SUPPLY CHAINS HAVE EVOLVED into far-reaching, complex, multitiered, demand-driven supply networks. As a result, the ways in which supply chain risks were managed in the past, if managed at all, do not work today. A new standard for supply chain risk management is required. Suppliers have their own tiers of subsuppliers, increased outsourcing of supply chain processes, and contracting out of manufacturing operations. They therefore must be viewed in terms of the accompanying greater risks and less direct control. Even a disaster in a seemingly less critical, remote part of the chain can result in a supply chain interruption that can lead to a failure to meet customer expectations. Distribution sector businesses such as distributors, retailers, and food and beverage companies are uniquely vulnerable to the effects of disruptions as service interruptions result in a rapid and extreme impact on end customer satisfaction, which can lead to long-term bottom line implications.
While there have been encouraging changes, such as the trend toward development of more constructive supplier relationships and increased supply chain transparency, there has also been a significant lag in attention to supply chain business continuity. Until as recently as the past five years or so, even some of the most business continuity–savvy organizations have turned their heads and crossed their fingers in the hope that supply chain disasters would steer clear of their companies until they “get around to” extending continuity programs to fully incorporate the supply chain. It is a risky proposition to adopt the approach of an ostrich with its head in the sand. No company can afford continued delays in implementing an enterprise-wide proactive approach to managing supply chain risks.
Business continuity planning is a core business practice. Being fully prepared to respond to disasters requires creating a program with an enterprise-wide focus that considers each aspect of the organization. As businesses are symbiotic, with each business unit supporting all others, all areas of the organization must be included to meet a goal of keeping the operation going. This integrated approach to business continuity requires that business units merge any stand-alone efforts into a cohesive and proactive plan.
Unilateral planning, while not totally ineffective, can lead to planning gaps, overlaps, false assumptions, and conflicts. As an example, let’s say it is common knowledge among all departments located at a company’s headquarters that, in a nearby town, the company has another facility that is not fully occupied and has seventy-five fully equipped and unused workspaces. In their individual plans, ten departments detail procedures for relocating key employees in the event that a disaster renders the headquarters uninhabitable. Each department plans to move twenty-five employees into the second facility, where they will resume what have been identified as critical business functions. Simply doing the math tells us this won’t work. Without integrated, coordinated planning, it is possible that with the full activation of business continuity plans, 250 employees would show up at the second facility, each expecting to use one of the seventy-five available workspaces.
To be truly effective, not only must every business unit be considered, but there must be planning integration among all components of the external support services—such as financial institutions, supply chain partners, and electric, water, and telecommunications service providers—as well as among the interdependent functions within the company’s own facilities.
Every business is a web of interdependencies, and the larger the organization, the more complex the web. A seemingly minor glitch in one business unit can have a rapid domino effect on every other part of the business. Yet it is still not unusual to find that an organization has a business continuity program that excludes one or more elements of the business. These left-behind functions often include supply chain components or the entire supply chain operation. In these organizations, supply chain departments are involved only when a disaster that impacts the supply chain occurs. This results in an ad hoc, seat-of-the-pants response to disasters that is more time-consuming, less effective, and usually much more costly.
Done well, business continuity planning and management is a tremendously powerful and effective process that often goes well beyond its core goals. In addition to developing a capability to manage operational risks, improvements in processes can be identified. For the supply chain, this can mean finding ways to streamline the supply chain itself, strengthen customer-supplier relationships, and discover potential cost savings. Stakeholder expectations must be met even if transportation routes into and out of the business’s primary location are closed for two days, two weeks, two months, or even longer. The business must be prepared to survive even when critical inventory cannot be replenished through normal channels for such a period of time.
Today’s supply chain professionals need to have—at a minimum—an understanding of business continuity basics and the organization’s business continuity approach and strategies. Regardless of the level of active involvement in the planning process or the assigned role in carrying out the plans, knowing where their business unit fits in the big picture of the organization’s continuity strategies is essential knowledge for every supply chain manager.
First-rate supply chain management (SCM) and business continuity are inseparably connected. To evaluate the accuracy of this statement, we will use the following description of SCM: the process of planning and processing orders received; handling, transporting, and storing all materials, components, and products purchased, processed, or distributed; and managing inventories in a systematic, coordinated manner among all the components of the chain to fulfill customers’ orders upon receipt. Based on this definition, a primary goal of supply chain management is to ensure that the supply chain and all the business functions and activities in the supply chain, internal and external, are working at an acceptable level to respond to customer orders. It then follows that supply chain business continuity is essential to supply chain management’s ability to fully meet its responsibilities.
