Yves Belanger, a director, and Yves Leclerc, a managing director, at West Monroe Partners, ask, “What does risk mean for today’s supply chain?” [“Supply Chain Globalization: Great Opportunities and New Risks,” Retail Info Systems (RIS) News, 24 April 2014] It’s a good question made all the better by the fact that so many of today’s supply chains are extended across the globe. Belanger and Leclerc add, “Increasingly, both multi-national and local companies must be prepared for events — anywhere in the world — that could force them to find a new supplier or reroute their supply chain.” Managing risk, however, is not just a matter of inconvenience (i.e., having to find a new supplier or rerouting a supply chain). Guy F. Courtin (@gcourtin), Principal Analyst and Vice President at Constellation Research, insists, “How you manage your exposure to risk will determine your company’s success.” [“Are You Taking Unnecessary Risks with Your Supply Chain?” Industry Week, 8 June 2012] “We are constantly dealing with risk and balancing our tolerance of it,” he writes. “Basically, risk is in everything we do. What we wrestle with is the degree of risk we are willing to process.”
Lest I leave the wrong impression, Belanger and Leclerc are well aware that supply chain risk management is serious business and not just a matter of avoiding inconveniences. They note that among the types of risks that organizations can face are dangerous dependencies on a single supplier, intellectual property (IP) theft, and loss of reputation. They explain:
“One major concern of switching to a low-cost supplier might mean becoming dependent. At the same time, mid-market organizations may not have the purchasing power advantage and global sourcing opportunities that larger competitors have. Many retailers may need to go with the lowest product cost just to compete — businesses must often choose between cost and dependency. It’s also important to note that IP theft is on the rise and enforcement varies greatly. Large organizations may have better options in offshore manufacturers than their mid-sized counterparts, so small organizations must be especially cautious. Today, information is readily available to consumers and with the prevalence of social media, bad news spreads fast. If you don’t know where all of your products are sourced from and who is making them, you could risk a PR nightmare that will lead customers directly to competitors.”
To address these risks, they suggest, “Businesses should focus on implementing and training their teams on demand planning tools that actually predict and manage volatility, not tools that give you point in time data or best estimate approximations.” In other words, Belanger and Leclerc insist that real-time supply chain visibility is essential if risk is going to be managed properly. I agree with them and believe that the most important analytic tool that companies can place in their kit is cognitive computing. Cognitive computing systems can ingest and make sense of number of real-time data feeds and can analyze that data continuously. Since time is of the essence when a supply chain disruption occurs, receiving alerts in near-real-time can make a significant difference when it comes to response. James A. Cooke, Editor of CSCMP’s Supply Chain Quarterly, reports, “An Accenture study found that companies earning a high return on their risk management programs have something in common: The use of ‘control towers’ to collect and analyze data across the supply chain.” [“‘Control towers’ provide a return on risk management investments,” CSCMP’s Supply Chain Quarterly, 26 August 2014] As Cooke notes, control towers “enable companies to collect and analyze data across the supply chain to identify developments that might affect their operations. Based on these analyses, companies can then mobilize a response when necessary.” He continues:
“The ability to see what’s taking place in the supply chain and then respond to unforeseen events is critical. That’s why so many leading companies have set up control towers, also known as command centers, where they can centralize information from their suppliers and carriers to create a ‘big picture’ view of the end-to-end supply chain.”
There is another benefit to having an end-to-end picture of supply chain risk — insurance costs. According to an article in Supply & Demand Chain Executive, “In many cases, companies are now only covered where maximum risk transparency is provided.” [“Better Insurance through Greater Transparency in Supply Network Risks,” Supply & Demand Chain Executive, 24 June 2914] The article continues, “Gaining time, both for preparing and responding to interruptions in supplier networks, can be of significant advantage in terms of the outcome, especially when it comes to setting up emergency operations by way of organizing possible alternative suppliers, for example, or by redirecting material flows.” Courtin agrees with the stress being placed on supply chain visibility. “I know this concept is well worn,” he writes, “however, as the old adage goes, you can’t fix what you can’t observe.” He continues:
“Risk comes from many angles and extended supply chains have an ever-growing and shifting number of blind spots. Supply chains must be able to ‘see’ as much as possible. Understanding all the elements that comprise the supply chain is a vital step to improving your ability to handle risk.”
Courtin also agrees that the kind of understanding that can be provided by a cognitive computing system is important. “Sometimes just seeing something isn’t helpful,” he writes. “You need to also understand from where you are observing how your situation is impacting what you observe. There has to be contextual understanding of what you are observing, what you are viewing and how it relates to the environment and other events. Just seeing is not enough; you must be contextually aware of what the events are that you have insight into.” A cognitive computing system is the ideal platform for helping executives understand context and gain insights. To underscore this point, Courtin writes, “Analyst firm Gartner has started to speak about pattern recognition within your supply chain, but doing so in a real-time manner — being able to look at events as they are happening, not just looking at historical data, which by its very nature is irrelevant once you leverage it.”
Up to this point, the discussion has primarily focused on external, real-world events that pose risks to supply chains. Jon Oltsik (@joltsik), a Senior Principal Analyst at Enterprise Strategy Group, reminds us that risks are also present in the virtual world. [“Enterprises Need Outside-In Continuous Monitoring for Risk Management,” ESG Blog, 24 April 2014] As is the case with other supply chain risks, Oltsik insists that companies need to look outside in for virtual risks. He offers three reasons for recommending this outside-in approach:
1. Outsiders have network access. Enterprises regularly grant network access to business partners, suppliers, and customers.
2. ‘Shadow’ IT is on the rise. Employees, functional departments, and business units are eschewing homegrown apps for SaaS offerings while IT moves internal systems to cloud-based infrastructure.
3. Multi-site Web-facing applications are extremely vulnerable. This problem goes beyond application vulnerabilities and SQL injection attacks. If you host an ad network on your site (or your linked business partners host an ad network on their site) you will likely have a ‘weak link’ somewhere in the chain.
Oltsik concludes, “Cyber adversaries know that our networks are dynamically connected with others so finding the ‘weakest link in the cybersecurity chain’ could be as easy as hacking into your HVAC contractor’s systems — just ask Target. We need better oversight and visibility over cyber supply chain risk and we need it as soon as possible.” Like other experts, Oltsik believes that visibility is one of the important keys for managing supply chain risk. When it comes to supply chain risk, ignorance is not bliss.