Managing risk in the supply chain
- Why are supply chains more vulnerable?
- Understanding the supply chain risk profile
- Managing supply chain risk
- Achieving supply chain resilience
Today’s marketplace is characterised by turbulence and uncertainty. Market turbulence has tended to increase in recent years for a number of reasons. Demand in almost every industrial sector seems to be more volatile than was the case in the past. Product and technology life cycles have shortened significantly and competitive product introductions make life cycle demand difficult to predict. Considerable ‘chaos’ exists in our supply chains through the effects of such actions as sales promotions, quarterly sales incentives or decision rules such as reorder quantities.
At the same time, the vulnerability of supply chains to disturbance or disruption has increased. It is not only the effect of external events such as natural disasters, strikes or terrorist attacks but also the impact of changes in business strategy. Many companies have experienced a change in their supply chain risk profile as a result of changes in their business models. For example, the adoption of ‘lean’ practices, the move to outsourcing and a general tendency to reduce the size of the supplier base potentially increase supply chain vulnerability.
As a result of this heightened risk, organisations will need to develop appropriate programmes to mitigate and manage that risk.
The impact of unplanned and unforeseen events in supply chains can have severe financial effects across the network as a whole. Research in North America1 suggests that when companies experience disruptions to their supply chains, the impact on their share price once the problem becomes public knowledge can be significant. The research suggests that companies experiencing these sorts of problems saw their average operating income drop 107 per cent, return on sales fall 114 per cent and return on assets decrease by 93 per cent. Figure 12.1 shows the impact on shareholder value of supply chain disruption.
Figure 12.1 The impact of supply chain disruptions on shareholder value
Source: Singhal, V.R. and Hendricks, K., Supply Chain Management Review, January/February 2002
A survey2 of over 3000 senior executives undertaken by the consultancy company McKinsey in 2006, reported that they believed their companies faced growing risk to disruptions to their supply chains. However, the same survey found that in many cases companies had inadequate processes in place for the management and mitigation of that risk. Whilst most organisations recognise the need to regularly assess their risk profile, that assessment has tended to be focused on broader regulatory and financial risk issues rather than supply chain vulnerability.
It can be argued that in today’s volatile business environment the biggest risks to business continuity lie in the wider supply chain.
Clearly, there are risks that are external to the supply chain and those that are internal. External risks may arise from natural disasters, wars, terrorism and epidemics, or from government-imposed legal restrictions. Internal risks will be described in more detail later in this chapter but essentially they refer to the risks that arise as a result of how the supply chain is structured and managed. Whilst external risk cannot be influenced by managerial actions, internal risk can.
Why are supply chains more vulnerable?
A study conducted by Cranfield University3 for the UK government defines supply chain vulnerability as:
an exposure to serious disturbance, arising from risks within the supply chain as well as risks external to the supply chain.
The same study identified a number of reasons why modern supply chains have become more vulnerable.
These factors are considered below in more depth.
A focus on efficiency rather than effectiveness
The prevailing business model of the closing decades of the twentieth century was very much based upon the search for greater levels of efficiency in the supply chain. Experience highlighted that there was an opportunity in many sectors of industry to take out significant cost by focusing on inventory reduction. Just-in-time (JIT) practices were widely adopted and organisations became increasingly dependent upon suppliers. This model, whilst undoubtedly of merit in stable market conditions, may become less viable as volatility of demand increases. The challenge in today’s business environment is how best to combine ‘lean’ practices with an ‘agile’ response.
The globalisation of supply chains
There has been a dramatic shift away from the predominantly ‘local-for-local’ manufacturing and marketing strategy of the past. Now, through offshore sourcing, manufacturing and assembly, supply chains extend from one side of the globe to the other. For example, components may be sourced in Taiwan, subassembled in Singapore with final assembly in the US for sale in world markets.
Usually the motivation for offshore sourcing and manufacturing is cost reduction. However, that definition of cost is typically limited to the cost of purchase or manufacture. Only rarely are total supply chain costs considered. The result of these cost-based decisions is often higher levels of risk as a result of extended lead-times, greater buffer stocks and potentially higher levels of obsolescence – particularly in short life cycle markets. A further impetus to the globalisation of supply chains has come from the increase in cross-border mergers and acquisitions that we have witnessed over the last decade or so.
Focused factories and centralised distribution
One of the impacts of the implementation of the ‘single market’ within the European Union and the consequent reduction in the barriers to the flow of products across borders has been the centralisation of production and distribution facilities. Significant scale economies can be achieved in manufacturing if greater volumes are produced on fewer sites. As highlighted in Chapter 10, some companies have chosen to ‘focus’ their factories – instead of producing the full range of products at each site, they produce fewer products exclusively at a single site. As a result, production costs may be lower but the product has to travel greater distances, often across many borders. Incidentally, at the same time, flexibility may be lost because these focused factories tend to be designed to produce in very large batches to achieve maximum scale economies.