Even within the supply chain itself, there are cases where supply chain continuity does not fully incorporate all the functions within the supply chain, either internally or externally. While expanding the business continuity view outward to suppliers and others is a must, it is equally important that the supply chain avoid a silo approach to business continuity planning and take into account all internal supply chain interdependencies. Warehouses and distribution centers, manufacturing, and procurement and purchasing are a few examples of the internal functions that must be involved.
Warehouses are an integral part of the supply chain, whether they are a single building or many buildings at multiple locations, whether owned or outsourced. Warehouses were once viewed only as storage buildings that housed incoming materials and parts and finished products waiting to be shipped. Today, however, they are highly sophisticated systems that not only receive and track incoming raw materials and components and store and stage outbound merchandise for delivery but also use highly sophisticated technical systems to process orders, track deliveries, and maintain accurate, up-to-date inventory records. This strategic and critically important element of the supply chain must be included in the business continuity planning process. An inability of the warehouse to function at an acceptable level can lead to a failure to meet delivery requirements and create a production stoppage.
Manufacturing is perhaps the most difficult of the supply chain elements for which to develop continuity strategies. This difficulty can result in an incorrect and risky decision to exclude manufacturing units from the planning process. This may seem ironic in the case of companies for which the production or assembly of an end product is the source of income. It is likely that the complexity and limited continuity strategy options for many manufacturing operations, coupled with the fact that few major manufacturers in the United States have suffered recent catastrophic losses, make it tempting to avoid the issue altogether. Just some of the specific planning challenges in the development of manufacturing continuity include the following:
The possible need to replace customized manufacturing components and custom fixtures that can take a considerable amount of time
The expense of equipment and tools, which can be prohibitive in stockpiling a backup supply
Lack of available alternate sites for relocating manufacturing operations that require clean air quality or an antistatic environment in the event the primary facility is destroyed, damaged, or uninhabitable
Chemicals used in some processes that are hazardous materials, creating additional risks and challenges should it be necessary to relocate a manufacturing process
Federal, state, and local regulatory and licensing requirements that may require inspections and reevaluation, leading to additional delays in restoring operations
The fact that testing manufacturing continuity plans and strategies is often limited in order to avoid having to shut down and restart production lines
Developing business continuity strategies for manufacturing operations is challenging, yet it must not be omitted. It requires creative out-of-the-box problem solving and strategy development to ensure that the bread and butter of a manufacturing operation can continue or be quickly restored following a disaster event.
The responsibilities of procurement and purchasing are critical considerations in the continuity planning process, whether these functions are one or two business units in an organization. People with procurement responsibilities are central in the ongoing selection of suppliers that meet business continuity–related requirements. Purchasing plays a key role in obtaining supplies, equipment, and services identified in the planning process. It plays an even more critical role following a disaster, when it is necessary to quickly obtain supplies and equipment to support getting the business back up and running. Depending on the type of disaster and its severity, what may be needed may include:
Disaster debris removal and disposal services
Heavy equipment rental
Services such as cleaning, water removal, mold remediation, and building repair
Generator and other equipment rentals
Office furniture and equipment rental or purchase
Mobile phones or phone cards
A moving company
Structural engineers
Part of the continuity planning process may be to develop more flexible and streamlined purchasing policies and processes that can be implemented following a disaster in order to more quickly obtain goods and services necessary to maintain or restore critical operations as quickly as practicable.
It is necessary to look beyond the supply chain for a continuity program to fully succeed in meeting the goal of ensuring that the organization can avoid lengthy operational disruptions. As mentioned at the start of this chapter, each business unit must be part of an enterprise-wide continuity program that takes a big picture, process-based approach.
Even if there is no company-wide business continuity program, there is still value in developing a stand-alone supply chain business continuity plan. However, missing from this single business unit approach are corporate-level functions such as media relations and the ability to quickly go through channels to get approvals for additional financial support. While far from ideal, department plans enable the supply chain to continue or more quickly recover than if there are no plans at all, particularly when the disaster impacts only a localized, supply chain functional unit. Although it takes longer to get back up to speed and requires more effort, supply chain–only plans do provide guidance and direction to those working to get the supply chain moving again following a disaster. In addition, once department-centric plans are developed, they often serve as a model and become the impetus for the rest of the organization to begin the planning process.
