In a stable, predictable and benign environment that might well be so, but we live in uncertain times. For many organisations their trading environment spans continents, cultures, and a multitude of political, economic and regulatory unknowns; and that is before the forces of nature – geological, meteorological and pathological – are thrown into the equation.
Our research shows that those who make the highest level strategic decisions often have an inadequate grasp of the impact their decisions will have on supply chain operations and the risk profiles of their business. In reality, the lack of awareness is partly due to poor representation, few companies have supply chain specialists on their main boards. However it is also down to the fact that supply chain risk is an evolving area, one that the professional risk management and academic communities are only beginning to come to terms with.
Risk management has a long history with well-developed actuarial techniques for assessing the direct risks to property (e.g. fire or flood). These are based on the traditional approach of calculating risk as the likelihood (probability) of an event – usually based on broad historical data – combined with the impact of an event. The consolidation of a manufacturing or distribution network effectively puts more eggs in fewer baskets. It increases the impact of an event though not necessarily the likelihood.
The insurance industry has become all too aware of the escalating scale of the impacts of accidental events such as the fire, caused by the explosion of single aerosol can, which destroyed a distribution centre belonging to retailer Boots in October 1997. The incident reportedly resulted in payment of a £15M insurance claim, but around £30M in lost sales during the retailer’s busy pre-Christmas period. That figure pales into insignificance when compared to the estimated $400M in lost sales suffered by Swedish telecommunications manufacturer Ericsson in 2000. The root cause was a lightening strike on power cables, which in turn caused a fire in a factory in New Mexico owned by the Dutch-owned components manufacturer, Phillips. Those who are familiar with this Scandinavian saga will know that there were mitigation measures that Ericsson could have taken to reduce the impact.
They were admirably demonstrated by the Finnish rival Nokia, which was supplied from the same Phillips facility but came through the same event without damage to its reputation, share price or market share. It did so for three reasons, first because its supply chain was inherently more resilient than Ericsson’s; second because its risk identification, control and mitigation procedures were much better; third because its operations were agile enough to respond to the unexpected.
Ericsson had some time earlier decided to optimise the efficiency of its supply chain by reducing its number of first tier suppliers. It effectively single sourced. Nokia, in contrast, had retained dual sourcing, taking a path which though ‘suboptimal’ in terms of cost, nevertheless retained more ‘just-in-case’ options. Added to this was Nokia’s careful monitoring of material flows, plus a risk management culture which encouraged the early disclosure and resolution of problems.
Following the fire, Nokia’s reaction to deviations in delivery schedules was an immediate increase in monitoring and the dispatch of personnel to New Mexico to investigate. Having been initially refused access to the supplier’s premises, the investigators from Nokia implemented crisis management measures. These included securing all currently available stock from its other suppliers and any available additional capacity. Nokia also reconfigured some of its products to take substitute components.
Where Nokia’s response was swift and proactive, Ericsson’s was slow and reactive. Its supply chain managers were at first reluctant to trouble others with the news of a possible problem. Its supplier had, after all, assured it that the fire was small and that serious disruptions to supply were unlikely. When it did react it was too little, too late. An insurance claim would later offset some of Ericsson’s losses, but it would never bring back the lost market share. Ericsson no longer makes mobile phones.
The fires at the Boots warehouse and the Phillips plant where the result of accidents or ‘Acts of God’, however engineered events – whether through legitimate blockades or acts of acts of war – can quickly replicate losses on a similar or even greater scale. This was a point well demonstrated when a small number of farmers and haulage companies blockaded fuel refineries in the UK in 2000, almost bringing the nation to a halt. Striking dock workers in the US West Coast ports did similar damage to the US economy two years later. The leanness of supply chains and just-in-time (JIT) demands of best practice business, together with the greater distances travelled by goods today, made these two blockades of key nodes in their respective networks particularly damaging to national and international transport systems.
The blockades themselves were beyond the control of those affected, but these events did not happen without warning. Indeed scanning of local and international news services would have revealed indications of unrest, alerting the vigilant to the potential threat, allowing mitigating action to be taken.
