Supply Chain Management: New Opportunities for Risk Managers by William Atkinson While lean manufacturing and global sourcing can generate significant savings for companies, they can also expose them to a greater risk of supply chain disruption. One might think that the responsibility for managing supply chain risk should fall to the purchasing department. After all, they are the experts in supply chain processes. However, that is similar to suggesting that factory managers should be responsible for property and casualty risk. Indeed, they should have some responsibility for helping to prevent risk exposures, but, ultimately, the responsibility should fall to the risk manager. A 2004 survey of purchasing executives conducted by Purchasing Magazine found that only half of all respondents reported monitoring supply chain risks often. The other half monitored this risk somewhat (17.4%), rarely (29.6%), or never (3.6%). In addition, while the purview of the purchasing department covers the supply chain from suppliers to your company, it does not cover the other half of the supply chain from your company to the customers. In sum, only the risk management department has a broad enough view to address risks from one end of the supply chain to the other. This is not to say that the risk management department should be expected to go it alone. An effective supply chain risk management initiative requires a close working relationship between risk managers and others in the organization. Risk management can provide its traditional expertise and information. Other functions such as purchasing, sales and marketing, and logistics and transportation can bring additional expertise and information on supply chain dynamics to the table. As a team, these functions can create and implement an effective supply chain risk management strategy. Respondents to the Purchasing survey offered the following recommendations to manage supply chain risk: make more use of long-term agreements with proven performance, increase the use of alternate suppliers, increase the use of forecasting and long-term planning sessions, increase inventory levels (albeit slightly), and engage in commodity hedging (for commodities such as fuel and metals). A Comprehensive Approach Stan Smith, a consultant with Portland, Oregon-based Quality Plus Engineering, offers a number of recommendations for creating a comprehensive supply chain risk management process. Determine management s appetite for risk. If management is unfamiliar with the
implications, the risk manager needs to weigh in with various levels and the implications of each level, says Smith. He does not recommend asking: How do you feel about risk? Rather, questions should revolve around issues such as: What percentage of revenue, profitability, market share and productivity are you willing to lose? Determine the optimal mix of insourcing versus outsourcing. The leaner you are, the more you must outsource, he says, adding that the more geographically dispersed an organization is, the more vulnerable it becomes to supply chain disruption. Do your homework. Study your existing supply chain process capabilities and maturity to identify a starting point for managing against their disruption. Identify supply chain risk events. Some people look at a supply chain as one continuous process, but in reality it is a number of segments and points, says Smith. As such, you need to identify the various segments and the critical points. Then, determine what the risk events are that can affect those critical segments and points. Risk analysis. Analyze these risk events and assign risk vectors for likelihood and severity. Smith recommends categorizing supply chain risk into a four-block grid. He cites an example for a risk profile for late delivery or nondelivery: Low Severity/Low Likelihood (e.g., MRO supplies from a domestic supplier) High Severity/Low Likelihood (e.g., fasteners in regulated products from a domestic supplier) Low Severity/High Likelihood (e.g., commodity parts for household appliances from an offshore supplier) High Severity/High Likelihood (e.g., specialized electronic chips in regulated products from an off-shore supplier) Quantify your risks; then prioritize them. You need to make sure all of the participants are in agreement about the level of risk, the probability of each risk event, the severity of each risk event, etc., says Smith. Create supply chain process management, assurance and controls. As an example, if you outsource something that was once internal, you need to determine a way to be sure that the supplier will meet its commitment for the contracts, he says. Other points to address include how well the contract is written as well as what kind of backup the supplier may have. He also recommends having a third party validate that the supplier is doing what it is supposed to be doing. Implement appropriate preventive, pre-emptive, predictive and corrective actions. Pre-emptive means not waiting until something happens before taking action. For example, write into your contract that the supplier is responsible for quality and that you have the right to inspect their facilities, he says. Predictive measures should be based on statistics. For example, if you have a supplier whose shipments are five days late 5% of the time, then you can plan to do something about this ahead of time.
