The Unrelenting Nature of Supply Chain Risk Management

Stephen DeAngelis

July 9, 2014

In an article about supply chain risk management, Abe Eshkenazi, CEO of APICS, a professional association for supply chain and operations management, writes, “Everyone in the C-suite is starting to pay attention to this important (and expensive) topic. Of course, it’s a subject that has been on the minds of supply chain and operations management professionals for a long time.” [“Risk Remains Unrelenting Issue,” APICS News, 6 June 2014] I agree wholeheartedly with Eshkenazi that supply chain risk remains an unrelenting issue. Actual disasters and/or supply chain disruptions are episodic; but, by their very nature, risks never entirely disappear. That’s what makes them so unrelenting. Companies that fail to appreciate their unrelenting character set themselves up for costly disruptions or corporate failure. That might sound a bit hyperbolic, but Andrea Christ reminds us, “Complex and tightly coupled systems such as modern supply chains are extremely vulnerable to internal and external shocks.” [“Costly Supply Chain Disruptions,” InsuranceNewsNet, 11 June 2014] She goes on to report, “The World Economic Forum (WEF) has highlighted supply chain disruptions and vulnerability as one of four emerging risk issues that will affect the world’s economy and society during this decade. The WEF considers supply chain vulnerability to have an impact potential as high as systematic financial risks, food security or energy supply.”

The U.S. National Institute of Standards and Technology (NIST) adds that natural disasters, political upheavals, and other physical events are not the only risks to supply chains. Cyber threats are also very real. A new NIST guide insists that “taking a multi-tier approach to supply chain threats” is a strategy that will help reduce vulnerabilities. [“NIST Guide Targets Supply Chain Risks,” Eric Chabrow, GovInfo Security, 12 June 2014] “Breaking down silos should help organizations mitigate vulnerabilities introduced into their systems from the information and communications technology supply chain,” reports Chabrow. Jon Boyens, a NIST senior adviser for information security, told Chabrow that “organizations that institute separate programs to implement supply chain risk management pose risks to the entire enterprise.” Boyens explains, “Acquisitions offices may not be communicating and seeking needed information and input from the office that will own and use the information system and, ultimately, manage the risks associated with the system.” Corporate silos are never a good idea; but, they are particularly dangerous when it comes to protecting supply chains. Supply chain experts, like Lora Cecere, have been insisting for years that supply chains need more visibility, better information sharing, improved sensing, and corporate alignment. Informational and operational silos present challenges to all of those activities.

Over the past several decades, supply chains have been lengthened and, as a result, have become more complex as manufacturers have outsourced production to low-wage countries. Many of these companies have learned that low wages may not offset other costs associated with production in emerging market countries. Rachel Gordon admits that some emerging market countries may be “rich with resources” and may offer “substantial cost savings”; but, she also notes, “for insurers, they also pose challenges.” [“Europe: Emerging markets supply chain risks,” POST, 12 June 2014] She explains:

“For starters, there is limited cover available, thanks to volatility and uncertainty in these areas. According to Volker Muench, global practice group leader, Allianz Global Corporate & Specialty: ‘The challenge for insurers is to ensure they can provide insurance while also being aware of the accumulation of risk which the supply chain can pose. ‘Reinsurers are focused on this area, as are rating agencies, which want to be sure insurers are adequately managing their level of risk.’ While this may be acting as a stumbling block to growth, there is no doubt that demand for – and awareness of – the need for cover, is rising.”

This year FM Global issued a “first-of-its-kind Index,” the 2014 FM Global Resilience Index, that rates countries according to how resilient they are to supply chain disruption. In this first Index, “Norway, Switzerland and Canada top the list of nations most resilient to supply chain disruption.” [“Riskiest Countries for Business: FM Global Ranks Nations by Supply Chain Resilience,” PR Newswire, 11 June 2014] The press release notes that supply chain disruptions are “one of the leading causes of business volatility.” The Index “is an online, data-driven tool and repository ranking the business resilience of 130 countries. More than a year in development, the Index is designed to help executives better assess and manage supply chain risk. The Index finds Kyrgyzstan, Venezuela and the Dominican Republic as nations least resilient to supply chain disruption.”

Gordon reports that earlier this year, “the AGCS Risk Barometer survey … highlighted business interruption/supply chain as the biggest global risk, taking precedence over natural catastrophes such as earthquake and flood.” Muench told Gordon, “For many companies, greater reliance on emerging economies for products such as component parts or raw materials has increased [the risks associated with business interruption].” Jonathan Hall, executive vice president of FM Global, agrees with Muench. “As supply chains become more global, complex, and interdependent,” he stated in the press release, “it is essential for decision makers to have concrete facts and intelligence about where their facilities and their suppliers’ facilities are located. The Resilience Index is a dynamic resource to better understand unknown risk in order to strategically prioritize supply chain risk management and investment efforts.”

Christ indicated that her company, Proquest, LLC, conducted a survey of executives from a number of companies in Europe and the United States about how supply chain disruptions have affected them. She reports:

“Regardless of their industries, 85 percent of the respondents stated that they suffered significant losses due to supply chain disruptions in 2012. They experienced 11 supply chain disruptions that totaled an average loss of $3.4 million. The majority of these harmful events are cumbersome but not dreadful. However, for 14 of the businesses, one single disruption event caused costs in excess of $500,000. For two enterprises, the losses for a single event skyrocketed up to double-digit million dollar numbers. In the worst case, respondents reported impacts exceeding $100 million. Even for major corporations, such costs have devastating effects on their performance goals.”

Like other analysts, Christ notes that every effective risk management process begins with knowledge. “When preparing for potential supply chain disruptions, the initial step consists of identifying and assessing relevant risks,” she writes. “This important stage defines the scope of subsequent risk measurement activities and influences the success of any risk management effort.” She continues:

“Many sources of supply chain disruptions lie outside the boundaries of any organization. This allows managers to have only a limited influence. Thus, it becomes even more important to develop measures to detect and react to looming supply chain disruptions in a timely manner. To speak in terms of an anecdote, if a longshoremen’s strike is threatening to block a port, quickly rerouting the shipment to another container terminal can enable the launch of the long-awaited next generation of mobile devices on time. In other words, increased flexibility is the way of choice for building resilience in a supply chain context.”

To achieve the kind of visibility and awareness that Christ is writing about, technology is essential. Humans are incapable of ingesting and analyzing the mountains of data required to gain insights within the necessary timeframe to make a difference. Big Data analytics are becoming a “must have” for any supply chain risk management program that monitors global supply chains and reacts to potential disruptions. Because computer programs can monitor and assess data around the clock, they are as relentless as the risks for which they are looking.