We report the findings of our survey, answering questions such as the level of investments being made in resilience, the scope of responsibility for supply chain organizations, and assessment of how well we are doing at actually managing risk.
Full Article Below -
This is Part One of our three-part series reporting the findings of our 2011 survey on supply chain risk. The entire report is now available HERE.
Introduction / Background
Shortly after the 911 terrorist attacks, I was invited to participate in war games, the purpose being to simulate and evaluate the impact of a terrorist attack on US supply chains. (Coincidentally, or maybe intentionally, the war games were conducted at the same “undisclosed location” that Dick Cheney was whisked off to during the 911 attacks . . . or so we were told). At the end of those war games, as we were making our concluding comments, I got on my soap box to make some points—“We have gone through a revolution in supply chain, greatly reducing inventories and outsourcing manufacturing to lower-cost regions, with tremendous benefits. But it has made our supply chains longer, leaner, and much more vulnerable. The next revolution in supply chain must be about making them more resilient.”1
For over a decade now, we (and others) have been talking about the importance of supply chain resilience. Considering how devastating disruptions can be to the brand, shareholder value, competitiveness, and a firm’s ability to trade, we continue to assert that building a resilient supply chain is one of the most important assets and competitive foundations that a company can develop.
We felt that it was time to take a measurement of the state of the industry: How far have we come? What kinds of investments are being made in resilience? What is the scope of responsibility for supply chain organizations? And how well are we actually managing risk?
To answer these questions, we conducted a broad survey and set of interviews. Our findings confirmed that we have a long, long way to go. Investments in supply chain risk are pathetically low, and it shows—our survey respondents rated their own organizations’ risk management capabilities quite low.
But to keep things in perspective, I must add that we also have come a long way in the last decade. Now there are many more people who are aware of and are talking about supply chain resilience than there were a decade ago. At the executive team level, it is at least part of the conversation, if not a high priority. And some real leaders have emerged, creating new innovative practices and approaches. Further, we see much richer and more integrated sources of real-time intelligence services, databases, analytics, and supplier management systems.
With that balanced view in mind, we present the findings of this research study to explore answers to the critical questions we posed.
How Strategic is Managing Supply Chain Risk?
An Incident-Driven Priority
The devastating 2011 Japanese tsunami was a wakeup call for many companies. Even many of those not immediately affected have been rattled by the events. Senior executives around the world are meeting with their operational teams to ask the questions, “How are we impacted? What are you doing to ensure continuity of supply? What changes should we make to better prepare for future incidents?” Unfortunately, we have seen over and over that for most companies the memory of this will fade, and the executive team’s attention will be consumed by other matters that are deemed higher priority. This is understandable, because top executives’ metrics, compensation, and the firm’s stock price are usually not impacted much (or at all) by the company’s level of supply chain resilience . . . until after a disruption occurs. Our past research has shown that executives’ tolerance for risks tends to be quite a bit higher than many of us would consider reasonable.
In late March and early April 2011, in the wake of the Japanese tsunami, we conducted a survey about supply chain risk. Our survey found that supply chain resilience tended to be reviewed and managed “down in the trenches” by the people with immediate responsibility for operational functions, as well as by the head of those functional units, such as the VP supply chain (see Figure 1, below). Review by executives in charge of the business unit or by corporate executives is considerably less common. (You can be sure that those same executives are reviewing sales numbers daily or weekly.) This shows that for about 80% of companies, supply chain resilience is not yet a priority at the executive level, except for those executives directly responsible for supply chain functions.
Figure 1 – Level at Which Supply Chain Resiliency is Reviewed
The ROI of Resilience
As one survey respondent put it, “I don’t have to sell the priority of risk management after a major disrupting event occurs—at that point it’s already ‘all hands on deck.’ But before the event, it is very hard to get the organization to make investments and be proactive.” Another respondent told us, “I can only justify investments in risk management tools, services, or personnel if I present a very strong ROI based on how big are the chances of a disruption.” This is understandable, but it is extremely difficult to calculate realistic odds and also to convince executives of the ROI for an event that they intuitively believe is very unlikely (see The Myth of Black Swans, in Part Two).
However, studies and experience have shown that disruptions are extremely common. As well, disruptions have a huge impact on shareholder value. A study by Vinod Singhal and Kevin Hendricks showed, on average, over a 25% drop in stock price when a disruption occurred. That should make a compelling case for an ROI on managing supply chain risk.
Figure 2 – Impact of Supply Chain Disruptions on Shareholder Value
Low Level of Investment in Supply Chain Risk Management
Another revealing survey question was how much is spent on supply chain risk each year. Most companies invest a paltry amount, less than $50K annually. Only about 5% spend over $1M and none in our survey spends more than $3M per year on managing supply chain risk. There was not a strong correlation between company size and the amount invested. Some mid-size firms spend considerably more than many large firms. This generally low level of investment is yet another indicator of the disconnect between the high impact of supply chain disruptions and the low level of attention and funding spent in mitigating them.
Figure 3 – Amount Spent on Supplier and Supply Chain Risk
Our survey confirmed that risk assessment is a common part of the supplier selection process. Almost 90% of respondents said that supplier risk is frequently or always part of their supplier selection process (Figure 4). However, the thoroughness of the risk assessment varies greatly, depending on the company. For some companies, a quick check of financial health is it. Others will take a look at the exposure of suppliers’ plants to natural hazard and geopolitical risk, as well as the suppliers’ business continuity processes and policies. The majority of companies do not consider risk beyond immediate suppliers. However, a few more sophisticated firms will consider not just the immediate supplier, but risks in multiple tiers upstream (more on this in the section “Managing Multi-Tier Risks and Secondary Effects,” in Part Three), and have more far-reaching monitoring systems in place to get early warning indicators when something is potentially going wrong.
Figure 4 – Role of Risk Assessment in Supplier Selection
In spite of the fact that almost 90% of companies surveyed are assessing supplier risk, fewer than 30% have a published set of resilience and risk mitigation standards for their suppliers (Figure 5, below).
Figure 5 – Published Resilience Standards for Suppliers
The frequency with which companies conduct assessments and audits of risk factors for their suppliers depends on how critical those suppliers are (see Figure 6, below). It is notable that almost 40% of respondents never conduct assessments, or do so less than once a year, even for their most critical suppliers. About 10% of firms run these assessments twice a year, or more often for important suppliers. Here again, this highlights the difference between the “haves and have nots” of supply chain risk—i.e., those who make managing supply chain and supplier risk a key corporate priority vs. those for which it is superseded by other priorities.
Figure 6 – Frequency of Supplier Risk Assessments
We did probe what makes a supplier Class A/critical. For many of our respondents, a supplier is critical if the respondent’s firm cannot ship product without the component or material that the supplier provides and one or more of these are true:
It is difficult to find an alternative supplier with the same capabilities.
They supply highly engineered materials with few sources. In these cases, it may be necessary to get alternative sources pre-approved by engineering.
There is a high cost of changing suppliers, for example the supplier has built custom tooling for your components. Here, it may be worth investing in backup copies of these tools.
You have a sophisticated relationship with the supplier that took time to develop—this might include engineering, manufacturing, quality, and other dimensions.
In Part Two of this series, we will look at what role survey respondents said the supply chain team should play in managing risk, as well as an assessment of how well they are doing at that.
1I also made the point that preparations and mitigations for disruptions should not be cause-specific (What if there is a terrorist attack?), but rather should focus on the impacts (What if our plant cannot ship product for a period of time–how should we be prepared?)
To view other articles from this issue of the brief, click here.