If you receive errors when attempting to view this white paper, please install the latest version of
"The current economic downturn, combined with an increasingly complex global
business and regulatory environment, has left international businesses more vulnerable than ever to supply
, and it is imperative that they find better ways to manage that risk."
Source : SAP
Understanding And Managing Supply Chain Risk
Supply Chain Risk also known as :
Supply Risk Management,
Supply Chain Risk Management,
Globalization supply chain,
Supply chain logistics,
Supply chain risk mitigation
With supply chains expanding in size
and complexity, enlightened professionals and companies are focusing more
energy on managing supply chain risk. While the topic is gaining prominence
in boardrooms, many companies do not yet have a sufficient grip on the
risks they face. Globe-spanning extended supply chains are susceptible to
myriad disruptions. These range from the fairly typical and mild fluctuations
of the "normal" course of business to major disruptions, such as lost
production capability caused by a fire at a crucial fabrication plant, or the
closing of ports or transportation corridors due to a natural disaster.
Many organizations do not commit the time and resources necessary to
understand global sourcing and the ramifications, costs, and benefits of
redesigning supply chains to better manage risk. To address this,
companies can implement programs to identify and profile risk variables,
quantify risk for business decision making, and implement IT solutions '
leading to greater resilience and efficiency and improving the bottom
A World Of Risk
Supply chains today are growing continuously more
complex, interconnected, and global ' for example, entering low-cost
countries in search of good production and labor conditions or a favorable
economic climate. Operations become increasingly dispersed as distances
expand between links in the chain ' or perhaps more accurately, between nodes
in the Web. Along with the greater distances and longer lead times that
result, complexity increases, while more regulatory and compliance issues
pose greater operational challenges. And these are merely the broad
strokes of the complicated picture of today's supply chain management issues.
There is some irony in that the very efficiency of modern supply chains can
contribute to increased vulnerability. The tenets of lean production methods
and just-in-time manufacturing and delivery have led to the paring and honing
of supply chains into finely tuned models of efficiency. But this approach
calls to attention an inverse relationship between efficiency and risk.
For example, single-source supplier strategies can result in favorable volume
rates and excellent service. But if that supplier has a major disruption
in its supply chain, its customers are left completely vulnerable. The answer
is not to disregard the efficiencies of such practices, of course, but
companies must be able to understand, profile, and manage the attendant
risks ' for example, weighing the expense of duplicate machinery against the
possibility of lost production.
Events anywhere in an organization's
extended supply chain can cause disruptions and process execution failures
with deep financial ramifications. Complexities arising from the number of
participants in the supply chain can make it hard to identify weak spots.
Companies will typically document and account for events after the fact '
after the damage is done ' but many do not sufficiently address these
issues in the supply chain network design phase. Often, too, companies
recognize immediate effects with sufficient clarity, but fail to see other
more subtle, long-term ' and expensive ' consequences.
implications of supply chain redesign and global sourcing in this light is
essential to a company's long-term viability and economic success.
Companies can take the following key steps to better address risks in their
supply chains, as follows:
- Identify and profile risk variables
appropriate factors to risk for quantitative inclusion in business
- Understand how technology tools can enable the
organization to better manage risk in the context of overall goals
Understanding And Defining Risk
The topic of risk in business is of course
not a new one. Risk is the bread and butter of the insurance industry, and
is defined in the abstract as the possibility of loss in the real world. Used
as a noun, "risk" can refer to physical property to be protected by an
insurance contract, or to an entity to be ensured, either a person or a
In the world of finance, the term covers a wide range of
categories and nuances, but at the highest level it falls into two main
categories ' systemic risk and nonsystemic risk. Systemic risks refer to
those unique to a particular company, while nonsystemic risks are
big-picture, macro factors that affect all businesses, such as global
political and financial conditions. These definitions, and the strategies and
processes other industries use to understand and manage risk, can also be
applied to supply chain management.
A Range Of Potential Factors
a company's extended supply chain are many. Potential disruptions can be
caused by fluctuations of customer demand, financial factors such as exchange
rates and market pressures, and environmental and geopolitical factors such
as weather, natural disasters, political instability, and union action.
Beyond the common, low-level events that occur across the supply chain on a
regular basis, less frequent but high-impact incidents create further
exposure. Companies must recognize that these risks exist and work to
understand both the immediate, obvious effects as well as long-range, more
subtle, and distributed consequences. Companies then need to quantify the
risks they face and enact strategies to manage them efficiently and
At times companies may have to examine assumptions and think
in new ways. "Rare" occurrences are in reality anything but rare for a large
organization with a far-flung supply chain crisscrossing the globe,
running a gauntlet of tornadoes in the Midwest, earthquakes on the Pacific
Rim, and war in the Middle East. A further, more insidious risk is posed by
the threat of intentional disruptions caused by criminals and terrorists.