Assure that your supply control points work. One control point might be a mechanism where you are alerted early on that there will be a disruption from a supplier. You do not want to wait until your shipment s delivery date to find out that a container did not arrive at your dock, says Smith. By then, it is too late. You need a mechanism that can tell you if a container from Hong Kong arrived in the Philippines when it was supposed to. Then, you need to make sure that mechanism works without fail. The Six-Step Process Alexander Monty, director of consulting for ADR North America in Ann Arbor, Michigan, recommends a six-step supply chain risk management process. 1. Profile your supply base. This involves identifying your strategic purchased materials (those that are integral to the manufacturing of your products), then modeling sales forecasts and revenues over time. In other words, which revenue streams are dependent upon which purchased materials? 2. Assess vulnerability. Identify your risk of supply disruption. ADR divides supply chain risks into three categories. One is external. These are disturbances to the flow of supply at any point in the supply chain, such as quality issues, strikes or other supplier issues, says Monty. A second is environmental, which is exposure outside of the supply chain, such as climate, social issues, governmental factors and terrorism. The third is internal. Examples are disruptions to internal manufacturing and business processes, he says. Monty recommends collecting quantitative and qualitative data from the supply base that is useful in evaluating supply chain risk. Part of the second step also involves creating a cross-functional team to utilize qualitative and quantitative methods to identify exposures. Companies that have world-class supply management initiatives are those that create cross-functional teams to analyze and mitigate supply chain risk, he says. Typically, such companies create teams composed of representatives from risk management, purchasing, sales/marketing, logistics/transportation, product/process engineering, quality/regulatory, and suppliers (either directly or by proxy through the purchasing department). 3. Evaluate the implications. Assess the implications of the high risks. Here, it is important to understand financial scale, such as duration and recovery costs, in order to quantify total potential impact. You need to map the quantitative and qualitative data, so you can create a baseline for frequency and severity, says Monty. 4. Identify actions. Create risk mitigation options and costs. This involves identifying all feasible options for mitigating prioritized risks and modeling the investments in resources required to implement them. Develop a decision model that will help you understand the risk and evaluate the mitigation investment options, he says. 5. Identify the best options. Gather data to model risks and options financially in order to identify the options that offer the greatest return on investment. 6. Gain management support for the initiative, create an implementation plan and
then implement it. Gaining management support is often the most difficult and challenging part of the whole process, says Monty. It is necessary to emphasize the importance of supply chain risk management to senior management in order to get the resources necessary to implement the plan. In fact, while Monty lists this as the final step, he also sees value for some organizations to make this the first step, depending on the management culture. Risk Management in Action One risk manager with experience in supply chain risk management is John Marren, director of risk management for Henkel of America Inc. in Gulph Mills, Pennsylvania. Besides having gained quite a bit of experience in supply chain risk management with his previous employer, Marren is currently getting involved in a project existing employer that involves supply chain risk management. This will be related to looking at our use of third-party warehouses and distribution centers, or our toll manufacturers, he says. We want to apply some of the tenets of enterprise risk management, such as supply chain management. The company also wants to look at business continuity planning and contingency planning. Management realizes that risk management can bring something to the table in these areas, he says. Marren realizes that the success of such a project cannot occur in a vacuum. Working with procurement will be vital in this project for a number of reasons, he says. First, procurement will have involvement in potentially sitting third-party operations. Second, in situations where Henkel would want to buy from one supplier to cover its bases in the supply chain, procurement needs to be involved in qualifying the supplier. Marren worked on a project with his previous employer that involved consolidating manufacturing of a product with single-source, raw material suppliers. He worked with purchasing to visit some of these suppliers to determine how they were prepared for contingencies that would affect the company. We met with their plant management and sales reps, and we also toured their plants, he says. If it turned out to be a situation where that was the only plant where the supplier manufactured its product, the team asked the supplier s management what they were doing to ensure their deliverability of the raw material. I found that the people in purchasing were very bright, and they had good relationships with members of management and sales from the supplier organizations, Marren says. However, many of them had never actually visited the supplier s plants. In addition, they weren t able to look at the facilities with the same set of eyes that I could, where I was looking for things that could go wrong. The result was that Marren and the purchasing people both learned a lot more about the company s suppliers and the potential risks that existed. Another benefit was that the company ended up making improvements to its own manufacturing facility so that chances of having a major mishap occur were reduced. The company also took steps so that any mishap that might occur would likely be less serious. The initiative provided an additional benefit to the company in the marketplace. Once we had implemented programs designed to increase supply chain reliability, it turned out to be a strong sales tool, he says. In other words,
just as we looked to our suppliers for assurances that they could meet our needs, we could, in turn, provide our own customers with assurances that we could meet their needs. In reflecting on his experience working on supply chain risk management projects, Marren identifies four keys to success: First, you need to show other key players where the potential risks are in the supply chain. Second, you need to work closely with all of the people involved. For example, there are a lot of people along the supply chain who are doing good things already, states Marren. Someone in purchasing might be thinking about where they can put product elsewhere if there is a problem with where it s current located, and someone in production might be thinking about where they can manufacture your product elsewhere if something happens to your own plant. In other words, different people may be thinking in their own worlds about what they would do in a tough situation, he says. The goal is to get all of these people working together to create a broader perspective to bring all of these existing ideas together and make them work together better. Third, you need to create a comprehensive contingency plan or business continuity plan. Marren recommends looking at supply chain risk management as a three-stage process: upstream supply (from suppliers), manufacturing (your own) and downstream distribution/fulfillment (to customers). If you don t address all three of these with a comprehensive plan, your efforts will fall short, he says. Fourth, as with any project, you need support from top management, which needs to devote the resources and time. In addition, if you decide to try to transform the introductory project into a permanent plan, management needs to understand the value of the plan, he says. Ultimately, according to Marren, enterprise risk management is becoming more about what risk management is about, and supply chain risk management is a key component of enterprise risk management, especially in a manufacturing enterprise. William Atkinson is a freelance writer based in based in Carterville, Illinois and is a frequent contributor to RM.