Catherine Bulgar writes, "There’s a risk of trying to assess supply chain risk with too much data, but not enough relevant information." ["Risk Tools," Supply Chain Risk Insights, 9 April 2012] I couldn't agree more. On numerous occasions, I have stressed the point that data is irrelevant if it isn't analyzed and presented as actionable intelligence to decision makers. Bulgar continues:
"The scope of today's supply chains can imply that it's hard to get a simple answer to questions like 'where does this part come from?' A U.S. business might buy a part from a British supplier, whose factory is in China and is supplied by components from other countries. The complexity can be daunting. Business impact analysis ... looks in depth at the consequences of losing a critical process or supplier, with respect to severity as well as frequency, explains Dr. Otto Kocsis, global head of technical center business resilience and principal engineer, business interruption/business resilience at Zurich Insurance Co. in Zurich."
Another name for business impact analysis is "what if" analysis. The objective of this kind of analysis, as Bulgar states, is to look at the perturbative effects of a disruption, like the explosion in a German plant that produces cyclododecatriene (CDT) and one of the materials made from it -- PA-12 (nylon-12). That explosion affected half of the production of nylon-12 which is essential in the auto industry. To read more on that topic, see my post entitled Supply Chain Disruption: The Reason is the Resin. Had the auto industry involved itself in a little business impact analysis, it might not have had to scramble to find alternatives when a supply chain disruption caused by the explosion occurred. Dr. Kocsis told Bulgar that even with such analysis, simple answers cannot be found. He said, "If you're looking at two sites, one supplying the other, even if they are in the same group it's not always obvious how interconnected these two sites are. It might be necessary to go into more detail." Lora Cecere recommends that at a minimum you look to your supplier's supplier -- and even that may not be deep enough. Bulgar continues:
"A number of tools are available for helping businesses tame the data and draw a clear picture of their supply chain risks. They may overlay risks on a map of the world, use flow charts to show tiers of interdependence or illustrate degrees of risks with heat maps."
Because of the complexity of today's supply chains, technology is critical in supplying the kind of visibility Bulgar is talking about. As you can imagine, insurance companies like Zurich, sponsor of the blog in which Bulgar's article was posted, have created a number of tools to help them assess risk. Kocsis told Bulgar that Zurich has many more tools and much more experience than its customers because the company faces these questions as part of its business. Bulgar continues:
"Zurich has a number of proprietary tools including a tool to model business interruptions, present the disruptions graphically so they’re easier to understand and provide quantitative supply chain exposures. 'We go through all the different scenarios,' from losing a major customer to fires, storms or strikes, Dr. Kocsis says. 'We calculate the effect on the balance sheet not only to the site but to the group. We provide the list of top exposures with respect to business interruption.'"
Good risk managers know that reinventing the wheel can be time-consuming and wasteful; especially if they have business relationship with a company that might have appropriate risk management tools already, like an insurance company. Bulgar continues:
"The first step is to model the value chain, then identify the scenarios, both with respect to severity as well as impact, then get the effect of those scenarios on the balance sheet. 'It's not often that organizations would look specifically at supply chain risk as a topic to audit and understand,' says Tim Astley, Regional Practice Leader for Strategic Risk and Business Resilience at Zurich, based in Birmingham, U.K. Zurich looks at 25 supply chain risk factors to understand the breadth of management control and the extent to which a business is exposed to each factor. Scenarios encompass many kinds of risk, from internal ones like fires or machinery breakdowns to external ones such as geopolitical risk, natural catastrophes, or economic problems like high inflation."
I was surprised that Astley would state that organizations don't often look specifically at supply chain as a topic to audit and understand. That might have been true in the past, but the numerous supply chain disruptions that have occurred over the past several years have more and more companies doing just that (see my post entitled Supply Chain Risk Management Comes of Age). Bulgar continues:
"Zurich’s Risk Room looks at a wide range of country-level risks around the world and presents them in a visual format to help make sense of layers of data and their connections. The World Economic Forum worked with the Risk Room in developing its report, Global Risks 2012. Models can be updated with live data from social media or real-time news feeds in order to instantly assess how bad an unfolding scenario is and to act as quickly as possible. 'A business can gain competitive advantage by getting to a supplier first and securing supplies that may soon be hard to get,' Mr. Astley says."
