Know Your Supply Chain Risks

This is an excerpt of the original article. It was written for the September-October 2019 edition of Supply Chain Management Review. The full article is available to current subscribers.

September-October 2019

It’s that time of year again, when we feature the Top 25 supply chains from Gartner. What I enjoy most about this research is the window it provides into where supply chains are going next: After all, while some lead, the rest of us follow.

Browse this issue archive.

Already a subscriber? Access full edition now.

Need Help?

Contact customer service

847-559-7581   More options

Not a subscriber? Start your magazine subscription.

When the Supply Chain Risk Management Consortium came to be about 10 years ago, founder Greg Schlegel distinctly remembers the small percentage of workshop attendees whose companies had experienced supply chain risk events. “Four or five attendees (out of a total of 20 to 25) raised their hands,” Schlegel recalls. “Now it's 100% of attendees. We've stopped even asking the question.”

Instead of trying to figure out how many companies have or have not experienced disruption, the Consortium puts more emphasis on the compelling reasons to act, and what to do when a risk event happens. “It has taken about eight years for this whole combination of supply chain and risk management to really gain traction,” says Schlegel, who divides risk into three categories: strategic, tactical and operational.

The first category includes taxes, tariffs, geopolitical issues, natural disasters and other events that fall outside of most companies' spheres of influence. In other words, they can't prevent the events from happening, but they can prepare in advance for them. Tactical issues include problems with the supply base, a customer going out of business, and so forth. The final category includes day-to-day issues like a lack of labor, business process problems or failing internal systems.

Six risks to watch right now

Any single risk event can wreak havoc on a company's operations, and a combination of multiple issues can bring an organization to its knees. The number of potential hazards is growing every year: According to Resilinc's Annual EventWatch Report, global supply chain risk events increased 36% in 2018. The company issued 2,696 event notices—an average of about seven per day.

Those events affected companies of all sizes and across all industries. “It doesn't matter if you're operating locally or if you have a large, complex, worldwide supply chain,” says Schlegel. “Things happen.”

Following are the top six potential supply chain risks that should be on every company's radar this year.

1.) Fires or explosions. Calling these “manmade black swan events,” Schlegel says plant or facility explosions and fires can significantly affect a company's operational capabilities, as well as its employees and customers. Depending on the severity of the event, there may also be legal, media and/or brand issues to deal with. “They happen more often than you'd think,” says Schlegel, who tells warehouse and logistics managers to do frequent facility walk-arounds and hazard inspections. “Identify and assess the risks, and then prioritize them by dollar value in descending order,” says Schlegel. “Pick, choose and develop risk response plans.” If fire is a potential top risk, for example, and if $200 million in inventory is at risk, then it's probably time for a better fire alarm system, new sprinklers and/or a more comprehensive hazard insurance policy.

2.) Natural disasters. Hurricanes, tornadoes, wildfires, tsunamis and earthquakes can create major supply chain disruptions. Last year was the fourth-costliest year since 1980 in terms of insured losses, primarily due to an accumulation of severe and costly events in the second half of the year, the Munich Re NatCatSERVICE reports. It registered 850 events worldwide in 2018, with geophysical events such as earthquakes, tsunamis and volcanic eruptions accounting for 5% of the total. Storms made up 42%, floods, flash floods and landslides 46%, while 7% fell into the categories of heat, cold and wildfire. The continents most affected were Asia (43%), North America (20%), Europe (14%) and Africa (13%). Though complete avoidance may be impossible, having backup sources of supply, using good data backup strategies, obtaining the right insurance coverage and having a disaster recovery plan in place can all help companies stay in business during and after the event. “Twenty percent of all companies that experience a moderate to severe ‘natural cat' event in their regions go out of business 15 to 18 months after the event,” says Schlegel, “and another 15% go out of business in two years to three years. It's impactful.”

