supply chain risks and securities

1 | Supply Chain Risks and Security

Conceptual Paper: Supply Chain Risks and Security

Jitender Vashisht Arun Singh JDA Software, Bangalore 560037 (India)

Dec 2013

International Conference on Supply Chain & Logistics Management (ICSCLM 2013) New Delhi, India, December 5-7, 2013


Table of Contents

Abstract ......................................................................................................................................................... 3

What is Risk? ................................................................................................................................................ 3

Types of Risks............................................................................................................................................... 4

Case Study: Risk management ...................................................................................................................... 6

Risk Framework ............................................................................................................................................ 8

The Solution: Stay ‘Risk-Ready’ ................................................................................................................ 13

Avoid: ..................................................................................................................................................... 13

Reduce: ................................................................................................................................................... 14

Share: ...................................................................................................................................................... 15

Retain: ..................................................................................................................................................... 15

Conclusion .................................................................................................................................................. 16

References ................................................................................................................................................... 18

About the Authors ....................................................................................................................................... 19


Abstract

“The entire Japanese vehicle industry ground to a halt following an earthquake. Toyota, in

particular was forced to stop operations at all 12 of its domestic plants.” – Financial Times, 24

July ‘07.

“A fire at a key Philips semiconductor factory in 2000 caused a worldwide shortage of the radio

frequency chips used by Ericsson, accounting the loss of around $400 Mn.” –MIT Sloan Mgt.

Review ’06.

Similarly, Western Digital’s loss of US$225–$275 million during flood in Thailand (Oct, 2011)

or Unilever’s heavy loss in ice-cream production due to flood in Gloucester, UK (Jul 2007),

there are tons of examples where companies have lost millions of USD due to such catastrophic

events. These are the ‘Environmental risks’ that companies deal-with every now and then. In

addition to this, companies today have Supply Risks (e.g. dependency on key suppliers),

Demand Risks (e.g. volatility in demand), Process Risks (e.g. limited capacity/bottlenecks),

Network Risks (e.g. bullwhip effect due to multiple echelons) and may be more.

Aim of the Research Paper is to identify and categorize various Risks associated with today’s

Global Supply Chains and also the Best practices followed globally to manage (Mitigation and

Contingency) these Risks.

Now, people may ask how this paper is different from several other papers available on Risk

management. Well, this paper not only comes up with a Risk Framework which companies

should follow to avoid the risks, it also links the Risk Framework with the overall company

objectives. And finally this paper talks about ‘the solution’.

What is Risk?

Supply Chain risk is the uncertainty of events which can affect optimal performance of supply

chain operations to the extent so that it can impact business objectives. It is important for any

firm to gain understanding of such events which may occur in any link of supply chain, so that

they can ensure business continuity without losing the customer confidence and erosion of

shareholder’s value.

In this era of globalization, supply chain risks have increased manifold. Organizations are

adopting lean practices, which mean fewer inventories, JIT stock movement etc. Such practices


do not plan for any uncertainty (which is bound to impact supply chains). Organizations are also

adopting outsourcing for most of their manufacturing operations without understanding the risk

involved with outsourced country. All these result in enhanced risks to supply chain.

Some of these risks are analyzed in a framework as shown in Figure 1.1 –

As we see in the above framework, some risks such as Natural Disasters have HIGH impact on

the business but the ability to control such Risk is negligible. At the same time process or

product related risks also have a significant impact on the business and the ability to control such

Risks is also HIGH. As we proceed we will focus more on such Risks that have more effect on

the business and are more likely to be controllable.

Types of Risks

All Supply Chain related risks can broadly be categorized into five categories –


Environmental risks: Environmental Risks are the risks that are caused by the external factors

beyond the control of organizations. Such types of risks are most prevalent one as they are high

in impact and low in control. Natural disasters, terrorism and war, regulatory changes, tax,

duties, strikes, government policies, political instabilities are some of the risks which comes

under environmental risks. These risks are mostly in news as they impact the complete industry

rather than one organization.

Supply Risks: Supply risks arise mainly due to weak and unorganized supply network of the

organization. This risk can be controlled by various initiatives by the organization. In some

industries suppliers are more powerful and then OEM so they pose a greater threat to price

increase, continued supplies, material quality. Some of the risks covered under supply risks are

dependency on key suppliers, cartels in suppliers, quality issues in supplies, lengthy and variable

lead times.

