Hurricanes, earthquakes, tsunamis, tornadoes, and billowing ash from obscure volcanoes all have some things in common. Over the last several years each has been featured prominently in the news. And each has had the inevitable effect of disrupting global supply chains.
Yet these kinds of disruptions were not on the minds of Astella Pharma executives on June 17, 2009. On that night, thieves stole a trailer containing $10 million of the company’s pharmaceutical products from a truck stop in Tennessee. What followed was a harsh lesson in the realities of supply chain risk.
Once the final tallies were made, the actual cost of the stolen product was just a fraction of the losses eventually suffered by Astella. Acting on advice from the U.S. Food & Drug Administration, the company quickly contacted every party in its supply chain, ranging from wholesalers to hospitals, warning them of the stolen drugs. Then, as a preventive measure, Astella withdrew from the marketplace all drugs with the same lot numbers as those that were stolen.
Some of the stolen pharmaceuticals required strict climate control (something the thieves were likely not too concerned about), thereby necessitating the return of all product with those lot numbers. The $10 million theft eventually cost the company $47 million, a figure equivalent to 10 percent of its North American sales for that quarter. Welcome to the world of supply chain risk—a world where sometimes the only thing we should expect is the unexpected.
This article argues that the risk management techniques currently in place, most of which are put forth with the best of intentions, may not be sufficient to allow supply chain organizations to attain risk management excellence in a dangerous world. An innovative set of approaches is needed in a world where heightened risk represents the new normal.
Understanding risk and risk management
Before presenting these innovative ways to address supply chain risk, we can make some relevant observations based on extensive experience and research with leading firms.
Almost 75 percent of risk managers say that their company’s supply chain risk levels are higher than in 2005. Over 70 percent say that the financial impact of supply chain disruptions has also increased.
Second, too many firms are ill prepared to handle the supply chain risks that may come their way—even though most managers recognize that supply chain risk is a growing concern. A recent study revealed that for firms with less than $500 million in annual revenue, only 25 percent take a proactive approach to risk management.
Third, while many risk categorizations and topologies exist, we see a convergence of interest around the key categories of supply chain risk, particularly operational and financial risk.
Finally, as it relates to mitigating or lessening the impact of risk events, the standard approaches typically adopted fail to reflect bold or innovative thinking. Over the next few pages we’ll present some new and exciting ways to move beyond the obvious as it relates to supply chain risk management.
Risk: Our perspective
Anyone who writes about risk has their own perspective on the concept. So, what is our perspective? We view risk as the probability of experiencing a less-than-desirable event that affects one or more parties within a supply chain. A standard perspective of risk is that it involves the possibility of loss or injury. This leads to risk management as a key part of the overall risk discussion.
With that said, we’d like to provide a grounding definition of risk management from APICS—the Association for Operations Management. APICS defines risk management as follows: “In the context of supply chain management, risk management involves dealing with uncertainty in supply, transformations, delivery, and customer demand. The uncertainties can be the result of such forces as yields, timing, pricing, and catastrophic events.”
Few would argue that when risk events occur, they have the potential to negatively disrupt business objectives. To emphasize this point, consider the impact of supply chain disruptions on businesses worldwide.
It is hard to talk about risk without understanding some important concepts. Two such concepts are vulnerability and resilience. Vulnerability represents the combination of the likelihood of a disruption and its potential severity. Resilience refers to the ability to recover from disruptions of any type. Obviously, resilience will differ according to the risk occurrence and the steps taken to help with a recovery. A company with redundant suppliers located geographically apart, for example, will have higher resiliency when a disruption hits a certain part of the supply chain than a company with only a single source of supply.
An important consideration when evaluating risk is the tradeoff between risk aversion and the willingness to accept risk, or what is called a risk appetite. Entrepreneurs usually have a high risk appetite and a low risk aversion. Those who are completely risk averse, on the other hand, would never invest in the stock market or maybe even drive a car. A common misperception, both in business and at a personal level, is that risky endeavors are something to be avoided. Yet people who never take any kind of risk likely will not achieve much in the way of success.
A host of mega-trends are in play that ensure risk management will remain an important topic for the foreseeable future. Here are just a few from PRTM’s recent Global Supply Chain Trends 2012 report.
The final report stated this fundamental finding relative to uncertainty, complexity, and risk: “Most participants are looking to international customers for future market growth, yet few are prepared for the complexity that results from serving global customers with regionally customized products.” With that said, we feel comfortable stating that an era of heightened risk represents the new normal.
Innovative approaches to risk management
Risk management surveys invariably ask supply chain managers what they are doing about risk. The responses provided, while often insightful, are usually predictable and not necessarily on the cutting edge of risk management.
Popular approaches include ongoing evaluation of supplier financial health and expanded supplier pre-qualification standards. Other techniques mentioned include adopting multiple vs. single supplier sourcing, creating better supply chain traceability, and selecting suppliers closer to the end market.
But where are the approaches that are daring, non-conventional, and on the cutting-edge of risk management? What are the risk tactics and techniques that not everyone else is doing but that could be real game changers? We offer the following “game-changing” ideas for your consideration.
Enterprise-wide risk management framework within S&OP: Enterprise-wide risk management (ERM) includes a set of methods and processes from the insurance, finance, and risk sectors that have been around for some time. The Risk & Insurance Management Society (rims.org) defines ERM as follows: “The methods and processes used by organizations to manage risk and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization’s objectives, assessing them in terms of likelihood and magnitude of impact, determining a response plan, and monitoring progress.”