Simultaneous with this move to fewer production sites is the tendency to centralise distribution. Many FMCG manufacturers aim to serve the whole of the western European market through a few distribution centres, for example, one in north-west Europe and one in the south.
The trend to outsourcing
One widespread trend, observable over many years, has been the tendency to outsource activities that were previously conducted within the organisation. No part of the value chain has been immune from this phenomenon; companies have outsourced distribution, manufacturing, accounting and information systems, for example. In some cases these companies might accurately be described as ‘virtual’ companies. There is a strong logic behind this trend based upon the view that organisations are more likely to succeed if they focus on the activities in which they have a differential advantage over competitors. This is leading to the creation of ‘network organisations’, whereby confederations of firms are linked together – usually through shared information and aligned processes – to achieve greater overall competitiveness. However, outsourcing also brings with it a number of risks, not least being the potential loss of control. Disruptions in supply can often be attributed to the failure of one of the links and nodes in the chain and, by definition, the more complex the supply network the more links there are and hence the greater the risk of failure. The case of Mattel, highlighted below, illustrates how this loss of control can significantly impact the standing and financial performance of a company.
Risk in the extended supply chain
‘Mattel, the world’s biggest toymaker, yesterday said the recall of more than 21m toys because of design flaws and potentially dangerous levels of lead paint in products made in China had hit profits and sales.
The maker of Barbie dolls and Fisher-Price toys said it had suffered a charge of about $40m because of the company’s product scares, as sales were driven down $30–$50m by delayed shipments of toys and revoked import licenses.’
SOURCE: FINANCIAL TIMES, 16 OCTOBER 2007
Mattel, like many other western companies, had long moved much of its manufacturing offshore – a significant proportion of it to China, the world’s largest toy exporter. Mattel used a number of contract manufacturing companies to produce a vast array of children’s toys, including Barbie fashion dolls and accessories, Fisher-Price toys, Sesame Street products, Winnie the Pooh and many others. In 2007 Mattel’s worldwide sales were over US$5 billion.
In August 2007, a random product quality check revealed that some of their China-manufactured products might contain potentially dangerous levels of lead paint whilst other of their products were found to contain small magnets which might be swallowed inadvertently by young children.
Whilst no actual cases of harm to children were reported, the impact of these events on Mattel’s reputation has been significant. Part of the problem lay in the way in which Mattel handled the recall. Firstly they may have over-reacted to the lead paint issue by recalling many toys that did not contravene the USA regulations on lead content in paint. Secondly Mattel’s initial reaction was to blame the Chinese manufacturers for these problems, only subsequently having to acknowledge that the issue with the magnet was caused by Mattel’s design rather than by the manufacturer.
At a press conference in Beijing on 21 September 2007, a senior executive at Mattel, Thomas Debrowski, said: “Mattel takes full responsibility for these recalls and apologises to you, the Chinese people and all of our customers who received the toys” (Economist, 29 September 2007).
The apology came too late for Zhang Shuhong, the Chief Executive of Lida Plastic Toys Co. Ltd in Guangdong, who committed suicide after laying off over 2,500 employees and halting production. Lida was a major contract manufacturer for Mattel whose factories were initially thought to been the source of the lead paint problem.
The impact on Mattel’s sales was felt most strongly in its biggest market – the United States – where sales of the iconic Barbie fell by 15% year on year. The total product recalls cost Mattel about $110 million in 2007 (Financial Times, 13 February 2008), however, the long-term impact on Mattel’s corporate reputation, whilst difficult to quantify, could be substantial.
Whilst clearly there were issues surrounding the design process and quality control, the case of Mattel highlights the challenges that face any company where key business processes are outsourced. Whereas in the past, the risk to an organisation’s reputation lay mainly within the company, and hence was under its control, now that risk resides across an extended supply network. In the case of the lead paint problem it seems that the source of the problem was not even an immediate supplier but a second-tier supplier, i.e. the company that supplied the paint to the first-tier contract manufacturer.
Reduction of the supplier base
A further prevailing trend over the last decade or so has been a dramatic reduction in the number of suppliers from whom an organisation typically will procure materials, components, services, etc. In some cases this has been extended to ‘single sourcing’, whereby one supplier is responsible for the sole supply of an item. Several well-documented cases exist where major supply chain disruptions have been caused because of a failure at a single source. Even though there are many benefits to supplier base reduction it has to be recognised that it brings with it increased risk.
Sometimes a consolidation of the supply base happens through merger and acquisition. As the rate of merger and acquisition has increased so dramatically over recent years, it follows that the supply base reduction will have accelerated for this reason alone.
Understanding the supply chain risk profile
Many organisations today are addressing the issues of what has come to be termed ‘business continuity’. In practice, however, there tends to be a limited focus for much of business continuity management. There is a strong focus on IT and internal process management but often the wider supply chain risk dimension is not considered. This is paradoxical as it can be argued that the biggest risk to business continuity may be in the wider network of which the individual business is just a part.
