Secure Enough? Understanding and Managing Supply Chain Risk

We’ve all heard of the domino–effect – it’s when a small change causes a similar
change nearby, which then causes another similar change, and so on in linear
sequence. However, if that small change happens to be a disruption in the supply
chain link, the consequences are nasty.

With supply chains expanding in size and complexity, enlightened professionals and companies are focusing more energy on managing supply chain risk. Although the topic is gaining prominence in boardrooms, many companies do not yet have a sufficient grip on the risks they face. Globe-spanning extended supply chains are susceptible to myriad disruptions. Many organizations do not commit the time and resources necessary to understand these issues. To address this, they must therefore implement programmes to identify and profile risk variables.

A world of risk
Supply chains today are growing continuously more complex, interconnected, and global. Operations have become increasingly dispersed as distances expand between links in the chain. Along with this, complexity increases, while more regulatory and compliance issues pose greater operational challenges.

Additionally, although the tenets of lean production methods and just-in-time manufacturing and delivery have led to the paring of supply chains into finely tuned models of efficiency, this approach calls to attention an inverse relationship between efficiency and risk. For example, single-source supplier strategies can result in favorable volume rates and excellent service. However, if that supplier has a major disruption in its supply chain, its customers are left completely vulnerable.

Understanding the implications of supply chain redesign and global sourcing in this light is therefore essential to a company’s long-term viability and economic success. They can take the following key steps to better address risks in their supply chains, as follows:

• Identify and profile risk variables
• Assign appropriate factors to risk for quantitative inclusion in business decision-making processes
• Understand how technology tools can enable the organization to better manage risk in the context of overall goals

Understanding and defining risk
The topic of risk in business is of course not a new one. In the world of finance, the term covers a wide range of categories, but at the highest level it falls into two main ones – systemic risk and non-systemic risk. Systemic risks refer to those unique to a particular company, while non-systemic risks are big-picture, macro factors that affect all businesses, such as global political and financial conditions. These definitions, and the strategies and processes other industries use to understand and manage risk, can also be applied to supply chain management.

A range of potential factors
Risks to a company’s extended supply chain are many. Potential disruptions can be caused by fluctuations of customer demand, financial factors such as exchange rates and market pressures, and environmental and geopolitical factors such as weather, natural disasters, political instability, and union action.

Beyond the common, low-level events that occur across the supply chain on a regular basis, less frequent but high-impact incidents can also create further exposure. Companies therefore need to quantify the risks they face and enact strategies to manage them efficiently and effectively.

At times they may also have to examine assumptions and think in new ways. ‘Rare’ occurrences, for instance, are in reality anything but rare for a large organization with a far-flung supply chain crisscrossing the globe. A further, more insidious risk is also posed by the threat of intentional disruptions caused by criminals and terrorists. These risks require special attention because of their adaptive nature: unlike random breakdowns, intentional disruptions can be targeted toward perceived soft spots and weaknesses in the extended supply chain.

Companies need to quantify the risks they face and enact strategies to manage them efficiently and effectively.

Measuring and profiling risk
For companies that have not yet begun to enact risk management processes, a good first step is to gather as much data as possible on current business operations. With this information, they can begin to establish a baseline risk profile. Companies with enterprise software and integrated supply chain management capabilities will have an advantage here, with better access to the information they need, thanks to enterprise-wide data and process interconnectivity.

Profiling the supply side

To get a more complete picture of their inbound supply chains, companies should compile a profile of their supply bases. This data should cover a wide range of supplier information, including the following:

Total number of suppliers

Geographic location and diversity (of production and shipping centers, as well as headquarters)

Production capacity

Production flexibility – for example, can the supplier manufacture the company’s product line at multiple locations?

Aggregating supplier data will allow companies to study and perform analysis on this information so that vulnerabilities facing the business can be prioritized. Again, IT can greatly facilitate this process, with automated information collection and built-in analytical tools.

Supply profiles can also be used to identify vulnerabilities in supply chains. A supplier might have several manufacturing plants, for example, but they are all in the same region – open to potential disruptions caused by local economic conditions, political situation, or natural disaster.

Then there is the issue of single sourcing. To what extent do the advantages outweigh the risks? The impact of such methods on efficiency, cost savings, and stronger relationships is undeniable, but at what cost? Supply chain risk management will help organizations answer such questions.

Companies with enterprise software and integrated supply chain management capabilities will have an advantage, with better access to the information they need, thanks to enterprise-wide data and process interconnectivity.

Profiling the demand side
Companies can follow the same process in examining the demand side of the equation. Looking at its outbound supply chain they can, for instance, determine whether they are overly dependent on a small number of customers or evaluate their geographical data in terms of a particular distribution center, trucking corridor, or port.

Profiling fulfillment and production

Organizations can next look to their ‘internal’ networks and create a profile of their goods or services as well as their customer fulfillment networks.

Data on a company’s fulfillment and production can help determine if there is a good mix of products and a geographically dispersed distribution of inventory. For instance, an organization may find that though it ships both by freight and air, it is using a common “ship-from” node, making the company vulnerable to a disruption.

Strategies for managing risk
Supply chain management professionals and organizations can institute a number of strategies to narrow the gap between the current state of risk management and the optimal level. Some ideas include the following:

• Build a comprehensive model of the global supply chain, capturing business activities and key supply chain operations of primary partners, suppliers, and customers
• Use this model to identify risks that can be ameliorated through business strategy or process changes
• Implement IT solutions that connect business data and processes from end to end
• Encourage and develop a culture of risk management by undertaking initiatives such as contingency planning programs or involving key personnel in risk management functions
• Use principles of continuous improvement with annual ‘supply chain drills’

Informed companies are beginning to recognize both immediate and long-tem opportunities for competitive advantage in supply chain risk management. This is borne out by recent trends showing more and more attention being paid to this issue at the boardroom level.

Technology enables risk management
As mentioned above, IT tools can help companies’ aggregate baseline data and create supply chain profiles. Enterprise-wide software solutions can, for instance, help traditional supply chains evolve from linear and sequential operations to adaptive networks capable of adjusting intelligently to changing economic and market conditions. They can also synchronize supply to demand, and sense and respond to supply chain events through an adaptive network with real-time distribution, transportation and logistics capabilities.

Conclusion
In recent times, risk management is gaining a higher corporate profile. Companies of vision are allocating more and more resources to the topic, and this trend is likely to continue. As supply chains extend and become ever larger and more complex through the pursuit of new markets for goods and new suppliers for product components, supply chain management and risk management become more inextricably linked. And with expansion of supply chains, the risk of disruption grows as well.

Understanding risk is the first step to managing it, and companies can begin by identifying and profiling risk variables, assigning factors to risk so they can be assessed quantitatively, and using IT tools to help better understand and manage risk. Taking such steps can help companies be better aware of potential risks and more able to handle supply chain disruptions – putting them in position to be looking for business opportunities when others may just be looking for a way out.