March 11 marks the one-year anniversary of the Japan earthquake and tsunami—foremost a terrible loss of human life, and also a painful demonstration of supply chain risks in a globalized world.
One year after those events, risk-management efforts are still trying to catch up.
Many businesses probably aren't as prepared for supply chain disruptions as they should be, experts say. “Overall, most companies don't have a strategy for managing supply-chain risks,” says Jerry O'Dwyer, leader of the sourcing and procurement practice for Deloitte.
Supply chain disruptions—defective products, price volatility, political instability, bankruptcy; take your pick—happen to most companies on a regular basis, O'Dwyer says. They are especially prone at large companies managing thousands of complex global supply chains, because historically, business units and suppliers worry about their own issues, ignoring other potential risks (and opportunities) elsewhere in the supply chain.
A recent survey by the Business Continuity Institute found that 85 percent of 559 supply chain executives surveyed in 62 countries reported at least one supply chain disruption over the last year.
According to the BCI survey, 51 percent of respondents cited adverse weather as the main cause of disruption. Significantly, the recent earthquakes and tsunami experienced in Japan and New Zealand affected 20 percent of respondents, headquartered in 18 different countries. Unplanned IT or telecom outages were the second most common supply chain disruption, cited by 41 percent of respondents, and transport network disruption came in third at 21 percent.
Any single supply chain failure can create a disruption that ripples throughout the company. And yet companies have been “less inclined to undertake risk reviews at an enterprise-wide level,” says Gerry Penfold, a risk consulting partner at KPMG.
Companies succeeding in risk management “are able to take a proper end-to-end view of it, rather than looking at it in a fragmented way,” Penfold says. These are the companies that can articulate and prioritize their risks, and have the ability to assess a risk's potential effect on an overall supply chain or within business units, based on a combination of financial metrics as well as current and expected operational metrics.
O'Dwyer offers four pillars of an effective supply chain risk profile:
Visibility: The ability to track and monitor supply chain events and patterns, and to be more proactive, as opposed to reactive.
Flexibility: The ability to adapt to disruptions without driving up operational costs.
Collaboration: The ability to develop trust-based and collaborative relationships with supply chain partners.
Control: The ability to implement policies and execute processes to prevent disruptions, primarily through using technology and analytics to improve supply-chain controls and risk-monitoring capabilities.
Penfold says companies that have effective strategies are the ones that consistently share information among business units and have key performance indicators for managing risk, so that everyone is “working off the same dashboard and all working with the same criteria for what constitutes a minor or major risk.”
Penfold also says he has seen more companies pay greater attention to supply chain risks in the last two years. “There is a more comprehensive, or holistic, approach to looking at supply chain risk and opportunities,” he says. “Certainly in the short term, I see greater awareness of clients looking at the potential impact of black swans.” (“Black swans” are unforeseen events that are impossible to predict, named for a book by Nassim Nicholas Taleb on the topic.)
Example: Cisco Systems
To address these challenges, networking giant Cisco Systems has invested heavily over the last decade into maturing its supply chain risk-management practices. “Our complexity has really exploded over the last 10 years and really has grown with the overall complexity in the electronics and high-tech manufacturing space,” says James Steele, senior manager of global supply chain risk management for Cisco.
“Companies that achieve the most success in risk management are able to take a proper end-to-end view of it rather than looking at it in a fragmented way.”
—Gerry Penfold,
Risk Consulting Partner,
KPMG
Cisco outsources 95 percent of its manufacturing, to an array of roughly 1,500 contract manufacturers and other suppliers. “It's really put a great challenge on us in terms of how we can continue to grow and work with such a large group of suppliers yet continue to maintain control over that growth and over the quality and distribution of our products,” Steele says.
Cisco's growth in acquisitions over the last 10 years adds additional stress, “integrating companies and making sure we de-risk those companies as we bring them into overall supply chain within Cisco,” Steele says. Adding to its supply chain complexity is the diversity in Cisco's products, which range from infrastructure products to consumer devices, each with a different supply chain model and risk profile.
To move risk management to the front end, Steele's team works with Cisco's engineer groups and supplier management groups (the ones responsible for deciding where components are sourced, designed, and launched) to identify risks earlier in the process.
“We have a seat at the table for our processes and analytics and we try to interject a risk and resiliency perspective into key business decisions,” Steele says. By better understanding these groups' business resiliency plans, Steele's team knows in the event of a disruption “who to contact and how we can assist to ensure continuity of supply.”
And just how does Steele determine a business plan's “level of resiliency?” Cisco has a metric called “time to recover,” which is the number of weeks required to restore 100 percent operational output following a supply-chain disruption. This involves going through each of Cisco's top 100 products to calculate their resiliency index, which is spelled out on a metrics dashboard.
MAJOR SOURCES OF DISRUPTION
In the following chart from the Supply Chain Resilience 2011 study, respondents were asked to rank the major sources of disruption on supply chains over the past year:
Source: Zurich Study: Supply Chain Resilience 2011.
Each business decision is weighed across different levels, including the resiliency of components, suppliers, manufacturing, and testing. With 12,000 products and 150 different product families, the process is “very data intensive,” says Steele.
Cisco has an internal plan as well, by mapping out, across the extended enterprise, what the key processes are to assure that workarounds and backup capacity for processes and key IT systems exist. “So we're very tapped into our IT community to ensure we're covered from that standpoint,” Steele says.
To that end, Cisco has invested heavily over the last several years to develop a business analytics platform “that allows us to automate a lot of the calculation of this and provides a lot of visibility to our business partners across Cisco,” Steele says. The lesson for other companies is to “tailor your capabilities to your priorities.”
All that was put to the test in 2010, when one of Iceland's volcanoes sent a plume of ash into the sky and closed down air traffic across much of Europe for nearly a week. At that time, nobody knew how long air space would be closed. Steele says his team was not only able to get quick visibility into lead times for customer delivery, but also gamed out numerous scenarios and backup plans were the eruption to last longer.
“It very much gave our customers a level of comfort that we were able to address key issues of business continuity and product delivery continuity,” Steele says. “It also allowed the organization to have a lot more of controlled response.”
No comments yet