Rethinking Supply Chain Risk Management

One of my predictions for 2012, in the aftermath of the Japan earthquake and Thailand floods in 2011, was that supply chain risk management would become a higher priority for companies. While I’m sure some companies took proactive action to define and implement supply chain risk management practices, many more did not. Then Hurricane Sandy hit in October and companies that had failed to “walk the talk” on risk management experienced significant supply chain disruptions, and they were reminded once again why they can’t afford to ignore this critical dimension of supply chain management anymore.

Although natural disasters like hurricanes and floods grab the headlines, the reality is that supply chains face a whole range of risks that are always present, such as:

  • Supply shortage due to a quality problem, supplier bankruptcy, or other issue. A recent example is Ford Australia and General Motors Holden racing in to underwrite a supplier’s $6.5 million debt to prevent their own production lines from shutting down.
  • The continued rise of trade protectionism, which is increasing the cost of imports and exports, as well as dampening demand for goods and limiting supply. In a speech last summer, the Director General of the World Trade Organization, Pascal Lamy, said that “the accumulation of these [new] trade restrictions is now a matter of serious concern.” Last March, for example, the US, EU, and Japan filed a formal complaint with the WTO accusing China of keeping rare earth prices low for its domestic manufacturers and pressuring foreign firms to move their operations there.
  • The impact of currency rates on supply chain costs and product demand. In 2011, for example, Sharp Corp. announced that it was localizing more of its solar-panel production outside Japan because the strong yen was making exports too expensive, especially compared to Chinese products. “We need to change the way we manage our businesses so that foreign exchange movements won’t affect us as much,” said Sharp President Mikio Katayama in an interview.
  • Disruptions caused by IT service failures or security breaches. This past November, for example, United Airlines flights were grounded for several hours due to a computer glitch. And last summer,’s EC2 service went down twice, affecting clients such as Instagram, Pinterest, and Netflix, and hackers broke into LinkedIn’s site and stole more than six million of its customers’ passwords.
  • Social media: Can what people say on Facebook, Twitter, YouTube, and blogs bring your supply chain operations to a halt, or even put your company out of business? You bet it can, as the “Pink Slime” incident showed last year.

Leading practices in supply chain risk management are well documented in various books and publications, such as Yossi Sheffi’s “The Resilient Enterprise” and “Supply Chain Risk Management: A Compilation of Best Practices” published by the Supply Chain Risk Leadership Council. I’ve also shared my thoughts and recommendations on this topic in various blog postings (see, for example, “The Japan Earthquake and Supply Chain Risk Management”). Simply put, a great foundation of knowledge and experience already exists for companies to get started.

And new ideas and developments continue to emerge too. Here are some worth thinking about:

Make thinking about supply chain risk part of the corporate DNA. This was one of my key takeaways from an executive “think tank” session I attended last summer on supply chain risk management. The goal is to incorporate risk in the decision-making process at all levels of the supply chain, just like cost is today. In other words, supply chain professionals need to get to the point where talking and thinking about risk is as common and instinctual as talking and thinking about cost and service. Unfortunately, at many companies today, risk rarely enters the conversation or analysis. Some of my other takeaways from the session were:

  • Focus less on individual risks and more on the capabilities to deal with risks. Also, think about risk management as a program, not a project.
  • Key metrics associated with risk management are Time-to-Recovery and Revenue-at-Risk. Outperforming the competition on these metrics creates a competitive advantage.
  • You need to “dollarize” risk in order to have meaningful conversations with Sales and Operations Planning (S&OP), Marketing, C-level executives, and other internal and external stakeholders.

Supply chain professionals need more training in quantitative risk concepts. In a thought-provoking HBR blog posting, “Why Quants Should Manage Your Supply Chain Risk,” Carlos Alvarenga argues that “anyone who claims to be managing supply chain risks without understanding subjects like real options, hedging, Value at Risk models, financial simulation, and so on, is more like a security guard than a real risk manager.” Simply put, supply chain professionals can learn a lot from the financial, insurance, and other industries where managing risk is a core focus and discipline.

Leverage social media as a risk management tool. Social media provide you with more timely and insightful insights about emerging risks and events, enabling you to take corrective action sooner and thus prevent (or minimize the impact of) a supply chain disruption. For example, according to an October 2011 Wall Street Journal article, “When Virginia’s magnitude 5.8 earthquake hit [in August 2011], the first Twitter reports sent from people at the epicenter began almost instantly at 1:51 p.m.— and reached New York about 40 seconds ahead of the quake’s first shock waves…The first terse tweets also outpaced the U.S. Geological Survey’s conventional seismometers, which normally can take from two to 20 minutes to generate an alert.” The article also highlights how researchers and firms are mining Twitter messages “to monitor political activity and employee morale, track outbreaks of flu and food poisoning, map fluctuations in moods around the world, predict box-office receipts for new movies, and get a jump on changes in the stock market.”

Start by mapping your supply chain. Do you know where the manufacturing facilities of your suppliers (and their suppliers) are physically located? Which parts are manufactured at each location? Do you track the history and frequency of disruptions that occur at each facility and geographic region, due to either natural forces (hurricanes, floods, earthquakes, etc.) or other factors (labor strikes, power outages, quality issues, etc.)? The bad news is that few companies gather and track this information; the good news is that there are new supply chain mapping and risk management software solutions available that companies can use to facilitate the process.

The bottom line is that supply chain management is about managing risks. And since risks are dynamic in nature, with new ones emerging all the time, companies must continuously study the landscape and determine which risks are worth addressing now and how.

Editor’s Note: You can watch a video of Adrian sharing additional thoughts on supply chain risk management at Talking Logistics.

(A version of this post was originally published in Ryder Exchange, Ryder’s industry blog.)