Supply Chain Risk Management: What in the World is Happening?

Stephen DeAngelis

September 9, 2014

Just when things seem to be quieting down, another “black swan” appears on the world stage that threatens to disrupt global supply chains. The latest black swan is the ebola virus outbreak in West Africa. “Aside from the record death toll from the Ebola outbreak in Africa,” writes Bill Kenealy (@BusInsKenealy) and Rodd Zolkos (@BusInsRZolkos), “businesses around the globe will be affected by the pandemic, with the mining, agricultural and energy sectors most at risk of having their businesses disrupted. What’s more, even companies that don’t have operations in the affected areas might have suppliers there who have to shut down, making disruption of transportation and supply networks a potential problem for many other organizations.” [“Worst-ever Ebola outbreak disrupts global supply chains,” Business Insurance, 17 August 2014] There are indications that disruptions caused by the Ebola outbreak may be long term. One of the reasons for that is that scientists aren’t sure how people are getting infected. Mike Stobbe (@MikeStobbe) and Marilynn Marchione (@MMarchioneAP) report, “A scary problem lurks beyond the frenzied efforts to keep people from spreading Ebola: No one knows exactly where the virus comes from or how to stop it from seeding new outbreaks.” [“Another Ebola Problem: Finding its Natural Source,” Scientific Computing, 18 August 2014] They continue:

“Throughout history, some of the biggest wins against infectious diseases have involved not just limiting person-to-person spread but also finding and controlling the sources in nature fueling new cases. Plague was halted after the germ was tied to rat-riding fleas. With the respiratory disease SARS, civet cats played a role. With typhus it was lice, and with bird flu, live poultry markets. Efforts to control MERS, a virus causing sporadic outbreaks in the Middle East, include exploring the role of camels. In the case of Ebola, health experts think the initial cases in each outbreak get it from eating or handling infected animals. They think the virus may come from certain bats, and in parts of Africa, bats are considered a delicacy. But bats may not be the whole story or the creature that spread it to humans. The World Health Organization lists chimpanzees, gorillas, monkeys, forest antelope and porcupines as possibly playing a role. Even pig farms may amplify infection because of fruit bats on the farms, the WHO says.”

One of things that businesses hate most is uncertainty. Planning is difficult when the future is clouded with a lot of unknowns. The problem, of course, is that you don’t know what you don’t know. That’s where good risk management strategies come into play. Because supply chain disruptions can be costly, business executives are starting to pay a lot more attention to supply chain risk management. A survey conducted by Accenture of more than 1,000 companies concluded, “The majority of companies see supply chain risk management as important to their business. … Seventy-six percent of companies participating in the ‘Accenture Global Operations Megatrends Study – Focus on Risk Management,’ describe supply chain risk management as important or very important. Of the more than 1000 companies represented across 10 industries, 25 percent plan increased investments of at least 20 percent in supply chain risk management in the next two years.” [“Supply Chain Risk Management Now a Priority for Most Businesses but only Elite Leaders Generate a Return on their Investments in Excess of 100 Percent, Accenture Research Finds,” Market Watch, 24 June 2014] Admittedly, determining the amount of resources that a company should invest in risk management is difficult. Additionally, knowing how much money was saved because preventive actions were taken can only be speculated. That makes estimating how good of a return on investment (ROI) a company receives for its risk management efforts difficult. In an article about the Accenture survey, Sabine Vollmer, writes, “Nearly three-fourths of the companies represented in the Accenture survey reported returns on investment on their risk management efforts of 50% or less. Twenty-one per cent of participants reported a 51% to 100% return on investment and 7% had a return on investment of more than 100%.” [“Five ways to more effectively manage supply-chain risk,” CGMA Magazine, 3 July 2014] She continues:

“Based on the responses from the companies with the most effective risk management, Accenture suggested companies take the following actions to boost return on investment:

  • Formalise risk management as a specific topic for discussion in relevant management meetings.
  • Install a risk management officer as part of the senior-level organisation hierarchy.
  • Establish and propagate a culture of risk management throughout the supply-chain organisation.
  • Develop and nurture supply-chain risk management skills as part of employees’ standard job descriptions.
  • Build and deploy the analytical tools that will help the organisation respond to risks.”