Continuity of the supply chain is more complex and challenging today than ever before. Many things contribute to an environment where a disruption of the supply chain that was once considered an inconvenience is now viewed as unacceptable. These factors include just-in-time inventories and longer, leaner, and more complex supply chains that may rely on out-of-area and out-of-country suppliers, stringent service level agreements, an increasingly greater number of new products, extended hours of operations, and greater regulatory requirements. And in today’s challenging economic times, even greater pressure is being exerted on supply chains as a result of efforts to minimize costs and cope with an unstable economy that results in pricing and credit concerns and adds concerns about the continued existence of critical suppliers and service providers. And lest we forget, our supply chains need not only be lean but also be green, sustainable, and resilient.
A key initial step in the process to develop a new program to manage supply chain risks or expand or improve an existing one is to completely and honestly assess the organization’s current business continuity capabilities. Often there are misconceptions about the actual level of business continuity preparedness within the organization. Upon investigation, the reality may be that while a plan does exist, it documents only the strategies for recovering the company’s technology—in other words, a disaster recovery plan. Even if the plan seems to involve the entire enterprise, it may have been created only to meet a requirement from a customer or auditors and have been written in a vacuum with no planning process and no program. It also may be the case that there is a plan document that was completed well over a year ago, has never been tested, and has not been reviewed or updated since it was completed. In reality, this is not a viable plan, let alone a program. It is only printed pages in a binder.
You may hear a manager state confidently, “We will get everything back up and running within a day, maybe even less.” The actuality may be that it will take at least forty-eight to seventy-two hours to fully activate the entire plan or to recover the most critical data center functions. Or you may be told, “We know that our business continuity plan is a good one. We were recently audited and our plan passed with flying colors.” If you hear this, check to determine what type of audit was conducted. It may have been only a checklist audit, verifying only that a plan document exists. It’s important to know if the audit considered whether the plan has been tested and if so, when it was tested. Equally important is whether the auditor determined to what extent people were trained to carry out the plan.
The potential success of a program can be evaluated and measured by conducting an ongoing series of regularly scheduled tests and exercises that determine whether the plan’s stated objectives can be met. The capability to continue or resume operations, staff critical functions, meet recovery time objectives for IT support services, and maintain an appropriate level of communication with all stakeholders are just some of the areas that may be evaluated in the testing process.
Some organizations opt to apply a more sophisticated system of metrics and reporting as a way to further measure business continuity program competency and maturity. Data is gathered to measure business continuity factors such as the number of months between plan reviews and updates, the frequency of employee training, the number of tests and exercises scheduled and carried out each year, the number of business units participating in tests, and the level of success in achieving the recovery time objectives during a test. Factors can be assigned a relative weight, and benchmarks are established against which scores are compared. A metrics scorecard provides a standardized measurement of program success that is particularly useful in large organizations with multitiered business continuity organizations.
Whether a testing program, metrics, or a combination of both is used to measure business continuity capability, to be effective there needs to be a requirement for executive review and sign-off on the resulting reports. A reasonable expectation would then seem to be that the reviewing executive require that any necessary revisions, improvements, and enhancements be made.
To help you gauge your organization’s current level of business continuity preparedness, refer to Appendix A, which contains a business continuity planning assessment. While this assessment is not all-inclusive, it does provide an approximate evaluation of existing capability.
Business continuity relates specifically to the continuation and survival of the core functions of the entire enterprise. An isolated silo approach to business continuity management can result in an incomplete continuity program that can fall short of establishing comprehensive and integrated strategies and plans that support business survivability following a disaster.
Just as it is necessary to have all the pieces of a puzzle in order to put it together, having all business units included in continuity planning is essential to fully restoring the business when disaster strikes.
Complete the Business Continuity Planning Assessment for your organization (Appendix A).
Ask colleagues to complete the assessment as well. Then discuss the results.
Outline how the business continuity needs of the supply chain are in synch with and support the company’s strategic goals.
Review existing business continuity policies and plans to make sure your business unit and all supply chain business units were addressed in the planning process and are included in plan documents.
18.220.203.200