These risks require special attention because of their adaptive nature:
unlike random breakdowns, intentional disruptions can be targeted toward
perceived soft spots and weaknesses in the extended supply chain.
potential risks to the supply chain may be obvious, this area of supply chain
management has not yet received due attention. However, more and more
forward-looking companies and supply chain professionals are moving toward
adopting the mathematical and statistical methods more commonly associated
with the fields of finance and insurance
Companies need to quantify the
risks they face and enact strategies to manage them efficiently and
Measuring And Profiling Risk
For companies that have not yet begun to
enact risk management processes, a good first step is to gather as much
data as possible on current business operations, including data about
suppliers, customers, and the organization's production and fulfillment
departments. With this information companies can begin to establish a
baseline risk profile. Companies with enterprise software and integrated
supply chain management capabilities will have an advantage here, with
better access to the information they need, thanks to enterprise-wide data
and process interconnectivity.
Profiling The Supply Side
To get a more
complete picture of their inbound supply chains, companies should compile a
profile of their supply bases. This data should cover a wide range of
supplier information, including the following:
- Total number of suppliers
- Geographic location and diversity (of production and shipping centers, as
well as headquarters)
- Production capacity
- Production flexibility ' for
example, can the supplier manufacture the company's product line at
Aggregating supplier data will
allow companies to study and perform analysis on this information.
Vulnerabilities can be prioritized and mapped, making it easier to consider
the likelihood, consequences, and costs of taking ' or not taking '
preventative actions. Again, IT can greatly facilitate this process, with
automated information collection and built-in analytical tools.
can use supply profiles to identify vulnerabilities in their supply chains. A
supplier might have several manufacturing plants, for example, but they
are all in the same region ' open to potential disruptions caused by local
economic conditions, political situation, or natural disaster. Companies can
then strategize, creating contingency plans, lining up backup sources, and
Then there is the issue of single sourcing. To what
extent do the advantages outweigh the risks? The impact of such methods on
efficiency, cost savings, and stronger relationships is undeniable, but at
what cost? Supply chain risk management will help organizations answer such
Companies with enterprise software and integrated supply
chain management capabilities will have an advantage, with better access to
the information they need, thanks to enterprise-wide data and process
Profiling The Demand Side
Companies can follow the
same process in examining the demand side of the equation. Looking at its
outbound supply chain, a company can determine whether it is overly dependent
on a small number of customers. The company may look at geographical data
for overreliance on a single "ship-to" locale or a particular distribution
center, trucking corridor, or port. The dangers of such a heavily
concentrated customer base were revealed on a large scale during the
tragedy of Hurricane Katrina in 2005.
While companies may not be able to take
direct action on behalf of their customers, they can share information.
For instance, a company might communicate that it is insufficiently
diversified on the demand side, thereby essentially informing the customer
of its own exposure. Companies can also encourage the kind of actions they
prefer through contract agreements and other methods.
Profiling Fulfillment And Production
Organizations can next look to their "internal"
networks and create a profile of their goods or services as well as their
customer fulfillment networks. These networks may not be literally internal,
of course, due to outsourcing and partnerships, complicating the profiling
process but certainly not decreasing its importance.
Data on a company's
fulfillment and production can help determine if there is a good mix of
products and a geographically dispersed distribution of inventory. An
organization may find that though it ships both by freight and air, it is
using a common "ship-from" node, leaving the company exposed to a disruption
such as a natural disaster or labor disagreement. This example also shows the
need to look deep into the data, as a preliminary glance would have shown a
seeming diversity and flexibility in using two different modes of transport,
not revealing the potential "choke point" of a single ship-from node. With a
baseline risk profile in place, companies are in position to aggregate their
findings and begin to create and implement risk management strategies.
With a baseline risk profile in place, companies are in position to
aggregate their findings and begin to create and implement risk management
Strategies For Managing Risk
Businesses have tended to consider supply
chain risk management to be just another operational hurdle to pass '
another regulatory requirement, another expense. But with modern, extended
supply chains, the risks facing businesses and management teams are no
longer limited to a single location. Through outsourcing, partnerships, and
contracting, supply chains now take businesses outside organizational
walls, across great distances and political and cultural barriers. Informed
companies are beginning to recognize both immediate and long-tem
opportunities for competitive advantage in supply chain risk management. This
is borne out by recent trends showing more and more attention being paid
to this issue at the boardroom level.