Demand Risks: Demand risk is partially in control of organization. Loss of major accounts,

demand volatility, concentration of customer base, short life cycles, substitute products,

innovative competitors are some of the risks comes under demand. Some of the risks can be

minimized by agility of supply chains to adapt changing business environment.

Process Risks: Process risks are very much visible in any organization as they directly impact

the productivity. Organizations have complete control over process risks and with core

functional teams and projects; they endeavor to control these risks. Some of the Process risks are

Manufacturing yield variability, lengthy set up time, in flexible processes, equipment reliability

and outsourcing key businesses. Tools like ‘Six Sigma’ are used to control the variability in the

processes.

Company Supply Side Demand Side

Environmental Risk

Supply Risk Control Risk

Process Risk

Demand Risk


Network Risks: Network rise arise because of the business relationship between various supply

chain partners. Things like asymmetric power relationships, no collaboration between SCM

partners, rules which can distort demand, bull whip effects are some of the network risks. These

risks arise purely by policies internal to organizations.

Case Study: Risk management

Company ‘GLOBAL AUTO’ (name changed) is one of the largest car manufacturing companies

in India with market share of 16%-17% in 2005-2006 for Passenger Car Business. This was the

golden era of Car Business with demand exceeding the supplies and company was ramping up

production capacities to meet the surging demand. During this time, there was major fire broke

out in Company GLOBAL AUTO’s Pune factory in Paint Shop. Paint shop has two paint booth

and both of them were gutted to ashes in this fire. There was no human casualty but this was an

unforeseen event and company had no contingency plan. Also since this was an unanticipated

event so even experienced managers had no idea that how to keep the business running.

Expected time to re build up the paint shop was at least 3 months. In such a competitive car

business, if there are no supplies for 3 months, this means losing market share completely and

rebuilding the whole credibility may take years.

In such situation company had two challenges

1. How to keep the business running as usual and maintain supplies in the market

2. How quickly they can rebuild the Paint shop and bring the operations to normal

To address these issues, there was immediate re shuffling of profiles and teams were made to

address these issues. One team was deployed immediately to contact various vendors who played

vital role in initial commissioning of Car plant. This team was on lookout for options to re build

the paint booths with existing and new vendors.

Second team was involved in finding out the alternatives to maintain the supplies in the market.

During that time, Company GLOBAL AUTO had taken over Company K&K MOTORS’s (name

changed) India arm and K&K MOTORS’s plant was 160KM away from Pune factory. That plant

had idle capacity which could be used by Company GLOBAL AUTO for painting car bodies

manufactured at Pune facility. Decision was taken to use that additional capacity for painting

Company GLOBAL AUTO’s Cars. Although this seems to be obvious solution but there were


many challenges which company faced once they started the sending Metal car bodies to K&K

MOTORS’s manufacturing unit, getting them painted and bringing them back to Pune factory for

further fitment. Few of the challenges are mentioned below -

1. Logistics arrangement for transporting cars between Pune and K&K MOTORS’s

Manufacturing plant which was 160KM away

2. New types of Racks designing and procurement for in transit transportation

3. Line design change at Kurla factory to accommodate Company GLOBAL AUTO’s Cars

4. Paint quality deterioration during in transit movements

5. Planning and coordination issues between these two factories

6. Increased pipeline inventory

7. Diversion of paint related raw material to Kurla factory

8. Managing pipeline inventory of finished cars in market

9. Setting up the paint booth in the minimum time

This risk was something which was not governed by external environment. At the same time, it

was not completely in control of the organization as well.

Company was agile to respond to this unforeseen event and due to effective coordination and

effective management, they had just 1 week of production loss. This loss was covered by the

additional inventory of finished goods they had in plant. Various teams put additional efforts to

ensure that paint shop was up in 2.5 months, earlier than expected and during this time of PCBU

achieved one of the highest sales months. Company GLOBAL AUTO was not having any well-

organized risk management framework but whatever actions were taken, were in some way or

the other related to various strategies which we use for risk management.

Although Global Auto was successful in maintaining market availability but due to additional

transportation and rework cost of production increased. Due to increase in cost margin dipped

and in spite of high sales the realized revenue was low. Also huge cost was spend on rebuilding

paint shop. So overall business was hit not in terms of continuity but profitability.


Risk Framework

In Current dynamic business environment, there are key corporate objectives which should be

met to ensure long term sustenance of organization. Any risk management framework we make

should be aligned to these key objectives of organization so that they can be translated to

actionable plan which will help organizations to achieve these objectives.

