Three Essential Components of a World-Class Supply Chain Security Program

Security professionals are well aware that the commercial supply chain remains a desirable target for terrorists and criminals

Barry Brandman
Barry Brandman

The tractor trailer was supposed to be transporting electronic goods that were loaded from a Tijuana factory earlier that morning. However, as the truck approached the Otay Mesa checkpoint, U.S. Customs officials ordered the driver out of the cab and opened the rear doors at which point they found more than 2 tons of illegal drugs hidden inside the cargo area with product. The driver was immediately taken into custody, the importer (a global manufacturer) was suspended from the Customs-Trade Partnership Against Terrorism (C-TPAT) program, and federal agents began an investigation of everyone involved with their entire supply chain.

As serious as this event was for the victimized company, it could be worse. Instead of illegal drugs, it could be chemical, biological or nuclear weapons. What if the truck wasn’t interdicted by Customs and Border Protection (CBP), and one of these weapons of mass destruction (WMDs) was used at a shopping mall, sports arena or the center of a major city? Had this scenario become a reality, the consequences would be catastrophic.

Supply chain security breaches happen with alarming frequency and, all too often, senior management is shocked when it realizes how easily its safeguards were compromised.

While narcotics, currency and counterfeit goods are frequently smuggled into commercial shipments, the WMD scenario is causing government security agencies extreme concern—and for good cause. The U.S., for example, imports over 20 million conveyances each year and less than 5 percent undergo a physical inspection. Furthermore, intelligence reports indicate that terrorist cells are communicating with narcotics smugglers, potentially creating an extremely dangerous alliance.

Both government and private-sector security professionals are well aware that the commercial supply chain remains a highly desirable target for both terrorists and criminals. The best way to mitigate the risk of having a corporate supply chain unknowingly used to transport contraband or lethal weapons, as well as to protect inventory from theft and product tampering, is to maintain a world-class asset protection program.

How do you transform a mediocre security program into one that is exceptional? After performing hundreds of supply chain investigations domestically and internationally, I found three common denominators that are always present in the most successful programs.

1. Senior Management Support

While few experienced security professionals would disagree with the importance of C-level support, why is it that some find it difficult to procure? One underlying reason may be how well the message is being communicated. There are two strategies to consider: First, focus on how your security program can directly contribute to company profits rather than simply being another expense item on the income statement.

Reducing theft-related losses, being able to negotiate better insurance premiums, protecting your C-TPAT and other foreign government security certifications, avoiding fines and penalties, as well as lowering importation costs are all profit-enhancing benefits of a world-class security program. Additionally, having an excellent supply chain security program provides a competitive advantage when soliciting new business. The large number of American retailers that now require their suppliers to be C-TPAT certified is an example of the importance being placed on security in a post-9/11 world.

Second, while contributing to profitability is certainly compelling to a CEO or CFO, so is risk mitigation. Having inventory disappear, law enforcement finding narcotics in your container, or having a biological, chemical or nuclear weapon smuggled into the United States through your supply chain are realistic threats today.

The financial ramifications of a security breach of this type could easily reach seven figures, in addition to the potential harm to personnel and company reputation. Yet, the first time some senior executives seriously contemplate these consequences is only after being presented with this type of scenario.

If you explain how upgrading your security program can significantly mitigate these risks, in addition to the positive impact it can have on the bottom line, you dramatically increase the probability of receiving financial, logistical and moral support.

2. An Auditing Program that Effectively Exposes Your Weaknesses before They Can Be Exploited

Many companies that were victimized by theft, sabotage, product tampering or smuggling learned a costly lesson: There’s a difference between being good and being lucky. When protecting your company’s assets, relying on good luck is never a successful long-term strategy.

The reason why many companies suffer a major security breach is because they thought their safeguards were much better than they actually turned out to be. It’s easy to become complacent and assume your safeguards are adequate if your company was never victimized. Unfortunately, this false sense of security quickly disappears after a major breach—when you realize that your controls were more cosmetic than meaningful.

World-class security programs operate under the premise that vulnerabilities do exist and are going to be exploited if not exposed and remedied. Regularly conducting comprehensive audits of all segments of the supply chain is how organizations can accomplish this objective.

However, for security audits to provide a maximum return on investment, they need to be performed by individuals with the right expertise. This is when many companies make a costly mistake.

One case that illustrates this is a large Asian distribution company that experienced a break-in at one of its high-security warehouses. The building was entered after hours and the perpetrators stole over $4 million (U.S.) worth of inventory. Despite its investment in new state-of-the-art protective technology, the company’s intrusion detection system failed to stop the perpetrators from removing truckloads of expensive inventory.

When I toured this facility with its director of internal audit, he explained that, just one month prior to the theft, he personally conducted a risk assessment and found everything in proper working order. Consequently, he was puzzled as to why the security system failed.

After assessing the facility, I found the problem. All its motion detectors were installed upside down, with the infrared and microwave technology pointing toward the ceiling instead of the ground. When I pointed this out to the audit director, his reaction made it clear that neither he nor the vendor that installed the security system understood how this technology operated, or how to properly install and program it.

Despite his lack of expertise, he had responsibility for the selection and approval of the company’s security technology, as well as conducting asset protection audits at all its company sites. (He reluctantly admitted that his work experience was predominately in quality control—not supply chain security.)

This is not unusual in parts of Asia, Europe and Latin America. Some companies make the mistake of delegating security auditing to personnel with little or no actual loss prevention expertise. However, assigning auditors from other disciplines this responsibility and equipping them with generic checklists printed from the Internet usually results in little more than a superficial analysis that fails to accurately assess the quality of asset protection policies, procedures, practices and technology.

3. A Culture of Security Excellence

The sheer volume of goods crossing international borders each day via ocean, land and air; the relatively small percentage of shipments that undergo a physical inspection by government security officials; as well as the number of entities that handle imports and exports prior to them reaching their final destination all make the commercial supply chain a prime target for terrorists, criminals and dishonest workers.  

Not only could a smuggled weapon of mass destruction result in the loss of life, but there’s also little doubt that it would also cause irreparable damage to a company’s reputation and bottom line. As if smuggling wasn’t enough of a concern, cargo theft costs American companies approximately $20 billion annually, and globally, the cost now exceeds $50 billion.

Because security threats are constantly evolving, asset protection strategies and tactics cannot afford to remain stagnant. This is why the best supply chain security programs not only keep pace with these threats, but they also always stay one or two steps ahead of them.  

Complacency doesn’t exist in world-class security programs. It’s replaced with a relentless commitment for continuous improvement or what I refer to as a culture of excellence.

How can you determine if your program is focused on excellence? Answering these questions may provide some insight:

  • Is your supply chain security program predominately composed of proactive controls or is it more reactive? The most successful asset protection programs focus 75 to 90 percent of their resources on prevention rather than waiting for an incident to come to light before taking action.
  • Are your safeguards thoroughly audited and tested on a regular basis? If so, do you consistently identify weak links in your supply chain and convert them into strengths?
  • If you are a C-TPAT-certified company, did the supply chain security specialist validation team identify at least four best practices during its on-site assessments or is your company just meeting the minimum security criteria? The operative word here is minimum. A world-class program typically has four to six security best practices that are highlighted in the formal CBP validation report. Any less and your supply chain security safeguards are probably not as robust as they need to be.