company resource center white papers

Essential Characteristics of a Supply Chain Risk Management Strategy

Download the PDF VersionIntroduction

Since the early part of this decade, supply chain risk management has become increasingly more recognized as a critical part of the corporate strategy. The move to leaner, global supply chains and events such as severe weather, terrorist attacks and financial instability have highlighted the risk of disrupted supply.

Traditional approaches to supply chain risk management have focused on risk assessment and mitigation; the process of identifying those points in the supply chain that are at risk and developing strategies to mitigate the risk should the worst happen. This process is necessary and correct. Those companies best able to recover from a supply chain event are those that are prepared.

There is another side to supply chain risk management. Despite the best planning and the best preparation, sometimes an event happens that was not anticipated, or, the event that was planned for happens, but the mitigation strategy didn't work as planned. When this happens, companies need to be able to react quickly to the situation; assess the impact, determine the best response(s) and implement these responses in a timely manner.

An analogy to consider would be that of driving a car. Most of us drive our vehicles every day. The worst case scenario would be to get into an accident. Similar to a supply chain event, a car accident can result in injured people and always costs money. To prevent accidents from happening, good drivers will;

  • follow the rules of the road,
  • keep their vehicles well maintained,
  • avoid high accident areas,
  • try to avoid inclement weather.

These are the mitigation strategies of a good driver.

Despite our best efforts, dangerous situations — most of which are caused by external factors out of our control — occur that could result in a serious accident if not handled. Our ability to respond when these situations occur can determine whether or not the accident happens. Response in this situation uses the following process;

  • assess the situation (there is somebody in my lane going the wrong way!),
  • evaluate alternatives,
    • hit the brakes (not enough time to stop)
    • swerve to the left (cars in that lane)
    • swerve to the right (looks clear)
  • and finally implement the maneuver. (swerve to the right and avoid the oncoming car).

To avoid the accident, the response must be instantaneous. If the reaction is too long, the results could be disastrous. This is the response to an unplanned event.

In supply chain risk management, companies strive to understand and mitigate the possible risks, but despite these efforts, events caused by external factors outside of their contol may occur that were not anticipated. This means that the company must now respond. This response must be very fast if the company is to recover from the event. The most prevalent lag in the system is access to information on which decisions can be made, often referred to as supply chain visibility.

There are several primary elements to a company's reaction time: The speed with which;

  • the event is detected,
  • the consequences are determined and evaluated,
  • the people responsible for the consequences are identified,
  • the team for responding to the event can evaluate several alternatives in a rational and coordinated manner, and
  • the suggested responses can be evaluated and a final decision made by senior management.

The combination of these factors determines how fast a company can respond when a disruptive event occurs.

Why Supply Chain Risk Management (SCRM)?

In recent years, supply chain risk management's profile has increased. A 2007 AMR Research report indicated that:

"Nearly 50% of firms plan to implement or evaluate SCRM technology in the next 12 to 24 months, indicating that penetration is relatively low and interest levels are quite high."

"Managing Supply Chain Risk in the Supply Chain — a Quantitative Study;"
AMR Research; Mark Hillman and Heather Keltz; January, 2007

According to the same report, the following business trends are contributing to the growing awareness of supply chain risk management.

  • Leaner supply chains — We have been driving the inventory out of our supply chains, saving money and avoiding liability. Unfortunately, when a supply chain event occurs, there is very little buffer with which to recover.
  • Global sourcing — More and more, companies are sourcing supply from around the world. Lead times have stretched, visibility is limited and communications are difficult.
  • Higher customer expectations — Consumers want instant gratification. Once the decision has been made to buy, they want the product immediately. Slowdowns in the supply chain causing late orders can often result in lost customers.
  • Complexity and interdependency of supply base — Instead of dealing with a set of component suppliers, supply chains today consist of a network of contract manufacturers, with material flowing in all directions (it is not uncommon for the brand owner to supply materials for their contract manufacturers – making the brand owner a supplier and customer at the same time.)
  • Volatility and variability of demand — Add to this the shorter life cycle of today's consumer products and life gets interesting fast!
  • Increasing commodity costs and tighter logistics capacity — Making it harder and more expensive to ship goods around the world.

