Documenting risk-management processes and preparing for facility or supplier losses.
Second in a Five-Part Series
Given the popularity of supply chain risk as a topic at conferences, one could reasonably ask, “Is there anything new to say on the topic?”
I think so. Fortunately, the thinking on this subject has become increasingly sophisticated, driven by the continuing complexities of the global environment.
In my last post, I introduced some of the key findings from the University of Tennessee research report, Managing Risk in the Global Supply Chain, which is the result of surveying more than 150 supply chain executives across multiple industries.
In this post, I’ll use this research to give an up-to-date “state of risk” and dive into the first part of the risk management process: Identifying supply chain risks.
I’ll look at some of the current risk management practices being implemented, which will hopefully spark thoughts on your own processes and where you may be exposed.
Documented Risk Management Processes
Not one (0%) of the executives surveyed used outside help to assess supply chain risk. Instead, virtually all (93%) soldier on, doing the best they can within their own departments. (The rest admit that they do not consider risk at all.)
The majority (66%) of companies has a risk manager somewhere in the firm, often in the legal or finance areas.
But almost all of these internal company risk assessments virtually ignore supply chain risk. Instead, they focus on product liability or broader financial issues that could impact shareholder value in a material and very public manner.
If a natural disaster or major equipment failure shuts down a company facility (e.g., a factory or a distribution center), about half of the firms surveyed (53%) have a backup plan that can be implemented quickly. The bad news is that the other half (47%) do not have a backup plan.
If disaster strikes, about seven in ten companies (69%) have a documented response plan in place to salvage business with their customers either through product substitution, proactive communications, or with inventory.
This means that almost a third of companies do not have any disaster response plan in place for supply chain risk.
About half of the firms surveyed had suppliers who could continue to supply if they suffer a disaster in one location, meaning that over half could not continue supplying within a reasonable time frame.
The survey found that 45% of supplier spending for U.S. based companies is outside the country, with 20% in Asia.
This is important to note, as longer supply lines increase supply chain risk.
Firms vary widely in terms of how many of their suppliers are sole sourced. In this survey, 38% of suppliers are sole sourced.
But the spread is very broad. At just one standard deviation, the range spanned from 13% sole sourced to 63%.
It can be safely said that many firms take on the risk of sole sourcing with a relatively large number of their suppliers.
Some do this for economic reasons, such as one supplier having a significantly lower cost and/or higher quality – while others have practical reasons, such as being unable to find another supplier that can adequately satisfy the company’s needs.
Still others, unfortunately, may do this for relationship reasons, saying, “We’ve always done business this way.”
The vast majority (86%) of companies are multiple-sourced with their domestic and global transportation carriers.
Very few companies (14%) single source with transportation carriers and less than a third of those have any concern about the sole-sourcing arrangement.
Eighteen percent of those surveyed do not know the degree of concentration of their global shipments, and seven percent say they know the degree of concentration and are uncomfortable with it.
On the other hand, three quarters of those surveyed track this information in order to manage risk in global shipping.
Methods for Identification
With all of these statistics pointing to gaps in risk mitigation at companies big and small, I am sure you are asking yourself, “Where do I start?”
The simplest first step to identify risks is to gather your team and use common sense. Ask yourselves:
- What can go wrong?
- What is the likelihood it will go wrong?
- What magnitude are the consequences and overall impact on the firm?
- How quickly can the problem be discovered?
- What options are available to mitigate the risks?
- What are the costs and benefits of each option?
The answers to these questions will help hone in on the true nature of the risks facing your business. Some larger companies have formalized their risk management approach and invested resources in creating risk mitigation tools.
For example, IBM uses its proprietary Total Risk Assessment Tool to collect data on many dimensions from dozens of countries, filter risks into critical areas, and then identify the most important risks to be mitigated.
There are also other formal approaches, outlined in more detail in my research, which you may want to try:
- Failure Mode and Effective Analysis (FMEA)
This approach is used by the military to prioritize risks based on three factors, including: seriousness of the consequences; likelihood of the problem occurring or its frequency; and likelihood of the problem being detected early.
- Supply Chain Risk Identification Structure (SCRIS)
Developed by the Council of Supply Chain Management Professionals, this tool has a framework and checklist to manage overall supply chain risks.
Once risks are identified, the next step is to prioritize them. In my next post, I’ll look at the most common concerns for risk managers, as well as how to strategically prioritize the urgent ones for your business.
Click here to read the first article in this series. Managing Risk in the Global Supply Chain.
Dittman’s new white paper, Managing Risk in the Global Supply Chain, can be downloaded from the Global Supply Chain Institute’s website here.