We live in a risky world. Supply chains, especially extended ones, are subject to an almost infinite number of risks. Analysts from IDV Solutions note, “Natural disasters, weather, civil unrest, terrorism, workforce strikes and even construction and traffic, all can impact your supply chain. These risks can delay or completely disrupt the supply chain, threatening on-time delivery, manufacturing processes and customer commitments.”[1] Supply chain risks can be likened to diseases. In the medical field, a common adage is: Prevention is better than cure. Prevention is also cheaper. It’s why we get immunized, eat right, and exercise. We are trying to build up our resilience to disease. Still, we sometimes get sick. No matter how well prepared you think your company is to prevent supply chain disruption, you’re still likely to experience disruptions. The IDV Solutions analysts note, “It’s impossible to completely eliminate risk from your supply chain.” Returning to the medical analogy, people try to manage their exposure to healthcare risks and minimize the damage disease can create in their lives. In the same way, IDV Solutions analysts assert, “Organizations can minimize exposure to risk and even eliminate the impact of certain risk events with careful planning, tools and processes to anticipate and manage risk more effectively.”
Managing Supply Chain Risk
The IDV Solution analysts write, “Managing risk typically involves three key aspects: Risk Identification, Risk Assessment and Risk Mitigation.” A company ignoring any of these areas is like a person deliberately leaving herself or himself vulnerable to disease.
Risk Identification
Edwin Lopez (@EdwinLopezT37), editor of Supply Chain Dive, believes there are five types of risks (i.e., five areas in which supply chain risks can be found).[2] By grouping risks into five areas, Lopez isn’t trying to minimize them. “Today’s risks are so diverse,” he writes, “it can be tough to prioritize.” The five areas he identifies are:
1. Cyber Risks: “Cyber crime costs will exceed $5 billion by the end of 2017, which means companies need to start evaluating and confronting cyber risk at every level of their supply chains.”
2. Financial Risks: “Keeping up to date with data and paying attention to economic and business trends are just a few ways to mitigate financial risk in your supply chain.”
3. Labor Risks: “Labor is the backbone of every supply chain, but it doesn’t come without risk.”
4. Natural Disaster Risks: “Companies should acknowledge that in the case of natural disaster, there is often no quick turnaround, but there are strategies to recover efficiently.”
5. Political Risks: “Political risk is the new normal as regulatory changes, both foreign and domestic, challenge global supply chains.”
The devil, of course, is in the details. I recommend conducting “what if” exercises in each of those five areas in order to identify potential causes of disruption in your specific supply chain. Although identifying every potential risk is impossible, general areas of concern can be addressed to increase your company’s resilience.
Risk Assessment
Dave Turbide (@daturbide), a supply chain consultant, recommends taking into account seven factors when making your risk assessment.[3] Those factors are:
1. Supply Chain Length: “Risk of disruption grows along with the length of the chain. Each time goods are handled — packed and loaded, transferred from one mode of transport to another, unloaded or combined with or separated from other shipments — there is the opportunity for damage, theft, delays and loss. When analyzing the cost trade-offs between local or domestic sourcing and international supply, be sure to factor in the additional risks of the longer chain. International procurement also entails risk from currency fluctuations, changing duties and taxes, unstable government or political considerations, volatile fuel costs and customs delays.”
2. Efficiency: “The more efficient the supply chain, the more risk it carries. In earlier times, when business was comparatively less competitive, the default risk mitigation strategy was having some extra inventory staged along the supply chain to soften the impact of delays and disruptions.”
3. Cybersecurity: “Intellectual property can be stolen by a competitor that results in unfair competition and lost market share. Your computer and communications networks can fail, be corrupted or compromised. Lawsuits can shut down your business over liability claims, intellectual property disputes, unfair labor practices or unsafe working conditions (including those of your suppliers’ suppliers).”
4. Alternative Risk Strategies: “Sometimes, there are ways to share or offload risk on another party and, sometimes, the solutions are worse than the problem. The next two supply chain risk factors delve into these two alternate strategies when avoidance and mitigation are less than ideal solutions.”
5. Supply Chain Risk Transfer: “Some supply chain risk can be transferred. Transfer of risk reduces or eliminates the financial impact of a supply chain disruption, but may not adequately address the business continuation issue. Risk transfer can be an insurance policy that repays the company for the cost of repairing damage, replacing lost equipment or goods, and even the loss of revenue and profit caused by a covered event.”
6. Cost-benefit Analysis: “Sometimes, you just have to accept the supply chain risk. Risk avoidance and mitigation have a cost, and that cost can be prohibitive — that is, higher than can be rationalized. Risk management professionals always do a cost-benefit analysis comparing the cost of mitigation or avoidance against the likelihood and impact of the disruption, should it occur. … Sometimes, you just have to accept the supply chain risk. If the cost [of mitigation] is too high, the company may decide to just accept the risk — you can think of that as a type of self-insurance.”
7. Insurance issues: “Among supply chain risk factors, it’s important to remember that the best insurance never pays off. The odd thing about insurance, whether it is the conventional kind, where you pay a premium, or the risk avoidance and mitigation costs being discussed, is that it is most beneficial when the disaster doesn’t occur, and you never see the payback.”
Although Turbide’s list is a good place to start, there are a number of other factors you should probably consider during your assessment (such as the possibility of experiencing a single point-of-failure). Mapping your supply chain in as much detail as possible can help you with your assessment. Enterra Solutions® has also developed a methodology for assessing risk — the Enterprise Resilience Management Methodology® (ERMM). A system can be no stronger than its weakest parts. The ERMM can help identify those weak points so they can be addressed and organizational resilience can be increased.
Risk Mitigation
Sahil Kothadia, Resilinc’s Managing Director for the EU, believes risk mitigation begins with understanding the data upon which a supply chain risk management process should be built. He explains, “Nowhere is data availability and quality more paramount than in managing supply chain risk. A large percentage of organizations and their leadership teams understand the need of proactive risk management to ensure a continuous supply chain, but aren’t sure where to start. However, at its core the supply chain risk problem is a data problem, and understanding the issues with your company’s data and what needs to be done to enable the transformation from raw data to insightful information is the stepping stone to enable an effective proactive risk management program.”[4] A cognitive computing platform is a good foundation on which to build a risk management program. Not only can such a platform collect, integrate, and analyze data (both structured and unstructured), it learns as it works and can be programmed to react autonomously when critical situations requiring immediate action are detected. Every organization is unique and needs to develop disaster response and continuity of business plans. Once developed, those plans need to be regularly exercised and updated using lessons learned.
Summary
IDV Solution analysts conclude, “If you’re better prepared to respond to risk events than your competitors, supply chain risk can become an opportunity for competitive advantage and differentiation. A recent PwC annual risk survey reveals that, ‘a comprehensive approach to risk management can deliver a competitive advantage by handling risk events more effectively and efficiently than competitors which results in an upsurge in performance and faster revenue growth’.” Since we live and work in a risky world, PwC’s conclusion means opportunities abound for resilient organizations.
Footnotes
[1] Staff, “8 Principles of Supply Chain Risk,” IDV Solutions, 2015.
[2] Edwin Lopez, “The 5 types of supply chain risk,” Supply Chain Dive, 7 August 2017.
[3] Dave Turbide, “Seven supply chain risk factors that affect assessment, mitigation,” TechTarget, 2 May 2017.
[4] Sahil Kothadia, “Supply Chain Risk Management is a Data Problem …” Resilinc Blog, 2 August 2017.