supply chain risks and securities
DESCRIPTION
This Paper identify and categorize various Risks associated with Global Supply Chains and also the best practices followed globally to manage (Mitigation and Contingency) these Risks. This paper showcase a framework which link the organizational goals with the risk management strategy of the organization and suggest the overall risk management approach from strategical and tactical perspective.TRANSCRIPT
1 | Supply Chain Risks and Security
Conceptual Paper: Supply Chain Risks and Security
Jitender Vashisht Arun Singh JDA Software, Bangalore 560037 (India)
Dec 2013
International Conference on Supply Chain & Logistics Management (ICSCLM 2013) New Delhi, India, December 5-7, 2013
2 | Supply Chain Risks and Security
Table of Contents
Abstract ......................................................................................................................................................... 3
What is Risk? ................................................................................................................................................ 3
Types of Risks............................................................................................................................................... 4
Case Study: Risk management ...................................................................................................................... 6
Risk Framework ............................................................................................................................................ 8
The Solution: Stay ‘Risk-Ready’ ................................................................................................................ 13
Avoid: ..................................................................................................................................................... 13
Reduce: ................................................................................................................................................... 14
Share: ...................................................................................................................................................... 15
Retain: ..................................................................................................................................................... 15
Conclusion .................................................................................................................................................. 16
References ................................................................................................................................................... 18
About the Authors ....................................................................................................................................... 19
3 | Supply Chain Risks and Security
Abstract
“The entire Japanese vehicle industry ground to a halt following an earthquake. Toyota, in
particular was forced to stop operations at all 12 of its domestic plants.” – Financial Times, 24
July ‘07.
“A fire at a key Philips semiconductor factory in 2000 caused a worldwide shortage of the radio
frequency chips used by Ericsson, accounting the loss of around $400 Mn.” –MIT Sloan Mgt.
Review ’06.
Similarly, Western Digital’s loss of US$225–$275 million during flood in Thailand (Oct, 2011)
or Unilever’s heavy loss in ice-cream production due to flood in Gloucester, UK (Jul 2007),
there are tons of examples where companies have lost millions of USD due to such catastrophic
events. These are the ‘Environmental risks’ that companies deal-with every now and then. In
addition to this, companies today have Supply Risks (e.g. dependency on key suppliers),
Demand Risks (e.g. volatility in demand), Process Risks (e.g. limited capacity/bottlenecks),
Network Risks (e.g. bullwhip effect due to multiple echelons) and may be more.
Aim of the Research Paper is to identify and categorize various Risks associated with today’s
Global Supply Chains and also the Best practices followed globally to manage (Mitigation and
Contingency) these Risks.
Now, people may ask how this paper is different from several other papers available on Risk
management. Well, this paper not only comes up with a Risk Framework which companies
should follow to avoid the risks, it also links the Risk Framework with the overall company
objectives. And finally this paper talks about ‘the solution’.
What is Risk?
Supply Chain risk is the uncertainty of events which can affect optimal performance of supply
chain operations to the extent so that it can impact business objectives. It is important for any
firm to gain understanding of such events which may occur in any link of supply chain, so that
they can ensure business continuity without losing the customer confidence and erosion of
shareholder’s value.
In this era of globalization, supply chain risks have increased manifold. Organizations are
adopting lean practices, which mean fewer inventories, JIT stock movement etc. Such practices
4 | Supply Chain Risks and Security
do not plan for any uncertainty (which is bound to impact supply chains). Organizations are also
adopting outsourcing for most of their manufacturing operations without understanding the risk
involved with outsourced country. All these result in enhanced risks to supply chain.
Some of these risks are analyzed in a framework as shown in Figure 1.1 –
As we see in the above framework, some risks such as Natural Disasters have HIGH impact on
the business but the ability to control such Risk is negligible. At the same time process or
product related risks also have a significant impact on the business and the ability to control such
Risks is also HIGH. As we proceed we will focus more on such Risks that have more effect on
the business and are more likely to be controllable.
Types of Risks
All Supply Chain related risks can broadly be categorized into five categories –
5 | Supply Chain Risks and Security
Environmental risks: Environmental Risks are the risks that are caused by the external factors
beyond the control of organizations. Such types of risks are most prevalent one as they are high
in impact and low in control. Natural disasters, terrorism and war, regulatory changes, tax,
duties, strikes, government policies, political instabilities are some of the risks which comes
under environmental risks. These risks are mostly in news as they impact the complete industry
rather than one organization.