To widen the focus on supply chain vulnerability it is suggested that a supply risk profile be established for the business. The purpose of the risk profile is to establish where the greatest vulnerabilities lie and what the probability of disruption is. In a sense this approach takes the view that:
Thus the risk profile attempts to seek out the ‘critical paths’ through a network where management attention should be especially focused. A weakness of this definition of risk is that it may lead to a failure to recognise that supply chains may be at their most vulnerable where the probability of occurrence is small but the potential impact could be catastrophic. For example the earthquake off the Pacific Coast of Japan that struck on 11 March 2011 was the most powerful ever to hit the country and the subsequent tsunami caused immense destruction and loss of life. As a direct result of the tsunami, the nuclear power station at Fukushima was severely damaged leading to the release of radio-active material. Industry across Japan was disrupted with subsequent knock-on effects around the world as companies dependent upon Japanese suppliers were faced with shortages and extended lead-times. Whilst earthquakes may be relatively common in Japan the severity of this on was exceptional and its effects impossible to predict.
To help identify the risk profile of a business it is helpful to undertake an audit of the main sources of risk across the network. This audit should examine potential risk to business disruptions arising from five sources:
- Supply risk
How vulnerable is the business to disruptions in supply? Risk may be higher due to global sourcing, reliance on key suppliers, poor supply management, etc. - Demand risk
How volatile is demand? Does the ‘bullwhip’ effect cause demand amplification? Are there parallel interactions where the demand for another product affects the demand for ours? - Process risk
How resilient are our processes? Do we understand the sources of variability in those processes, e.g. manufacturing? Where are the bottlenecks? How much additional capacity is available if required? - Control risk
How likely are disturbances and distortions to be caused by our own internal control systems? Do we have ‘early warning systems’ in place to alert us to problems? How timely is the data we use? - Environmental risk
Where across the supply chain as a whole are we vulnerable to external forces? Whilst the type and timings of extreme external events may not be forecastable, their impact needs to be assessed.
Figure 12.2 below summarises the connections between the five sources of risk.
Figure 12.2 Sources of risk in the supply chain
Source: Adapted from Mason-Jones, R. and Towill, D.R., ‘Shrinking the supply chain uncertainty cycle’, Control, September 1998, pp. 17–22
It is important for senior management to understand that the risk profile is directly and indirectly impacted by the strategic decisions that they take. Thus the decision, for instance, to transfer production from a western European factory to one in China should be examined in terms of how it may affect vulnerability from the five risk sources described above.
For multi-product, multi-market businesses the priority should be to identify the major profit streams and to concentrate on creating deep insights into how supply chain risk could impact those profit streams.
Mapping your risk profile
Rather than cataloguing all the possible risks a company might face, the first stage in strategic risk management is to understand the company’s internal processes in order to isolate the most relevant and critical threats. Once a company understands its own internal vulnerabilities, it can monitor the external environment for relevant danger signs and begin to develop mitigation and contingency strategies accordingly. Although companies may not be able to prevent disruptions, they can reduce their impact by understanding how their operations may be affected and by preparing for the possibilities. The goal is to develop operational resilience, foster the ability to recover quickly and plot alternative courses to work around the disruption.
Although global corporations are vulnerable to many of the same risks, each company has a unique risk profile.
There are six steps in developing this profile and appropriate management strategies.
