Assessing Supply Chain Risk Events

Stephen DeAngelis

June 27, 2011

Before jumping into today’s topic, I hope you will pardon a little horn-blowing. I was recently contacted by Tracy Myers of PMPCertificationTraining.org and told that this blog had made the group’s list of the 50 Best Risk Management Blogs.Top Blog I confess I was a bit surprised since risk management is only one of many topics about which I write. Nevertheless, I am flattered to be on a list that includes so many distinguished and accomplished bloggers and sites. Now, on to today’s topic.

Steve Hall reminds us, “In the fast-paced world of global supply chains, you can’t always know what’s going on right now.” [“How do you know the true impact of a risk event on your supply chain?” ProcurementBlog, 18 March 2011] Even if you could gather all the data you required in real-time, it would still take time to process and present that information in an actionable format. The bottom line is that supply chain risk managers will always encounter a time delay when dealing with risk events. Hall was specifically addressing his comments to Chief Procurement Officers (i.e., professionals who must react to supply disruptions or commodity price volatility). Since a perfect “sense, think, and act” system doesn’t exist, Hall asks, “So what do you do?” He continues:

“A CPO of a major mining organisation recently told me he has a series of checklists in place so if one of his team, responsible for monitoring a situation notices any of these ‘red-light situations’ happening they immediately go into a pre-planned risk-aversion drill. Great, but obviously you can’t plan for everything.”

I agree with Hall that you can’t plan for everything; but, you can plan for some things. Conducting “what if” exercises helps decision-makers develop the skills they need to confront risk events, even if they are not events for which mitigation plans exist. To learn more about the importance of “what if” exercises, read my post entitled Modeling “What If” Scenarios. The next thing that Hall recommends is “getting a better understanding of the situation itself.” Although decisions often need be made quickly, rushing to judgment can often be as bad as procrastination.

During “what if” exercises as well as real-world risk events, understanding what kind of information you need to make an informed decision can be the best place to start. I recommend contacting appropriate personnel and having them write down questions that need to be answered to help in order to make the best possible decisions. Once those questions are sorted out, you’ll have a much better idea about the kind of information you will need to make informed decisions and a pretty good idea where you need to start.

Obtaining the right information may not always be easy. Hall notes, for example, that decision-makers couldn’t fly data gatherers into Japan following the earthquake/tsunami in order to collect first-hand information. Knowing what kind of information you need, however, will make searching for it much more focused and effective. The worst thing you can do is nothing. Hall believes that too many companies aren’t proactive enough. Their attitude, he writes, seems to be “we don’t know what is going on but we’re worried.” Hall continues:

“For some the most valuable tools might be those to communicate directly with suppliers. You want to know what is happening and when, for example, that factory is going to reopen, you call them. But that may not always be feasible and you may not get the answers you need. Thus the question – and it something of an open-ended one – what are you basing your short-term decisions on when it comes to complex, unclear events? Not trends, I’m referring to risk-rich situations, like the earthquake in Japan, where everyone agrees that supply chains will be affected but no-one can quite put their finger on how much. Perhaps the answer is that there’s not much you can do; no-one has a crystal ball. But whenever I’ve spoken to CPOs, even in theoretical terms, about risk management, they’ve almost always emphasised the importance of spotting the risks early and having the plans in place to minimise the effects.”

Hall concludes his post with this question, “How do you actually go about doing that?” Daniel Stengl, whose blog also made the Top 50 list noted at the beginning of this post, indicates that there is no single answer to Hall’s question because no two risk events are ever the same. “Uncertainty,” he writes, “can be categorized [as] continuous risk, more slowly changing patterns, and disruptions, which describe abrupt changes in a system.” [“Mitigation or Contingency Strategies against Disruptions,” Supply Chain Risk Management, 16 February 2011] Each of those categories of risk requires a different timeline, a different level of analysis, and, most importantly according to Stengl, a different strategy. Stengl’s post focuses on a study by Brian Tomlin [“On the Value of Mitigation and Contingency Strategies for Managing Supply Chain Disruption Risks,” Management Science, Vol. 52, No. 5, May 2006]. Stengl continues:

“Mitigation strategies are distinguished from contingency strategies by the time when an action is performed. Often most of the cost occur at the same time. Mitigation Strategies, are planned and executed before the risk occurs (e.g., increasing inventory levels). Contingency Strategies, are planned beforehand but executed after the risk occurs (e.g., power generator after a power failure).”