Any business is primarily focused on following key KPI for its long term sustenance:

1. Profitability

2. Growth

3. Business Continuity

4. Market Leadership


Above focus area are connected with all 4 components with of risk management components

1. Risk Awareness –

Risk awareness is ‘acknowledgement that risks exist in supply chain’ and ‘finding out

severity and occurrence and detectability of the Risks’. By finding out these parameters

we can assign Risk Priority Number (RPN) around all risks. RPN concept is well known

in six sigma and Failure mode effectiveness analysis (FMEA). This concept can be

extended to risk awareness phase and by application of RPN we are able to remove

subjectivity around risks.

Risk awareness is closely connected to Profitability. As we are able to assign RPN to all

the risks, we can prioritize which risk need to be addressed immediately and which can

be taken on later stages. If we are aware of the risk and we can assess the damage by the

potential risk, we can take the cost impact and include that cost as part of product costing

which will ensure the profitability in long run. A good example of ensuring profitability

is that in Retail industry. All the retailers are aware that there is pilferage in operation.

Based on historic values it was found that the pilferage varies between 2-3%. Retailers

generally make investments in tracking system and install equipment which will reduce

pilferage. Some of the retails are even build this 3% in product costing so that pilferage

cost can be offset to revenue recognized. Immediate attention of potential threats will

ensure that company will not lose business in short term and hence profitability is

ensured.

Risk Awareness has two stages which are action plan for any team involved in risk

management

• Risk Identification: Identification is ‘knowing the risk’ involved in supply

chain from local as well as global perspective. It can be done by following

methods

o Focused group discussion

o Industry identified risks

• Risk Assessment: It is quantifying the risk involved in supply chain with RPN

model. RPN quantify the risk based on Severity, occurrence and probability


2. Risk Readiness –

Being risk aware is good for the organization but only awareness will not ensure business

continuity and growth. Organizations need to be risk ready for implementation of any

solutions. Readiness means organizations should have close collaborations with vendors

and key solution providers who are agile enough to respond in case of unforeseen

circumstances.

As we saw in the case study discussed in the previous section, the Company GLOBAL

AUTO was able to ensure that it business was least affected from unexpected event and

hence organization was able to sustain the growth in the market. Had there been a gap in

supplies for a month or so, business was bound to get impacted resulting in dent in the

growth which company was nurturing before the fire event. Risk readiness has mainly

two components:

• Key Stakeholder’s relationship – In the case study, relationship with key

stakeholders played a vital role in bringing back the business to normal.

Stakeholders such as vendors were able to provide immediate support for

rebuilding the paint shop. Other stakeholder such as sales team, dealer network

were able prioritize the critical orders to be supplied whereas keep low priority

ones for longer horizon. Also sales team efforts played pivotal role in selling the

available inventory by collaborating with customers and modifying the orders.

This reduced the pressure on manufacturing to provide fresh supplies for old

orders.

• Risk Mitigation Strategy – Risk mitigation is, systematically reducing the

probability of occurrence of risk or its impact on existing business. Generally

organizations do risk mitigation only after occurrence of event. If organizations

proactively make risk mitigation strategy, they can reduce the impact of event and

hence ensure the continuous growth. For internal risks, it involve process change

whereas for demand and supply risk it involves redefining business rules to

capture the upcoming uncertainties and risk associated with them

3. Risk Responsiveness –

Despite an organization’s awareness and readiness, still there is a probability that some

unforeseen events may occur and impact current ‘day to day’ operations. At this point of

time overall business continuity depends upon following factors:


• Response Agility – Agility is how quickly organizations are able to respond to

risk and bring out a feasible solution. This depends upon the first phase that is risk

assessment. Building robust solution is based on the capabilities of organization to

quickly assess the risk and its impact and build an alternative plan for business

continuation.

• Solution Implementation – Many organizations are capable of building

solutions which may be realistic and feasible, but when it comes to

implementation, they fail to show agile approach resulting in delayed and

incomplete implementation. In the case study, Company GLOBAL AUTO was

quick to respond and bring up the supplies in one week. Also because of available

inventory there were almost zero disruptions to supplies in the market.

