Supply Chain Risk Management Still Not Receiving Enough Attention

Posted on the 22 January 2013 by Stephendeangelis @EnterraCEO

Looking back on 2012, Adrian Gonzalez observes, "Some companies took proactive action to define and implement supply chain risk management practices, many more did not." ["Rethinking Supply Chain Risk Management," Logistics Viewpoints, 2 January 2013] Gonzalez isn't alone in his observation (see my post entitled Supply Chain Disruptions Are Growing More Serious but Risk Management isn't Keeping Pace). Gonzalez reports that when "Hurricane Sandy hit in October ... companies that had failed to 'walk the talk' on risk management experienced significant supply chain disruptions, and they were reminded once again why they can't afford to ignore this critical dimension of supply chain management anymore." Gonzalez may be correct that companies can't afford to ignore risk management, but Tim Burt reports that the priority it receives depends on in large measure on how recently a major supply chain disruption occurred. The further such events fade into the past the lower risk management descends on the priority list. ["Have we seen a watershed in risk management?, Procurement Leaders, 3 January 2013] He draws that conclusion from the results of survey conducted last year, although he acknowledges, "Why this attention slipped is open to debate." He reports that John Walker, global CPO of the Swiss-based Buhler Group, speculates that the downward trend "could demonstrate that recent risk mitigation efforts are taking root and actions could be paying off." That would be good news.

Burt believes that events of 2011 and 2012 created a watershed for supply chain risk management and Johnson agrees, at least for Chief Procurement Officers. He stated, "I believe that CPOs are again realising that in a global world – even in the absence of an event – they must be prepared. ... All stakeholders – investors, boards, customers and employees are asking: how do we maintain and protect revenue? It's evident to me that we are now focused on managing risk and protecting revenue generation; I predict this trend will not go away." As I noted in my previous post referenced above, supply chain disruptions are more likely to increase in the years ahead than decrease. Burt agrees. He states, "Global events aren't going to go away." Gonzalez notes, "Although natural disasters like hurricanes and floods grab the headlines, the reality is that supply chains face a whole range of risks that are always present." He details a few:

  • "Supply shortage due to a quality problem, supplier bankruptcy, or other issue. A recent example is Ford Australia and General Motors Holden racing in to underwrite a supplier’s $6.5 million debt to prevent their own production lines from shutting down.
  • "The continued rise of trade protectionism, which is increasing the cost of imports and exports, as well as dampening demand for goods and limiting supply. In a speech last summer, the Director General of the World Trade Organization, Pascal Lamy, said that 'the accumulation of these [new] trade restrictions is now a matter of serious concern.' Last March, for example, the US, EU, and Japan filed a formal complaint with the WTO accusing China of keeping rare earth prices low for its domestic manufacturers and pressuring foreign firms to move their operations there.
  • "The impact of currency rates on supply chain costs and product demand. In 2011, for example, Sharp Corp. announced that it was localizing more of its solar-panel production outside Japan because the strong yen was making exports too expensive, especially compared to Chinese products. 'We need to change the way we manage our businesses so that foreign exchange movements won’t affect us as much,' said Sharp President Mikio Katayama in an interview.
  • "Disruptions caused by IT service failures or security breaches. This past November, for example, United Airlines flights were grounded for several hours due to a computer glitch. And last summer, Amazon.com’s EC2 service went down twice, affecting clients such as Instagram, Pinterest, and Netflix, and hackers broke into LinkedIn’s site and stole more than six million of its customers' passwords.
  • "Social media: Can what people say on Facebook, Twitter, YouTube, and blogs bring your supply chain operations to a halt, or even put your company out of business? You bet it can, as the 'Pink Slime' incident showed last year."

Gonzalez asserts that there is "a great foundation of knowledge and experience" in the area of risk management that companies can use to get started. He also indicates that there are some "new ideas and developments" that are starting to emerge. He offers four ideas to consider, starting with corporate culture. He writes:

"Make thinking about supply chain risk part of the corporate DNA. This was one of my key takeaways from an executive 'think tank' session I attended last summer on supply chain risk management. The goal is to incorporate risk in the decision-making process at all levels of the supply chain, just like cost is today. In other words, supply chain professionals need to get to the point where talking and thinking about risk is as common and instinctual as talking and thinking about cost and service. Unfortunately, at many companies today, risk rarely enters the conversation or analysis. Some of my other takeaways from the session were:

  • "Focus less on individual risks and more on the capabilities to deal with risks. Also, think about risk management as a program, not a project.
  • "Key metrics associated with risk management are Time-to-Recovery and Revenue-at-Risk. Outperforming the competition on these metrics creates a competitive advantage.
  • "You need to 'dollarize' risk in order to have meaningful conversations with Sales and Operations Planning (S&OP), Marketing, C-level executives, and other internal and external stakeholders."