Supply Risks: Supply risks arise mainly due to weak and unorganized supply network of the
organization. This risk can be controlled by various initiatives by the organization. In some
industries suppliers are more powerful and then OEM so they pose a greater threat to price
increase, continued supplies, material quality. Some of the risks covered under supply risks are
dependency on key suppliers, cartels in suppliers, quality issues in supplies, lengthy and variable
lead times.
Demand Risks: Demand risk is partially in control of organization. Loss of major accounts,
demand volatility, concentration of customer base, short life cycles, substitute products,
innovative competitors are some of the risks comes under demand. Some of the risks can be
minimized by agility of supply chains to adapt changing business environment.
Process Risks: Process risks are very much visible in any organization as they directly impact
the productivity. Organizations have complete control over process risks and with core
functional teams and projects; they endeavor to control these risks. Some of the Process risks are
Manufacturing yield variability, lengthy set up time, in flexible processes, equipment reliability
and outsourcing key businesses. Tools like ‘Six Sigma’ are used to control the variability in the
processes.
Company Supply Side Demand Side
Environmental Risk
Supply Risk Control Risk
Process Risk
Demand Risk
6 | Supply Chain Risks and Security
Network Risks: Network rise arise because of the business relationship between various supply
chain partners. Things like asymmetric power relationships, no collaboration between SCM
partners, rules which can distort demand, bull whip effects are some of the network risks. These
risks arise purely by policies internal to organizations.
Case Study: Risk management
Company ‘GLOBAL AUTO’ (name changed) is one of the largest car manufacturing companies
in India with market share of 16%-17% in 2005-2006 for Passenger Car Business. This was the
golden era of Car Business with demand exceeding the supplies and company was ramping up
production capacities to meet the surging demand. During this time, there was major fire broke
out in Company GLOBAL AUTO’s Pune factory in Paint Shop. Paint shop has two paint booth
and both of them were gutted to ashes in this fire. There was no human casualty but this was an
unforeseen event and company had no contingency plan. Also since this was an unanticipated
event so even experienced managers had no idea that how to keep the business running.
Expected time to re build up the paint shop was at least 3 months. In such a competitive car
business, if there are no supplies for 3 months, this means losing market share completely and
rebuilding the whole credibility may take years.
In such situation company had two challenges
1. How to keep the business running as usual and maintain supplies in the market
2. How quickly they can rebuild the Paint shop and bring the operations to normal
To address these issues, there was immediate re shuffling of profiles and teams were made to
address these issues. One team was deployed immediately to contact various vendors who played
vital role in initial commissioning of Car plant. This team was on lookout for options to re build
the paint booths with existing and new vendors.
Second team was involved in finding out the alternatives to maintain the supplies in the market.
During that time, Company GLOBAL AUTO had taken over Company K&K MOTORS’s (name
changed) India arm and K&K MOTORS’s plant was 160KM away from Pune factory. That plant
had idle capacity which could be used by Company GLOBAL AUTO for painting car bodies
manufactured at Pune facility. Decision was taken to use that additional capacity for painting
Company GLOBAL AUTO’s Cars. Although this seems to be obvious solution but there were
7 | Supply Chain Risks and Security
many challenges which company faced once they started the sending Metal car bodies to K&K
MOTORS’s manufacturing unit, getting them painted and bringing them back to Pune factory for
further fitment. Few of the challenges are mentioned below -
1. Logistics arrangement for transporting cars between Pune and K&K MOTORS’s
Manufacturing plant which was 160KM away
2. New types of Racks designing and procurement for in transit transportation
3. Line design change at Kurla factory to accommodate Company GLOBAL AUTO’s Cars
4. Paint quality deterioration during in transit movements
5. Planning and coordination issues between these two factories
6. Increased pipeline inventory
7. Diversion of paint related raw material to Kurla factory
8. Managing pipeline inventory of finished cars in market
9. Setting up the paint booth in the minimum time
This risk was something which was not governed by external environment. At the same time, it
was not completely in control of the organization as well.
Company was agile to respond to this unforeseen event and due to effective coordination and
effective management, they had just 1 week of production loss. This loss was covered by the
additional inventory of finished goods they had in plant. Various teams put additional efforts to
ensure that paint shop was up in 2.5 months, earlier than expected and during this time of PCBU
achieved one of the highest sales months. Company GLOBAL AUTO was not having any well-
organized risk management framework but whatever actions were taken, were in some way or
the other related to various strategies which we use for risk management.
Although Global Auto was successful in maintaining market availability but due to additional
transportation and rework cost of production increased. Due to increase in cost margin dipped
and in spite of high sales the realized revenue was low. Also huge cost was spend on rebuilding
paint shop. So overall business was hit not in terms of continuity but profitability.
