Learning How Much We Don’t Know Is the First Step to Appreciating Supply-Chain Risk Management
This article was written by ISCPO Board Member Maurizio P. Scrofani, CCSP, LPC, and was originally published at LPM.
Also read at LPM: Into the Rabbit Hole of Supply-Chain Risk
The supply-chain web is spun so intricately that it’s impossible to know it, truly. Perhaps the most we can aim for is to gain knowledge about one link, then another, and gradually appreciate more fully how pieces fit together. Maybe it’s not realistic—when it comes to today’s supply chain—to have a goal of becoming an “expert.” Instead, dedicate oneself to being a lifetime student of supply chain’s infinite complexities.
The aim of supply-chain risk management (SCRM) is fairly straightforward. It’s how we help to identify risk and manage supply-chain security adequately. But learning about supply-chain risks is a bit of a rabbit hole. Even something seemingly basic can be muddy, such as where supply chain starts. (With a product’s manufacture? When plans are drawn? At ideation?) What’s certain is that risks are inherent at every step along a product’s path to a store’s shelf. And, perhaps, back again as purchase does not always mark an end to a product’s path through the supply chain.
In the case of a return, the product may hit the road again, from store back to vendor, and undergo additional steps. In the case of, say, an oil-filled radiator, a vendor may face a series of environmental regulatory steps before parts and pieces are sent back to the manufacturer or a scrap company.
The number of players, the differences in technologies, the amount of information, and the sheer volume of interactions between these and other layers of today’s global supply chain make it extremely difficult to identify risks, let alone mitigate them.
Supply-chain management encompasses the coordination of the many activities related to sourcing, procurement, conversion, and logistics. It involves planning and processing orders; handling, transporting, and storing the products purchased, processed and/or distributed; and managing the inventory of goods in a coordinated manner. And there is risk through it all—as broad and diverse as the supply chain itself.
Cargo theft is an example of a risk in the supply chain. It is, however, a single risk within a small section of the supply chain (logistics). A furniture manufacturer/seller of wooden dressers, for example, will have to manage myriad supply-chain risks long before it has even made a product to ship. For every metal screw or plastic knob that will come from a supplier, the company will need to assess reliability, and for every shipment of wood, its health and quality.
Geographic Impact of Supply-Chain Risk Management
Today’s vulnerabilities are multiplied due to greater geographic distances and the complex processes of the supply chain. Globalization presents unique challenges when applying supply-chain risk management methodologies to safeguard the supply chain from emerging threats and vulnerabilities. Disruption can hit the supply chain at any point, from manipulation in raw material usage, malware and intrusions in digital supply-chain processes, cargo theft, and crime in warehouses and distribution centers.
At the very broadest level, external supply-chain risks include:
– Demand risks caused by unpredictable or misunderstood customer demand.
– Supply risks caused by any interruptions to the flow of product, whether raw material or parts, within a company’s supply chain.
– Environmental risks from outside the supply chain, such as economic, social, governmental, and climate factors, including the threat of terrorism, global crisis and recession, and political upheaval.
– Business risks caused by factors such as a supplier’s financial or management stability, or purchase and sale of supplier companies.
– Physical plant risks caused by the condition of a supplier’s physical facility and regulatory compliance.
In each area, questions fuel a risk-management process. Our furniture company, for example, needs clarity on key issues related to its suppliers if it is to embed resilience into its business. Intellectual property is one area—one among many—that it needs to examine.
– Do our suppliers have a history of intellectual property theft? Been accused of it?
– Have they been victims? Did an employee improperly share sensitive information or provide access to a facility? Was there a computer network intrusion?
– How do they protect their internal computer networks?
The furniture dealer also needs to know about its suppliers’ processes and procedures to verify the quality of its products or third-party products and services: How is the quality of product verified? What mechanisms are in place to ensure products meet requirements? Is an inspection process in place to review materials and/or services? Distribution is another category: How do suppliers transport products? Are they warehoused during transportation, and if so, where? Who has access to those properties? And what about finances? Are the suppliers stable?