3.) Cyberthreats. At press time, Capital One was the latest posterchild for poor cybersecurity practices. Using an Amazon Web Services loophole, a hacker obtained data on 106 million of the credit card company's applicants, 140,000 of whom had their Social Security numbers swiped. This is just one of many examples of how cyberthreats can affect a company's operations, customers—and even suppliers. “These are strategic events that are fairly low in frequency, but when they do happen, they're huge,” says Schlegel. “On average, a cybersecurity breach will cost a manufacturer $6 million to $7 million to fix.” There could also be lawsuits, compliance issues and other costly matters to settle before the problem fades. Pointing out that 80% of all cybersecurity breaches involve supply chain, Schlegel tells companies to conduct cyber risk assessments that include both supplier and customers, all in the name of mitigating the impact of a successful attack. “Add consequences to your customer and supplier contracts,” he advises, “stating that if you don't do these assessments once or twice a year, you may not be our supplier going into the next fiscal horizon.”

4.) Transportation disruptions. Port strikes, driver shortages and international regulations like IMO 2020 are going to happen—it's simple a matter of when they happen and how much impact they have on individual shippers. Knowing this, Bill Hurles, executive director of the Global Supply Chain Resiliency Council, says that there are steps companies can take to reduce their exposure. Take port strikes and closures: Using cluster analysis, he says organizations can look at which ports they use most and determine whether those locations are too “clustered” in certain geographies, thus presenting higher risk. For example, an importer that relies mostly on the ports of Los Angeles and Long Beach would do well to diversify into another geographic region because those ports are located so close to one another there is a greater possibility of both being affected by a disruption. “Once you've done the cluster analysis, you can use supply chain mapping to find out where everything is coming from—even the goods that you don't buy directly,” says Hurles, “and get a big picture of what's happening in the world.” Combine that intelligence with real-time alerts, he says, and you'll be able to better prepare for potential transportation risk events.

5.) Government intervention. Brexit, tariffs, currency fluctuations, trade wars and border controls are just a handful of the government-centric issues that are affecting the world's supply chains right now. “There's a lot more government impact on the supply base than there has historically been,” says Hurles, who sees tariffs as the top issue right now in terms of supplier risk. “It's not exactly a ‘disruption,' but it can have a significant impact on a company's cost of doing business.” Currency fluctuations also fall into this bucket. “We're seeing a lot more variation in currencies, and particularly the British Pound, the Euro and the Chinese Yuan versus the U.S. dollar,” says Hurles. “Depending on what your payment terms are and the profile of the supply base, currency fluctuations in today's world can be a pretty significant risk.”

6.) Demographic shifts. They may not wreak havoc on a physical distribution facility or negatively affect millions of credit card applicants in one fell swoop, but that doesn't mean demographic changes aren't introducing new risks into the supply chain. The logistics industry as a whole—the trucking industry, in particular—face new challenges recruiting younger workers as Baby Boomers retire in droves. According to the ATA, in 2018, the trucking industry was short roughly 60,800 drivers, which was up nearly 20% from 2017's figure of 50,700. If current trends hold, the shortage could swell to over 160,000 by 2028. This could present high hurdles not only for the carriers that employ drivers, but also for the shippers who depend on those carriers. “We're just not seeing as many young people go into that profession,” says Bob Trent, a professor of management at Lehigh University. “That's creating big risks for companies, and one of several demographic and cultural changes that's causing some serious supply chain and corporate risks.”

The collective good

Regardless of the specific risk event, Hurles says companies should think about analyzing, assessing and addressing risk collectively as an industry versus as a single entity. Learn from one another, pay attention to what's going on in the world and take the necessary steps to shore up your supply chain in a way that addresses both past disruptions and potential future risks, he says. And, simply putting a risk compliance officer in place isn't enough, he adds, it must be backed up with strong risk management strategies that evolve as the company expands its global presence.

“The most risk-averse companies are looking at their tiered suppliers, they're looking at capacity and they're using best practices to establish standards around risk,” says Hurles. “They're also gathering and sharing data in a common manner and then using it to develop industry-wide standards around supply chain risk.”

SC
MR