Saturday, February 17, 2024

SUPPLY CHAIN RISK ESCALATION: A Risk Management Approach

Supply chain risk is getting and has gotten much global attention, beginning with the pandemic. Disruptions are continuing and becoming global trade threats. Geopolitics and a potential bipolar trade war have elevated risk recognition since supply chain risk is enterprise risk. 

There is more, and they vary by industries, markets, and other delineators. And risks are becoming macro. For example, climate change threats and the impact of decarbonization are increasing. 

What is needed is to see supply chain risk as a series of rolling events. It is not about discrete actions. Disruption is ongoing. Four years and counting. And their impact is escalating. That increases the need for risk management. Identify. Assess. Mitigate. And doing it recognizing the size and complexity of the end-to-end supply chain. 

With the end-to-end size and complexity and with the extended participants of supply chains, general risk mitigation is not adequate. A broader yet targeted approach is needed. 

With that supply chain reality, addressing risk requires an approach, a strategy. It is not to react by moving from task to task in an attempt to fix it.  And that is what this is about—how to identify, assess, and mitigate supply chain risk.

For starters, there are questions:

·       What are the risks?

·       How do they affect me?

·       What do I do about them?

Before we get too far, a note. Not all firms see risks. They may be risk and change adverse or have risk blindness. Also, topics, such as freight rates, are misdirection to not seeing and understanding what all is happening. Firms miss the supply chain uncertainty and its effects--inventory and more.   

The term covers broad issues and narrow topics. Insurance companies talk about supply chain risk in terms of assets. Others talk about sources for particular products. Some take a near-apocalyptic view. These diverse interpretations make identifying risks more challenging and interesting.

Surprisingly, many supply chain risk discussions exclude the actual supply chain. They do not recognize logistics infrastructure, logistics service providers, and how products move through supply chains. Many times, a picture, such as a ship, is used to show the "supply chain". As a result, they overlook risks.

These also do not present the information supply chain and how it affects the movement of goods and commodities. Nor are Incoterms mentioned and what they mean to buyers versus sellers controlling the passage of goods. Yet, such details can create risk.

Supply Chains. Three segments must be recognized in your risk endeavor—

·       Upstream/inbound

·       Downstream/outbound

·       Intermediate

Upstream is where suppliers and their suppliers are. Downstream is customers or stores. Intermediate is how and where you position your network for inventory and other activities.

In turn, the four key components of supply chains are -

  • Product/material/commodity/component sources
  • Suppliers
  • Logistics infrastructure
  • Logistics service providers 

Supply chains originate upstream at their sources; those are often suppliers and their factories. For commodities, such as food, there are multiple sources, the actual farms and the locations where the food is processed, chilled, frozen, or however treated. In those cases, both places should be included in the supply chain scope. So, the review should go from the start of the supply chain and continue through to final destination delivery.

  • Causes. There are many kinds of external and internal risks-- organizational, operational, strategic, and commercial. Causes can be pervasive. These disrupt the availability of products or their flows. They vary by products and industries and include -

    • Geopolitics
    • Terrorism
    • War
    • Climate change
    • Weather
    • Natural disasters
    • Inadequate logistics infrastructure
    • Logistics service providers bankruptcies, mergers, or other actions that impact the supply of and ability to provide needed services
    • Infrastructure breakdowns
    • Bottlenecks / Congestion
    • Suppliers
    • Markets
    • Prices
    • Company management
    • Logistic service providers that do not operate and perform as needed 
      • Improper or unmanaged outsourcing
      • Regulatory
      • Strikes
      • Combinations of the above

      Risk is also caused by the trade parties. Buyers and sellers in their pursuit of the best prices or their lack of understanding of supply chains create risk.

      Model. The supply chain risk model blends principles of supply chain management.


      The model reflects--

      1) Security. Supply chains should be protected from external forces, loss, deterioration, contamination, theft, and other vulnerability issues.

      2) Accountability. This goes beyond sales agreements and Incoterms. It is the responsibility for the safe flow through the supply chain and encompasses many stakeholders.

      3) Visibility. Knowing where items are throughout the entire movement is critical. Technology plays a vital role in facilitating traceability, trackability, and chain of custody. It is also important if there is a recall or safety issue, and the cause must be traced back.

      4) Product / Logistics Specifics. Products may require special handling for logistics infrastructure and service providers. The necessary temperature, humidity, cleanliness/sanitation, weight, heavy lift, and other factors must be properly utilized.

      5) Sourcing This is more than buying or many suppliers in a region. It includes multiple sources and risk diversification.

      6) Supply Chain Best Practices. Supply chains involve more than managing freight and logistics components. Best practices manage flows for protection, including integrated process, supplier performance, segmentation, and time compression.

      7) Chain of Custody. This one is often overlooked. There are many parties involved in international orders and shipments. How the product moves with and through all these players is challenging. It is especially important for products such as pharmaceuticals and foodstuffs, ingredients, and food-grade items.

      Methodology. Risk detection has three steps—analysis, validation, and assessment. Deliverables are mapping, macro and granular determinations, and priorities. This approach combines data analytics, supply chain expertise, and confirmation. It elevates results from conceptual to actionable.  

    • Step 1) Analysis

      Analysis has two parts--

      A) Data analytics. Internal data is not enough. With the geographical scope, complexity, and stakeholders of supply chains, data from multiple sources and in different formats is needed. No other part of a company has as many stakeholders, both internal and external as the supply chain.

      Analytics should investigate supply chains and risks by -

    • product/commodity 
    • supplier
    • country
    • logistics infrastructure
    • logistics service provider
      • B) Logistics/supply chain domain expertise. Real-world supply chain, logistics, and international trade experience are required to complement analytics.

        The examinations should aggregate and segregate across trade lanes and products. Doing these provides important insights into exposure scope.

        Step 2) Validation
        Analytics presents macro views that can have gaps. It does not provide needed granular information. Validating actual supply chains-- sources, logistics infrastructure, and logistics providers-- is needed. This provides acumen that analytics alone does not.

        The best way to attest to key supply chains and possible disruption issues is to verify them. This involves walking through select purchase orders as to the actual locations and steps of each order. Inspect origin facilities. Verify how well orders transit the product and information supply chains. Evaluate how the logistics infrastructure meets requirements. Confirm how logistics service providers perform. Determine if there are hidden issues. These are beyond business intelligence questions and require on-site reviews.

        Step 3) Assessment
        With analysis and validation, potential risks are recognized. More must be done as to the various risks. It should be determined what each one means. This is what assessment does.

        Assessments alone can be too subjective. Thanks to the two prior two steps, both quantitative and qualitative information is available to appraise vulnerabilities.

        Each risk is evaluated as to the probability of occurrence and impact. A Risk Index is developed with axes of impact and likelihood. The impact of a disruption is the financial effect and the time to recover. Likelihood reflects the probability of an event happening.

        Plot each risk on the index. This prioritizes and focuses on high-impact and high-probability risks for mitigation.

        What Next. Hazards have been analyzed, including inherent ones, along with interdependencies of components, critical paths along supply chains, and more. Practicable items are found, and there is now a solid foundation for mitigation. Root causes should be determined. This may necessitate going deeper into certain supply chains for threat reduction.

        The risk project is not a one-time effort and should be done every two or three years. Risks are a continuing danger.