Three Phases of Supply Chain Risk Management

Stephen DeAngelis

October 18, 2016

There are a lot a moving parts associated with a good supply chain risk management program. First and foremost, a good risk management program constantly scans the horizon looking for threats and prepares to act or react. Neil Shenoi (@resilient_neil) writes, “Supply chain practitioners, accustomed to the ongoing disruptions throughout the sub-tier supply chain, are familiar with the usual risks that threaten supply chain continuity: factory fires, port disruptions, force majeure, chemical spills, and so on. But as global supply chains grow more interconnected, seemingly unrelated events can have a ripple effect, branching out and impacting your supply chain.”[1] As I wrote in a previous article, “Shenoi’s ‘and so on’ covers a lot of ground and his assumption that risk managers know everything that falls into that category should worry them. The list of and-so-on risks is growing all the time.”[2] For practical purposes, there are three phases that a risk management program must master: preparation; reaction; and recovery.

 

The Preparation Phase

 

The preparation phase should begin with a good “what if” session. These sessions should be used to discuss the types of events that could disrupt operations or the movement of goods through the supply chain. “Labor disputes, bad weather, and IT outages are just some examples of disruptions that could affect an otherwise well-designed supply chain,” Yolanda Graham explains. “They are unpredictable, inevitable, and can cause substantial damage to business operations and financial performance.”[3] “What if” sessions are important because they provide companies a place to start when developing an incident response plan and they should be conducted on a regular basis. Too often companies treat the development of incident response plans as a one-time event. “Incident response plans are, in many ways, like family relics,” writes Doug Drinkwater (@DougDrinkwater1). “These written instructions … [are] all too often left gathering dust in the cupboard.”[4] An incident response plan (sometimes called a business continuity plan or disaster recovery plan) needs to identify responsible parties and explain what they are expected to do when an adverse events arise. To help ensure that people understand their roles (and to identify any gaps in planning), incident response plans should be routinely exercised. It’s foolish to believe “what if” sessions will be able to identify every possible risk a company might face; but, open discussions and routine exercises help insure that people are ready to respond no matter what event actually triggers a crisis. Gary Barraco (@GaryBarraco), director of global product marketing for Amber Road, observes, “Instead of trying to determine every possible risk and develop contingency plans to avoid every risk, companies should focus on developing supply chain resilience — an ability to bounce back regardless of which risk has occurred.”[5]

 

The Reaction Phase

 

Reg Kenney (@RegKenney_DHL), President of Engineering and Manufacturing at DHL, writes, “By 2030, DHL has estimated that the annual global economic impact of natural disasters could be up to €328 billion. … Businesses that are well prepared will have necessary and robust data on hand. Their supply chain will be transparent so they will understand where the natural disaster might have the greatest impact. Together this will help them to manage challenging situations quickly and efficiently.”[6] Perhaps the most important thing you can do during an incident is maintain good communication between all stakeholders. This is not always easy; especially when a natural disaster is involved. “Communication is critical when responding to and recovering from any emergency, crisis event or disaster,” says Scott D. Smith, chief commercial officer at ModusLink.[7] So having “a clear communications strategy is essential. Effective and reliable methods for communicating with employees, vendors, suppliers and customers in a timely manner are necessary beyond initial notification of an emergency. Having a written process in place to reference ensures efficient action post-disaster and alignment between organizations, employees and partners.”

 

The Recovery Phase

 

If a company doesn’t prepare well, reaction and recovery phases aren’t likely to go well. Barraco notes, “Risk management often falls to the bottom of the priority list. According to a Deloitte Review survey, From Risk to Resilience, 90 percent of firms do not formally quantify risk when sourcing production. A University of Tennessee study, Managing Risk in the Global Supply Chain, found that only 7 in 10 companies have a documented supply chain risk management plan. Only about half of those surveyed have a backup plan for when a factory or distribution center shuts down.” The recovery phase will go better, regardless of what an adverse event may entail, if plans have been routinely exercised. “When it comes to disaster recovery, you’re only as good as your last test,” says Neely Loring, President of Matrix. “A testing schedule is the single most important part of any [disaster recovery] plan.”[8] The goal of the recovery phase is to get back to business-as-usual as quickly as possible.

 

Risk Management Summary

 

Kenney concludes, “Companies that get supply chain risk management right have a strong foundation on which to develop their overall risk management strategy. With it, they can often gain advantage by filling the gaps left by their less-agile competitors.” Barraco adds, “Having a business continuity plan and the tools in place to orchestrate it before a crisis occurs is the best way to mitigate a potential disaster or other supply chain risks.” Paul Myerson, Professor of Practice in Supply Chain Management at Lehigh University, concludes, “When it comes to operating in the global economy, it’s better be safe than sorry and this can only be done effectively and efficiently by being prepared in advance through a clear risk management and mitigation strategy.”[9]

 

Footnotes
[1] Neil Shenoi, “3 Unobvious Supply Chain Risks Companies Shouldn’t Overlook,”Resilinc Blog, 19 May 2016.
[2] Stephen DeAngelis, “Supply Chain Risk Management: Keeping Track of the Risks,” Enterra Insights, 16 June 2016.
[3] Yolanda Graham, “How can you prepare your supply chain for disruptions?Quintiq Blog, 17 February 2015.
[4] Doug Drinkwater, “How to Improve Your Incident Response Plan,” IT News, 19 July 2016.
[5] Gary Barraco, “Recovering From Supply Chain Disasters,” Manufacturing Business Technology, 29 December 2015.
[6] Reg Kenney, “Ensuring your supply chain is ready for natural disasters,” Supply Chain Digital, 6 September 2006.
[7] Jennifer Lonoff Schiff, “8 Ingredients of an Effective Disaster Recovery Plan,” IT News, 5 July 2016.
[8] Ibid.
[9] Paul Myerson, “You Can’t Stop Supply Chain Risk — You Can Only Hope to Contain It,” IndustryWeek, 5 September 2016.