For example, if the transit time between one of your suppliers and one of your factories has always been 15 days in the past then you would assume that the transit time will be 15 days for future orders, too. This 15-day transit time will be used to determine when to send an order to that supplier so that it will arrive at your factory on time. But past performance is not a guarantee of future results.
Although we have to make assumptions in order to plan how a supply chain should perform, we need to deal with reality when it comes to managing the day-to-day operations. Think about the potential effects that any of the following events could have on your supply chain:
- A shipping container filled with raw materials for your product gets quarantined in a port for 30 days.
- One of your factories is closed because of an epidemic.
- A key supplier files for bankruptcy protection.
- A major customer unexpectedly cancels a huge order for your products.
- A new customer unexpectedly places a huge order for your products.
You need to understand a few basic principles to implement a risk management process that spans your supply chain:
- Risk = Uncertainty: Every plan you make is based on assumptions about how the future is going to play out. So you should analyze your supply chain and plan the way you want things to work. You also need to be flexible enough — in your planning and in your thinking — to adapt to what happens around you. Risk management is fundamentally about reducing uncertainty as much as you can and then adapting and responding to the uncertainty that remains.
- Statistics ≠ Probabilities: This principle can save you from a lot of trouble. Analysts commonly look at how often something has happened in the past (statistics) and use that data to predict how often the thing is likely to happen again (probabilities). This approach can be useful in some cases, but it can also lead to poor decision-making in supply chains.
Statistics say that a disease epidemic is unlikely, for example, so worrying about that situation in advance might not seem worthwhile. But the probability that a particular disease will start to spread may be 100 percent, if you knew that people were coming into direct contact with it. The problem with ignoring this risk is that you really don’t have enough information about the disease and the people that are coming into contact with it to know the true probability of whether there will be an outbreak.
In other words, relying on general statistics about how epidemics emerge can lead you to underestimate the risk for a particular disease.
- Flexibility = Insurance: In many cases, the best way to manage a supply chain risk is to have a Plan B. If your risk is that a supplier could go bankrupt, your Plan B could be to have at least two suppliers. If your risk is that a cargo vessel could be delayed, your Plan B could be to have extra inventory on hand.
In other words, think of the cost of supply chain flexibility as though it were the premium on an insurance policy. Maybe the premium is too expensive, and you’re better off paying the price if you have a problem. In many cases, the flexibility is cheap compared to the cost of a supply chain disruption.
The Supply Chain Risk Leadership Council offers a free handbook called “Supply Chain Risk Management: A Compilation of Best Practices” that includes a list of all the different things that can go wrong in a supply chain.
Building supply chain resilience for difficult timesYou may find people using the words risk, threat, and disruption interchangeably, but in the context of supply chain management each of them means something slightly different.
- A risk is an event that may or may not occur; a hurricane, for example.
- A threat is the impact the risk would have on your supply chain; in the case of a hurricane, one threat could be that your factory would be flooded.
- A disruption is how the threat would impact your business and that of your supply chain partners. If there were a hurricane that flooded your factory, your supply chain would be disrupted because you could not manufacture products.
For example, a rapid increase in customer orders can trigger a buildup of inventory and overwhelm a distribution center. The result would be a disruption in the ability of the distribution center to process shipments efficiently.
The disruption caused by an upside risk can be just as expensive as the disruption from a downside risk, especially when it triggers the Bullwhip Effect. Even so, it is typical for supply chain risk management processes to focus mostly on the downside risks.
A supply chain’s vulnerability to disruptions can have serious consequences for all the businesses involved. Reducing this vulnerability requires collaboration among the firms in a supply chain so that they can help one another deal with threats as they emerge. The goal, of course, is to engineer and manage your supply chain so that it can function during and after a disruption — in other words, to be resilient.You can think about supply chain resilience in terms of a shipment of bananas bound from South America to a grocery store in the United States. A lot of uncertainty is involved in that supply chain, from weather to commodity prices to the reliability of the cargo ship.
From these risks and others, you see that the supply chain has many threats — many things that could go wrong. If a threat occurs, it can cause a disruption. If the ship breaks down, for example, it could delay the delivery of bananas and disrupt the store’s supply chain. But if the grocery store has extra inventory or another source of supply then it can continue selling bananas to its customers in spite of the supply chain disruption, so its supply chain is resilient.
Supply chain risk management is very similar to business continuity management. Business continuity plans are often focused on making a particular facility or company more resilient; supply chain risk management looks more broadly at how all of the companies working together contribute to the resilience of a supply chain.