Learning How Much We Don’t Know Is the First Step to Appreciating Supply-Chain Risk Management

This article was written by ISCPO Board Member Maurizio P. Scrofani, CCSP, LPC, and was originally published at LPM.

Also read at LPM: Into the Rabbit Hole of Supply-Chain Risk

The supply-chain web is spun so intricately that it’s impossible to know it, truly. Perhaps the most we can aim for is to gain knowledge about one link, then another, and gradually appreciate more fully how pieces fit together. Maybe it’s not realistic—when it comes to today’s supply chain—to have a goal of becoming an “expert.” Instead, dedicate oneself to being a lifetime student of supply chain’s infinite complexities.

The aim of supply-chain risk management (SCRM) is fairly straightforward. It’s how we help to identify risk and manage supply-chain security adequately. But learning about supply-chain risks is a bit of a rabbit hole. Even something seemingly basic can be muddy, such as where supply chain starts. (With a product’s manufacture? When plans are drawn? At ideation?) What’s certain is that risks are inherent at every step along a product’s path to a store’s shelf. And, perhaps, back again as purchase does not always mark an end to a product’s path through the supply chain.

In the case of a return, the product may hit the road again, from store back to vendor, and undergo additional steps. In the case of, say, an oil-filled radiator, a vendor may face a series of environmental regulatory steps before parts and pieces are sent back to the manufacturer or a scrap company.

The number of players, the differences in technologies, the amount of information, and the sheer volume of interactions between these and other layers of today’s global supply chain make it extremely difficult to identify risks, let alone mitigate them.

Supply-chain management encompasses the coordination of the many activities related to sourcing, procurement, conversion, and logistics. It involves planning and processing orders; handling, transporting, and storing the products purchased, processed and/or distributed; and managing the inventory of goods in a coordinated manner. And there is risk through it all—as broad and diverse as the supply chain itself.

Cargo theft is an example of a risk in the supply chain. It is, however, a single risk within a small section of the supply chain (logistics). A furniture manufacturer/seller of wooden dressers, for example, will have to manage myriad supply-chain risks long before it has even made a product to ship. For every metal screw or plastic knob that will come from a supplier, the company will need to assess reliability, and for every shipment of wood, its health and quality.

Geographic Impact of Supply-Chain Risk Management

Today’s vulnerabilities are multiplied due to greater geographic distances and the complex processes of the supply chain. Globalization presents unique challenges when applying supply-chain risk management methodologies to safeguard the supply chain from emerging threats and vulnerabilities. Disruption can hit the supply chain at any point, from manipulation in raw material usage, malware and intrusions in digital supply-chain processes, cargo theft, and crime in warehouses and distribution centers.

At the very broadest level, external supply-chain risks include:

– Demand risks caused by unpredictable or misunderstood customer demand.

– Supply risks caused by any interruptions to the flow of product, whether raw material or parts, within a company’s supply chain.

– Environmental risks from outside the supply chain, such as economic, social, governmental, and climate factors, including the threat of terrorism, global crisis and recession, and political upheaval.

– Business risks caused by factors such as a supplier’s financial or management stability, or purchase and sale of supplier companies.

– Physical plant risks caused by the condition of a supplier’s physical facility and regulatory compliance.

In each area, questions fuel a risk-management process. Our furniture company, for example, needs clarity on key issues related to its suppliers if it is to embed resilience into its business. Intellectual property is one area—one among many—that it needs to examine.

– Do our suppliers have a history of intellectual property theft? Been accused of it?

– Have they been victims? Did an employee improperly share sensitive information or provide access to a facility? Was there a computer network intrusion?

– How do they protect their internal computer networks?

The furniture dealer also needs to know about its suppliers’ processes and procedures to verify the quality of its products or third-party products and services: How is the quality of product verified? What mechanisms are in place to ensure products meet requirements? Is an inspection process in place to review materials and/or services? Distribution is another category: How do suppliers transport products? Are they warehoused during transportation, and if so, where? Who has access to those properties? And what about finances? Are the suppliers stable?

Again, these are just some of the necessary risk-management questions to help neutralize a small sampling of external risks, from a few slivers of the supply chain. And while partnerships with top suppliers are typically strong, these questions should also be asked and answered for second and third-tier suppliers.

Of course, our fictional furniture firm faces an equal number of internal risks, including manufacturing risks, business and process risks, and planning and control risks. It faces risk from shrinkage resulting from holding too much inventory, for example. And what about risk from product defects? Or high labor costs? Or poor planning? What if key personnel leave? How might that impact business processes or how purchasers communicate to suppliers and customers?

