The Paradox of Supply Chain Risk

By Andrew K. Reese

Supply chain risk management has been a hot topic and a top draw on the industry conference and Webcast circuit for several years already. Entire events have been devoted to identifying and managing risk. Practice areas have sprung up within consultancies to advise clients on supply chain risk. Blogs have appeared covering risk, including one started by supply management solution provider Aravo at http://atrisk.net/.

In many ways, SCRM has taken on the characteristics of a critical discipline for supply chain executives. And all these trends have only been exacerbated by the recession, which highlighted the treat of supplier insolvency and supply chain disruption at a time when most enterprise executives were already feeling vulnerable.

And yet, in spite of all the ink and bytes that have been devoted to supply chain risk management (mea culpa, as this magazine has contributed its share to the conversation), a consensus remains elusive as to what exactly SCRM entails, how it should be defined, what kinds of strategies are necessary to address it, even who in the enterprise should address it. It seems that, to date, anyway, how you view supply chain risk, and how you manage it, still very much depends on where you sit in the supply chain.

Toward a Definition

The Supply Chain Risk Leadership Council (SCRLC), established in 2006 and counting among its member companies many of the leading brands across a variety of industry sectors (Cisco, Boeing, Procter & Gamble and Bank of America, just to name a few), defines SCMR as:

The practice of managing the risk of any factor or event that can materially disrupt a supply chain whether within a single company or spread across multiple companies. The ultimate purpose of supply chain risk management is to enable cost avoidance, customer service, and market position.

The all-encompassing nature of supply chain risk implied by that definition — "any factor or event" — has perhaps contributed to the generally slow pace at which a framework has been established for dealing with these risks. Noha Tohamy, the vice president of supply chain research at AMR Research (recently acquired by Gartner), has written and spoken extensively about SCMR and is perhaps the top analyst covering risk. She notes in a recent research report ("The Supply Chain Risk Leadership Council: Growing Influence, Growing Pains," March 04, 2010) that while the SCRLC has been effective in raising awareness of risk management, companies still need "practical advice" for how to incorporate risk management into their enterprises. "There's a critical need for a working framework that spans the major supply chain risks and the processes underlying them that can guide ... companies with advancing the concept of supply chain risk within their organizations," Tohamy writes.

The need for a precise understanding of what activities and what threats should and shouldn't be included in a company's supply chain risk management strategy is not trivial. As Anurag Dixit, vice president of marketing for spend management solution provider Zycus, writes in a recent whitepaper on risk: "In absence of a standard definition and framework [for risk management], people will have to rely on their experience and many times their gut-feel to assess risk they bring into the system when they choose a new supplier, move to a new supply market or redesign their supply chain. It is bound to lead to surprises and the chances are high that many of these decisions will not be positive.

"Moreover," Dixit adds, "this black-box approach prevents knowledge sharing at a larger department and enterprise scale."

In 2008 the Supply Chain Council (SCOR) recognized the conundrum that companies faced around supply chain risk. In the report "Managing Risk in Your Organization with the SCOR Methodology," the Supply Chain Council Risk Research Team noted that "less than half of enterprises have established metrics and procedures for assessing and managing supply risks and organizations lack sufficient market intelligence, process, and information systems to effectively predict and mitigate supply chain risks." The research team set out to fill that gap by not only offering a comprehensive definition of risk but also incorporate that definition into the SCOR model as a standard against which organizations can benchmark their own SCMR efforts.

Perspectives on Risk

However, even with the efforts of groups like the SCRLC and SCOR, the broader supply chain community has yet to form a consensus around strategies and best practices for supply chain risk. Sundar Kamakshisundaram, senior solutions marketing manager with spend management solution provider Ariba, suggests that, in part, this is because different groups within the enterprise have traditionally focused on specific areas of risk. Within many enterprises, for example, Finance may be tasked with looking at supplier financials as a signal of viability, Procurement may be primarily concerned with issues around contract compliance, and supplier performance may be the purview of Quality. "Whenever you talk to different people within an organization, you get different answers for what risk means," Kamakshisundaram says. "Different individuals focus on various operational metrics, and so companies are not taking a holistic approach to risk management."

So again, one's perspective on risk still appears to depend largely on where one sits in the supply chain, and within which function in the supply chain one sits.