| 1. | Prioritise earnings drivers Identify and map the company’s earnings drivers, which provide operational support for the overall business strategy. These are the factors that would have the biggest impact on earnings if disrupted and a shock to any one could endanger the business. For example, in process industries, manufacturing is the major force behind earnings: wholesalers and retailers must prioritise inventory and logistics operations. | |
| 2. | Identify critical infrastructure Identify the infrastructure – including processes, relationships, people, regulations, plan and equipment – that supports the firm’s ability to generate earnings. Brand reputation, for example, might depend on product quality control processes, supplier labour practices and key spokes-people within the firm. Research and development might depend on specific laboratory locations, critical personnel and patent protection. Again, every company is unique and even companies in the same industry will prioritise their drivers differently. The goal is to identify the essential components required for the earnings driver. One way to do this is by asking ‘What are the processes which, if they failed, would seriously affect my earnings?’ Put another way, these are the factors that could end up in a footnote in an annual report explaining the rationale behind a charge against earnings. | |
| 3. | Locate vulnerabilities What are the weakest links, the elements on which all others depend? It could be a single supplier for a critical component, a border that 80 per cent of your products must cross to get to your key markets, a single employee who knows how to restore data if the IT system fails, or a regulation that makes it possible for you to stay in business. Vulnerabilities are characterised by: | |
| • | An element on which many others depend – a bottleneck | |
| • | A high degree of concentration – suppliers, manufacturing locations, material or information flows | |
| • | Limited alternatives | |
| • | Association with high-risk geographic areas, industries and products (such as war or flood zones, or economically troubled industries, such as airlines) | |
| • | Insecure access points to important infrastructure | |
| Notice that the focus is still on the internal processes rather than potential external events. In many ways the impact of a disruption does not depend on the precise manner in which these elements fail. Whether your key supplier fails because of a fire in a plant, an earthquake, a terrorist attack or an economic crisis, you may have the same response plan. | ||
| 4. | Model scenarios Best-practice organisations continuously assess their strengths and weaknesses by creating scenarios based on the full spectrum of crises highlighted earlier. In a recent Harvard Business Review article,1 Ian Mitroff discussed his approach of spinning a ‘Wheel of Crises’ to challenge executives to think creatively and randomly. Using supply chain modelling tools to simulate the impact of crises is also useful in gauging risk levels for your trading partners. | |
| 5. | Develop responses After executives assess the impact of alternative crisis scenarios on the supply chain, they will have detailed knowledge of their operational vulnerabilities and how these soft spots relate to performance goals and earnings. Understanding these weak areas at the enterprise level will clarify critical decisions. | |
| Completing a risk profile will also bring to light opportunities to reduce risk and indicate the value to be gained. Risk mitigation plans can be put into two broad categories: redundancy and flexibility. Traditional risk management approaches have focused heavily on redundant solutions, such as increasing inventory, preparing backup IT and telecommunications systems, and fostering long-term supplier contracts. Whilst generally effective in protecting against potential risk, such approaches come with a higher cost – sometimes explicitly and sometimes hidden – that can potentially put organisations at a competitive disadvantage. | ||
| Flexible responses, however, utilise supply chain capabilities that not only manage risk but simultaneously increase an organisation’s competitive capability. Examples include: | ||
| • | Product design for agility – common components and delayed product differentiation | |
| • | Common, flexible and readily transferable manufacturing practices | |
| • | Lead-time reduction – duration and variability | |
| • | Dynamic inventory planning | |
| • | Supply chain visibility | |
| • | Cross-training of employees | |
| Just as supply chain modelling tools and techniques can help assess the impact of crisis scenarios, they can also be used to evaluate the costs and benefits of alternative responses. | ||
| 6. | Monitor the risk environment Each vulnerability will suggest a number of potential responses. The challenge is to ensure that the chosen response is proportional to the risk, in terms of both magnitude and likelihood. A company’s risk profile is constantly changing: economic and market conditions change, consumer tastes change, the regulatory environment changes, as will products and processes. It is essential to redraw the company’s risk map in tandem. Part of the mapping process includes identifying leading indicators based on the key supply chain vulnerabilities. Such an early warning system helps ensure that contingency plans are activated as soon as possible. Although a detailed assessment of a company’s excellence in risk management is quite involved, a simple self-assessment can quickly identify the largest gaps. | |
References
1. ‘Preparing for Evil’, Harvard Business Review, April 2003, pp. 109–115.
SOURCE: SUPPLY CHAINS IN A VULNERABLE, VOLATILE WORLD. COPYRIGHT A.T. KEARNEY, 2003. ALL RIGHTS RESERVED. REPRINTED WITH PERMISSION.
Managing supply chain risk
Figure 12.3 below suggests a seven-stage approach to the management of supply chain risk. Each of the seven stages is described in more detail in the following sections.
Figure 12.3 The supply chain risk management process
1 Understand the supply chain
There is in many companies an amazing lack of awareness of the wider supply/demand network of which the organisation is a part. Whilst there is often a good understanding of the downstream routes to market, the same is not always true of what lies upstream of first-tier suppliers. First-tier suppliers are often dependent themselves on second and even third-tier suppliers for their continuity.
One company that has invested a significant amount of resources in improving their understanding of upstream risk is John Deere, a manufacturer of agricultural equipment. The company has developed a tool to monitor supplier performance which provides regular reviews of any possible problems not just with their immediate suppliers but reports on any issues, potential or actual, with second and third-tier suppliers4.
It is this detailed level of supply chain understanding that is necessary if risk is to be mitigated and managed. For complex supply chains or where complete mapping of the entire network is not practical it would be appropriate only to look in detail at the ‘critical paths’ – how these are identified is dealt with later.
2 Improve the supply chain
‘Improving’ the supply chain is all about simplification, improving process reliability, reducing process variability and reducing complexity. For more long-established businesses it is probably true to say that rarely have their supply chains been planned or designed in a holistic way. Rather they have developed organically in response to the needs and opportunities of the time. Suppliers may have been chosen because of their ability to meet the demands for lower price rather than because of the reliability of their supply chains for example.