In February of 2008, a fire at the Lite-On LCD plant in China expected to reduce the monthly capacity of the plant by 750,000 units, from 1 million units.

"Fire at Lite-On plant affects more than 50% of LCD monitor production capacity, says paper"; emsnow; February 6, 2008

In a 2005 study, AberdeenGroup linked popular supply strategies to supply chain risks. As is shown by the table on the following page, there is a correlation between some of the newer practices and the additional risks we are seeing today.

These trends have been further exacerbated by major events over the past several years:

  • Enron / Sarbanes - Oxley
  • Terrorist attacks (and the increasing security consciousness around North American ports of entry)
  • SARS and Avian flu threats
  • Asian Tsunami and Hurricanes Katrina and Rita
  • High profile business failures and disruptions
  • The earthquake in China
Supply Strategy Opportunity Risks
LCCS
  • Access 20% to 30% lower material and labor costs
  • Move supply closer to manufacturing and customer sites in emerging markets
  • Longer lead times
  • Increased risks of supply disruptions and transportation capacity and performance issues
  • Exposure to new political, security, regulatory, tariff, and currency risks
Outsourcing
  • Improve operating performance and service levels
  • Lower operating costs
  • Limited visibility or control of service levels or selection and performance of sub-tier suppliers
Lean and JIT
  • Reduce inventory costs
  • Streamline operations
  • Little, if any, buffer stock or time increases risk of stockouts and manufacturing disruptions due to supply or delivery glitches
VMI and Integrated Supply
  • Improve spend leverage
  • Improve service and fill levels
  • Reduce management burdens
  • Access "one-stop shop"
  • Increased reliance on single supplier for broader range of materials and services
  • Limits ability ot directly manage spend visibility, quality, and performance
Supply Base Rationalization
  • Improve spend leverage
  • Reduce management burdens
  • Improve strategic supply relationships
  • Increased reliance on fewer or even sole-source suppliers links performance to financial and operational health of supplier
  • Increased likelihood of dual- or sole-sourced suppliers relying on single sub-tier supplier

Source: AberdeenGroup, September 2005

In 2002, the International Longshore and Warehouse Union was locked out, shutting down ports along the west coast of the United States for 10 days. The lockout was estimated to cost the US economy up to 2 billion dollars per day. The lockout closed several factories including a joint venture between GM and Toyota.

"Hope in West Coast port talks"; CNNMoney; Chris Isidore, CNN/Money Staff Writer; October 3, 2002

Proactively Analyzing and Mitigating Supply Chain Risk

There are three key phases to proactively managing supply chain risk;

  • visualize and understand risks that apply to the supply chain,
  • measure and prioritize the risks, and
  • take action — decide which risks need to be addressed and develop mitigation strategies for those risks.

Let's take these one-by-one to understand how you would accomplish each and the tools needed to support these efforts.

Visualize and Understand Risks

The first step is to assess supply sources to determine which ones are most critical to the business. The most effective approach is to evaluate which suppliers contribute the most to top-level revenue. From an analytics perspective, a tool is needed that will identify the ultimate parent of each component, then assess the component's revenue contribution. Further, the assessment must be deep as well as broad. The assessment can't stop at the contract manufacturer. The assessment must also evaluate components that the contract manufacturer uses. A low risk contract manufacturer that uses high risk sources is still a high risk. This broad and deep analysis requires a tool that provides visibility to the whole supply chain including lower tier suppliers.

Once the supply base is prioritized in terms of their contribution to revenue, the risk factors that apply to each supplier need to be assessed. This assessment is typically done against the suppliers that contribute most to revenue first.

Supply chain risks can come in many forms. It is the responsibility of the risk assessment team to imagine and understand these various types of risks. Supply chain risks at a high level fall under these general categories;

  • Natural disasters (severe weather, fire, earthquake) that disrupt the supply chain. These types of events are very difficult to plan for; however, knowledge of the local geography of a supply source helps to identify those suppliers more at risk. (Is the area known for hurricanes, earthquakes or wild fires?)
  • Flu / pandemic — These types of events are similar to natural disasters in that they are very difficult to predict.
  • Economic risks — Which supply sources are experiencing financial difficulties?
  • Political risks — Which supply sources are in an area of the world that is politically unstable?
  • Transportation risks — What transportation routes are used to move materials and finished goods? What if that route is closed (see sidebar)?
  • Unstable Demand — Is demand relatively stable? What if demand falls far below expectation? What inventory liability will the company experience? What if demand far exceeds expectations? Will the supply chain be able to keep up?
  • Unstable Supply — Is the source reliable? Do they provide good quality products, on time?