4. Market Risk Adaptability –

The Business environment around the world is changing and hence risks associated with

business are no longer conventional. Organizations have to be equally innovative in their

risk management strategies to maintain market leadership. Sometime back, there were

floods in Thailand and as we know, many Laptop manufacturers procure the Hard disks

from Thailand’s local factories. During those times, Lenovo was maintaining a better

pipeline inventory of finished goods as compared to its other competitors, who were

working on lean inventory model. Also, Lenovo was quick enough to build alternative

sourcing when floods happened in Thailand. As a result when other companies (HP, Dell

etc.) were bleeding during the floods because of shortage of hard disks, Lenovo was able

to gain market share of others and attain market leadership as well.

• Changing Environment adaptability – It is the capability of the

organization to adapt to new business environment and be ready for risk which

come along with it. This is important from the prospective of maintaining market

leadership as adopting new environment quickly and making contingency plans to

counter risk will ensure the competitiveness of organization.

• Glocalization – Globalization + Localization. There was an era when sourcing

to low cost manufacturing hubs like China and outsourcing services to other

countries like India were key to lower the operations cost and maintain

competitiveness. Issues of piracy, natural calamities, political instabilities,

increasing inflation and unpredictable economic scenarios has challenged the


concept of outsourcing. There are numerous examples where organizations have

lost heavily due to outsourcing. Also globalization has increased overall supply

chain inventory which pose threat to obsolescence in short life cycle products.

Hence now companies are taking a cautious call to make a perfect balance

between globalization and localization.


The Solution: Stay ‘Risk-Ready’

The Risks described earlier have hurt the companies badly in past and in some cases there were

complete shutdown of the business. To avoid such extremes companies need to be prepared in

advance. The companies that have Risk mitigation strategies in-place not only avoid big losses

but also win their competitor’s market share such tricky situations, in cases when the competitors

were not ‘Risk-ready’.

Below is the four point strategy for making the companies ‘Risk-Ready’ so that they are able to

manage the Supply Chain Risks in a more efficient way –

Avoid: This intends in not taking such steps that would lead to ‘Risk’. An example could be to

avoid sourcing the items from a country that has political instability. Western Digital could have

saved millions had they avoided being over dependence at a coastal country like Thailand for the

productions of hard disks. There are several other examples where avoidance could have saved

billions. So, basically companies must not take a path that may be cheaper but is risky as well.

Now, avoiding risks may look like an answer to all the risks but another school of thought says

that this avoidance may also lead to the loss of a potential gain (had the risk been allowed). In

today’s world of cost cuttings and the search of cheap labors leads the companies to such riskier

propositions.


Reduce: As described earlier, in tough times the companies also have to take tough decisions

and often they might not avoid a particular Risk completely. The reasons behind such decisions

can be both monetary and nonmonetary. Hence, if a company cannot ‘Avoid’ Risks, it should try

for plan B which is to ‘Reduce’. Reduce the likelihood of the Risk. Reduce the severity of the

loss from the Risk. Taking an example of the IT companies – these days companies are

following the ‘Scrum model’ of software development in which they get ready with smaller

shippable pieces of codes in smaller intervals rather than following the orthodox ‘Waterfall

model’ of software development where the deliverables were shipped after pretty longer

intervals. The Scrum model gives the developers more flexibility and a reality check of what is

going on and where they stand with respect to their final deliverable. Hence they can take

corrective measures more efficiently (as compared to the Waterfall model) and hence can

‘Reduce’ the likelihood of Process Risks (e.g. product developed does not match exact

requirements etc.) and even if the some Risks occur, they will be minor and not severe. Similarly

different industries follow (or they should follow) different methods to ‘Reduce’ the Risks.

Some general pointers for ‘Reducing’ the Risks are as follows –

All employees should be Risk managers: Every employee involved in the Risk prone

legs of the supply chain should be empowered and motivated to be Risk managers. They must be

aware of what could cause Risk? What are the necessary steps to detect and then avoid it? Their

knowledge while encountering such Risks should be collaborated and shared with the larger

groups so that others could gain the insights while facing such risks and can take the necessary

steps more effectively.

Agile performance checks: The performance checks need to be more frequent and agile.

The checks should be designed such that they can notice any and every disruptions in the Supply

chain. In fact it should be one of the measures to evaluate one’s performance whether or not he

has caught all possible disruptions. Finding a disruption is in vain unless taken a timely

corrective action against it. So agility of such checks will take care of that.

Real time visibility of the supply chain: The system should be such that it enables the

managers to have visibility of complete supply chain. Visibility in real time will help the

managers to raise a flag when something does not go as planned. With the help of alerting

technologies companies’ chances of detecting the source and reducing the risk get boosted up.