Process variability can add to supply chain risk in a number of ways. Variation implies unstable processes with outcomes that are not always predictable. The use of Six Sigma methodology can be a powerful way to reduce variability in supply chain processes (see box below).
Reducing process variability through Six Sigma methodology
Conventional approaches to quality management were typically based upon ‘inspection’. In other words, a sample of the output of a process would be taken on a periodic basis and if non-standard outputs were detected then remedial action would be taken. Not surprisingly, inspection-based quality management has proved to be less than satisfactory. Often non-conforming items would ‘slip through the net’ and, in any case, inspection is ‘after the event’. Today, our thinking on quality management has changed. Now the recognition is that if we seek consistency in the quality of the output then the only way to achieve this is to ensure that the process that produces those outputs is under control.
Thus process control becomes the means by which variation in output is identified. Variation in any process is the problem. If everything in life or in business was totally constant or even predictable, then there would be few problems. The challenges arise because of variations. Hence it follows that if variation can be reduced then the consistency (and, by definition, the reliability) of the output can almost be guaranteed.
The Six Sigma way
The Six Sigma route to quality control emerged in the 1980s as Motorola searched for a robust quantitative approach that would drive variability out of their manufacturing processes and thus guarantee the reliability of their products. The term ‘Six Sigma’ is largely symbolic, referring to a methodology and a culture for continuous quality improvement, as well as referring to the statistical goal, Six Sigma. The term ‘sigma’ (σ) is used in statistics to measure variation from the mean; in a business context the higher the value of sigma the more capable the process of delivering an output within customer specifications. The diagram below illustrates the difference between two processes: one with a low capability and the other with Six Sigma capability.
The Six Sigma goal (which in many cases is an aspirational one) is to squeeze out process variability until the process produces just 3.4 defects per million activities or ‘opportunities’; this reduces waste and hence saves money whilst improving customer satisfaction. Whilst Six Sigma performance may be unattainable in many cases, it is used as a target.
Six Sigma is a data-driven continuous improvement methodology that seeks to bring processes under control and to improve process capability. The methodology itself follows the five-stage DMAIC cycle:
- Define: What is it we are seeking to improve?
- Measure: What is the current capability of the process? What averages, what variability in process output is evident?
- Analyse: Map the process, use cause and effect analysis (Ishikawa) and prioritise for action.
- Improve: Re-engineer the process, simplify.
- Control: Improve visibility of the process. Use statistical process control and monitor performance.
Six Sigma tools and techniques enable the proper execution of the DMAIC cycle and ensure that decisions are based on hard quantitative evidence.
SOURCE: CHRISTOPHER, M. AND RUTHERFORD, C., ‘CREATING SUPPLY CHAIN RESILIENCE THROUGH AGILE SIX SIGMA’, CRITICAL EYE, JUNE/AUGUST 2004.
3 Identify the critical paths
Supply networks are in effect a complex web of interconnected ‘nodes’ and ‘links’. The nodes represent the entities or facilities such as suppliers, distributors, factories and warehouses. The links are the means by which the nodes are connected – these links may be physical flows, information flows or financial flows. The vulnerability of a supply network is determined by the risk of failure of these nodes and links.
As there will be potentially thousands of nodes and links the challenge to supply chain risk management is to identify which of them are ‘mission critical’. In other words, how severe would the effect of failure be on the performance of the supply chain? Companies need to be able to identify the critical paths that must be managed and monitored to ensure continuity.
Critical paths are likely to have a number of characteristics:
- Long lead-time, e.g. the time taken to replenish components from order to delivery.
- A single source of supply with no short-term alternative.
- Dependence on specific infrastructure, e.g. ports, transport modes or information systems.
- A high degree of concentration amongst suppliers and customers.
- Bottlenecks or ‘pinch points’ through which material or product must flow.
- High levels of identifiable risk (i.e. supply, demand, process, control and environmental risk).
To help in identifying where the priority should be placed in supply chain risk management, a useful tool is Failure Mode and Effect Analysis (FMEA). The purpose of FMEA is to provide a systematic approach to identifying where in a complex system attention should be focused to reduce the risk of failure. It is a tool more frequently associated with TQM but it is especially applicable to supply chain risk management. FMEA begins by looking at each node and link and asking three questions:
- What could go wrong?
- What effect would this failure have?
- What are the key causes of this failure?
The next step is to assess any possible failure opportunity against the following criteria:
- What is the severity of the effect of failure?
- How likely is this failure to occur?
- How likely is the failure to be detected?
A rating system such as the one shown below is then used to create a combined priority score by multiplying the three scores together.
4 Manage the critical paths
Once the critical nodes and links have been identified the first question is how can the risk be mitigated or removed? At its simplest this stage should involve the development of contingency plans for actions to be taken in the event of failure. At the other extreme, re-engineering of the supply chain may be necessary. Where possible, statistical process control should be used to monitor the critical stages along the pipeline.
