Many Supply Chains Remain Too Vulnerable to Risk

Stephen DeAngelis

June 21, 2012

“Despite a number of wake-up calls from last year’s catastrophic events,” declares a press release from Marsh, an insurance broking and risk management firm, “many organizations still lack complete visibility into their supply chains and remain vulnerable to the next disaster.” [“Global Supply Chains Still at Risk: Marsh,” Wall Street Journal MarketWatch, 17 April 2012] I dare say that most organizations “lack complete visibility into their supply chains.” Achieving that kind of visibility is very difficult. To learn more about that topic, read my post entitled Supply Chain Visibility: The Search Continues. To be honest, even if complete supply chain visibility was possible, companies would remain vulnerable to supply chain disruptions because there are too many factors that they can’t control. The point, however, is that the better the supply chain visibility is that a company has the better prepared it is to respond to and mitigate some of the consequences of those disruptions. The Marsh press release continues:

“Many risk managers are also still not adequately familiar with the tools that are available to help them mitigate their supply chain risk and improve resiliency, including insurance options. … Last year’s devastating earthquake, tsunami, and nuclear event in Japan and devastating floods in Thailand resulted in significant business interruption losses due to the impact these events had on key suppliers. Companies in the electronics, semiconductor, automotive, and many other sectors were affected with many not yet completely recovered from these and other events.”

The release highlights a tension in the supply chain that I’ve discussed before: the tension between lean and resilient practices (see my posts entitled Supply Chains: Lean, Mean, or In Between and Supply Chain Risk Management: Tension between Lean and Resilient Principles). Gary Lynch, Global Leader of Marsh Risk Consulting’s Supply Chain Risk and Resiliency Solutions Practice, and one of the authors of the report discussed in the release, states, “Even after repeated warnings about the fragility of supply chains, too many organizations continue to focus on efficiency at the expense of resiliency in the end-to-end design of their supply chains.” He went on to say, “Many organizations also continue to suffer from a lack of collaboration between business leaders and risk managers, adding unnecessary complexity and sophistication to supply chains.” The release continues:

“To build more resilient supply chains, Marsh recommends an approach that includes an organization’s total exposure, including non-physical perils, aligned to the value it derives from key products or other sources of revenue. This approach, which relies heavily on the use of analytics, can help an organization identify single points of failure in its supply chain along with risk mitigation and financing options. Risk managers are also encouraged to become more familiar with emerging supply chain insurance products, which are considerably broader than traditional contingent business interruption (CBI) and contingent extra expense (CEE) products on which risk managers have previously relied.”

It’s only fitting and proper that an insurance broker would recommend that businesses consider buying insurance policies to offset losses caused by supply chain disruptions. Another author of the report, Ben Tucker, a senior vice president in Marsh’s Property Practice, discusses why a range of insurance products should be considered. He writes:

“The CBI and CEE products that risk managers have historically looked to do not cover the increasingly frequent disruptions that many organizations face, which are not related to physical damage. For example, the eruptions in 2010 and 2011 of the Eyjafjallajokull volcano in Iceland caused little physical damage to insured property, but still led to significant disruptions and delays in the transport of goods and services into and out of Europe.”

The release concludes by noting that available insurance products not only indemnify organizations “for business interruption and extra expenses resulting from physical damage to suppliers” but “also offer insureds protection against non-physical interruptions to their supply chains. These can include strikes, riots, ingress/egress, service interruption, and pandemics.”

Although I agree that insurance is a good idea, indemnification for losses does not make a company whole. When disruptions occur, customers whose need go unmet may find other suppliers and a company’s reputation may be difficult to repair. That’s why a good supply chain risk management process needs to be in place and active. Shawn Casemore, president of Casemore & Co., a consulting firm specializing in supply-chain management, declares that a good supply chain risk management process needs to be built on three pillars: looking beyond the obvious; expecting the unexpected; and practicing to be perfect. [“Avoid Three Key Supply-Chain Land Mines,” CFO, 30 March 2012] Casemore writes, “Managing supply-chain risk requires the ability to effectively and continuously apply three pillars of risk mitigation. Similar to the three legs of a stool, these are of equal importance, and when combined create the foundation for a comprehensive risk-management strategy.” He first discusses looking beyond the obvious:

“Some organizations focus on mitigating risks that are palpable and overlook less-obvious ones. For example, are you aware of the risks that exist throughout the chain of custody for critical purchase components? Many distributors source products and equipment components from offshore sources whose quality standards are often less robust than in North America. I worked with an organization where the keys on the keyboard of an important piece of equipment were sticking. After an exhaustive analysis, the fault was found to be a process change by a subtier supplier (i.e., a supplier to a subcontractor), which had reduced the amount of dielectric grease applied between keys. What mechanism do you have in place to confirm the origin of critical equipment or components? How are you able to ensure consistent quality of these goods?”

Supply chain analysts, like Lora Cecere, recommend that organizations attempt to gain visibility from a supplier’s supplier to a customer’s customer. Casemore points out a case where the supplier to supplier’s supplier was determined to be a problem. His example points out why achieving supply chain visibility is so difficult (but important). He next discusses expecting the unexpected:

“Organizational risk-management plans may deal with known or suspected risks but fail to provide a comprehensive overview of the risks inherent within the supply chain. Following last year’s disaster in Fukushima, Japan, several automotive manufacturers, including Chrysler, Ford, Mazda, and Toyota, were forced to limit pr
oduction of vehicles with specific paint colors because the availability of Xirallic, a type of pigment sold by Merck, was down sharply. All Xirallic is made at a single plant in Onahama, a neighbor of Fukushima. After Merck marketed the pigment as having improved luster compared with existing products, the automakers began buying it while ignoring the potential for supply disruption and how they might continue operations in the event of a problem at the plant. Having no qualified secondary source for an important supply is common, but when things don’t go as planned, the effects — curtailed production, depressed revenue — can be devastating. Have you identified and qualified secondary sources for the supply of critical components, equipment, and services?”

A more recent automotive example involves cyclododecatriene (CDT) or one of the materials made from it — PA-12 (nylon-12). In March, an explosion in an Evonik Industries AG plant in Marl, Germany, disrupted the primary supply of CDT, which is used to make fuel and brake lines. The disruption caused a scramble in the industry to mitigate the consequences of the explosion (see my post entitled Supply Chain Disruption: The Reason is the Resin). Casemore’s final pillar is practicing to be perfect. He writes:

“Some risk-management plans are contained neatly in binders and placed on shelves. That doesn’t mean those responsible for implementing these strategies are aware of the origin, likelihood, and severity of risk that exists. Effectively planning for risk requires full disclosure of risks, and all risk-mitigating and contingent actions that may be required, to all who will have to perform such actions. The most successful risk-management plans are those that involve input from and education for key stakeholders. Many organizations invest significantly in training programs to improve employee skills, but not in educating employees on inherent business risks and their role in managing and mitigating such risks.”

Cisco Systems operates an award-winning supply chain risk management process that monitors worldwide events on a 24/7 basis. To learn more about Cisco’s process, read my post entitled SCRM: Preparedness and Resiliency. As I noted at the beginning of this post, it is impossible to eliminate all risks or become so resilient that disruptions never occur. As a result, it is increasingly imperative that companies establish a good SCRM process as well as consider purchasing insurance that can help them offset the costs of disruptions when they do occur.