 

Supply chain risk management requires a full-time effort. It’s not something that you occasionally discuss in relevant management meetings then move on to another topic. I don’t believe that’s what the Accenture analysts are trying to communicate. They expect the full-time effort to be discussed in those management meetings. One never knows when a disruption will occur or the exact circumstances that create it. Vigilance, however, is the watchword. John Westerveld (@johnwesterveld), a demo architect for Kinaxis, states, “Many companies have accepted the need for Supply Chain Risk Management because they understand that [a disruption can] occur and, if they are ready for it but their competitors are not, they have an opportunity to gain market share. The problem is most companies are relatively immature when it comes to Supply Chain Risk Management.” [“Innovative Approaches to Supply Chain Risk,” The 21st Century Supply Chain, 5 August 2014] He goes on to discuss a maturity model presented in report published by SCM World. The report, entitled “Innovative Approaches to Supply Chain Risk,” was authored by Geraint John (@geraint_john), Senior Vice President of Research at SCM World. In that report, John “outlines an approach to bring your supply chain risk management to the next level of maturity.” Westerveld continues:

“Supply chain risk management is not simple otherwise, given the potential impact to corporate revenues, I’m sure that more companies would have robust supply chain risk management processes in place. The report outlines some of the key challenges as follows:

  • A variety of physical and non-physical risks need to be considered including geographic factors (natural disasters, political unrest), supplier quality and labor issues, volatility in pricing, customer demand, shipping, IT security, regulatory changes, etc.
  • Supply chains are complex. You must understand risks not only to your suppliers but their suppliers as well (tier 2, tier 3, tier n). Adding to this challenge is the reluctance of suppliers to share their sources with their customers for competitive reasons.
  • There has been a huge increase in the amount of data available, both numeric and unstructured. How do you cut through the noise and find data that is relevant? No off the shelf tools exist. Analytics and mapping is available but many companies are not at the level of maturity to leverage these. The temptation is to act on gut instinct in the face of too much data but this can lead you down the wrong path
  • There is a natural conflict between risk mitigation and supply chain efficiency. Efficiency programs like lean drove us to reduce suppliers and cut inventory. Supply chain risk management practice advises us to source additional suppliers and plan additional strategic inventories as mitigation strategies. It can be a real challenge to get executive approval for these measures in today’s environment.”

Westerveld goes on to note that “the report outlines 4 key action areas that companies developing a more systematic, focused and proactive supply chain risk management approach need to address.” Those areas are:

 

  • Identifying and assessing risk – This includes visibility across the supply chain including a good understanding of the companies involved. …
  • Quantifying and prioritizing risk – Given that all companies operate on limited resources, focus on those areas that will deliver the biggest benefits. One way is to plot likelihood of occurrence against business impact. While this approach can work well for recurring operational risks like supplier performance, it doesn’t work as well for hard to predict incidents like natural disasters. One approach suggested in the article is that supply chain managers assign financial impact and time to recover factors at a site and component level. This tends to identify critical but low-spend suppliers that may otherwise be overlooked.
  • Mitigating Risk – inventory tracking and dual sourcing are considered to be the most effective risk mitigation strategies. Also increasing use of standard components, segmented and regionalized supply chain strategies and business continuity plans.
  • Speeding Recovery – Business continuity plans that have been developed and tested with suppliers are key to rapid recovery.

 

The attached graphic depicts how John’s recommended risk management process flows.

 

 

Westerveld concludes, “For me, the key takeaways from this report are that effective supply chain risk management needs to be all inclusive – it must include layers beyond just your suppliers. You need to evaluate your supply chain based on the impact each supplier, site, and component might have on your business. … Your supply chain risk management process must be integrated into the broader enterprise processes. It shouldn’t be considered an isolated process but instead should be a consideration in each decision made by the company.” I agree with those conclusions. You never know what’s going to happen in the world and, when something does occur, you will know too late if you don’t have a process already in place.