On the demand management side, companies are struggling to understand how demand for their products is going to evolve in the post-recessionary economy, says John Vaughan, director of industry solutions with Patni Computer Systems' Business Consulting Services Group. "The largest risk that has to be managed now is the risk of demand patterns changing," Vaughan says. "When growth reappears, it's really not certain that it's going to be growth in the same categories as before. So risk mitigation right now has to be around understanding whether your customers are going to be buying the same things as before."

Bookmark and Share

One approach to dealing with this kind of demand-side risk is not to focus on trying to forecast demand better, since history is a poor guide to the future in these circumstances, but rather on putting in place the capabilities necessary to sense the changes in demand as they occur and to respond to those changes in a timely manner, says Trevor Miles. Miles is director of industry and application marketing at Kinaxis, which offers on-demand supply chain applications for supply chain visibility, demand management, supply management, sales and operations planning (S&OP) and supply chain risk management. "You need to be able to have an early warning that a metric is going in the wrong direction, but this kind of visibility is about more than just getting information, it's about being able to do something with that information," says Miles, who has written and spoken extensively on supply chain risk.

On the supply side, enterprises continue to look at the viability of their suppliers and must consider how to balance the benefits of supplier consolidation with the potential disruption from the failure of a key supplier, says Jon Bovit, chief marketing officer at CVM Solutions, which specializes in supplier management solutions covering centralized vendor management, supplier diversity, supplier risk management, and supplier performance management. "Companies need to realize today that having two or three alternate suppliers is almost a necessity in this environment," Bovit says. "Because even if you have a backup, that backup could be in worse shape than your primary supplier.

Supply management solutions providers have responded to the growing demand for supplier risk management solutions with offerings that range from best-of-breed to ERP-based applications. CVM, for example, offers a Risk Central technology module that it says focuses on "mitigating supplier risk through the proactive management of risk and compliance factors, relationships and processes." Aravo offers a "QuickStart" program for supplier risk management, aimed at getting an SRM program up and running in 60 days or less for $50,000. Ariba last year rolled out a new set of tools aimed at helping companies determine the financial health and stability of key suppliers, among other solutions targeted at risk. Emptoris provides risk management capabilities as part of its supplier performance management offering. SAP offers supplier risk management solutions as part of its BusinessObjects business intelligence offering.

Practitioner Perspective

On the logistics side, the risk levels can vary with the market, points out Rick Franklin, corporate director of operations for Komyo America, a provider of third-party logistics services and a unit of Honda Logistics. Franklin directs operations to support Honda America's aftermarket OEM parts distribution in three major hubs located in Ohio, Tennessee and California, as well as the operations of Komyo America's 3PL business outside of Honda in facilities in the U.S. and Mexico.

Franklin says that in 2008 it was costing up to $3,000 to bring a 40-foot container from Asia into Los Angeles and Long Beach, which are Komyo's main supply routes to the West Coast. Finding affordable capacity was the principle concern. But by mid-2009, he says, the company was getting a rate out of the East of about $850 and the risks had changed.

"At that point we knew that the steamship lines were having huge problems with parking fleets because they had way more capacity than they had containers to move, so we had to be wary about sticking with one supplier and be careful to have a variety of suppliers," Franklin says. "We were looking not only at who had the best rates, but who's got vessels sailing in a timely fashion, who's making the ports, and who's making the commitments on time."

Looking ahead, Franklin says that a service provider like Komyo America has to consider the risks associated with its own capacity to meet its customers' requirements. Komyo actually saw growth during the recession as it took on business that switched from smaller 3PLs that had gone under as a result of the downturn. That created pressure to be able to scale capacity while at the same time holding the line on costs.

The company approached this challenge by deploying a software-as-a-service, subscription-based warehouse management system from SmartTurn, which allows Komyo to manage its more than 2 million square feet of warehouse space effectively without requiring the $100,000 minimum investment Franklin figured would be necessary to put in a traditional server-based solution. The SaaS solution also has the ability to scale quickly, Franklin says, so that when the economy kicks into gear again, Komyo will be able to scale its own operations rapidly to meet increased demand.

Final Word

So the supply chain industry continues to lumber toward a common understanding of what supply chain risk management means, and what the appropriate tools are for managing those risks. What is clear, however, is that risk is likely to continue to dominate much of the conversation around supply chain strategy for the foreseeable future, particularly in light of the lessons being gleaned from the recession.

As AMR's Noha Tohamy wrote last year, "If you're a supply chain executive, you're thinking risk—or at least you should be. ... The reasons for the topic's eminence are well understood. The strategies to make sure risk is managed in your supply chain, however, are varied and burgeoning." ¦

Loading