Stengl continues his narrative with a discussion about “Optimal Strategies” that were “tested in Tomlin’s model.” The follow graphic summarizes the strategies.

Figure 2: Available Strategies in the Model (Tomlin, 2006)

Stengl concludes his post with a summary of Tomlin’s conclusions and a few of his own. He writes:

“From the data at hand Tomlin draws the following conclusions:

  • “Switching to a more reliable source is favored over inventory mitigation for less frequent but longer disruptions
  • “Inventory mitigation may not be an attractive strategy when disruptions are rare but longer, since significant quantities of inventory need to be carried for extended periods
  • “For a given percentage uptime, mitigation rather than contingent rerouting tends to be optimal if disruptions are rare
  • “If volumes of the more reliable supplier are flexible, contingent rerouting (from the unreliable to the reliable supplier) can be a possible strategy
  • “Contingent strategies can help reduce the firm’s cost when used as a component of the optimal disruption management strategy
  • “For risk averse firms, mixed mitigation strategies (combining partial sourcing from more reliable sources and inventory mitigation) can be optimal …

“Tomlin meant his model not to be used for direct application in an business context, but to find out more about what factors influence optimal strategies for mitigating disruption risks. He finds that the most influential parameters are the supplier uptime and the expected disruption length, and those therefore have a great deal in defining the optimal supply chain strategy for a company. Using these findings businesses can analyze and reevaluate their current strategies.”

In a contingency, finding out the expected disruption length may be the most important information you need and it may also be difficult to obtain. Suppliers will be tempted to minimize their estimates and downplay the seriousness of the situation. Like good soccer officials, smart risk managers must figure out how much stoppage time to add on to the supplier-provided estimate. As I noted in a post entitled Gartner Publishes Its Supply Chain Top 25, “companies that can master volatility, uncertainty, complexity, and ambiguity (VUCA) have a better chance of surviving and thriving than those that can’t.”

Keith Harrison, Procter & Gamble’s global product supply officer, indicates that his company spends “an awful lot of time handling … operations in ‘Vuca’.” [“Business diary: Keith Harrison,” as told to Barney Jopson, Financial Times, 7 March 2011] Concerning events surrounding the so-called Arab Spring, he told the Financial Times, “We consider it now a fact of life that events such as the ones we have seen in the Middle East and north Africa may impact our facilities, customers and consumers and we need to be ready to react.” As Harrison underscores, events that were once considered “black swans” are no longer considered remote or inconsequential. In times past many companies generally had to worry about risk events at a few locations in stable countries. With globalization, the number of plants, locations, and potential risk events have grown exponentially. It turns out that black swans aren’t all that rare.

Since, as Steve Hall correctly reminds us, you can’t plan for every risk event, the next best thing to do is make a vulnerability assessment of your company. Risk events may be different, but your vulnerability to those events remains fairly constant. Jeff Karrenbauer, president of INSIGHT, a supply chain management consultancy, notes that “ad hoc strategies, such as drawing down inventory stockpiles, are poor substitutes for proper supply chain continuity planning.” [“Would Vulnerability Analyses Have Helped Supply Chains in Japan Avoid or Minimize Disruption?SupplyChainBrain, 25 March 2011] Karrenbauer further stated, “Companies need to have a strategic supply chain plan in place that mitigates the impact of disruptions. Possible components of the plan include inventory positioning, alternative sourcing, transportation options and so on.” The article continues:

“Strategic supply chain plans incorporating inventory analysis balance the cost of extra stock against the risk of lost sales, lost customers and a negative impact on bottom line profitability. Too much inventory results in higher costs, negative impact on cash flow, and too much working capital tied up and unavailable for other initiatives. Too little inventory results in missed sales, lost customers, and poor service. Strategic planning ensures companies have alternative sources of parts and supplies along with balanced inventory levels.”

I think Daniel Stengl would agree that the strategies noted above are important but you need to understand the difference between a mitigation strategy and a contingency strategy — both are important. If risk management is one of your main tasks, I recommend you regularly visit a number of the posts recognized in PMPCertificationTraining.org’s list of the 50 Best Risk Management Blogs.