Again, these are just some of the necessary risk-management questions to help neutralize a small sampling of external risks, from a few slivers of the supply chain. And while partnerships with top suppliers are typically strong, these questions should also be asked and answered for second and third-tier suppliers.
Of course, our fictional furniture firm faces an equal number of internal risks, including manufacturing risks, business and process risks, and planning and control risks. It faces risk from shrinkage resulting from holding too much inventory, for example. And what about risk from product defects? Or high labor costs? Or poor planning? What if key personnel leave? How might that impact business processes or how purchasers communicate to suppliers and customers?
The consequences of failure are hardly hypothetical. A new commercial airliner was delayed three years because of a failure to assess supply-chain risks properly. A candy maker’s stock sank 8 percent when it couldn’t deliver for Halloween. And in 2015, a cascade of technology missteps in a major big-box retailer’s supply chain, which caused the prospect of patchy or empty store shelves, forced it to withdraw entirely from a country’s marketplace.
Conducting a Company-Wide Risk Assessment
A robust SCRM process starts by identifying this world of risk—conducting a comprehensive, organization-wide risk assessment to determine what can go wrong. Relevant metrics, multiple sources of input, and augmented data analysis are necessary to get an accurate picture of the current situation. Risks then need to be scored and prioritized, based on their likelihood of occurrence and potential impact on business.
Once risks have been identified and prioritized, organizations need to create a comprehensive risk-mitigation plan based on short-term, medium-term, and long-term risks; to identify the right people to implement it and assign responsibilities; and to create escalation mechanisms for each risk and contingency plan.
A clear risk picture and planning are the base layer. Organizations must also monitor and track the progress of their risk-mitigation initiatives to ensure that they work in real-life business situations. Risk-management tools and insightful dashboards can help steer an organization through interactions with suppliers and other operational stakeholders and prompt timely informed decisions. Broadly, SCRM is critical to managing interaction between suppliers, information, technologies, products, and logistics service providers.
So what does our furniture company stand to gain? By improving its management of supply-chain risk, it can maintain control over inventories and distribution, thereby matching and managing supply with demand to reduce costs, improve sales, and enhance company profitability. That, too, sounds simpler than it is. It requires:
– Understanding the business, the customer and customer needs, and adapting the supply chain to find the balance that maximizes profitability.
– Customizing the logistics network to meet the service requirements of various markets, which may influence the size, number, location, ownership, structure, and mission of warehouse facilities.
– Recognizing market signals and aligning strategies accordingly to ensure consistent supply forecasts and optimal resource allocation.
– Strategically locating/warehousing products close to the customer base and speeding conversion efficiencies to react quickly to market signals and store/customer needs.
– Managing supply sources strategically to reduce the total cost of owning goods, as well as teaming with business partners to reduce costs across the supply chain to lower prices and enhance margins.
– Developing a technology strategy and IT system capable of integrating all the above information—one that makes all this critical decision-making possible.
A well-managed supply chain—one that mitigates risks—is essential to a successful operation. In today’s global manufacturing environment, where merchandise often moves across oceans or continents before appearing on store shelves, the risk of loss or delays due to cargo theft, weather, work stoppage, and even paperwork errors requires innovative and comprehensive supply-chain risk-management solutions to manage successfully. When we consider that every single piece of merchandise must in some way pass through the supply-chain network, it’s easy to see the need to implement appropriate controls and protect our interests against an increasingly complex world of risk.
MAURIZIO P. SCROFANI, CCSP, LPC, is a well-known supply-chain asset protection professional with over twenty-five years of experience in retail and manufacturing, including leadership roles with Macy’s, Bloomingdale’s, Delonghi, and Toys“R”Us. He was cofounder and president of CargoNet, a supply-chain theft prevention and recovery network solution of Verisk Analytics. Currently, Scrofani is the chief supply-chain security officer for ALTO Assurance where he leads the team that offers shippers and logistics providers a comprehensive, end-to-end asset protection and risk-management technology solution. He can be reached at firstname.lastname@example.org.