We have recognized the need to better manage supply chain risks for the nearly two decades now. Yet, we still seem to be deluded into thinking that the modern supply chain is resilient to the point of invulnerability. Developing risk management strategies and embedding resilience processes can enhance the organization’s ability to actively assess and manage risk. By creating a flexible framework for augmenting, retaining, or shedding vendor competencies to assure supply chain integrity, the organization can meet customer demand, expectations and generate consistent performance. Four basic assumptions form the underlying premise for this article:
Complexity: Companies today are complex and their supply chains are complex systems operating within multiple networks
Touchpoints: All a company’s touchpoints (downstream & upstream) within its networks must be considered to effectively evaluate risks, threats, hazards and vulnerabilities to determine the effects and consequences of degradation on the entire system
Responsiveness: Actions at any given level within the network may be inadequate unless the entire network responds in kind
Resource Constraints: Most supply networks supporting the company lack the resources and specialized skills to know what to do to maximize operational resilience within the network
It Is All About Survivability
If you want senior management to pay attention, give them something that challenges their focus - and understand that their focus is not on how diversified your supply chain is or that you have a risk management/business continuity plan or that your customers are loyal. Senior management is focused on one thing and that is business survivability - will we be in business tomorrow given the issues that we face today.
Structure – a Key Element
Identifying risk issues in the “Value Chain” touchpoints (internally and externally) needs to be one of the first steps in the process. Developing a custom-fitted questionnaire for all elements of the “Value Chain,” as well as for internal stakeholders, can provide a basis for moving forward. Integration criteria should be contained in the vendor’s contract, spelled out in specific terms.
Touchpoints – Internal and External
Identifying supply chain touchpoints can assure key concerns are adequately addressed. Internal touchpoints include any part of the organization that has direct and/or indirect interface with the supply chain process. Identifying external touchpoints may seem simple, but when you begin to identify vendors, you realize the components that allow the vendor to get their product or service to you are also touchpoints. Vendors also outsource. A tiered approach to identifying external touchpoints can facilitate organizing the process.
Vendor Continuity Capability Questionnaire
Developing the vendor continuity capabilities questionnaire needs to be carefully thought through. You are creating a legal document that could contain sensitive information and must be protected. With the type of information that you will collect to assess vendor continuity capabilities, your organization could be held liable, under the concepts of negligence (foreseeability), constructive notice, and/or constructive knowledge, for NOT acting to mitigate potential losses. The questionnaire that we have most often utilized consists of eight parts as highlighted below:
Vendor Continuity Capability Assessment
Data will be collected, analyzed and developed into assessment findings and recommendations regarding vendor continuity capabilities. Organizing the data into Essential Elements of Analysis (EEA) can facilitate data collection, analysis and evaluation. Examples of typical EEA are summarized below.
The overall objective of integrating risk and business continuity criteria is to facilitate the ongoing development and implementation of enhancements to supply chain efficiency. Careful consideration should be given to ease of use by procurement staff, other personnel and external parties (as appropriate). Three elements associated with enterprise assurance apply:
Procurement Planning Considerations
Procurement planning considerations will generally consist of the normal day to day functioning of the procurement process. Supply chain risk management/business continuity integration elements should consist of a tiered evaluation structure focused on four aspects:
Evaluating business continuity capabilities
Identifying actions to be taken
Early assessment and quantification of vendor, supplier, etc. capabilities are essential. In addition to the Vendor Continuity Questionnaire we have developed a set of nine Risk Analysis Worksheets. These worksheets are structured to build on the evaluation criteria in the form of Essential Elements of Analysis, Measures of Effectiveness and Measures of Performance. They are listed below.
We recommend that your company and its vendors negotiate periodic assessments of sub-tier vendors (vendor’s suppliers) to further assure business continuity capabilities.
Procurement Incident Management Considerations
Having an incident management system as a component of the procurement process can allow your company to respond, recover and restore supply chain operations with less potential for massive disruption. Incident management can range from assessing and classification of a vendor incident to implementation of response actions, such as sending your personnel to vendor facilities to assist in incident mitigation processes.
Phased Development and Integration
A phased approach to implementation and integration would generally consist of five phases:
Phase 3: Monitoring & Enforcement – deliverable: Procurement Management System Vendor Risk/Business Continuity Management Program and Continuity Plan Integration Criteria Guide maintenance criteria (Sustainability).
Phase 4: Sustainability – deliverable: periodic metrics, event response reports.
Phase 5: Maturity Model Evaluation – deliverable: metrics for maintaining the process, change management procedures.
Top Risk Areas
Below is a list of current risk areas that can have an impact on supply chain risk management and continuity.
Sovereign Debt Top question: What will happen when governments cannot pay the interest on debt with tax revenue generation?
Geo-Political Instability Top question: Will an incident start a global conflict?
Technology Top question: How safe are we from cyber-threats?
Infrastructure Top question: When and where will the next large scale disruption occur?
Social Top question: When will we learn that feeding people is not teaching them to be self-sufficient in terms of procreation control?
Economics Top question: What will happen when interest rates start to rise?
Environment Top question: What is the combination of environmental issues that will create the next great unseen crisis?
Sources of Energy Supply Top question: When is the next resource availability shock going to occur?
Global Workforce Top question: When will we realign the workforce and match needed skills to educational attainment?
Renewables Top question: Will renewable energy ever evolve past an interesting sideshow?
Piracy Top question: At what point does the economic impact of pirated goods begin to undermine the stability of the global economy?
Markets Top question: When will the markets experience a significant imbalance sufficient to drive investors to the sidelines?
Competition Top question: Where will the next competitive shock come from?
It is critical for senior management and the board of directors to:
Geary Sikich is a seasoned risk management professional who advises private and public sector executives to develop risk buffering strategies to protect their asset base. With a M.Ed. in Counseling and Guidance, Geary's focus is human capital: what people think, who they are, what they need and how they communicate. With over 25 years in management consulting as a trusted advisor, crisis manager, senior executive and educator, Geary brings unprecedented value to clients worldwide.
Geary is well-versed in contingency planning, risk management, human resource development, “war gaming,” as well as competitive intelligence, issues analysis, global strategy and identification of transparent vulnerabilities. Geary began his career as an officer in the U.S. Army after completing his BS in Criminology. As a thought leader, Geary leverages his skills in client attraction and the tools of LinkedIn, social media and publishing to help executives in decision analysis, strategy development and risk buffering. A well-known author, his books and articles are readily available on Amazon, Barnes & Noble and the Internet.
Contact Information: E-mail: G.Sikich@att.net or firstname.lastname@example.org. Telephone: 1- 219-922-7718.