8 | Supply Chain Risks and Security
Risk Framework
In Current dynamic business environment, there are key corporate objectives which should be
met to ensure long term sustenance of organization. Any risk management framework we make
should be aligned to these key objectives of organization so that they can be translated to
actionable plan which will help organizations to achieve these objectives.
Any business is primarily focused on following key KPI for its long term sustenance:
1. Profitability
2. Growth
3. Business Continuity
4. Market Leadership
9 | Supply Chain Risks and Security
Above focus area are connected with all 4 components with of risk management components
1. Risk Awareness –
Risk awareness is ‘acknowledgement that risks exist in supply chain’ and ‘finding out
severity and occurrence and detectability of the Risks’. By finding out these parameters
we can assign Risk Priority Number (RPN) around all risks. RPN concept is well known
in six sigma and Failure mode effectiveness analysis (FMEA). This concept can be
extended to risk awareness phase and by application of RPN we are able to remove
subjectivity around risks.
Risk awareness is closely connected to Profitability. As we are able to assign RPN to all
the risks, we can prioritize which risk need to be addressed immediately and which can
be taken on later stages. If we are aware of the risk and we can assess the damage by the
potential risk, we can take the cost impact and include that cost as part of product costing
which will ensure the profitability in long run. A good example of ensuring profitability
is that in Retail industry. All the retailers are aware that there is pilferage in operation.
Based on historic values it was found that the pilferage varies between 2-3%. Retailers
generally make investments in tracking system and install equipment which will reduce
pilferage. Some of the retails are even build this 3% in product costing so that pilferage
cost can be offset to revenue recognized. Immediate attention of potential threats will
ensure that company will not lose business in short term and hence profitability is
ensured.
Risk Awareness has two stages which are action plan for any team involved in risk
management
• Risk Identification: Identification is ‘knowing the risk’ involved in supply
chain from local as well as global perspective. It can be done by following
methods
o Focused group discussion
o Industry identified risks
• Risk Assessment: It is quantifying the risk involved in supply chain with RPN
model. RPN quantify the risk based on Severity, occurrence and probability
10 | Supply Chain Risks and Security
2. Risk Readiness –
Being risk aware is good for the organization but only awareness will not ensure business
continuity and growth. Organizations need to be risk ready for implementation of any
solutions. Readiness means organizations should have close collaborations with vendors
and key solution providers who are agile enough to respond in case of unforeseen
circumstances.
As we saw in the case study discussed in the previous section, the Company GLOBAL
AUTO was able to ensure that it business was least affected from unexpected event and
hence organization was able to sustain the growth in the market. Had there been a gap in
supplies for a month or so, business was bound to get impacted resulting in dent in the
growth which company was nurturing before the fire event. Risk readiness has mainly
two components:
• Key Stakeholder’s relationship – In the case study, relationship with key
stakeholders played a vital role in bringing back the business to normal.
Stakeholders such as vendors were able to provide immediate support for
rebuilding the paint shop. Other stakeholder such as sales team, dealer network
were able prioritize the critical orders to be supplied whereas keep low priority
ones for longer horizon. Also sales team efforts played pivotal role in selling the
available inventory by collaborating with customers and modifying the orders.
This reduced the pressure on manufacturing to provide fresh supplies for old
orders.
• Risk Mitigation Strategy – Risk mitigation is, systematically reducing the
probability of occurrence of risk or its impact on existing business. Generally
organizations do risk mitigation only after occurrence of event. If organizations
proactively make risk mitigation strategy, they can reduce the impact of event and
hence ensure the continuous growth. For internal risks, it involve process change
whereas for demand and supply risk it involves redefining business rules to
capture the upcoming uncertainties and risk associated with them
3. Risk Responsiveness –
Despite an organization’s awareness and readiness, still there is a probability that some
unforeseen events may occur and impact current ‘day to day’ operations. At this point of
time overall business continuity depends upon following factors:
11 | Supply Chain Risks and Security
• Response Agility – Agility is how quickly organizations are able to respond to
risk and bring out a feasible solution. This depends upon the first phase that is risk
assessment. Building robust solution is based on the capabilities of organization to
quickly assess the risk and its impact and build an alternative plan for business
continuation.
• Solution Implementation – Many organizations are capable of building
solutions which may be realistic and feasible, but when it comes to
implementation, they fail to show agile approach resulting in delayed and
incomplete implementation. In the case study, Company GLOBAL AUTO was
quick to respond and bring up the supplies in one week. Also because of available
inventory there were almost zero disruptions to supplies in the market.