This framework consists of eight elements: internal environment, object setting, event identification, risk assessment (type of risk and magnitude), risk response plan (what to do, who is responsible, and how to manage the risk), control activities, information-communication, and monitoring.
Companies on the leading-edge of supply chain risk management, such as Cisco, Coca-Cola, Ericsson, Nokia, and Bayer Crop Science, have begun to integrate the ERM framework into their mature S&OP process. This framework provides companies with mature S&OP processes a formal construct—a roadmap—to begin SCRM. This greatly enhances the potential for success of the endeavor.
Scenario planning using probabilistic methods: AMR Research, now part of Gartner, has been speaking about the complexion of the 21st Century supply chain for some time. And during that dialogue, the topic of probabilistic planning continuously arises. This planning process is supported by stochastic demand management and dynamic inventory planning. How do these approaches open up new opportunities to address supply chain risk management? Let’s first get our grounding with a definition from the APICS dictionary.
This approach differs from deterministic models that feature statistical procedures that do not take into account uncertainty. Stochastic models represent the uncertainty of demand with a certain set of outcomes (i.e., a probability distribution) and these models also suggest inventory management strategies under probabilistic demand.
Stochastic and statistical methodologies are not new. Academia, the pharmaceutical and medical industries, Wall Street, insurance, and banking all have been using these methods to evaluate and mitigate risk for over 50 years. But they are new to the supply chain world.
Leading-edge approaches such as stochastic optimization (SO) methods are algorithms that incorporate probabilistic (random) elements, either in the problem data (in the objective function or the constraints, for example) or in the algorithm itself through random parameter values. This concept contrasts with the traditional deterministic methods where the values of the objective function are assumed to be exact and the computation is determined by the values sampled or observed.
Deterministic models are varied and include linear programming, integer programming, simplex method, time series analysis, and regression models.
We are beginning to witness this probabilistic methodology supporting scenario planning in the context of supply chain risk management. What does this process look like? It starts with building a flow model of the enterprise.
Then, you populate the model of the enterprise with base case data from an ERP system, identifying the historical behavior and uncertainty of all relevant factors. This includes elements such as lead times, capacities, demand, production, inventory, and more.
Next, you begin to develop “what-if” scenarios, looking at situations such as demand increasing by 30 percent, demand decreasing by 30 percent, or lead times decreasing. Risk planners next predict the effects of these changes on service, revenue, capacity, inventory and more, along with their potential probability of occurrences.
With these assumptions codified and historical data in hand, you are ready to run discrete-event simulations across the entire enterprise to review the outcomes and their statistical strengths. The outcomes normally take the shape of histograms—sensitivity curves with confidence intervals, and probabilities of occurrence along with risk assessments.
This continuous “execution” of the model, requiring several hundred iterations, can continue until the outcomes, per scenario, are considered statistically significant. This task is accomplished through the use of sensitivity analysis, optimized response curves, and design of experiments (i.e., structured and systematic testing of the process).
The outcomes of the scenarios are then prioritized based on their probabilities of occurrence. The final step is to develop a risk response plan (RPP) for the scenarios deemed critical to the enterprise covering the tactical S&OP horizon. This approach represents risk management at its sophisticated best.
Techniques and tactics
The emerging techniques, tactics, and tool set enablers designed to manage risk across and end-to-end supply chain are growing rapidly. In fact, the landscape has become much too large to discuss in detail in this article. However, it’s valuable to take a glimpse at some of the more promising developments.
One of these certainly is demand management that uses stochastic pattern recognition to create statistical confidence intervals, develop sense-and-respond predictive analytics, and build scenario plans. Within manufacturing, early adopters are leveraging demand-driven predictive manufacturing (DDPM) methods to model their complex plants. They are running “what-if” scenarios based on planning or event-driven situations to ensure supply chain flexibility and profitable response.
In the area of inventory, leaders are adopting stochastic approaches to planning global inventory targets, taking into account risk levels, historical “pinch-points,” and the element of uncertainty by calculating probabilities of occurrences. And in logistics, leaders are developing global supply chain network models that identify three critical information flows—commercial, logistical, and financial—that provide opportunities for global profit optimization through optimal cash conversion cycle management.
Tool sets or enablers also will play an increasingly important role in risk management. The possibilities include massive teraflop databases; discrete-event simulators; business intelligence routines to scan, sift, and identify patterns; predictive analytic engines to alert and recommend actions; and web-based risk assessment software that quantifies risk.
In addition, we expect to see the growth of web-based benchmarking programs that compare company-specific risk programs to best-in-class practices, complete with recommended actions to achieve best-in-class status. Finally, balanced scorecard dashboards are becoming available that afford a global status of risk based on new metrics.
Facing the new normal
Experienced managers understand something important: Supply chain success demands an understanding of supply chain risk. In fact, success and risk are now almost inseparable. This inseparability demands the development of risk management strategies and approaches. Unfortunately, risk planning can often come across as mundane busywork, particularly when one objective of risk planning is to never have to use the plan.
One thing we know for certain, however, is that global supply chains and global supply chain risks are highly correlated. More than one company has come to realize that failing to take these risks into consideration can have catastrophic consequences. We believe that supply chain risk management is a key enabler in the quest toward a resilient and ultimately sustainable supply chain from an economic, service, and ecologic perspective.