‘Cause and effect’ analysis is another tool that can be used to identify the causes of problems with a view to removing or avoiding the causes. It seeks to separate symptoms from causes by a process of progressive questioning – sometimes known as ‘Asking why five times’ (see box).
Cause and effect analysis
Cause and effect analysis (also known as root cause analysis) is used to gain an understanding of the real underlying causes of a problem. Typically it makes use of a sequential question and answer procedure often referred to as ‘Asking “why” – five times’. The idea is not to accept the immediate answer but to drill down as far as possible. For example, if the problem to be analysed is poor on-time delivery performance, the questioning might go along the following lines:
| 1. | Q. | Why was this shipment delayed? |
| A. | There was no stock available. | |
| 2. | Q. | Why was there no stock available? |
| A. | We failed to achieve the production plan. | |
| 3. | Q. | Why did we fail to achieve the production plan? |
| A. | There was a shortage of components. | |
| 4. | Q. | Why was there a shortage? |
| A. | There is a bottleneck in in-bound inspection. | |
| 5. | Q. | Why is there a bottleneck? |
| A. | We only have limited testing facilities. |
Now the real problem is revealed and appropriate action can be taken.
If bottlenecks are the cause of the problem then decisions will have to be made about the options. Can the bottlenecks be removed? Can they be reduced by adding capacity or by holding inventory? Sometimes the bottleneck may be a key supplier who is capacity constrained. If alternative sources are not available at short notice then it will be necessary to manage the bottleneck by carrying strategic inventory to enable the flow through the downstream nodes to be maintained.
Whilst the drive for commonality of components and standardisation of platforms in a manufacturing context helps reduce complexity, as was noted earlier, it can also add to risk if the component or platform comes from an external source. The case of Toyota described below highlights the potential danger.
Don’t lean too far
In late 2009 and early 2010, owners of Toyota cars around the world were alarmed to learn that millions of vehicles were to be recalled for modification because of problems with the throttle pedal, which was causing ‘unintended acceleration’ in some cases. Production of the affected models was halted whilst the sources of the problem were investigated. Sales of Toyota cars slumped, leading to the loss of its position as the world’s number one car manufacturer by volume.
What surprised many people was that this had happened to Toyota – a company which for years was held up as the icon of manufacturing excellence. It was suggested by some commentators that Toyota had become a victim of its own success – in other words as it grew significantly in size it was starting to lose control of vital parts of its supply chain.
Toyota’s rapid expansion in the decade prior to this recall had led to an increased reliance on tier-one and tier-two suppliers around the world. In many cases their suppliers were the sole suppliers of specific parts of sub-assemblies across several different models.
As the originator of ‘lean’ manufacturing, it was not surprising that Toyota had sought to achieve global economies of scale through its sourcing strategy. However, even though Toyota had close working relationships with its tier-one suppliers, there was less understanding of what the potential risks were in the second and third tier of the supply chain.
Whilst there are many different views on the root causes of the recall problems impacting Toyota, it is quite possible that in seeking to achieve its goal of becoming the world’s biggest car manufacturer it failed to control the complex extended enterprise upon which it had come to depend.
5 Improve network visibility
Many supply chains suffer from limited visibility. What this means is that a particular entity in the network is not aware of the status of upstream and downstream operations of the levels and flow of inventory as it progresses through the chain.
In such a situation it can often be weeks or months before problems become visible, by which time it may be too late to take effective action. One way to resolve this problem is to establish a supply chain ‘control tower’ briefly described earlier in Chapter 10. The idea behind the control tower is that complex global supply chains need to be constantly monitored in a systematic and formal way to ensure that intended events and outcomes happen as planned. Information on inventory levels, delivery lead-times, supplier performance and so on will also be available through the supply chain control tower. The purpose of the control tower is to enhance visibility across the supply chain and to provide a basis for more effective decision making.
We referred in Chapter 10 to the potential of SCEM to enable better identification of the occurrence of unplanned events (or the non-occurral of planned events). Tools such as these can significantly reduce supply chain uncertainty and thus reduce the need for additional inventory buffers. Another emerging technology that is enabling dramatic improvements in visibility is Radio Frequency Identification (RFID).
RFID tags enable a supply chain ‘track and trace’ capability to be created. Tags are either ‘active’ or ‘passive’. Active tags transmit information to receiving stations and passive tags are read by scanners as they move through the chain. As the cost of these tags falls, and as more and more organisations require their suppliers to use them, then the adoption of this technology will accelerate.
A parallel technological development that will greatly assist the global management of assets in the supply chain is satellite tracking. Containers and trucks can be fitted with devices that enable the geographical position of the asset to be monitored by satellite, including information on variables such as temperature.
The challenge, as ever, is not technological but is the need to engender a greater willingness amongst supply chain entities to share information with each other, even if that information may not always be good news.