Measure and Prioritize Risks

These risk factors need to be applied to the supply base such that each supplier is scored according to the risk factors outlined above. With the scoring of the suppliers and the assessment of the impact each supplier has on the business, the supplier can be plotted on a risk matrix.

Take Action

Once there is an understanding of the various risk factors, there is a need to determine where action needs to be taken. Not all risks will necessarily be addressed. For risks that fall into the green areas on the matrix above a company may decide not to develop a mitigation strategy at all.

The mitigation strategies can be different depending on the situation. For risks related to the supply base, mitigation strategies could include;

  • sourcing from different suppliers,
  • developing supply sources in other parts of the world,
  • alternate modes of transportation, and
  • product re-design to use standard components.

For risks related to demand variability, mitigation strategies could include;

  • demand shaping,
  • postponement strategies, and
  • buffer inventory.

The mitigation strategies must be modeled and tested. Given a different source, how would the different lead times, costs, supply constraints impact the corporate metrics? To test this effectively, the mitigation strategy is simulated and the results evaluated relative to other alternatives and relative to corporate goals.

If the mitigation strategy chosen does not yield acceptable results, then a different strategy needs to be chosen and evaluated.

Monitor, Review and Maintain

As time moves on, risk areas will change as will the mitigation strategies. Both the risks and mitigation strategies need to be reviewed on a regular basis to ensure that new factors are considered.

Supply chain risk management should not occur only a few times per year; it should be a continuous process and monitoring of supply chain risk. It should include trends, not just absolute numbers. Trends should be used as an early indicator to prevent risk situations from occurring. Procurement teams need to be trained in risk management so that when sourcing new suppliers, they can strive to add suppliers that reduce overall supply chain risk. Logistics teams need to be trained to understand what routes are at risk and when. Supply management teams need to recognize potential for inventory liability should demand for a given product disappear.

Responding to Supply Chain Events

As described in the introduction, there is a second side to supply chain risk management; responding to supply chain events. Depending on whether or not the disruption was anticipated or not, responding to supply chain events can take two forms;

  1. Responding to an unanticipated supply disruption.
  2. Responding to an anticipated supply disruption by implementing the mitigation strategy

In both cases, the key element is timely alerting that an event has taken place. You can't respond to something if you don't know it has happened. The supply chain should be monitored and an alert triggered when a disruption has occurred so that those who need to respond are provided timely notification. That being said, alerting on the event is not enough. The alert mechanism should be smart enough to alert you on the events that impact the business.

An unanticipated event is a disruption that despite best efforts was not foreseen and therefore does not have a mitigation strategy prepared. In this case, the speed with which the company can react and respond can mean the difference between an insignificant blip and a full-scale crisis.

An anticipated event is a disruption for which a mitigation strategy has been prepared. In most cases, implementation of the strategy goes as planned, but sometimes there are unanticipated problems; material shortages, capacity shortfalls, quality issues. In these cases, being able to respond effectively can mean the difference between a fast recovery and a painful crisis.

Capabilities Needed to Support Supply Chain Risk Management.

While the need is high for supply chain risk management tools, the capabilities of most supply chain risk management tools are not keeping pace. Companies are looking for tools to help them assess supply chain risk, develop mitigation strategies and respond to supply chain events both anticipated and unanticipated. As companies begin their evaluation they should ensure that any risk management assessment and response tool provide the following capabilities;

