Supply chain risk gets global attention. The World Bank and World Economic Forum comprehend the issue and its importance.
The term covers broad issues and narrow topics. Insurance companies talk about supply chain risk in terms of assets. Others talk about sources for particular products. Some take a near-apocalyptic view. These diverse interpretations make identify risks more challenging.
Surprisingly, many supply chain risk discussions exclude the actual supply chain. They do not recognize logistics infrastructure, logistics service providers, and how products move through supply chains. Many times, a picture, such as a ship, is used to show the "supply chain". As a result, they overlook risks.
These also do not present the information supply chain and how it affects movement of goods. Nor are Incoterms mentioned and what they mean to buyers versus sellers controlling the passage of goods. Yet, such details can cause risk.
Supply Chains. Three key components of supply chains are -
- Product / material / commodity / component sources
- Logistics infrastructure
- Logistics service providers
- Natural disasters
- Inadequate logistics infrastructure
- Logistics service providers bankruptcies, mergers, or other actions that impact the supply of and ability to provided needed services
- Infrastructure breakdowns
- Company management
- Logistic service providers that do not operate and perform as needed
- Improper or unmanaged outsourcing
- Bottlenecks / Congestion
- Combinations of the above
Model. The supply chain risk model blends principals of supply chain management.
1) Security. Supply chains should be protected from loss, deterioration, contamination, theft, and other vulnerability issues.
2) Accountability. This goes beyond sales agreements and Incoterms. It is the responsibility for the safe flow through the supply chain and encompasses many stakeholders.
3) Visibility. Knowing where items are throughout the entire movement is critical. Technology plays a vital role to facilitate traceability, trackability, and chain of custody. It is also important if there is a recall or safety issue, and the cause must be traced back.
4) Product / Logistics Specifics. Products may require special handling for logistics infrastructure and service providers. The necessary temperature, humidity, cleanliness/sanitation, weight, heavy lift and other factors must be properly utilized.
5) Sourcing This is more than buying or many suppliers in a region. It includes multiple sources and risk diversification.
6) Supply Chain Best Practices. Supply chains involve more than managing freight and logistics components. Best practices manage flows for protection, including integrated process, supplier performance, segmentation, and time compression.
6) 7) Chain of Custody. This is one that is often overlooked. There are many parties involved in an international order and shipment. How the product moves with and through all these players is challenging. It is especially important for products such as pharmaceuticals and for food stuffs, ingredients, and food-grade items.
Methodology. Risk detection has three steps—analysis, validation and assessment. Deliverables are mapping, macro and granular determinations, and priorities. This approach combines data analytics, supply chain expertise, and confirmation. It elevates results from conceptual to actionable.
Analysis has two parts--
A) Data analytics. Internal data is not enough. With the geographical scope, complexity, and stakeholders of supply chains, data from multiple sources and in different formats is needed. No other part of a company has as many stakeholders, both internal and external as the supply chain.
Analytics should investigate supply chains and risks by -
- product / commodity
- logistics infrastructure
- logistics service provider
The examinations should aggregate and segregate across trade lanes and products. Doing these provide important insights into exposure scope.
Step 2) Validation
Analytics presents macro views that can have gaps. It does not provide needed granular information. Validating actual supply chains-- sources, logistics infrastructure, and logistics providers-- is needed. This provides acumen that analytics alone does not.
The best way to attest to key supply chains and possible disruption issues is to verify them. This involves walking through select purchase orders as to the actual locations and steps of each order. Inspect origin facilities. Verify how well orders transit the product and information supply chains. Evaluate how the logistics infrastructure meets requirements. Confirm how logistics service providers perform. Determine if there are hidden issues. These are beyond business intelligence questions and require on-site reviews.
With analysis and validation, potential risks are recognized. More must be done as to the various risks. It should be determined what each one means. This is what assessment does.
Assessments alone can be too subjective. Thanks to the two prior two steps, both quantitative and qualitative information is available to appraise vulnerabilities.
Each risk is evaluated as to probability of occurrence and impact. A Risk Index is developed with axes of impact and likelihood. The impact of a disruption is the financial effect and the time to recover. Likelihood reflects the probability of an event happening.
What Next. Hazards have been analyzed, including inherent ones, along with interdependencies of components, critical paths along supply chains, and more. Practicable items are found, and there is now a solid foundation for mitigation. Root causes should be determined. This may necessitate going deeper into certain supply chains for threat reduction.
The risk project is not a one-time effort and should be done every two or three years.