Professor Yossi Sheffi from the Massachusetts Institute of Technology, provided an example of exactly what Astley was talking about in his 2005 seminal work entitled The Resilient Enterprise that examined disruptions to corporate supply chains. The very first chapter in that book was entitled "Big Lessons from Small Disruptions." It unfolds a story about how a St. Patrick's Day (17 March 2000) lightning strike in Albuquerque, New Mexico, started a fire in Fabricator No. 22 of a Phillips NV chip manufacturing plant which led to unforeseen long-term consequences. For a brief description of how Nokia and Ericsson responded differently to that fire, read my post entitled The Split Second Disruption to the Supply Chain. Bulgar continues:
"Good quantity and quality of information can give sharper definition to risks. 'Robust, comprehensive data capture is really key,' says Keesup Choe, Chief Executive of PI Benchmark, a London-based company that develops risk tools and procurement decision support solutions. The data goes into models to assess risks and highlight exposures in the supply chain. PI Benchmark has worked with Zurich Insurance to identify and map all the nodes of a supply chain, decomposing each component into the most granular bits. This can help highlight concentrations of exposures—for example, your suppliers’ suppliers’ factories are mostly located in, say, Thailand, where flooding has recently led to the disrupted production of hard disks."
Although Choe rightfully stresses the importance of data capture, I return to what I wrote at the beginning of this post -- data is only useful if it is presented to a decision maker in a way that makes it easier for him or her to make a decision. That's why Dr. Kocsis stressed visualization. Bulgar continues:
"Services exist to send alerts to companies when disasters like earthquakes occur anywhere in the world. The problem is, many don't take into account whether the company or its suppliers even have a factory near the catastrophe zone, says Patrick Brennan, chief executive of Supply Risk Solutions, a Redwood City, California, provider of supply chain risk solutions. That makes for a flood of useless alerts that can obscure truly significant events. Supply Risk Solutions checks out not just a company's suppliers' factories but also the factories of the suppliers' critical sub-tier suppliers. 'A lot of customers have thousands of suppliers, with an average of five factories each,' he says. 'We’re taking all the supplier factories as well as their sub-tier factories and mapping them. Then we marry that information to global disaster feeds we get.' Companies can be notified immediately when an event occurs within, say, a 150-kilometer radius of key supplier or subtier factories."
That's impressive but not very useful if a company hasn't previously thought about what it would do should a disruption occur. Reacting to a disruption on an ad hoc basis generally results in lost time, lost opportunities, and lost revenue. Being alerted is not the same as being prepared -- a point Brennan makes next. Bulgar continues:
"Digging down to the factory level is essential because of the effects of industrial clusters. 'Companies that are dual sourcing or multisourcing aren't really mitigating their risk because suppliers of similar technologies tend to locate their factories in the same areas,' Mr. Brennan says. By surveying suppliers on a broad scale, Supply Risk Solutions has created a large database of supplier data and can gather the information more cheaply than can individual companies on their own. In tandem with identifying tiers of suppliers and their factory locations, it's critical to take steps to reduce risk ahead of any crisis event, Mr. Brennan says. The database of suppliers to leading manufacturers offers leverage, because 'we can say to a factory, we are contacting you on behalf of several of your largest customers, whom we name. They are asking you to mitigate these specific risks. When we approach them like that, they definitely listen.'"
One of the takeaways from Brennan's observations should be that risk management must be a collaborative effort among stakeholders. To borrow from John Donne, "No company is an island, entire of itself ... any supply chain disruption diminishes profits, because every company is involved in a supply chain; and therefore never send to know for whom the bell tolls; it tolls for thee." Bulgar concludes:
"Some risk tools go beyond data capture to include site visits by risk engineers. Zurich, for example, has a vast team of risk engineers who collect data about suppliers with the experience of knowing what has gone wrong in other companies and other industries. The goal is to make a business strong enough, even at its weakest link, explains Dr. Kocsis of Zurich. 'Looking back 10 years, those companies that implemented sound risk management are often among the benchmark companies. You won't be competitive on a time scale of three to five years if you are not able to manage your supply chain in a resilient way.' Nick Wildgoose, global supply chain product manager for Zurich Insurance, says, 'There are many simple and inexpensive supply chain risk tools that companies can use; why would you not want to do this given the significant financial impact a strategic supplier failure can have on your organization?'"
That's a great question. The importance of supply chain risk management will only grow in the years ahead. There is no time like the present to start preparing for the future -- a future that will surely include supply chain disruptions.