4. Market Risk Adaptability –
The Business environment around the world is changing and hence risks associated with
business are no longer conventional. Organizations have to be equally innovative in their
risk management strategies to maintain market leadership. Sometime back, there were
floods in Thailand and as we know, many Laptop manufacturers procure the Hard disks
from Thailand’s local factories. During those times, Lenovo was maintaining a better
pipeline inventory of finished goods as compared to its other competitors, who were
working on lean inventory model. Also, Lenovo was quick enough to build alternative
sourcing when floods happened in Thailand. As a result when other companies (HP, Dell
etc.) were bleeding during the floods because of shortage of hard disks, Lenovo was able
to gain market share of others and attain market leadership as well.
• Changing Environment adaptability – It is the capability of the
organization to adapt to new business environment and be ready for risk which
come along with it. This is important from the prospective of maintaining market
leadership as adopting new environment quickly and making contingency plans to
counter risk will ensure the competitiveness of organization.
• Glocalization – Globalization + Localization. There was an era when sourcing
to low cost manufacturing hubs like China and outsourcing services to other
countries like India were key to lower the operations cost and maintain
competitiveness. Issues of piracy, natural calamities, political instabilities,
increasing inflation and unpredictable economic scenarios has challenged the
12 | Supply Chain Risks and Security
concept of outsourcing. There are numerous examples where organizations have
lost heavily due to outsourcing. Also globalization has increased overall supply
chain inventory which pose threat to obsolescence in short life cycle products.
Hence now companies are taking a cautious call to make a perfect balance
between globalization and localization.
13 | Supply Chain Risks and Security
The Solution: Stay ‘Risk-Ready’
The Risks described earlier have hurt the companies badly in past and in some cases there were
complete shutdown of the business. To avoid such extremes companies need to be prepared in
advance. The companies that have Risk mitigation strategies in-place not only avoid big losses
but also win their competitor’s market share such tricky situations, in cases when the competitors
were not ‘Risk-ready’.
Below is the four point strategy for making the companies ‘Risk-Ready’ so that they are able to
manage the Supply Chain Risks in a more efficient way –
Avoid: This intends in not taking such steps that would lead to ‘Risk’. An example could be to
avoid sourcing the items from a country that has political instability. Western Digital could have
saved millions had they avoided being over dependence at a coastal country like Thailand for the
productions of hard disks. There are several other examples where avoidance could have saved
billions. So, basically companies must not take a path that may be cheaper but is risky as well.
Now, avoiding risks may look like an answer to all the risks but another school of thought says
that this avoidance may also lead to the loss of a potential gain (had the risk been allowed). In
today’s world of cost cuttings and the search of cheap labors leads the companies to such riskier
propositions.
14 | Supply Chain Risks and Security
Reduce: As described earlier, in tough times the companies also have to take tough decisions
and often they might not avoid a particular Risk completely. The reasons behind such decisions
can be both monetary and nonmonetary. Hence, if a company cannot ‘Avoid’ Risks, it should try
for plan B which is to ‘Reduce’. Reduce the likelihood of the Risk. Reduce the severity of the
loss from the Risk. Taking an example of the IT companies – these days companies are
following the ‘Scrum model’ of software development in which they get ready with smaller
shippable pieces of codes in smaller intervals rather than following the orthodox ‘Waterfall
model’ of software development where the deliverables were shipped after pretty longer
intervals. The Scrum model gives the developers more flexibility and a reality check of what is
going on and where they stand with respect to their final deliverable. Hence they can take
corrective measures more efficiently (as compared to the Waterfall model) and hence can
‘Reduce’ the likelihood of Process Risks (e.g. product developed does not match exact
requirements etc.) and even if the some Risks occur, they will be minor and not severe. Similarly
different industries follow (or they should follow) different methods to ‘Reduce’ the Risks.
Some general pointers for ‘Reducing’ the Risks are as follows –
All employees should be Risk managers: Every employee involved in the Risk prone
legs of the supply chain should be empowered and motivated to be Risk managers. They must be
aware of what could cause Risk? What are the necessary steps to detect and then avoid it? Their
knowledge while encountering such Risks should be collaborated and shared with the larger
groups so that others could gain the insights while facing such risks and can take the necessary
steps more effectively.
Agile performance checks: The performance checks need to be more frequent and agile.
The checks should be designed such that they can notice any and every disruptions in the Supply
chain. In fact it should be one of the measures to evaluate one’s performance whether or not he
has caught all possible disruptions. Finding a disruption is in vain unless taken a timely
corrective action against it. So agility of such checks will take care of that.