The consequences of failure are hardly hypothetical. A new commercial airliner was delayed three years because of a failure to assess supply-chain risks properly. A candy maker’s stock sank 8 percent when it couldn’t deliver for Halloween. And in 2015, a cascade of technology missteps in a major big-box retailer’s supply chain, which caused the prospect of patchy or empty store shelves, forced it to withdraw entirely from a country’s marketplace.

Conducting a Company-Wide Risk Assessment

A robust SCRM process starts by identifying this world of risk—conducting a comprehensive, organization-wide risk assessment to determine what can go wrong. Relevant metrics, multiple sources of input, and augmented data analysis are necessary to get an accurate picture of the current situation. Risks then need to be scored and prioritized, based on their likelihood of occurrence and potential impact on business.

Once risks have been identified and prioritized, organizations need to create a comprehensive risk-mitigation plan based on short-term, medium-term, and long-term risks; to identify the right people to implement it and assign responsibilities; and to create escalation mechanisms for each risk and contingency plan.

A clear risk picture and planning are the base layer. Organizations must also monitor and track the progress of their risk-mitigation initiatives to ensure that they work in real-life business situations. Risk-management tools and insightful dashboards can help steer an organization through interactions with suppliers and other operational stakeholders and prompt timely informed decisions. Broadly, SCRM is critical to managing interaction between suppliers, information, technologies, products, and logistics service providers.

So what does our furniture company stand to gain? By improving its management of supply-chain risk, it can maintain control over inventories and distribution, thereby matching and managing supply with demand to reduce costs, improve sales, and enhance company profitability. That, too, sounds simpler than it is. It requires:

– Understanding the business, the customer and customer needs, and adapting the supply chain to find the balance that maximizes profitability.

– Customizing the logistics network to meet the service requirements of various markets, which may influence the size, number, location, ownership, structure, and mission of warehouse facilities.

– Recognizing market signals and aligning strategies accordingly to ensure consistent supply forecasts and optimal resource allocation.

– Strategically locating/warehousing products close to the customer base and speeding conversion efficiencies to react quickly to market signals and store/customer needs.

– Managing supply sources strategically to reduce the total cost of owning goods, as well as teaming with business partners to reduce costs across the supply chain to lower prices and enhance margins.

– Developing a technology strategy and IT system capable of integrating all the above information—one that makes all this critical decision-making possible.

A well-managed supply chain—one that mitigates risks—is essential to a successful operation. In today’s global manufacturing environment, where merchandise often moves across oceans or continents before appearing on store shelves, the risk of loss or delays due to cargo theft, weather, work stoppage, and even paperwork errors requires innovative and comprehensive supply-chain risk-management solutions to manage successfully. When we consider that every single piece of merchandise must in some way pass through the supply-chain network, it’s easy to see the need to implement appropriate controls and protect our interests against an increasingly complex world of risk.

—

MAURIZIO P. SCROFANI, CCSP, LPC, is a well-known supply-chain asset protection professional with over twenty-five years of experience in retail and manufacturing, including leadership roles with Macy’s, Bloomingdale’s, Delonghi, and Toys“R”Us. He was cofounder and president of CargoNet, a supply-chain theft prevention and recovery network solution of Verisk Analytics. Currently, Scrofani is the chief supply-chain security officer for ALTO Assurance where he leads the team that offers shippers and logistics providers a comprehensive, end-to-end asset protection and risk-management technology solution. He can be reached at mscrofani@alto-us.com.

The changing face of cargo theft: interview with Scott Cornell

Cargo theft and protection is a cat-and-mouse game over some valuable cheese, according to Scott Cornell of Travelers Insurance.

By Mark B. Solomon

When it comes to cargo theft, there is good and not-so-good news. According to security consultancy CargoNet, nationwide incidents of cargo theft last year declined 17 percent from 2016 levels. Yet there were still more than 700 reported incidents last year, involving $89 million of stolen goods. Many more incidents were believed to have gone unreported. The bulk of the thefts occurred over long holiday weekends when drivers take extended breaks and often leave their rigs and cargo unattended.

Businesses are getting smarter, but so are thieves. Shortly after Memorial Day, Scott Cornell, transportation business lead and crime and theft specialist for Travelers Insurance, spoke to Mark B. Solomon, executive editor-news for DC Velocity, about the most current trends in cargo theft and what businesses can do to protect themselves from an expensive loss down the road. 

Q: Do you have a read on theft activity over the holiday weekend?

