Supply Chain Risk Management: Resiliency and Fragility

Stephen DeAngelis

May 26, 2016

“Scratching an itch never makes it go away,” writes Thomas P.M. Barnett (@thomaspmbarnett), former Vice President for Communications at Resilient Corporation, “even as it feels immediately good.”[1] In the area of supply chain risk management, the itch comes from the many sources of potential disruption that can ruin a risk manager’s day. Barnett suggests that continuing to scratch those itches without ever addressing the underlying fragility that makes them sources of concern wastes both time and resources and could threaten a company’s very existence. His argument is that the opposite of resilience isn’t vulnerability it’s fragility. Barnett’s background has primarily been in the area of national and international security — a background he now applies to the business world as well as to the governmental arena. On the broad subject of security, he writes:

“We have a tendency to view security as strictly a boundary issue: fortify the ‘wall’ and let nothing bad in. But if the ‘wall’ can be just as easily breached or toppled from within, then we’re talking about something larger than just preventing the inbound attack. Instead, we’re talking about genuine resilience that spans both ‘left of boom’ (bad security event) and ‘right of boom.’ So, not just focused on preventing bad things — a virtual impossibility in this connected day and age, but likewise on managing, mitigating, and recovering from, the impact of bad things. Our tendency to focus on the ‘hard’ boundary, when it comes to security, often results in our enterprises suffering rather ‘soft’ interiors. Organizational resilience surmounts that Manichean view by rejecting its either-or premise: the organization is not divided into that which is to be protected and that which protects. Instead, we view each organizational element as needing to fulfill both roles simultaneously.”

I agree with Barnett that we need to take a holistic view of organizational resilience. In an article entitled “Supply Chain Risk Management Requires a Full-time Effort,” I discussed the difference between chronic and situational disruptions to the supply chain. Situational disruptions are major disruptions caused by such things as natural and manmade disasters while chronic disruptions involve internal weaknesses that degrade, but do not inhibit, supply chain function and that do not respond to traditional remedies.[2] Both types of disruptions are itches that need to be scratched; but, more importantly, both types of disruptions represent organizational fragility that needs to be addressed. For situational risks, Loretta Chao (@LorettaChao) reports, “A growing number of firms are looking to help companies with global supply chains prepare for threats that range from financial problems at key suppliers to war and extreme weather.”[3] Noha Tohamy (@nohatohamy), a vice president of research at Gartner, told Chao, “As supply chains are becoming a lot more distributed and more global, companies are working with much smaller suppliers that are more difficult to track. [Such companies] are wanting to use big data and outside data as part of their understanding of risk exposure, combining information they have of their own supplier performance with what’s happening weather-wise, or with political unrest … to come up with mitigation strategies.” Not enough companies are looking for help in dealing with chronic risks; however, internal data analytics might be able to help discover and resolve some of those issues.

Whenever big data analytics and a large number of variables are involved, cognitive computing capabilities need to come into the discussion. Cognitive computers can handle a much larger number of variables than previous analytic platforms and they can collect, integrate, and make sense of both structured and unstructured data. Not only are these capabilities important for addressing the kinds of risks discussed by Chao, as noted above, they can also help identify and address internal process risks discussed by Barnett. Addressing both external and internal fragility is critical. Rob Cheng (@robcheng), head of growth at supply chain software company Elementum, told Chao, “The economic impact of day-to-day issues often exceeds the cost of headline-grabbing events like the earthquakes in Japan.” Chao continues:

“Unexpected quality problems, like shortages, shipping delays or productivity issues, that slow down supply chains, are what cost companies millions of dollars, [Cheng] said, adding that companies should take ‘a more holistic approach,’ and organize their supply chains for the ability to react quickly if one part of a complex, interdependent network of suppliers goes down. Companies need to anticipate potential problems because they ‘can no longer afford to react, which is typically what a very good supply chain professional does,’ said Jorge Blanco, a managing director at KPMG Spectrum, a division of KPMG. For example, a warning signal would be triggered if a supplier experiences decreasing liquidity at the time that a port strike, nearby natural disaster, or socioeconomic tension becomes an issue. Problems ‘typically do not occur for one reason — typically it’s three or four disconnected reasons,’ he said.”

It’s exactly those kinds of “disconnections” that cognitive computing systems can help connect, because cognitive computing systems learn as they go. The more complex a supply chain becomes the more a cognitive computing system is required to help make sense of its myriad connections and the perturbations that can result when something unexpected occurs. Barnett concludes, “Fragility is the prime enemy of resilience — not vulnerability. You can never completely rid your organization of vulnerabilities because of the ever increasing evolutionary speed of new threats ‘out there.’ But ridding your enterprise of fragility? That strikes me as the more realistic and laudable goal, and hence the core of the quest for resilience.” I agree with Barnett and believe that cognitive computing technologies are going to play a large role in helping make organizations less fragile in the years ahead.

[1] Thomas P.M. Barnett, “The Opposite of Resiliency Isn’t Vulnerability; It’s Fragility,” Resilient Corporation, 11 April 2016.
[2] The definition of chronic risks comes from the APICS Supply Chain Council (“Chronic Disruption Plagues over 73 Percent of Supply Chain Managers, APICS News, 4 November 2014).
[3] Loretta Chao, “Companies Pay for Supply Chain Peace of Mind,” The Wall Street Journal, 29 April 2016.