New Software Tools to Manage Risk and Disruptions: Part II

Editor’s note: This is the second of a three-part feature on the current framework for classifying risks and the ongoing efforts to mitigate them.

During 2010-2011, there have been several efforts to develop tools to help companies identify risks and respond to them. These include software companies developing applications, in-house development of supply chain risk management processes and consulting services centered on risk management and resilience.

Examples of in-house company-developed software include applications developed by IBM, Cisco and ATMI. Software companies developing software (and possibly related consulting services) include Razient Inc. of Miami, FL, Resilinc Inc. of Fremont, CA , MetricStream of Palo Alto, CA and Impact Factor Inc. of Princeton, NJ.

Several companies providing supply chain event management applications have also geared their offerings to risk management. Such companies include Trade Merit Inc. CDC Software Manhattan Associates, and others. In addition, many consulting organizations have developed supply chain risk management practices, assisting companies in assessing the risks and developing prevention and mitigation measures. Examples include Price Waterhouse, JLT Specialty Limited in the UK, Marsh Risk Consulting, Capitol Risk Concepts Limited, LMI and scores of others.

These software applications are based on using product movement visibility and comparing it to product movement plans. When a shipment does not hit a milestone – say it is a day late into certain port, an alert is triggered. Such alerts can be very useful for recovery and resiliency but (i) they mostly deal with small events of late or missing individual shipments and not with events that pose large risks and (ii) the alert sent may be too late as it reveals a supply chain failure rather an impending problem. Such applications may have some use in tandem with specialized supply chain risk management applications to identify potential larger problems.

Most of the software applications under development for supply chain risk management try to operate in two time frames: planning and operations. In the planning mode these software applications use the two traditional axes framework likelihood/impact. In the operational mode they do not try to assess the probability or the likelihood of detrimental events; instead the approach is focused on the other two dimensions of the risk framework depicted in Figure 3: detectability and severity. In both modes these applications look at suppliers and the risk to a company from a supplier failure to deliver raw material or parts (as well, of course, as a failure in one or more of the company’s facilities). To this end, most of the applications mentioned above are based on the following data sources:

o Plant location of the Company plants as well as its suppliers (Tier 1+), and identification of risks inherent to those locations, whether geopolitical or natural disaster.
o Supplier response to various questionnaires assessing the business continuity capabilities of the supplier. These include suppliers’ characteristics, compliance with various government and industry regulations and initiatives, such as the suppliers’ risk management processes, their C-TPAT compliance, insurance requirements, achievement of ISO 14000 standard for environmental stewardship, etc.
o Financial strength assessment of the supplier collected from questionnaires and public sources
• Product information
o Which part is supplied by what supplier and at what plant are the parts produced
o Material Requirement Planning-based information and supplier files for each product in order to identify the plants and suppliers responsible for each part and which product it goes into
o Sensitivity information regarding impact on the company and its customers of disruptions from product deliveries
• Incidents information
o Historical data about frequency of disruptions of various kind by geography and time of year
o Real time potential disruption information.

These data are taken from news reports and specialized sources regarding events around the world.

The final installment will address “Planning and Operations”

SC
MR