Supply chains are an essential part of each company and of the world economy. Identifying threats to them is very important. As a result, supply chain risk gets global attention.
The World Bank and World Economic Forum are examples of independent global organizations that recognize supply chain risk. Their recognition shows its significance. Defining vulnerabilities-and their mitigation-are important for both strategic and tactical reasons.
A surprising point with many supply chain risk discussions is they exclude the actual supply chain. They often do not recognize logistics infrastructure, logistics service providers, and how to manage and the move products through the supply chain. Many times, a picture, such as a ship, is used to show the logistics activities as the "supply chain".
They also do not discuss that there are two supply chains-product and information-and how both impact the movement of items. They do not mention Incoterms and what this may do to the buyers and sellers controlling the movement of goods. Yet, these are details involved in supply chain management; and that can be sources of risk.
The supply chain risk term is also used to cover broad issues and narrow topics. For example, insurance companies talk about supply chain risk in terms of assets. Others talk about it as to sources for select products. Some take a near-apocalyptic view for supply chains. These diverse interpretations result in conceptual, not factual, information; create gaps in risk assessment; and make it difficult to identify and manage risks.
Supply Chains. There are three key components of a supply chain-
A supply chain originates at the sources for each product. That is often a factory. For some items, such as food, there are multiple sources, the actual farms and the locations where the food is processed, chilled, frozen, or however treated. Or it could be a mine or processing area for metals and minerals. In those cases, both types of sources should be included in the supply chain scope. Also, the supply chains being reviewed continue through to buyer delivery destination warehouse or facility. It should not be stopped at a destination country border, as is sometimes done.
Logistics infrastructure from origin to delivery destination, such as warehouses, ports, railroads, and highways, should be in the risk scope because they impact the flow of products. Same is so with the various logistics service providers--including forwarders, 3PLs, ocean shipping lines, freight carrying airlines, railroads, trucking firms, and customs brokers-- involved with the various steps in the movement from origin to destination.
Types and Causes. There are many kinds of risk. The danger can be systemic which is difficult to protect against. They can also be non-systemic and be related to specific threats. Risk can be organizational, operations, strategic, commercial, or market. But no matter the type, the hazard cannot be managed by crisis.
Causes of supply chain risk can be considered pervasive, and even ubiquitous. These can disrupt the availability of products and/or the flow of the supply chain. They can vary by products and industries and include but are not limited to-
While not often discussed, risk is also caused by the trade parties. Buyers and sellers in their pursuit of lowest costs and their lack of understanding of how supply chains operate can create unnecessary risk.
Model. The supply chain risk model blends key principals of supply chain management for risk identification.
The model reflects--
1) Security. The supply chain and its movement should be protected from loss, deterioration, contamination, and other safety, risk, and vulnerability issues.
2) Accountability. This goes beyond sales agreements and Incoterms. It is the responsibility for the supply and safe flow of products through the supply chain and encompasses the many parties and stakeholders.
3) Visibility. Knowing where the items are throughout the entire movement is critical. Technology plays a vital role. It facilitates traceability, sustainability, time compression, and chain of custody. It is also vital if there is a recall or safety issue, and the cause must be identified and traced back to the source.
4) Product and Logistics Specifics. Products may involve special handling. This includes both logistics service providers and infrastructure, including equipment and warehousing. It covers many modes-ocean, air, motor, short sea/water, and rail. The necessary temperature, humidity, weather, cleanliness/sanitation, and other important factors must be properly utilized during the entire movement.
5) Sourcing This is about more than buying. It is about knowing of multiples sources for a product; that is more than having manufacturers/suppliers in the same location. It is using diversification to spread risk.
6) Supply Chain Best Practices. Supply chains are about more than transportation and other logistics components. It is about the flow of products. This is important for buyers to know and use best practices. There are best ways to direct and manage the flow for safety and risk mitigation that should be practiced, including integrated process, supplier performance and relationship, and time compression.
Methodology. Identifying supply chain risk should have two steps-analysis and validation. The deliverables of the work are mapping and macro and granular risk identification. This approach combining data analytics with supply chain expertise elevates the results from a form of hypothetical to operationally useable. It provides results that are implementable.
Step A) Analysis
Analysis has two parts--
1) Data analytics. Internal business intelligence data alone is not enough. Supply chains touch every part of the company, both external and internal. In addition, with the geographical scope, complexity, and numerous stakeholders of supply chains, using data from multiple sources and in different formats is very likely.
2) Logistics / supply chain domain expertise. Real-world supply chain, logistics, and international trade experience and knowledge are required to make sure what is included in the analytics is complete. It also is important to understanding findings.
Analytics should look at the supply chains and the risks by-
The analyses should include a mix of aggregating and segregating across trade lanes and products. Doing these provide important overviews and understanding of supply chains.
Step B) Validation
Mapping presents macro views. But using it alone can leave gaps in the real supply chains, how they actually operate, and being able to identify potential risks. It also does not provide important granular information. Validating actual supply chains-- sources, logistics infrastructure, and logistics providers-- is needed. This adds greater insights than analytics alone can do.
The best way to attest to supply chains and possible disruption issues is to authenticate it. This may involve taking a random selection of purchase orders, weighted by purchasing volume. Then walk through the actual steps and locations of the movement of each order. Determine how the orders move. Look for unnecessary delays in the product and information supply chains and the reasons. Evaluate how well the logistics infrastructure meets product handling requirements. Observe how the various logistics service providers perform. Determine if there are hidden issues? These are not big intelligence questions; they require on-site investigations.
Assess. With the methodology above, potential risks are recognized. Significant quantitative particulars have been generated and corroborated. But more must be done. Recognized risks should be appraised. There are many risks to supply chains. But what does each one of them mean to a company? This is what assessment is for.
Evaluations can place much emphasis on qualitative items. They can be too subjective and not thorough enough without also first doing data analytics and logistics and supply chain analyses and validations. Both quantitative and qualitative information should be used to assess for vulnerabilities.
First, using data analytics and logistics expertise, risk is identified, mapped, aggregated, and segregated across trade lanes and supply chains. Now, each potential risk is assessed as to probability of occurrence and impact.
A Risk Index is developed. The two axes are impact and likelihood. The impact of a disruption is a weighting of the financial effect-lost sales and higher costs-and the time to recover. Likelihood reflects the probability of a risk happening.
Plot each risk on the index. This prioritizes and enables focus on high impact and high probability risks for mitigation.
Risks that can affect the future viability of a company are brought to light.
What Next. Supply chain risk identification and assessment are not options for companies; they are essentially mandatory. Hazards have been analyzed as to risks, including inherent ones; interdependencies of components; critical paths along supply chains, and more.
Actionable items have been found, and there is now a solid foundation for mitigation. Root causes should be determined. For example, if there is a significant risk with a supplier or group of suppliers, then lessening the vulnerability could require going back deeper into those supply chains for threat reduction.
Mitigation is not a once and done endeavor. It should be ongoing. The risk identification, validation, and assessment project should be revisited every two to three years.