This is Part Two of our three-part series reporting the findings of our 2011 survey on supply chain risk. In Part One we looked at what investments are being made in managing risk, and how companies are assessing risk. Here in Part Two, we examine the role the supply chain group plays and how well companies are doing in managing risks.
Supply Chain Teams’ Role and Effectiveness in Managing Risks
Companies face a huge variety of risks. Not all of these risks are the duty of the supply chain group to fix or manage. In the survey, we explored which types of risks the SCM function should be managing and which risks are outside their responsibility (see Figure 7, below).
Figure 7 – Types of Risks the SCM Team Should Manage
Overall, the data shows that supply chain personnel believe they own some level of responsibility for a broad array of risks. In every single category, at least 70% of respondents said that the supply chain department should be either highly involved or somewhat involved. There were only three areas that more than 20% of respondents said were outside the responsibility of the supply chain function: 1) product design flaws, 2) counterfeits, and 3) HR risks (such as skills shortage and turnover). Even here, most people (over 70%) thought that supply chain should be at least somewhat involved or highly involved.
There are some areas—like exchange rate risks, sustainability/social responsibility, IT security, and theft/shrinkage—where most respondents feel that supply chain needs to be somewhat involved, but not highly involved. The logic here will vary from firm to firm. For example, for a company that sources most of its components and materials domestically but sells overseas, the exchange rate risks are all on the sell side and are more or less completely outside the control of the supply chain group. However, when a substantial amount of materials are sourced overseas in other currencies, then the supply chain and sourcing groups should be part of the team that determines the hedging strategy. This is because strategies for managing exchange risks can include things like asking suppliers for local currency pricing (invoice in the buyer’s domestic currency) as an alternative to buying OTC derivatives or Exchange-traded funds. A cross-functional team, including representatives from supply chain, should analyze the alternatives and weigh the tradeoffs to determine the optimal strategy.
Similarly, sustainability and social responsibility may be primarily an internal matter for a non-manufacturing company. However, for a manufacturing company, especially one that outsources most of its manufacturing and/or has an extended multi-tier supply chain, responsibility extends to the companies in its supply chain. Nike and others have learned the hard way that their brand will take the hit for what happens in their supply chain.
The area with the highest “Not SCM’s responsibility” response was Counterfeits. However, more respondents said that supply chain should be highly involved in managing counterfeit risks. Here again, strategies are usually multi-faceted. Some of these involve criminal investigations and strong legal enforcement—making an example of the worst offenders to discourage others. These types of activities are largely outside of the supply chain function. However, there are other activities, such as serialization of items, and tracking and validating products as they flow through the supply chain, which are clearly in the domain of supply chain. As with many risks, the answer lies in a cross-functional team approach. Cross-functional teaming should be a strong suit of the supply chain team, as much of what they do is coordinating and bridging across functional boundaries.
After asking which areas of risk the supply chain group should be managing, a logical next question is, “So, how good is your company at actually managing each of those areas of risk?” The responses to this question are shown in Figure 8, below. In this chart, the responses are sorted high-to-low, based on the number of “very good” + “good” responses.
Figure 8 – How Good Companies are at Managing Risk
What is most striking here is how poorly companies rate their own ability to manage risk. In only two areas (production reliability and business continuity) do more than half of the respondents say they are good or very good. The areas with the most “poor” ratings are geopolitical risks, natural disasters, labor disputes, infrastructure risks (power, utilities), and demand forecasting. One of our recent studies corroborates this last finding about demand forecasting. We found demand forecasting to be the top supply chain challenge, highest priority, and most difficult to improve process (out of 24 choices) in that study.
The areas in which respondents said that they were doing the best are those that are somewhat under the direct control of the company—production reliability, business continuity, and IT security. It is striking then, that another area that is somewhat under companies’ control—managing HR risks, such as turnover—was ranked dead last. This was echoed in our 2011 Business Priorities survey that found retaining talent to be a top concern, fueled by a talent shortage in key professions.
It is not too surprising that companies find it difficult to manage geopolitical and natural disaster risks. Not only are these out of their control, but also, in many cases, they are hard to predict and there are no easy mitigation strategies. For example, if all the key suppliers are in a region with high earthquake risk, it seems that there is little you can do about it. However, it is also the case that many companies fail to take a proactive approach to managing these types of risks.
Proactive vs. Reactive Approach
What are the odds of that?
In June 2001, a 10 year old girl in Staffordshire, England named Laura Buxton wrote on a helium balloon “Please return to Laura Buxton” along with her address, and released it in her back yard. The balloon drifted 140 miles south, past millions of people, and descended in the town of Milton Lilbourne in the back yard of another 10 year old girl named (dramatic pause) … Laura Buxton. They corresponded, decided to meet, and discovered they both were the same height, had the same color hair, were wearing the same clothes, both owned 3 year old black Labrador dogs, a gray rabbit, and a guinea pig (which they both brought with them that day), and had skin discoloration in the same spot on their backside. What are the odds of that? Well, the fact is the odds of that specific situation happening are very close to zero. But the odds of something that stunningly weird happening somewhere many, many times each year are nearly 100%. The same is true about “black swan” events in general. You can hear more about this and the phenomena of “stochasticity” in the RadioLab podcast "A Very Lucky Wind,"
In speaking with companies about their response to the tsunami, it became apparent that some companies were much more proactive than others. They swung into action based on up-to-date and recently validated/practiced contingency plans they had in place. Some of these firms set up a war room within 30 minutes of the tsunami. They already had agreements in place with alternate sources of supply upon which they could draw. In contrast, other firms were caught flat-footed and took longer to understand if, and how, they were affected. They then had to compete with other companies scrambling for their share of limited supply on spot markets or secondary markets.
The Myth of Black Swans
Some people will complain that they could not be expected to be prepared for such a rare and unanticipated event as the tsunami. After all, it was beyond even the worst case predictions of many of the planners in Japan itself, where 30 foot seawalls were overwhelmed and backup safety systems in the nuclear plants were breached. These are sometimes referred to as “black swan” events: events that could not possibly have been foreseen. This is a flaw in disaster planning—focusing on potential events and their probability rather than on assets and impacts. Humans are notoriously bad at calculating the probabilities of rare events and even worse at “intuiting” those odds. (See sidebar at right “What are the odds of that?”) For more on this topic, see this article: “Black Swan? Revolutions and Tsunamis Come and Go!.”
In Part Three, the final installment of this series, we will look at managing multi-tier risks and secondary effects.
To view other articles from this issue of the brief, click here.