WHETHER YOUR BUSINESS is large or small, whether your company manufactures printed circuit boards or plastic molding machines or sells handbags or lawn furniture, it is not unreasonable to expect that there is a crisis looming some time in its future. The reality is that no business or industry is immune from crisis. While our tendency is to think about major disasters that create havoc and impact whole communities—such as earthquakes, hurricanes, floods, or severe winter storms—for most businesses, the disaster is more likely to be on a smaller scale. For most businesses, disaster can come from an event that may not generate headlines, such as a water main break in the immediate area, a fire confined to a small section of their business, or the failure of their IT systems.
And though we tend to think in terms of environmental disruptions, such as natural catastrophes or pandemics, we must also consider social disruptions (strikes, sabotage), technical disruptions (a breakdown of equipment, loss of a key skilled staff member), political disruptions (terrorist attacks, civil unrest, nationalization), legal disruptions (legal shutdowns, injunctions), and economic disruptions (supplier failure, exchange rate fluctuations, takeovers).
Just as it is not possible to totally prevent most disasters and disruptions, it is not realistic to assume that they will happen to other organizations but not to yours. Being prepared when the things that “can never happen here” do happen is just plain good business. Failure to plan for such events can lead to supply chain disruptions that can devastate company performance, damage profitability and stock prices, and result in irreparable harm to the organization. The consequences can also result in cascading damage to every business and organization relying on the timely receipt of your goods or services that enable them to continue meeting their customers’ needs in order to generate revenue and protect their bottom line. Who wants to stand in front of a board of directors, senior executives, or a major customer in the wake of unsuccessful attempts to restore critical operations following a disaster? Who wants to respond to their queries about why the threat went undetected, why an identified risk was not eliminated or mitigated, or why strategies were not in place to enable the organization to get back on its feet quickly?
In today’s global economy, the effects of a disaster can be more than just local; its impact can reach across country borders and oceans. In 1995, a magnitude 7.2 earthquake struck Kobe, Japan, resulting in 5,100 deaths and devastating physical destruction. Following the earthquake, all area steel mills were shut down and many other businesses became nonoperational as a result of water and gas outages. Secondary business and supply chain interruptions were extensive. Kobe was Japan’s biggest international trade hub and a major production and logistics center, with approximately 30 percent of Japan’s shipping passing through it. Even businesses with no direct physical impact suffered because of damage to the utilities, port, railroads, and roads. Production was impossible, and shipments in or out were difficult to unachievable. When Sumitomo’s Metal Industries Ltd.—the sole source of brake shoes for Toyota—closed its plant in nearby Osaka, most of Toyota’s plants in other parts of Japan closed as well. For companies like Toyota that used a just-in-time (JIT) inventory management system and relied on frequent shipments of parts and materials, there was little available inventory on hand, leading to an interruption of production. According to published estimates, Toyota lost $200 million in revenue. Moreover, the disaster cascaded and caused supply chain interruptions for businesses in other parts of the world, including U.S. companies IBM and Apple, which relied on displays produced in Kobe.
Even a seemingly relatively small emergency can result in a large business disruption. In 2000, a Phillips microchip manufacturing plant in New Mexico was struck by lightning, creating a small fire. Though quickly extinguished, the fire caused contamination in the sterile manufacturing facility, contaminated millions of chips, and halted the chip-making process. The company’s two primary customers were the two largest mobile phone companies in Europe, which used chips manufactured at the plant in cellular telephones. One of the companies, Nokia, became immediately aware of the disruption in chip deliveries and acted quickly, working closely with the chip manufacturer. Nokia arranged to purchase chips from another of its primary supplier’s plants as well as other alternative sources, quickly tying up the spare capacity. Some phone models were even re-engineered to allow the use of chips from yet other suppliers. With pre-disaster plans in place, Nokia was able to continue to assemble and distribute its products and gain a greater market share. On the other hand, Ericsson—the other mobile phone company affected—purchased all its microchips parts from the single source to simplify its supply chain. Ericsson did not respond quickly enough, had no supply chain continuity plan in place to obtain the chips, already in short supply, from another source; and suffered a lengthy and costly disruption in its assembly and distribution processes. The resulting inability to launch new products, loss of market share, and financial losses in the hundreds of millions of dollars made it necessary for Ericsson to merge with another company just to survive. The overall outcome was a permanent shift in the balance of power between the two electronics giants.
Mishaps such as technological failures—even those that occur outside the organization—can become an inherited disaster. When a major power outage started shortly after 4:00 P.M. EDT on Thursday, August 14, 2003, within three minutes, twenty-one power plants shut down, impacting eight states—including New York, New Jersey, Ohio, Michigan, Connecticut, and Pennsylvania—and parts of Canada, including Ontario. Estimates of the total cost of the blackout have ranged from $4 billion to $10 billion in lost income to workers and investors, extra costs to government agencies, repair costs to the impacted utilities, and costs for lost or spoiled food and other commodities.