If supply chain risk management is really in your corporate DNA, risk managers won't have to seek out S&OP or marketing team members or C-level executives to hold "meaningful conversations" because risk management conversations will be a part of every appropriate meeting. Gonzalez' next idea deals with training.

"Supply chain professionals need more training in quantitative risk concepts. In a thought-provoking HBR blog posting, 'Why Quants Should Manage Your Supply Chain Risk,' Carlos Alvarenga argues that 'anyone who claims to be managing supply chain risks without understanding subjects like real options, hedging, Value at Risk models, financial simulation, and so on, is more like a security guard than a real risk manager.' Simply put, supply chain professionals can learn a lot from the financial, insurance, and other industries where managing risk is a core focus and discipline."

Since more and more companies are insuring themselves against supply chain disruptions, they should be able to find help in this area from their insurer. Insurers would rather help prevent or mitigate disruptions than make big payouts. Gonzalez' next idea deals with social media.

"Leverage social media as a risk management tool. Social media provide you with more timely and insightful insights about emerging risks and events, enabling you to take corrective action sooner and thus prevent (or minimize the impact of) a supply chain disruption. For example, according to an October 2011 Wall Street Journal article, 'When Virginia's magnitude 5.8 earthquake hit [in August 2011], the first Twitter reports sent from people at the epicenter began almost instantly at 1:51 p.m.— and reached New York about 40 seconds ahead of the quake's first shock waves … The first terse tweets also outpaced the U.S. Geological Survey's conventional seismometers, which normally can take from two to 20 minutes to generate an alert.' The article also highlights how researchers and firms are mining Twitter messages 'to monitor political activity and employee morale, track outbreaks of flu and food poisoning, map fluctuations in moods around the world, predict box-office receipts for new movies, and get a jump on changes in the stock market.'"

In an earlier post, I cited one source who reported that a manufacturer realized that one's of its suppliers was in serious financial trouble when workers in the area started to comment on social media sites that the supplier's parking lot was looking emptier every day. Gonzalez' final idea deals with supply chain mapping.

"Start by mapping your supply chain. Do you know where the manufacturing facilities of your suppliers (and their suppliers) are physically located? Which parts are manufactured at each location? Do you track the history and frequency of disruptions that occur at each facility and geographic region, due to either natural forces (hurricanes, floods, earthquakes, etc.) or other factors (labor strikes, power outages, quality issues, etc.)? The bad news is that few companies gather and track this information; the good news is that there are new supply chain mapping and risk management software solutions available that companies can use to facilitate the process."

For more information about this topic, read my post entitled Risk Management: Mapping Supply Chain Risks. Gonzalez concludes, "The bottom line is that supply chain management is about managing risks. And since risks are dynamic in nature, with new ones emerging all the time, companies must continuously study the landscape and determine which risks are worth addressing now and how." Noha Tohamy, research vice president with Gartner, recommends that companies use a proactive rather than reactive approach to risk management. ["Supply-Chain Risk Management: An Essential Competency," SupplyChainBrain, 10 January 2013] Like Gonzalez, Tohamy believes that risk management must become part of a company's DNA. "In my experience, she says, "risk management has to be sponsored and understood by executives across the entire organization." She also believes that prevention is better than cure. The article concludes:

"In recent years, she has seen a greater awareness of the issue among supply-chain managers. 'I think we're getting better,' she says. 'Most of the companies I work with are starting to talk about how to make the supply chain more resilient.' To do that, they need to acquire a deep understanding of their products, critical components, and sourcing networks. They also need to engender better collaborative relationships with multiple tiers of suppliers. In the debate over stressing prevention of future disasters versus building resiliency to what actually happens, Tohamy leans toward the latter. In fact, she says, good risk-management can provide a means of boosting competitiveness and coping with emerging markets. 'The way I look at risk,' she says, 'is as just another opportunity out there.'"

As I've noted before, risk management processes are not cost free; but, the alternative to risk management (doing nothing) can end up costing a company a lot more.