Risk management is best thought of as
an ongoing process, a program of continuous improvement. Establishing
baseline profiles and historical data will enable companies to fine-tune
analysis and forecasting, aggregate data to smooth out statistical
fluctuations and ease forecasting, and better discern between "normal"
disruptions that are part of everyday business and potentially serious
Narrowing The Gap
Supply chain management professionals and
organizations can institute a number of strategies to narrow the gap between
the current state of risk management and the optimal level. Some ideas
include the following:
- Build a comprehensive model of the global supply
chain, capturing business activities and key supply chain operations of
primary partners, suppliers, and customers.
- Use this model to identify
risks that can be ameliorated through business strategy or process changes
' for example, having flexible production supplier contracts or reserve
- Implement IT solutions that connect business data and
processes from end to end, providing visibility into planned events, warnings
for unexpected events, proactive exception management, and so forth.
- Encourage and develop a culture of risk management by undertaking initiatives
such as contingency planning programs or involving key personnel in risk
- Use principles of continuous improvement with annual
"supply chain drills" that test and scout for weaknesses, blind spots, and
trouble areas in the extended supply chain.
Informed companies are
beginning to recognize both immediate and long-tem opportunities for
competitive advantage in supply chain risk management. This is borne out
by recent trends showing more and more attention being paid to this issue at
the boardroom level.
Technology Enables Risk Management
mentioned above, IT tools can help companies aggregate baseline data and
create supply chain profiles. Enterprise-wide software solutions can also
help traditional supply chains evolve from linear and sequential operations
to adaptive networks capable of adjusting intelligently to changing economic
and market conditions. The same functionality that supports supply chain
network visibility, cooperation, and analytics can also enable supply chain
risk management. Companies can synchronize supply to demand, and sense and
respond to supply chain events through an adaptive network with real-time
distribution, transportation, and logistics capabilities.
enterprise-wide software solutions can be crucial because in many cases
companies actually possess the data they need, but disconnected systems
impede the ability to make the right data accessible to the right people at
the right time. With an end-to-end software solution, the overall result is a
more transparent, responsive supply chain network that supports
organizational efficiency as well as flexibility and resilience.
In recent times risk management is gaining a higher corporate
profile. Companies of vision are allocating more and more resources to the
topic, and this trend is likely to continue. As supply chains extend and
become ever larger and more complex through the pursuit of new markets for
goods and new suppliers for product components, supply chain management
and risk management become more inextricably linked. And with expansion of
supply chains the risk of disruption grows as well. In addition to known
challenges such as port closings and regulatory compliance issues, companies
must put themselves in a position to deal with larger disruptions '
disruptions that may well be unexpected and statistically rare, but which
are nonetheless inevitable.
Understanding risk is the first step to managing
it, and companies can begin by identifying and profiling risk variables,
assigning factors to risk so they can be assessed quantitatively, and using
IT tools to help better understand and manage risk. Taking such steps can
help companies be better aware of potential risks and more able to handle
supply chain disruptions ' putting them in position to be looking for
business opportunities when others may just be looking for a way out. And
the same strategies, processes, and IT capabilities that enable supply chain
risk management can also help improve day-to-day business in areas such as
fulfillment, procurement, supplier relationships, and inventory management '
thus improving technology ROI, helping to align risks with corporate
goals, and making a positive impact on the bottom line.
About The Author
Scott R. Sykes is a principal of supply chain solutions at SAP
America. As a member of the Council of Supply Chain Management Professionals
(CSCMP), he was a speaker at CSCMP's 2006 Annual Conference in San Diego,
California, copresenting Dr. C. John Langley's "11th Annual Third-Party
Logistics Study" findings in the current research and surveys track. Sykes
authored the technology enablement section of the report, which is available
The following organizations offer
a wide range of resources on their Web sites, covering topics such as
business risk, quantifying risk, supply chain management, and many other
Contingency Planning Management Group CPM Group, a global supply chain management organization, offers at no charge a number of
excellent resource guides and an archive of articles on various subjects
related to contingency planning. (www.contingencyplanning.com)
International Risk Management Institute This organization focuses more on
insuring against risk than in mitigating risk through better strategy and
design, but offers a great deal of free information on risk management. (www.irmi.com)
Lloyd's of London The famed Lloyd's is adept at quantifying business
risks, from truck fleets hauling hazardous materials to the throwing arms of
professional quarterbacks. Lloyd's is a good source for background
information related to quantifying risks. (www.lloyds.com)
by Scott R. Sykes
Business Process Innovation
Table of Contents
- Executive Agenda
- A World of Risk
- Understanding and Defining Risk
- Measuring and Profiling Risk
- Strategies for Managing Risk