274 • Supply Chain Risk Management: An Emerging Discipline
USING SUPPLY CHAIN MAPPING
TO MANAGE RISK AT CISCO
An emerging risk management technique focuses on mapping the nodes
within a company’s supply chains (refer to Chapter12 for a discussion of
supply chain mapping). ese nodes include production sites, warehouses
and distribution centers, contract manufacturers, suppliers, and custom-
ers. Frankly, there is no shortage of nodes and entities across a complex
supply chain. One leading- edge approach connects these nodes within a
map with lines that indicate product volume and total price or margin, and
then superimposes these with a risk index on every connection. Various
tools support the calculation of the risk index, including failure modes
and eects analysis (FMEA), Time- to- Recovery (T- t-R) metrics, and a
Resiliency Index. Some approaches use red, yellow, or green symbols to
indicate high, medium, or low risk. e resulting map, when constructed
properly, produces a compelling picture.
e next step in this process involves a detailed look at the high- risk
connections with the development of risk mitigation plans. However,
leading companies don’t stop there. Cisco, a leading producer of network-
ing equipment, has taken its mapping process to an entirely new level. is
next level integrates worldwide threats (weather, political, hazards, etc.)
and superimposes any threats continuously on the map using data from
companies such as NC4. Many risk management leaders, including Cisco,
Bayer Crop Science, and Flextronics utilize supply chain maps and these
24/7 threat events to drive their tactical and operational risk discussions.
Here is an example of how Cisco utilizes this approach. In May 2008,
Chengdu, China, experienced a magnitude 7.9 earthquake. Cisco con-
ducted a full impact analysis that evaluated supplier sites, parts, and prod-
ucts in the Cisco supply chain. Within a day of the event, assessments
revealed that Cisco had 20 suppliers in the aected area. Within two days
of the quake, Cisco’s SCRM Group initiated a crisis survey forwarded to
the supplier’s emergency contacts.
As a result of these eorts, two suppliers were identied as at- risk. e
rst supplier, a single- source supplier, represented a signicant revenue
risk to Cisco. is supplier was already agged for review due to the risks
associated with using a single source. In fact, Cisco had already qualied a
second source. e second supplier was smaller in revenue risk but expe-
rienced signicant damage to its facility. Cisco sent its Crisis Management