  • Visibility — In order to properly assess supply chain risk and respond to events, visibility across the supply chain is required. This means that the supply chain risk management tool must be capable of integrating with, and modeling ERP analytics from, multiple disparate ERP systems, including systems supporting the supply and distribution nodes.
  • Event detection and alerting — The sooner a supply chain disruption is recognized, the faster the response. An alert that shows up in e-mail or a portable e-mail device will ensure that the appropriate people are made aware of the event when it happens. Too many times, event detection is based on the event itself. To be truly valuable, alert should be triggered based on the anticipated impact of the event. For example, if a supplier goes out of business, but the loss of this supplier doesn't impact key metrics, an alert may not be necessary.
  • Analytics — The full suite of supply chain analytics needs to be modeled in the supply chain risk management tool to ensure the impact of a potential supply chain event is understood. When an event happens, analytics are used to model the event and determine the impact. Above all, these analytics need to be performed in real time, especially when responding to an unanticipated supply chain disruption. When an event happens, every second counts and a company can't wait days or weeks to understand the impact or to determine resolution alternatives.
  • Simulation — Simulation is critical to both sides of supply chain risk management. When assessing the risks, simulation helps to model different risk scenarios. Further, simulation is used to model alternative mitigation strategies to ensure that they are sound. When responding to an unanticipated supply chain event, simulation is used to model and compare the various response alternatives.
  • Collaboration — The risk management team will need to evaluate several possible mitigation alternatives. Members of the team will likely not have the detailed knowledge necessary to explore all alternatives in the detail needed to develop a robust mitigation strategy. The ability to bring other people into the evaluation process is critical both to validate the proposed strategy and to propose key improvements to the strategy. Similarly when responding to an unanticipated supply chain event, collaborating with those with the detailed knowledge ensures that the response alternatives are reasonable.
  • Scenario comparison — in the process of developing mitigation strategies or responses, the team may develop multiple approaches that potentially resolve the problem, but in differing ways. The team needs to make a decision on which resolution or mitigation alternative best meets the goals of the organization. One approach may extend lead times by 30 days, while the other may increase the cost of goods sold by 10%. The decision on which approach is best needs to be evaluated in light of corporate goals.

Summary

Recent supply chain management optimization practices, while reducing costs and leaning inventory levels, have left companies with unprecedented levels of risk exposure and very little buffer inventory with which to recover. Many companies have recognized this and are now undertaking supply chain risk management programs.

There are two sides to supply chain risk management;

  • Risk assessment and mitigation, and
  • Responding to unanticipated supply chain disruptions.

Both are necessary components to an effective supply chain risk management strategy. With strong risk mitigation strategies in place a company is ready to face a given supply chain event. However, not all events may be anticipated. When these events occur, a company must be prepared to respond quickly and effectively or risk suffering financial and customer service losses.

To have an effective supply chain risk management strategy, a tool is required that addresses both sides; risk assessment and mitigation and event response. This tool must support;

  • visibility and analytics capable of modeling the entire supply chain,
  • simulation combined with the ability to compare resolution alternatives,
  • event detection and alerting to instantly notify of supply disruptions — and the impact to the business, and
  • the ability to collaborate with the knowledge experts in the company to develop the most robust mitigation strategies and event responses.

With an effective supply chain risk management strategy that encompasses both risk mitigation and response, along with the tools that support this strategy, a company can ensure that they can recover quickly from a supply chain disruption.

ABOUT KINAXIS

Kinaxis™ RapidResponse is a single on-demand service that empowers multi-enterprise manufacturers with integrated demand-supply planning, monitoring, and collaborative response capabilities. RapidResponse embraces human judgment to enable planners and front-line responders to handle unpredictable changes. Global leaders such as Casio, Honeywell, Jabil, Qualcomm, and Raytheon use RapidResponse to achieve breakthroughs in sales and operations planning (S&OP), demand management, supply management, and supply chain risk management. The results are superior customer service, improved operations performance, and a competitive market advantage. For more information, visit the Kinaxis web site at www.kinaxis.com or the company's blog at blog.kinaxis.com.

Comments on this paper?
Want to learn more?
Please join us online at:
http://blog.kinaxis.com

blog

21st Century Supply Chain

Fine wine for your supply chain

What is the "right" S&OP tool?

Supply chain excellence is not a guarantee for success

Control Tower Concepts: What might go wrong? A case for a strong project management...

RSS 2.0 subscribe to updates

twitter follow us

Comments on these issues? Blog about it.