Risk Management in Global Supply Chains

Stephen DeAngelis

August 24, 2015

Managing day-to-day operations in a global supply chain is no easy task. That’s certainly not news for supply chain professionals. In fact, a recent survey conducted by Barloworld Supply Chain Software found “four out of five supply chain executives say the performance of their supply chains is average or poor owing to the effects of globalisation.”[1] Managing risk associated with global supply chains is even more difficult than dealing with the challenges of routine operations. A large majority (63%) of survey participants indicated that the number of partners involved in the supply chain was a major reason for performance and risk challenges. Bart Kelly and Mike M. Varney (@Mike_VarneyCPA), from Crowe Horwath LLP, write, “The growing webs of suppliers and their subsuppliers have created greater complexity and risk in manufacturer-supplier relationships, which can result in a manufacturer having little to no notice that it is not able to meet a customer’s needs.”[2] Will Green reports that survey results released by Xchanging Procurement concludes that “supply chain risk was seen as a challenge by 77 per cent of firms, and as an ‘extreme’ challenge by almost one in five.”[3] The worst risks, of course, are those that can result in supply chain disruptions. Bruce Gain asserts, “Disruptions in the supply chain have always been a source of major concern. … However, the level of worry will only rise as today’s worldwide supply networks become more geographically diverse, riskier, and ultimately, more prone to outages.”[4]

Steven Minsky (@SteveMinsky), CEO and Founder of LogicManager, insists that the best place to start a risk assessment is by tapping employee knowledge. He writes, “Risks are known far in advance by at least one employee — and typically by several — on the front lines of every business.”[5]< He continues:

“Problems arise when managers lack mechanisms to escalate and connect their risks with the concerns shared by colleagues in other parts of the organization. When critical business interdependencies are not formally recognized, they remain invisible, and the cumulative impact of these concerns is rarely addressed. Without the ability to identify connections between risks across business silos, high impact risks remain ‘unknown’ to senior management. As a result, the individuals capable of allocating resources to mitigate these risks sit idly as their risk exposure grows. This is literally a preventable disaster waiting to happen.”

Minsky’s observation highlights the importance of understanding connections (or the lack thereof) for any business — especially in the digital age. Kelly and Varney add, “Ever-expanding supply chains make it difficult to maintain consistent and timely visibility with suppliers, which ultimately affect the close relationships manufacturers historically have had with their suppliers. … Today’s supply chains, though, find companies further removed from their suppliers and a personal level of contact. Relationships increasingly are transaction-based and often focused primarily on cost, leaving relationship-based premiums severely diminished. As a result, companies might have lower costs, but they also have much less insight into the business of their suppliers, leaving them with little advance notice of signs of trouble that could affect them.” One way to deal with complexity is to employ a cognitive computing system, like the Enterra Enterprise Cognitive System™ (ECS) that is able to apply the latest analytic tools to help increase supply chain visibility and predict perturbations resulting from disruptions or delays. Provided with the right data, a cognitive computing system can help identify relationships and potential areas of risk as well as ensure that day-to-day operations run more efficiently. Kelly and Varney assert there are four essential components of supply chain resiliency: visibility, responsiveness, integration, and control. A good cognitive computing solution can help in each of these areas.

Visibility

As noted above, the better the visibility and understanding of the supply chain the better able companies are to identify and deal with potential risks. Green reports that BSI has proffered several tips companies can use to improve their supply chain visibility. They include:

Identifying critical business functions: Once critical business functions have been identified, it is possible to apply a methodical approach to the threats that are posed to them and implement the most effective plans.
Remembering the seven ‘Ps’ needed to keep businesses operational: Providers, performance, processes, people, premises, profile, and preparation.
Understanding and tracking past incidents with supplier: Obtain country-level intelligence so you understand what factors may cause a supply chain disruption, such as working conditions, natural disasters, and political unrest.
Assessing and understanding vulnerabilities and weak points: Conduct risk assessments to evaluate supplier capabilities to effectively adhere to your business continuity plans and requirements.

Cognitive computing systems can help provide insights in all of those areas. Kelly and Varney add, “Too frequently … companies concentrate primarily on cost and on-time delivery. Instead, companies would be far better off considering a wider set of ongoing metrics and monitoring those metrics through methods as varied as regular interaction with suppliers and multifaceted supplier scorecards.”