Real time visibility of the supply chain: The system should be such that it enables the
managers to have visibility of complete supply chain. Visibility in real time will help the
managers to raise a flag when something does not go as planned. With the help of alerting
technologies companies’ chances of detecting the source and reducing the risk get boosted up.
15 | Supply Chain Risks and Security
Know the big picture: The supply chain managers must be aware of the big picture
around the supply chain. Awareness of the external factors that could affect some or the other
processes in the supply chain is a must. If the manager knows that one of his key raw material’s
supplies could be shortened because of some environmental factors, the manager would take
corrective measures well in advance as soon as he sees such environmental change happening.
These and many more similar steps can be taken to ‘Reduce’ the likelihood of the Risk and to
‘Reduce’ the severity of the loss from the Risk.
Share: If the Risk cannot be avoided and its severity also cannot be reduced, the companies
should have a backup plan of sharing the Risk. Basically the companies should share the burden
of loss OR the benefit of gain with a third party. This third party could be an insurance company
or a vendor to which some processes are outsourced to. The company will pay a premium to the
insurer and in turn will get a sum assured in case of the mishaps that are covered in their mutual
terms and conditions. Similarly in case of outsourcing a process to some external vendor, the
vendor will share both the Risks involved and the profits earned. In this way the companies can
offset some of their Risks by paying a little premium or by sharing a part of their profits.
Retain: At times when the Risks are so small that the premium for insurance itself will outplay
the actual risk OR when the Risks are so large that they cannot be insured because of high
premiums (mostly environmental risks like Earth quake, Tsunami etc.) OR when the likelihood
of the risk to occur is very minimal, in such cases the companies tend to retain the risks by
default.
16 | Supply Chain Risks and Security
Conclusion
Today the world is becoming flat and companies are aiming for low cost sourcing and hence
increasing the overall inventory across their supply chains. Due to this globalization of Supply
Chains, organizations are more prone to risk in supply chain. Also due to cost competitiveness
organizations are not making focused investments in Risk management. It is high time that the
innovative organizations must step up and revive their Risk mitigation and Contingency plans.
Companies must make their processes seamless, their networks efficient, their demand
forecasting accurate and companies’ sourcing should be strategic, so that their losses pertaining
to these risks are minimum. In process of making supply chains resilient to Risks, organizations
need to work on various frameworks and thus implement a more focused and robust model of
risk management.
The environmental risks like Geo-political issues, Natural disasters etc. cannot really be
predicted but they are within the realm of proper planning. Apart from this, other kinds of risks
are either fully or partially in control of organizations.
17 | Supply Chain Risks and Security
Organizations, more than ever need to understand the risk attach with their nature of business
and be agile in developing expertise and process to counter any unforeseen risk. Basically they
need to be RISK READY, which is how they can – ‘Avoid’ the risks that have high impact on
business and feature high on controllability; ‘Reduce’ the risks that have low impact on business
but feature high on controllability; ‘Share’ the risks that have high impact on business but feature
low on controllability; and ‘Retain’ the risks that have low impact on business and feature low on
controllability (Figure 1.1.1).
18 | Supply Chain Risks and Security
References
1. Mitigating Supply Chain Risks (David Simchi – Levi / Professor MIT).
2. Dorfman, Mark S. (2007). Introduction to Risk Management and Insurance (9 ed.).
Englewood Cliffs, N.J: Prentice Hall. ISBN 0-13-224227-3.
3. http://en.wikipedia.org/wiki/Risk_management#cite_ref-8.
4. http://www.husdal.com/2009/06/13/the-six-ways-of-dealing-with-risk/.
5. http://www.aon.com/switzerland/DE_Products_Services_Specialty/Risk_Services/Ent
erprise_Risk_Management/LadingPage2_ERM.jsp
6. Course in Risk Management in Supply Chain at SPJCM – Dr. Omera Khan
19 | Supply Chain Risks and Security
About the Authors
Arun works as a Functional Architect, at JDA Software Pvt. Ltd. He has a Masters
degree in Retail Management from SP Jain Center of Management (Dubai/Singapore).
Arun has been closely working with global clients (like Wal-Mart, Adidas AG, Kraft
Foods Inc., PepsiCo etc.) helping them into Assortment Planning, Digital marketing,
other retail operations and Supply Chain optimization.
Jitender works as a Solutions Architect, at JDA Software Pvt. Ltd. He has a Masters
degree in Supply Chain Management from SP Jain Center of Management
(Dubai/Singapore). Jitender has worked in various industries with global brands like
TATA Motors, John Deere, Britannia, HP, Baxter Inc. Jitender is also Six Sigma Black
Belt Certified from Indian Statistical Institute, Bangalore.