Consider what a similar power outage would mean for your organization. Approximately one-fourth of the businesses hit by the outage reported that their resulting losses were more than $40,000 per hour of resulting downtime, and some indicated they lost more than $1 million each hour there was no power. Some companies reported that the outage disrupted deliveries from suppliers and deliveries to customers. In Michigan, cascading consequences were reported even outside the blacked-out area as a result of delayed and extended delivery times for parts and materials, particularly disrupting for manufacturing operations with JIT scheduling.
In managing risk, there are three fundamental truths:
1. Only a working crystal ball would enable us to predict all the risks that our organization might face in the future.
2. We cannot fully control risks.
3. By developing and maintaining an enterprise-wide business continuity program that includes all internal and external components of the supply chain, we can prepare to manage risks in order to continue meeting stakeholder expectations when disasters occur.
If we can agree that disasters are inevitable, it would seem logical that we must also agree that it is wise to take the necessary steps to manage our risks to the extent possible and to reduce the effects of disruptions through planning and preparedness.
In my work with clients, I have undertaken the mission of integrating the internal and external supply chain links in continuity planning, and it has often been a hard sell. Fortunately, that is changing as there has been a realization that the supply chain from procurement through delivery is the revenue source for most companies and is directly tied to cash flow, profitability, growth, and the related intangibles such as protection of the brand, customer trust, and stakeholder confidence.
There is a growing awareness that a disaster that impacts the supply chain is a disaster for the entire company. Incidents affecting the supply chain were often overlooked in earlier business continuity planning, but this is changing. One indication of the increasing realization of the vulnerability of today’s supply chains and the importance of fully including the supply chain in all aspects of risk management, including business continuity, came at the Institute for Supply Management (ISM)’s 95th Annual International Supply Management Conference and Educational Exhibit, held in April 2010. The conference included a risk management track with daily workshops focused on connecting risk management to supply chain management. In addition, the four-day event offered two half-day sessions dedicated to business continuity and the supply chain.
I have specialized in business continuity, disaster recovery, and emergency management consulting for twenty years. I have been a Certified Business Continuity Professional with the Disaster Continuity Institute since 1998 and a fellow of the Business Continuity Institute since 2002. I’ve worked with utility companies, luxury fashion goods companies, a hot sauce manufacturer, a PVC pipe manufacturer, a division of a car manufacturer, and government agencies, among other organizations. I’ve watched as business continuity has matured to become what it is today, and I have witnessed what works—and what doesn’t—when developing and maintaining a successful continuity program. In A Supply Chain Management Guide to Business Continuity, I want to pass along my lessons learned by providing a resource for all those who want to better manage supply chain risks. I would also like to raise awareness of the importance of business continuity planning as an enterprise-wide issue that must include the supply chain to fulfill its purpose.
My goal is to provide an easy-to-read, easy-to-understand book that focuses on supply chain business continuity within the framework of an overall business continuity program. While the terminology used is corporate-centric, the principles and planning methods can be applied in all types of organizations, large and small, including not-for-profits and government agencies.
To lay a foundation and level the playing field, the book begins in Chapter 1 with business continuity basics and the evolution of business continuity planning. A discussion of business continuity ownership and drivers and where continuity planning fits in the bigger picture of managing an organization’s risks follows in Chapter 2. Current best practices are outlined in Chapter 3, with an overview of the business continuity planning lifecycle and its application in the development of a continuity program that incorporates the four components needed to successfully manage business risks. Chapter 4 discusses an enterprise-wide approach to risk management that integrates all elements of the supply chain, from purchasing through distribution, and recommends the need to honestly assess current disaster management capabilities.
Building on the basic steps introduced in Chapter 3, a sequential process to carry out each step of the planning lifecycle is detailed in the chapters that follow:
Conducting a hazard assessment (Chapter 5)
Performing a business impact analysis (Chapter 6)
Developing supply chain business continuity strategies (Chapter 7)
Writing actionable business continuity plan documents (Chapter 8)
Providing people with continuity training and testing plans and performing ongoing maintenance for a successful business continuity program (Chapter 9)
The process is one I have applied when working with a broad range of clients, and I know it can work.
Finally, Chapter 10 offers an overview of current business continuity standards, regulations, and requirements, as well as certification programs for business continuity programs and continuity practitioners. The chapter examines some of the ways to validate and certify your own program and that of a supplier or other business partner.