It is the scale of the consequential losses incurred as a result of interruptions of these kinds to businesses that is now exercising the minds of insurers, prudent business strategists and national governments. Consider for example the cost of business interruption that might follow the loss of a single source supplier to a volume car maker. With common components and platforms becoming the norm, a disruption may take out more than just one product line.
Consider again the size of the potential sums involved when you realise that at least two other volume car makers are dependent upon the same supplier. This last example is not fictitious it is real. Moreover it may not be just a case of financial losses.
In the spring of 2003, as the world prepared for the US-led invasion of Iraq, one of the largest global pharmaceuticals companies was ramping up production to meet a surge in demand for vaccines. Production was constrained, not by the shortage of the product itself, but by a shortage of packaging. There was a problem at the plant of the supplier of high quality glass needed for vials, resulting in a severe shortage. The healthcare company was a valued customer, but not in the same league as the large brewers that were supplied from the same source.
The heart of the matter is that although we like to think of supply chains in terms of simple linear processes, of goods and information flows passing swiftly though an efficient ‘logistics pipeline’, this is rarely the reality.
Furthermore, for practical purposes, we prefer to concentrate only on that part of the pipeline that is directly controlled by our company or at best our customers and immediate suppliers. Supply chains are in fact messy complex interacting networks that link organisations, industries and economies. Only when we recognise them for what they are, can we really begin to understand the nature and magnitude of the risks.
Over the past two decades, corporate strategists in the developed world have focussed on cultivating core competences and outsourced all manner of activities that might once have been performed in house. In some instances the outsourcing is purely cost-driven, in others it seeks to tap into capabilities that cannot be developed or maintained in-house. Importantly, it may also be employed as a risk mitigation measure, e.g. the outsourcing of some transport and distribution activities to reduce a firm’s vulnerability to in-house industrial action.
Outsourcing, possibly more than any of the other major business trends mentioned here has added to the complexity and interconnectivity of supply chains networks. Therefore managers should be aware that in adopting outsourcing to deal with a known risk, the likelihood is that they are trading it for a host of previously unknown ones. Not least the short-term dislocation caused by the changes in staff, working practices, and the integration or upgrading of IT systems. Consequential risks of this kind are what complex systems theorists (and latterly US Defence Secretary Donald Rumsfelt) would call ‘knowable unknowns’. They are ‘knowable’ in the sense that they are uncoverable if time is taken to follow through the likely consequences of planned moves carefully enough, hopefully allowing contingency planning to be implemented in advance.
Corporate risk assessment tends to focus on risk management from a single firm rather than a network perspective, as such it has largely failed to keep pace with the reality of networked global supply chains. Leading insurers are actively seeking better ways to assess these risks, even so insurance is unlikely ever to cover the full costs of supply chain failures. It is incumbent upon supply chain managers and corporate risk specialists to take action to identify, prioritise and manage those risks as effectively as possible.
The task is complex, but not hopeless. The recently published report by Cranfield entitled Creating Resilient Supply Chain: A Practical Guide* provides some basic guidelines, in the form of a high level risk identification methodology and an operational-level tool-kit. The checklist-based Supply Chain Risk: A Self-assessment Workbook*, originally designed to meet the needs of small and medium sized enterprises (SMEs) is also providing a useful starter for businesses of all sizes.
There will, of course, always be ‘unknowable unknowns’, events such as 9/11 which are so far outside our experience or field of reference that no amount of foresight will ever predict them before they occur. Nevertheless the steps outlined in our research will take you at least part of the way towards dealing with the unthinkable if and when it occurs. n
Dr. Helen Peck is a senior research fellow in Marketing Logistics at the Cranfield Centre for Logistics and Supply Chain Management. She is also project manager of CLSCM’s on-going programme of research into Supply Chain Risk and Resilience. Tel: 01234 751122 or email: firstname.lastname@example.org
* Creating Resilient Supply Chains: A Practical Guide and Understanding Supply Chain Risk: A Self -assessment Workbook are available free of charge, courtesy of the UK Department for Transport, at www.som.cranfield.ac.uk/som/scr