Boucher Ferguson asserts that technology has now advanced far enough that assessing the possibility of black swan events should be a part of every company’s risk management process. She writes, “New research suggests that by exploiting many types of data, managers can help prevent (or at least contain) the damage related to black swan events and other risky blind spots. The caveat: organizations should rely less on management experience and intuition and rely more on integrated data to point to potential risks.” [“The Science of Managing Black Swans,” MIT Sloan Management Review, 19 February 2014] Ferguson goes on to describe research conducted by Professor Ron Kenett and reported in a paper entitled Managing Risks with Data. According to Ferguson, “Kenett suggests that the proper exploitation of organizational data can help prevent some of those hugely disruptive, largely unexpected events. In practical terms, that involves acquiring and merging data, as well as building data-driven risk management decision-support systems that complement and reinforce the more traditional methods used today.” In his paper, Kenett explains:

“Risk management is traditionally practiced using subjective assessments and scenario based impact analysis. This common approach is based on experts providing their opinions and is relatively easy to implement. … Modern evidence-based management relies, however, on data, and not only opinions, for achieving effectiveness and efficiency. In that context, risk management can exploit information from structured quantitative sources (numerical data) and semantic unstructured sources (e.g., text, voice or video recordings) for driving risk assessment and risk mitigation strategies.”

Any time you add unstructured data into the equation, the analysis becomes much more difficult and less straight forward. Yet valuable, real-time information can be gathered from such data — especially in the aftermath of a disaster when communications are likely to breakdown. At that point, any source of news can be analyzed to help provide insights about the extent of the crisis, the potential impact, and how disruptions might be minimized. Ferguson reports that Kenett has developed a five-level “maturity ladder” of risk-management practices. Those levels are:

1. Intuitive – no formal methods used.
2. Qualitative – risk assessments are based on expert opinions.
3. Quantitative – some data is collected and used to derive Key Risk Indicators.
4. Semantic – unstructured data, like logbooks or blogs reflecting user experience, is analyzed.
5. Integrated – data from various sources is integrated into a coherent risk management system.

Kenett insists that too many organizations operate at levels 1 or 2. He writes, “Going up the ladder is both a management and technological challenge.” Ferguson adds, “It’s when organizations are able to combine the third and fourth rungs — a combo of quantitative and semantic data — to get the final rung of data integration that unexpected risk is best managed.” In order to climb those final three rungs, a company needs to use sophisticated technology like the Enterra Solutions® Cognitive Reasoning Platform™, which combines artificial intelligence and a common sense ontology to address both the quantitative and semantic challenges. Not surprisingly, Kenett concludes that the more complex a company’s supply chain is the more critical it becomes for it to integrate internal and external data sources. Ferguson notes, “Kenett is not alone in pushing for more data-driven risk management. Bill Pieroni, global chief operating officer at insurance giant Marsh, contends that the best way to manage risk — even black swans — is to use big data.” That’s because events traditionally considered to be “once in a lifetime” occurrences are popping up with greater frequency. Ferguson asserts, “This is where data comes into play.” She cites an article written by Pieroni in which he concludes, “Analytic competitors who leverage big data will increasingly be able to identify, model, and act to mitigate or potentially exploit these risks.” In that article, Pieroni distinguishes between two related, but quite distinct, terms: risk and uncertainty. He writes:

“Uncertainties pose unknowable and hence unmanageable threats. Risks, however, can be explicitly accepted, avoided, or transferred. Organizations that are fully exploiting big data are actively uncovering and converting uncertainty into known risk as well as addressing and exploiting competitive vulnerabilities.”

In other words, one of the objectives of conducting Big Data analysis is to change uncertainties into risks. Pieroni concludes, “If data and analytics are not explicitly part of decision-making and outcome feedback, the organization will increasingly be in jeopardy. Unchanging strategies and tactics work, until they don’t, with often disastrous outcomes.” Steve Hall insists that risk management processes must not only be active but proactive lest complacency set in if there is a lengthy period between black swan events. “Speak to any risk expert,” he writes, “and they’ll often talk about a proactive approach to risk management.” [“Risk Management Is Overlooked As A Value Proposition, Procurement Leaders Blog, 18 March 2014] Because Hall focuses on procurement, he recommends that procurement professionals become much more active in helping develop risk management strategies. He explains:

“What happened between 2008 and 2012 especially was an awakening to the impact that risk can have across the world – though that prompted reactive thinking. What then happened was often a knee-jerk assembling of risk committees and governance strategies that looked at what would be the best course of action when the next volcano erupts. Though this could prove a useful line of thought, the most important development may yet be that procurement got its foot in the door as a solution to the problem of risk; not in a reactive way, but as a proactive developer of resilience. … The value proposition rests on this: if procurement teams can use the information and expertise they have access to in order to identify, avert, manage and mitigate rising costs, supply disruptions, quality issues and regulatory unwise practices, they’ll have delivered more value to the business than running simple cost-saving exercises.”

From Hall’s short list of potential risk sources, it’s obvious that not only giant transnational corporations must deal with complexity in their supply chains. The more complex their supply chain the higher up Kenett’s maturity ladder companies need to climb. Fortunately, as noted above, technologies have finally been developed that can help companies make that climb.