Each chapter concludes with a “Going Forward” feature that suggests specific action items that, when followed, can help you gain a more comprehensive understanding of your organization’s current business continuity capability. There may also be initial steps to begin development of a new business continuity program or to enhance an existing one.
Following the last chapter is a Glossary that includes definitions and acronyms for some of the commonly used words and terminology related to both business continuity and the supply chain that you will find in this book. There are also five appendices, which are tools to assist you in carrying out the steps of the continuity planning lifecycle:
A business continuity planning assessment questionnaire for use in conducting an initial assessment of your organization’s current level of continuity preparedness
A checklist of general and supply chain–specific hazards to initiate a hazard assessment
A guide to use in pandemic planning
Guidance for establishing a business continuity organization, with five continuity team models and tips for selecting continuity team members
Sample outlines for a corporate business continuity plan and a business unit continuity plan, as well as a sample basic department business continuity plan
Because many areas of an organization have a role to play in business continuity and must work in concert to develop and maintain a capability to manage risk, this book has been written for many audiences, all of whom have a vested interest in their organization’s supply chain and the ability of that supply chain to continue to function smoothly. For supply chain professionals—who may be assigned responsibility for developing those portions of a corporate business continuity plan that address their business unit or be asked to create department-specific continuity strategies or perhaps a supply chain annex (i.e., appendix) to a business continuity plan—this book will provide a basic real-world understanding of business continuity that will lead to them asking pertinent questions about their organization’s business continuity planning and to better understand the answers they receive. Some of the questions these people need to ask are: What is business continuity really all about? How vulnerable is our supply chain? What considerations are critical to developing effective supply chain continuity strategies and plans? What can I do to improve our disaster capability?
For supply chain managers not assigned to business continuity responsibilities, the book presents guidelines to consider in determining whether their business unit has been accurately and sufficiently included in the organization’s business continuity program. These people need to ask: Is our organization vulnerable as a result of not including my department’s business functions in the business continuity program? Are there things I can do unilaterally that will lessen some of our risks and plug some of the gaps in our business continuity strategies?
For purchasing and procurement managers, who can play a huge role in helping to prevent potential disasters, this book can offer some food for thought and specific things to look for when selecting suppliers and contractors. These people need to ask: Have we included risk factors in our review of potential suppliers? How prepared are our primary suppliers, outsourcing companies, and shippers to manage their own disasters? Are there opportunities to collaborate with business partners in continuity planning?
For those responsible for disaster recovery—the technology piece of business continuity—such as the director of IT or the disaster recovery manager, this book can provide greater insight into supply chain continuity. As a result, these individuals may see a need for better support and more rapid recovery of supply chain technology following a disaster. These people need to ask: Does restoration of supply chain–related systems need to be moved up on our recovery priority list? Do we need to do some further recovery testing of supply chain applications?
For risk managers, the book can be used to review supply chain risks to help ensure that all enterprise vulnerabilities are identified and addressed. These people need to ask: Is our current business interruption insurance appropriate to our supply chain risks? Do our loss control strategies address all risks, including those of a leaner supply chain?
For business continuity managers who have overall responsibility for developing and maintaining comprehensive enterprise-wide continuity programs, this book can provide a more supply chain–specific view of continuity management. Equally important is opening the door for more effective collaboration among business continuity planners and supply chain managers. These people need to ask: Are there supply chain gaps in our plans? Do we need to revisit the planning process to more fully incorporate all supply chain risks, internal and external? Would our business continuity planning group be strengthened by adding knowledgeable supply chain representation?
And finally, for top level executives, the book can offer a more in-depth understanding of their company’s business continuity program and what is necessary to manage risks throughout the organization. These people need to ask: Does the program fully support the organization’s mission statement? Is the current business continuity reporting structure the most effective for our organization? Would I be comfortable and confident standing in front of our board of directors, owners, stockholders, or the communities we serve and touting the fact that we are fully ready to meet the demands a disaster may place on our organization and its operations?
Does this book fully cover all the most current information? Yes and no. While there can be no definitive book on the subject of business continuity, as of the date the final word was written, this book was a snapshot from my viewpoint of business continuity today. Yet it is quite likely that between then and the day you read this, changes have occurred, both in emergent disaster threats throughout the world that may result in new supply chain risks and in the continuing evolution of the many aspects of business continuity planning, and those changes may provide new risk management approaches or more stringent business continuity requirements.
To a varying degree, each person involved in the challenging pursuit of business continuity planning might view their assigned planning role as a mission as we plan for events usually outside our control that everyone hopes and prays will never happen.
Steps taken now to fully address supply chain issues in your company’s proactive approach to managing disasters will help ensure that the needs and expectations of customers are met and that the organization’s good reputation remains intact with all stakeholders.
We are all customers; we are all suppliers.
3.137.198.239