Know the big picture: The supply chain managers must be aware of the big picture

around the supply chain. Awareness of the external factors that could affect some or the other

processes in the supply chain is a must. If the manager knows that one of his key raw material’s

supplies could be shortened because of some environmental factors, the manager would take

corrective measures well in advance as soon as he sees such environmental change happening.

These and many more similar steps can be taken to ‘Reduce’ the likelihood of the Risk and to

‘Reduce’ the severity of the loss from the Risk.

Share: If the Risk cannot be avoided and its severity also cannot be reduced, the companies

should have a backup plan of sharing the Risk. Basically the companies should share the burden

of loss OR the benefit of gain with a third party. This third party could be an insurance company

or a vendor to which some processes are outsourced to. The company will pay a premium to the

insurer and in turn will get a sum assured in case of the mishaps that are covered in their mutual

terms and conditions. Similarly in case of outsourcing a process to some external vendor, the

vendor will share both the Risks involved and the profits earned. In this way the companies can

offset some of their Risks by paying a little premium or by sharing a part of their profits.

Retain: At times when the Risks are so small that the premium for insurance itself will outplay

the actual risk OR when the Risks are so large that they cannot be insured because of high

premiums (mostly environmental risks like Earth quake, Tsunami etc.) OR when the likelihood

of the risk to occur is very minimal, in such cases the companies tend to retain the risks by

default.


Conclusion

Today the world is becoming flat and companies are aiming for low cost sourcing and hence

increasing the overall inventory across their supply chains. Due to this globalization of Supply

Chains, organizations are more prone to risk in supply chain. Also due to cost competitiveness

organizations are not making focused investments in Risk management. It is high time that the

innovative organizations must step up and revive their Risk mitigation and Contingency plans.

Companies must make their processes seamless, their networks efficient, their demand

forecasting accurate and companies’ sourcing should be strategic, so that their losses pertaining

to these risks are minimum. In process of making supply chains resilient to Risks, organizations

need to work on various frameworks and thus implement a more focused and robust model of

risk management.

The environmental risks like Geo-political issues, Natural disasters etc. cannot really be

predicted but they are within the realm of proper planning. Apart from this, other kinds of risks

are either fully or partially in control of organizations.


Organizations, more than ever need to understand the risk attach with their nature of business

and be agile in developing expertise and process to counter any unforeseen risk. Basically they

need to be RISK READY, which is how they can – ‘Avoid’ the risks that have high impact on

business and feature high on controllability; ‘Reduce’ the risks that have low impact on business

but feature high on controllability; ‘Share’ the risks that have high impact on business but feature

low on controllability; and ‘Retain’ the risks that have low impact on business and feature low on

controllability (Figure 1.1.1).


References

1. Mitigating Supply Chain Risks (David Simchi – Levi / Professor MIT).

2. Dorfman, Mark S. (2007). Introduction to Risk Management and Insurance (9 ed.).

Englewood Cliffs, N.J: Prentice Hall. ISBN 0-13-224227-3.

3. http://en.wikipedia.org/wiki/Risk_management#cite_ref-8.

4. http://www.husdal.com/2009/06/13/the-six-ways-of-dealing-with-risk/.

5. http://www.aon.com/switzerland/DE_Products_Services_Specialty/Risk_Services/Ent

erprise_Risk_Management/LadingPage2_ERM.jsp

6. Course in Risk Management in Supply Chain at SPJCM – Dr. Omera Khan


About the Authors

Arun works as a Functional Architect, at JDA Software Pvt. Ltd. He has a Masters

degree in Retail Management from SP Jain Center of Management (Dubai/Singapore).

Arun has been closely working with global clients (like Wal-Mart, Adidas AG, Kraft

Foods Inc., PepsiCo etc.) helping them into Assortment Planning, Digital marketing,

other retail operations and Supply Chain optimization.

Jitender works as a Solutions Architect, at JDA Software Pvt. Ltd. He has a Masters

degree in Supply Chain Management from SP Jain Center of Management

(Dubai/Singapore). Jitender has worked in various industries with global brands like

TATA Motors, John Deere, Britannia, HP, Baxter Inc. Jitender is also Six Sigma Black

Belt Certified from Indian Statistical Institute, Bangalore.

supply chain risks and securities

Documents

supply chain risks

environmental risks

types of risks

risk management

risk framework

security conceptual

unilevers heavy loss

western digitals loss