Responsiveness

Obviously, companies need to be responsive to challenges that threaten smooth operations. Responsiveness is particularly critical, however, whenever a disruption in supply chain operations occurs. Potential risks that could result in supply chain disruption abound. James Allt-Graham, a Partner at GRA Supply Chain Consultants, insists, “Business interruption … is around every corner for most global supply chains.”[6] Kelly and Varney add, “A company must be able to identify the areas where potentially damaging issues could arise, such as a supplier’s inability to provide the requisite supplies for the short or long term, and move those parts of its chain based on the company’s or market’s demands.” In order ensure the best possible response to crisis, a company needs to develop and exercise a continuity of business plan. BSI recommends the following:

Agree and document your plans: These should never just be hidden away. Assess critical suppliers to make sure their business continuity plans fit with your objectives and are defined within a contract.
Make sure plans are communicated to key staff and suppliers: Equally, share them with other key stakeholders to boost their confidence in your ability to maintain ‘business as usual.’ This is particularly important for small businesses or those working with suppliers/buyers for the first time.
Try your plans out in mock scenarios: If possible include suppliers in your exercises and remember to test them not only in scenarios where there may be a physical risk, such as poor weather conditions making premises inaccessible, but people risks such as supply chain challenges, and boardroom departures.
Expect the unexpected: While lean and efficient supply chains make good economic sense, unexpected events can have a significant impact on the operations and reputation of businesses.
Make sure your continuity plans are nimble and can evolve quickly: If your plans look the same as they did 10 years ago, then they probably won’t meet current requirements. Organizations engaged in business continuity management will be actively learning from their internal audits, tests, management reviews and even from incidents themselves.
Make sure you’re not just ‘box-ticking’: Plans that get the tick against the to-do list but don’t actually reflect the organization’s strategy and objectives can lack credibility and are unlikely to succeed in the long-term. Instead, make sure your plans allow you to get back up and running in a way that aligns with your organization’s objectives.

Integration

Kelly and Varney write, “Integration consists of two vital elements. The first element relates to integration within the organization. Departments that play crucial roles in successful planning and production should communicate clearly and frequently. The procurement department often is left managing the supplier relationship. To serve the supply chain needs more optimally, structured, recurring input from sales, production and other functions is required. The second element of integration relates to the various suppliers a manufacturer uses. Companies must find ways to create a genuine connection with their suppliers and form relationships based on more than just cost. Technology, for example, can facilitate real-time integration with and feedback for suppliers.” In today’s digital age, most connections are going to be electronic and the data available electronically is going to come in a variety of forms. Integrating that data so that it can be analyzed for insights is no easy matter. “Companies should consider many different types of data, from a variety of sources in order to gain an understanding of risk,” another source writes. “Examples include the OFAC economic/trade sanctions list, supplier financials/scores, business continuity plans, business continuity test results, information security plans, breach notification plan, vendor management plans (for those that have subcontractors to support your needs), internal business requestor requirements, internal risk subject matter recommendations, etc. Some data (e.g., capacity, compliance, etc.) is not routinely captured nor is it readily available from a single reliable source.”[7] To learn more about this critical topic, read my article entitled “Big Data Integration in a Transnational Business World.”

Control

“Control in the context of supply chain resiliency comes in several forms,” Kelly and Varney write. “To begin with, a company needs to put in place activities and processes that allow it to identify, monitor and mitigate risks. The company must strike the proper balance between imposing sufficient controls to reduce risk to the organization and imposing so many controls that the company can’t operate efficiently.” Managing supply risk is an around-the-clock activity ideal for monitoring by a cognitive computing system. A cognitive computing system can handle many more variables than either a human or a traditional computer system; making it better equipped to identify anomalies and alert decision makers when there is a problem.

Footnotes
[1] “Supply chains struggle under pressures from globalisation,” Supply Chain Standard, 21 July 2015.
[2] Bart Kelly and Mike M. Varney, “Maintaining Resiliency in the Face of Expanding Supply Chains,” IndustryWeek, 17 June 2015.
[3] Will Green, “Supply chain risk ‘a challenge’ for nearly eight in 10 firms – survey,” Supply Management, 13 July 2015.
[4] Bruce Gain, “10 Business Continuity Tips for the Global Supply Chain Era,” EBN, 18 May 2015.
[5] Steven Minsky, “Managing Uncertainty: Escalating Unknown Knowns (Part 1 of 2),” ebizQ, 9 July 2015.
[6] James Allt-Graham, “Understanding Risk in your Supply Chain,” Global Logistics Media, 28 May 2015.
[7] Guest Contributor, “6 Steps to Integrated Supplier Risk Management,” Spend Matters, 10 July 2015.

From Globalization to Glocalization

Many experts believe the era of “hyper-globalization” is coming to an end — writing has been on the wall for years. What’s replacing hyper-globalization? Some

Decision Science and the Supply Chain’s Decision Abyss

Business experts continue to encourage companies to become data-driven enterprises. Personally, I prefer the term decision-driven enterprises. Data only becomes valuable when it provides insights