6 Establish a supply chain continuity team
All the foregoing stages in the supply chain risk management process require resources to undertake them. One way to do this is to create a permanent supply chain continuity team.
Many companies already have business continuity teams in place but, as was suggested earlier, often their focus is more limited and largely IT/IS focused. Other companies look at risk mainly from a financial perspective. All of these activities are necessary and essential but the argument here is that these teams should be expanded in their scope to take account of the fact that the biggest risk to business continuity lies in the wider supply chain.
Ideally these teams will be cross-functional and will have access to all the skills necessary to undertake the detailed analysis and implementation involved in the supply chain risk management process. The team should maintain a ‘risk register’, which identifies the possible points of vulnerability along with the actions that are to be taken to mitigate that vulnerability.
To ensure that high priority is given to supply chain risk management, the team should report to a board-level executive – ideally the Supply Chain Director or Vice-President if that person is on the board.
7 Work with suppliers and customers
Given the complexity of most supply networks, how can risk be better managed upstream and downstream of the focal firm? Ideally, if each entity in a network took responsibility for implementing risk management procedures of the type advocated here with their immediate first-tier suppliers and customers then a far more resilient supply chain would emerge.
There are some good examples of collaborative working with both suppliers and customers to develop a greater understanding of the potential vulnerabilities in specific industries. At BAe Systems – a major aerospace company – they have a strategic supplier management process with about 200 key suppliers based upon an industry initiative ‘Supply Chain Relationships in Action’ (SCRIA). BAe put small teams into these key suppliers to find ways of aligning supply chain processes and improving visibility. With their biggest suppliers such as Rolls-Royce there is ongoing contact right up to board level.
This approach is akin to the idea of supplier development, which has been quite widely adopted in the automotive sector. Going beyond this there is an opportunity to draw from the experience of companies who have insisted that their suppliers meet rigorous quality standards in terms of the products that they supply. The same practice could be applied in supply chain risk management by requiring suppliers to monitor and manage their supply chain vulnerabilities. In this way a ‘snowball effect’ might be achieved, with each supplier working with their first-tier suppliers to implement supply chain risk management procedures.
Target Stores, the North American retailer, requires its suppliers to sign an agreement that they will comply with Target’s requirements on supply chain security and risk management. Pfizer, the pharmaceutical company, also has clearly established performance standards for its suppliers in terms of supply chain risk management which are audited continuously.
Achieving supply chain resilience
Because even the best-managed supply chains will hit unexpected turbulence or be impacted by events that are impossible to forecast, it is critical that resilience be built into them. Resilience implies the ability of a system to return to its original or desired state after being disturbed.5 Resilient processes are flexible and agile and are able to change quickly. In this latter respect it is important to realise that velocity alone is not enough – it is acceleration or the ability to ramp up or down quickly that matters so far as resilience is concerned. Supply chain resilience also requires ‘slack’ at those critical points that constitute the limiting factors to changes in the rate of flow.
One way to look at supply chain resilience is to consider it as having two key components: resistance and recovery. Resistance refers to the robustness of the supply chain which enables it to avoid the shocks that inevitably impact it. Think of it as a feature akin to a shock absorber in a vehicle. We might hit a rut in the road whilst driving the car but the effect on the driver and the passengers is mitigated by the shock absorber. Recovery relates to the ability of the supply chain to get back on its feet quickly after the occurrence of a disruptive event. Thus for example if a key supplier was no longer able to supply us – for whatever reason- could we quickly access an alternative source?
Figure 12.4 below suggests that enhanced supply chain resilience is based upon four key elements. Let us consider each in turn.
1. Supply chain (re-)engineering
Much of supply chain risk is systemic – the risk is there because of the design of the supply chain. Many decisions may have been taken in the past that have shaped the current supply chain design. Thus decisions to centralise production or to consolidate local warehouses into bigger RDCs will likely reduce the overall costs of the system but could have an adverse effect on the risk profile of the business. If supply chains can be designed, wherever possible, to avoid the reliance on a single facility or source of supply then resilience will be enhanced. In a sense there is a trade-off between the cost savings resulting from consolidation and centralisation and the resulting risk implications. Figure 12.5 below highlights this trade-off.
Thus even though system costs increase with the number of facilities (e.g. inventory) the reduction in the associated risk costs come down. It has been suggested by Chopra and Sodhi6 that the system costs increase with the square root of the number of pools of resources while the costs of disruption decrease as the inverse of the number of pools. Hence the supply chain design principle that is implied by this relationship is that too high a level of centralisation or consolidation could actually have a higher total cost than a solution with a slightly lower level. The same principle would apply to decisions on the number of suppliers or the level of commonality at the bill of materials level in a product family.