A: This year’s weekend wasn’t the worst we’ve seen in terms of number of thefts, though it was slightly above the average weekend. During holiday weekends, it’s important for shippers, carriers, and brokers to make sure shipments are secured and to educate drivers on cargo theft tactics and prevention methods. It would be ideal to avoid leaving loads unattended. However, when that’s not an option, we recommend a layered approach to protecting shipments. This includes good processes and procedures, staff and driver education, and physical and technological security enhancements.

Q: Five or six years ago, most thefts were yard heists and inside jobs conceived by ex- or current employees in the distribution center. Given the abundance of digital tools and thieves’ mastery of them, is the traditional scenario still commonplace?

A: What we call “straight” theft is the most common type of theft, and it happens most often at unsecured locations. However, evolving technology has contributed to a rise in strategic theft, such as identity theft and fictitious pickups, by helping thieves identify their targets and find new ways to trick people. It’s important not only to use physical security to protect loads, but also to have strong practices in place for protecting critical information and defending your company from cyber-based threats. Having this type of protection in place for virtual threats is just as critical as the physical protection needed around a yard or for a load in transit.

Q: Over the past five years, how have these tactics evolved? What has changed about the way they are executed?

A: Strategic theft methods have changed over the years. There was a time when we primarily saw two tactics—identity theft and fictitious pickups—but in recent years, we have seen more than a dozen different methods used. These types of cargo theft involve the use of fraud and deceptive information intended to trick shippers, brokers, and carriers into giving the load to the bad guys instead of the legitimate carrier. Organized cargo groups now use strategic methods such as double-brokering scams and “ghost trucks,” and they will even trick legitimate trucking companies into picking up the loads for them. Additionally, thieves will combine two or three methods to further complicate things. Victims may not be able to tell how they’ve actually been hit.

It is important to thoroughly vet all carriers and brokers through the Federal Motor Carrier Safety Administration (FMCSA), Internet search engines, third-party vetting companies, and industry associations. Work closely with shippers to confirm driver identification at the point of pickup, and don’t hesitate to contact your customers and business partners if there is any question or concern. Often, the additional scrutiny will deter thieves from pursuing the load in question.

Q: Freight brokers and third-party logistics service providers (3PLs) play key roles in procuring truck capacity for their shipper customers. Do you find these intermediaries are up to speed on anti-theft strategies and tactics?

A: It depends on whom you are talking about. Some larger brokers have dedicated teams with very detailed vetting procedures and security teams that can respond if they have a theft. Others may not have the same awareness or necessary procedures in place or dedicated resources needed to respond because they haven’t yet experienced a theft.

Q: It’s been said that freight posted on spot market loadboards becomes a target as soon as it is visible. Loadboards are getting more traffic today as spot market demand remains very strong. What are the security holes in loadboard freight and how can they be fixed?

A: Loadboards are as much a victim as the shippers and carriers in this situation. They are being taken advantage of while trying to provide a valuable resource and service, and there’s only so much that can be done to stop it. Some boards restrict membership, but even that can be worked around, and when bad guys do get through, it’s simple for them to profile a load to target.

In this situation, it’s important for users to exercise caution when coordinating through these boards. There are some steps they can take to help keep a shipment safe: First, establish strong pickup security policies and procedures. For example, require the driver to have a specific and secure pickup number to gain access to the load. Second, ensure everyone involved in the haul is who they say they are. This also goes for the freight broker assigned to choose the carrier. Third, check if your insurer offers the right coverages for these perils and has the resources to prevent theft issues and recover goods if the worst happens.

Q: You said at a recent conference that thieves will “go to the well until the well goes dry.” Does that mean they will leverage the same scenario until they are stopped? How do shippers and carriers combat this?

A: Thieves know what they’re doing. If they know they can target a specific company with good cargo and insufficient preventive measures, they’ll do so until someone stops them. But they’re also smart enough to move on when law enforcement or the targeted company starts cracking down. We’ve seen several shifts over the years where law enforcement will be on the lookout for one type of theft, and in response, thieves will shift their tactics to evade detection. Similarly, we’ve seen thieves make sudden geographic shifts when they realize they’ve attracted too much attention in one area. For example, we’ve seen California-based crews move to Arizona, Utah, or Washington to evade detection. This creates a Whack-a-Mole effect.

Q: How much theft can be deterred just with common sense, such as fully vetting a carrier before providing pickup information? Or is that easier said than done?

A: Cargo theft doesn’t take only one form, and neither should theft prevention. I can’t stress enough the importance of taking a layered approach to protecting loads. Remember, processes and procedures are free, and they are often the best methods to prevent theft.