"After tsunamis, protests, wildfires, and riots — to name just a few recent major disruptions — few managers can be unaware of companies' vulnerability to the vagaries of politics and extreme weather," writes Mary Driscoll. She editorially adds, "You'd think." ["Research: Why Companies Keep Getting Blind-Sided by Risk," Harvard Business Review Blog Network, 18 July 2013] "Yet," she reports, "three quarters of the 195 large companies surveyed recently by APQC got hit by an unexpected major supply chain disruption in the last 24 months." Driscoll's question is: Why are these disruptions unexpected in light of recent history? In many cases, she notes, "C-suite executives had to get involved in the fix-it process for a sustained period of time." She finds it even more puzzling that these disruptions were "unforeseen" considering that "these are the same senior executives and middle managers that have supposedly been embracing formal enterprise risk management (ERM) for some time." Which raises another question: "Why did these systems fail so spectacularly?" The quick answer is: Shortsightedness. Driscoll explains:
"Part of the problem stems from the familiar gap between the talk and the walk. Survey findings indicate that most organizations' leaders did indeed express concern about the impact of political turmoil, natural disasters, or extreme weather. But the findings also show that the people at the front lines of the business were hamstrung by a lack of visibility into risk. Nearly half said they lacked the resources needed to adequately assess business continuity programs at supplier sites. Many relied on the suppliers filling out perfunctory, unreliable checklists. It's likely that the push to protect profits during the recession made matters even more difficult for supply chain operators. Seventy percent of the respondents to the APQC survey say their organizations pruned their lists of suppliers over the past five years, with the intent to reduce costs. Moreover, nearly three-quarters (74%) of the companies over the period added suppliers physically distant from their facilities, with 63% acknowledging that their suppliers are located in areas of the world known for high-impact natural disasters, extreme-weather events or political turmoil. It appears the urge to source in low-cost regions clouded the cost-versus-risk calculus for some."
In several previous posts on the subject of supply chain risk management, I've noted that the "push for profit" can have a negative impact on supply chain resiliency. For example, in one previous post, I wrote:
"Time and again the issue of balance between 'lean' and 'resilient' supply chains is raised by risk management experts. In his doctoral dissertation entitled Supply Chain Resilience: Development of a Conceptual Framework, an Assessment Tool and an Implementation Process, Timothy J. Pettit, included a graphic that, in a very general way, illustrates why balance is the key.
"Pettit's point is that resiliency does come with a price that can erode profits. A lack of resiliency, however, can also affect profits and even expose a company to total failure. Hence, finding what Pettit calls the 'Zone of Balanced Resilience' is essential. In his abstract, Pettit writes, 'The business environment is always changing and change creates risk. Managing the risk of the uncertain future is a challenge that requires resilience – the ability to survive, adapt and grow in the face of turbulent change. ... Findings suggest that supply chain resilience can be assessed in terms of two dimensions: vulnerabilities and capabilities.'"
Analysts at the Strategic Sourceror state the problem this way:
"As a business attempts to become more efficient, it may make its supply chain increasingly vulnerable to risk. Businesses use strategies such as outsourcing, supplier consolidation and low cost sourcing to improve efficiency, but these practices can add risk and a supply chain is only as strong as its weakest link, [David Oxland and Richard Kettle from] Supply Management stated. Risk analysis in strategic sourcing is crucial, and failure to identify and minimize risks can lead to profit loss." ["Supply chain risk management important to business success," 30 April 2013]
Driscoll calls this the triple whammy: Lengthened supply chains; pruned supplier lists; and doing business in risky areas. The Strategic Sourceror article goes on to state that most companies enter outsourcing arrangements with their eyes wide shut. "Ninety percent of firms fail to perform a risk assessment before outsourcing, Supply Management found." Catherine Bolgar agrees with Driscoll that companies really have few excuses for being blind-sided by risks. "Keeping tabs on supply-chain risks sometimes seems like removing weeds in your garden," she writes, "every time you get one area under control, a new risk pops up." ["Emerging Risks," Supply Chain Risk Insights, 8 April 2013] Bolgar continues:
"Some companies still take a reactionary approach to supply-chain disruptions; more mature companies take a proactive approach. The best companies look farther out, toward emerging risks, for full resilience, says Nick Wildgoose, global supply chain product leader at Zurich Global Corporate, based in London. 'You're looking at future threats — or future opportunities. If you can cope better as an organization, you can perform better.' The more effective organizations carry out analysis with a long horizon."
Let's be clear, even with great analysis, no company can make itself immune to risks and supply chain disruptions. The best companies can do is make themselves more resilient. Last year Dr. David Simchi-Levi, a professor at MIT and founder of the consulting firm OPSrules, introduced something he calls the Risk Exposure Index. Simchi-Levi's methodology helps companies calculate the financial impact of supply chain disruptions as well as the estimated time to recovery or TTR. ["Risk Exposure Index Starting to Gain Traction, Change Supply Chain Thinking, David Simchi-Levi Says," Supply Chain Digest, 24 April 2013] Simchi-Levi told Supply Chain Digest editor-in-chief Dan Gilmore that "the effort to collect information on TTR across the supply chain changes a company's approach to risk management. First, such companies realize they don't have this data, and when they do collect the information there are usually some surprises. Second, the approach then often spurs companies to find ways to reduce TTR, and thus the financial impact."
Lloyd's, the world's largest specialty insurance market, notes, "As production networks and supply chains become increasingly globalised, localised incidents can have a number of major effects on every level of business at home and abroad – from manufacture to distribution to sales." ["Building Supply Chain Resilience," 8 May 2013] Tom Teixeira, a partner in the global solutions consulting group at Willis, told Lloyd's, "What people forget is the supply chain now is a global network and that’s why there really is a need to get into quite a lot of analytics to understand what the pinch points are." In other words, doing their homework should be an essential task for any company that relies on a global supply chain. Driscoll agrees. She writes:
"Supply chain disruption risks often [get] painted as ... operations-level risks and for that reason never [make] it onto the list of 15 or so major strategic/enterprise risks assessed and managed by the Chief Risk Officer's formal ERM process. Many ERM assessments focus on risks related to competitive strategy or the customer experience. The result is that too many boards don't think to ask about — and are not briefed on — the risks of, say, sourcing key components in risky regions of the world. They wind up blind, therefore, to many crucial strategic risks. 'The important thing is to figure out what might be a severe disruption and to do this you have to look down into the different tiers of supply. People at the top need to ask: "What might be out there that we are not currently aware of,"' says Dr. Paul Walker, an expert in ERM at St. John's University in New York."
There are no silver bullet solutions for assessing and mitigating supply chain risk. I like Bolgar's weed analogy: "Every time you get one area under control, a new risk pops up." Vigilance, analysis, and awareness are the keys to addressing the challenge.