Figure 12.5 Resilience vs. centralisation
Source: Based on Chopra and Sodhi (6)
Organisations seeking to create a more resilient supply chain need to ensure that they understand the ‘architecture’ of their current supply/demand network. This supply chain understanding is facilitated by a detailed mapping of the network. Essentially the purpose of the supply chain map is to determine the ‘as is’ status of the network, looking for specific bottlenecks or ‘pinch points’ and identifying opportunities for re-engineering the system to remove unnecessary complexity. It is particularly important to extend the map as for upstream as possible into second – or even third-tier suppliers to look for critical suppliers who may be hidden from view. Figure 12.6 provides an example where three first-tier suppliers share the same second-tier supplier. If that second-tier supplier were to fail it could be the cause of a major disruption to the supply chain.
Figure 12.6 Mapping the supply chain
2. Supply chain collaboration
Because of the interdependencies that exist in global supply chains, a key driver of resilience is a high level of collaboration between supply chain partners. More will be said about collaboration generally in Chapter 13. However the reason why creating a collaborative environment is so critical is that visibility and shared information are fundamental to the development of a resilient supply chain. We have already discussed the role of SCEM in monitoring critical stages in the supply chain to check for deviations from the plan. Effective event management will only be possible if there is a willingness amongst supply chain partners to share information. A further beneficial spin-off from shared information between different entities in the supply chain is a likely reduction in ‘bullwhips’ where disturbances are magnified because of a lack of visibility.7
Supply chain ‘intelligence’ can also be enhanced if the key players in a supply chain are prepared to sit down together to pool their knowledge and insights concerning possible sources of risk in the wider supply/demand network. Ideally the business should establish a ‘Supply Chain Council’ comprising key upstream and downstream entities in the network to regularly review risk profiles and to agree risk mitigation strategies.
3. Building a supply chain risk management culture
Because of the potentially massive damage that can be caused to the business through supply chain failures and disruption it is vital that top management recognise the need to provide leadership in supply chain risk management. Regular reports on the risk profile of the business and its supply/demand network should be reviewed by the board of the company. As we previously highlighted, a supply chain continuity team should be established which as well as establishing contingency plans also should have a responsibility for engaging with all levels of the business and the supply/demand network to spread the message that supply chain risk mitigation is everyone’s responsibility.
This latter point is particularly relevant in the light of the growing concern with cybersecurity. Because every supply chain today is so dependent upon information systems and because of the way in which the Internet and mobile communications drive a great deal of supply chain activity, the opportunities for cyberattacks are much greater. Paradoxically, whilst sharing information across supply chain boundaries is a prerequisite for effective supply chain management this might also provide more points of entry for those intent on malicious attacks.
Finally, when any decision is taken – by the board of the company or by anyone – there should be a pause before the decision is implemented to ask, ‘How might this decision affect the risk profile of the business?’ Thus decisions to change the sourcing strategy or to close a distribution centre for example should be only taken once the potential supply chain risk impact is understood.
4. Investing in agility
As the idea of resilience is about being able to ‘bounce back’ quickly when things go wrong, it will be apparent that the more agile the supply chain is, the quicker it is likely to recover. Whilst the topic of agility has been addressed in detail in Chapter 6 it is worth re-emphasising its role in enhancing resilience.
It will be recalled that whilst agility has a number of enablers, two of the most critical are visibility and velocity. Superior visibility enables the organisation to see things sooner and velocity reduces the time to respond to the event in question. Essentially we need to identify the investment and the changes to our supply architecture and its supporting systems that would enhance a ‘sense and respond’ capability to be developed. In Chapter 16 we will develop the idea of ‘structural flexibility’ – the ability of the supply chain to adapt quickly to new conditions. At the heart of this concept is the recognition that many traditional supply chains are too rigid because previous decisions have ‘locked’ the company into a structure or arrangements that are hard to change. It can be argued that if resilience is to be improved then every decision that is made should be screened in terms of how many options does this decision remove or add. The implication being that the best decisions in an uncertain world are those decisions that keep the most options open.
References
1. Singhal, V.R. and Hendricks, K., Supply Chain Management Review, January/ February, 2002.
2. McKinsey, ‘Understanding Supply Chain Risk’, McKinsey Quarterly, October, 2006.
3. Cranfield School of Management, Supply Chain Vulnerability, Report on behalf of DTLR, DTI and Home Office, 2002.
4. Simhan, N., Schoenherr, T. and Sandor, J., ‘Profiles in Supply Management’, Supply Chain Management Review, July/August 2013, pp. 10–13.
5. Cranfield School of Management, Creating Resilient Supply Chains: A Practical Guide, Report on behalf of the Department for Transport, 2003.
6. Chopra, S. and Sodhi, M.S., ‘Reducing the Risk of Supply Chain Disruptions’ MIT Sloan Management Review, Spring, 2014, pp. 73–80.
7. Christopher, M. and Lee, H., ‘Mitigating supply chain risk through improved confidence’, International Journal of Physical Distribution and Logistics Management, Vol. 34, No. 5, 2004.