Supply Chain Risks: Who’s in Charge and What are They Looking At?

Stephen DeAngelis

August 23, 2011

Bill McBeath, chief research officer at ChainLink Research, has stated, “Most companies fail to take a holistic approach to supply chain risk management. Individual functions do address some of their own risks in isolation, but typically there is no high-level executive with the charter and power to create and drive an integrated approach to managing supply chain risk.” [“Is Anyone in Charge – Who’s Managing the Risks?SupplyChainBrain, 10 February 2011] Supply chain analyst Bob Ferrari agrees with McBeath. He writes, “Companies discover too-late that supply chain risk exists in many areas, and no one function has the empowerment to address systemic issues of quality and adequate controls.” [“Controlling Supply Chain and Quality Risks: Who? What? When?” Supply Chain Matters, 5 November 2010] The point that McBeath and Ferrari are making is that segmenting risk management rather than addressing it holistically is like trying to keep water out of a boat filled with holes.

Ferrari believes that an executive needs to be empowered to oversee traditional risk management tasks as well as trying to prevent “contamination and breakdowns in production and distribution quality standards.” Over the years, Ferrari writes that he has provided “ample evidence of a discernable trend of breakdowns in quality and supply chain risk management.” These breakdowns risk lives, corporate reputations, and can even result in company failure. Ferrari concludes, “Firms need to wake-up and heighten awareness to quality, supply chain risk identification and mitigation.” Continuing his discussion about who should be in charge of risk management, McBeath writes:

“Who is responsible for managing supply chain risk in the enterprise? Many companies don’t have a good answer. The responsibility is typically split between several roles:

“• Risk Managers—Often companies have a risk manager, but frequently that person’s focus is on managing insurance: ensuring that company is adequately covered and taking steps to control premiums.

“• Sourcing and Procurement Personnel—They are generally responsible for managing suppliers performance. For mature sourcing organizations, this includes assessing risk during supplier selection and during the period of performance. But this is often confined to checking financial viability of the supplier and trying to limit sole-sourcing situations. Rarely does it include a more holistic approach to risk that would encompass things like the business continuity readiness of the supplier or the location of the suppliers plants or who the supplier might be outsourcing to.

“• Business Continuity Manager—This is often an IT-centric function that focuses on keeping information systems up and running. It also can include disaster recovery plans for the various facilities and functions within the company, such as manufacturing, distribution, call center, etc.

“• Supply Chain Planning—In long-term planning (network design) and short-term planning (inventory planning), some thought is given to the risks as part of the overall planning process.

“• Logistics and Transportation—Usually seeks some diversity in carriers and routes and may or may not have backup plans in place.

“So risk management is taking place in pockets. But do these functions coordinate their risk analysis and mitigation into a holistic plan? Rarely. And do they consider the risk going back several tiers into the supply chain, which is becoming more and more important? Almost never.”

Considering all that is at stake, the picture McBeath paints is pretty bleak. As I noted above, the segmentation of risk management leaves holes (sometimes gaping ones) in corporate risk management activity. For example, who, in McBeath’s list of people concerned with risk management activities, would be responsible for corporate reputation or the emergence of counterfeit supplies and goods? According to Janice Abel, “Counterfeiting is a growing and pervasive problem across all industries.” [“Protecting Your Supply Chain from Counterfeit Products,” Logistics Viewpoints, 17 January 2011] She continues:

“In the electronics, consumer products, food, pharmaceutical, medical devices, aerospace, defense, and automotive industries it is particularly frightening because it threatens consumer health and safety, as well as corporate profits and brand equity. Counterfeiting is increasing worldwide, with counterfeiters using increasingly more sophisticated techniques and consumers purchasing more goods online. The value of counterfeit products was expected to reach $1 trillion globally in 2010, according to the International Chamber of Commerce and World Customs Organization.”

Abel asserts that the “use of Anti-Counterfeiting and Brand Protection (ABP) technologies and methodologies is especially important for manufacturers if counterfeit versions of their products could pose a risk to consumer health or safety; compromise brand equity; result in lost revenues; or increase their liability risks.” That is why it is critical to have an empowered executive who can take a holistic view of risk management. Abel concludes, “It is very difficult for legitimate manufacturers to keep pace with the increasingly sophisticated techniques and methodologies counterfeiters are employing.” Even in traditional risk areas, the more complex supply chains become the more challenges a risk manager faces. One tool in a risk manager’s kit is forecasting; but, as I have noted in previous posts, forecasting that only extrapolates the past into the future or is done unevenly or infrequently isn’t up to the task. Steve Banker compares such forecasting efforts to the thoughts of a turkey prior to Thanksgiving. Up to the appointed day of slaughter, the turkey has things really good and, based on past experience, he could predict that things would remain that way. Banker writes, “We can learn a lot from the past, but perhaps not as much as we think. [The turkey] would attest to that, if he was still around.” [“Turkeys, Forecasting, and Supply Chain Risk Management,” Logistics Viewpoints, 2 August 2010] Banker continues:

“All forecasts are thrown out the window when … catastrophic events occur. That is why companies should apply supply chain risk management to product forecasts and not just to factories, suppliers, and IT systems.”

While I agree with Banker, good product forecasting has proved elusive. For more on that topic read my post entitled You Can Almost Hear the Bullwhip Effect Cracking. Banker concludes, “The key point is that by having proactive plans companies can react more quickly to these kinds [of] forecast error events. Having the plan in place prevents companies from dithering and can save (or make) them a whole lot of money. This kind of planning can separate turkeys slotted for slaughter from eagles prepared to soar.” How many times over the past year have you heard differing forecasts about the economic recovery? Unfortunately, the U.S. remains in an economic malaise. As a result, some companies remain at risk of folding. If one or more of those at-risk companies are your suppliers, you could have a problem.

Hans-Kristian Bryn and Michael Denton, consultants at Oliver Wyman, claim that “companies still face much supply chain and bottom line risk from suppliers struggling to keep out of bankruptcy court or failing all together.” [“In Dynamic Economic Times, Do we Need Predictive Tools to Better Highlight Supplier Financial and Operational Risk?Supply Chain Digest, 9 November 2010] As a result, they “argue a new approach needs to be taken to address and predict potential supplier financial and operational failure.” The new approach is needed, they claim, because “supply chain risks have moved from the province of engineers into the realm of chief financial officers and treasurers.” I think that McBeath and Ferrari would argue that supply risks have moved from the province of engineers into the province of everyone — which is why someone needs to be in charge. McBeath concludes:

“Sure, we have a few Chief Risk Officers in place, but that is the exception rather than the rule, and even then you have to wonder how much clout they really hold in the organization. Until supply chain risk management becomes high on the CEO’s agenda, this situation is unlikely to change. Research has shown that when there is a major disruption to a company’s supply chain, their stock typically falls between 25 percent and 30 percent relative to the market (and it stays there for at least 12 months). That fact has not been enough to get the attention of the CEO. Not until the markets start explicitly pricing the stock (up or down), based on a company’s level of supply chain resilience, do we expect the current approaches to risk management to change significantly.”

McBeath agrees with Bryn and Denton that at-risk suppliers remain a challenge; but, he also believes that the risk may be a wake-up call for CEOs who are “worried about trying to know which of their suppliers will survive or not.” As a result, he writes, “The economic downturn was actually somewhat good for the risk management business.” He believes that CEOs won’t really turn their attention to risk management, however, until after they re-establish their businesses on a growth vector.