This is the first of two excerpts from a newly published book titled “Supply Chain Risk: Understanding Emerging Threats to Global Supply Chains,” authored by John Manners-Bell. In “Supply Chain Risk,” Manners-Bell assesses the various sources of external threat to the supply chain, including environmental, geopolitical, economic and technological, and describes how to deal with them strategically. “It’s not about preparing your supply chain for a known threat, it’s about making it resilient against all risks. This requires a great deal of scenario planning; putting processes in place, implementing the technology to sense and respond to events as they happen. It has to go to the very core of a company’s supply chain strategy,” he said.
John Manners-Bell is the CEO of Transport Intelligence, a leading supplier of market solutions to the global logistics industry. He is chairman of the Supply Chain Council of the World Economic Forum and an advisor to the UN and the European Commission. He is the author of “Global Logistics Strategies”, the forthcoming “Logistics and Supply Chains in Emerging Markets” and the recently published “Supply Chain Risk: Understanding Emerging Threats to Global Supply Chains,” 978-0-7494-7110-1 (all published by Kogan Page).
Work undertaken by the World Economic Forum’s Risk Response Network identifies a resilient supply chain as a system which can be returned to its original state after a major disruption (WEF 2013a). In fact some analysts go further suggesting that resilience should include the ability of a supply chain to maintain output at close to potential throughout and in the aftermath of a major shock. To do so not only maintains levels of customer service but also can deliver a competitive advantage over supply chains which are not able to cope with the shock so well.
Of course engineering resilience is easier said than done. Many executivesfear that resilience can only be achieved by compromising system efficiencies, for example by increasing inventory holdings or building redundancy into transport and warehousing capacity. This trade-off goes to the heart of the debate on supply chain risk. Many would argue that the improvements in manufacturing practice which have led to a ‘right-fi rst-time’ culture have improved quality right the way across supply chains and made them more robust rather than less so. It could also be argued that unbundling, outsourcing and globalization have led to a diversification of production which mitigates against any single disaster having a catastrophic effect on a company’s ability to operate. Developments in technology also allow managers to be much better able to ‘sense and respond’ to supply chain problems.
However, there is no doubt that lean inventory supply chains, whilst better able to deal with minor operational incidents, are more prone than ever to catastrophic events. It is the goal of many executives to square this particular circle, and this can be achieved by engineering resilience into supply chains from the outset.
Resilience should be designed into a supply chain by better understanding vulnerabilities and addressing them. One of the best ways of achieving this is through what has been termed ‘supply chain intelligence’ which involves gaining visibility of upstream and downstream suppliers. By ‘auditing’ a supply chain, over-dependence on a supplier can be identified and alternatives developed. Levels of unacceptable external risk or long lead times can also be flagged up. In practical terms this can lead to the development of what could be termed a ‘supply chain register’.
Creating visibility relies on a high level of collaboration throughout the supply chain and the creation of an ethos in which a supplier is encouraged to audit its own suppliers. Likewise, there should be a flow of information to suppliers to help them better understand the end customers’ demands. Achieving these levels of information sharing will allow supply chain partners to more accurately identify appropriate levels of stock, and allow decision-makers to judge the appropriate trade-off between just-in-case and just-in-time production.
Resilience implies an agile supply chain:
● collaboration – active involvement with suppliers and suppliers’ suppliers;
● ethos – information sharing and supply chain intelligence;
● strategy – awareness of emerging trends and issues which may impact on supply chain;
● tactical response – impact on an operational level; demand, supply, process and control risk;
● operations – supply chain event management.
A timely response to an event which impacts on a supply chain is essential to the limitation of damage. The speed of reaction can be described as ‘ agility’– however, it is not enough for just one player in the supply chain to be agile. For a supply chain to be competitive it is necessary for multiple parties to have the capability to respond quickly to disruption.
Christopher and Peck describe agility as having two elements, ‘supply chain visibility’ and ‘supply chain velocity’. Visibility of a supply chain involves having a clear understanding of demand and supply (production and purchasing schedules) as well as knowing what inventories are being kept where (Christopher and Peck, 2004). The breakdown of silos within the supply chain is an important goal to provide these levels of visibility. Velocity – which Christopher describes as the time lapsed between order from a supplier and delivery – is important in ensuring lean inventories. However, in terms of supply chain risk, inventory acceleration is perhaps more important. How quickly can product delivery be speeded up to respond to a particular event in the supply chain? Small batch quantities, reduction of time in which product is held as inventory and streamlining of processes is essential to this concept.
The Figure 2.1 shows a simple response to a disruptive event in a supply chain. Managers who have an oversight of the supply chain can respond to the problem by using an alternative source of production, exploiting spare capacity. Levels of safety stock can then be replenished from other sources of inventory. This would then minimize the decrease in production and mitigate losses. However, even in this simple scenario there is an assumption that:
- Management is in place with the necessary visibility to make informed decisions over production and warehousing.
- Alternative suppliers are in place allowing the main customer to switch over quickly.
- Safety stock levels are suffi cient to allow replenishment throughout the supply chain.
Preparedness and strategies for response
Supply chain disruption can occur at many levels – from localized warehouse disruption – for example, fire or flooding – up to regional/global network failure caused perhaps by a major natural disaster. One of the ways in which companies can formally approach the management of risk is through the adoption of the ISO 31000 standard. Using this standard can help organizations improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment. Although it is not a certification process, it can help provide guidance for internal and external audit processes. Organizations can use it to compare their risk management practices with an internationally recognized benchmark, providing the principles of effective management and corporate governance. The standard helps managers to answer:
● What can happen and why?
● What are the consequences?
● What is the probability of their future occurrence?
● Are there any factors that mitigate the consequences of the risk or that reduce the probability of the risk?
Companies such as Coca-Cola have decided to use the standard in its approach to managing risk in its supply chain operations. It broadly categorizes risk management into ‘deployment’ and ‘sustain’ stages.
Firstly, the ‘deployment’ process incudes the identification of significant risks, using a checklist method. This can identify the most urgent risks to the organization. Secondly, analysis of these risks is required – looking at the risk causes and consequences. Thirdly, there is the mitigation stage. Having identified the risks, it is necessary to identify courses of action that would prevent them from occurring. As this process takes place, each stage needs to be documented and a risk register created which will allow the status and risk treatment plans to be tracked.
After the initial assessment and mitigation phase, a programme of ongoing risk management needs to be put in place. This will review how risks are being managed on a regular basis and identify new and emerging risks using multiple sources of data. Finally, risk awareness can be built into business planning, taking into account risks to overall corporate objectives.
For example, in a scenario presented by drinks manufacturer Coca-Cola, a risk analysis programme would identify potential ‘Risk Events’. This could be the introduction of ‘off-spec’ carbon dioxide into products. The possible consequences of this would be the necessity to recall and destroy products, resulting in the loss of brand reputation and sales.
Consequently the possible causes which would trigger this risk event need to be identified. In this example these could range from external supplier issues with quality; faulty gas fi lters in Coca-Cola’s factories or badly designed piping systems. Having identified these possible causes, a number of quality control initiatives could be undertaken to prevent this event.
At the same time as these, actions to reduce the consequences of a risk event are also put into effect. What this approach does is reduce the ‘likelihood dimension’ whilst at the same time mitigate the ‘consequence dimension’.
After the identification of the various risk events has been undertaken, a ‘risk register’ can be developed. This contains the risks, potential causes, consequences and treatments at a specifi c location. It is then possible to allocate ‘ownership’ to specific individuals. These registers can then be used to build a bottom-up risk profile over a particular region.
The second excerpt will take a look at Cisco’s approach to supply chain risk management.