In this article, part of a 4-article series, we discuss the fourth pillar of action to building a resilient supply chain: risk management.
Make sure to read the entire series, subscribe to our newsletter.
Emanating from the supply chain visibility that technology can provide (read previous article), it is now possible to start mapping our supply chain. First, identifying our main suppliers, their primary and secondary suppliers, our logistics partners and carriers, and our customers. Second, identifying our products and their importance to our business will lead to identifying the critical components in our supply chain and their suppliers. Once we overlap these two maps, we can see where our most critical components are come from and how many suppliers we have for the same component. Another important element to review is our customers and their sales so that we can identify markets or categories where the same customer holds a large portion of the volume. Risks are not only at the supplier level, they could also manifest at the carrier levels and at customer level, so reviewing the entire supply chain will raise the potential points of vulnerability.
Once the vulnerabilities are raised, we can start identifying the kinds of risks that we could face. It could be elements outside of our control (such as shifts in customer demand, geopolitical issues, natural disasters and pandemics), deliberate threats (theft, sabotage, cyberattacks), governmental (tariffs, regulations), and resource limits (capacity of production). Once we have a better understanding of the potential risks and their geographical locations, we can start creating mitigation plans. One such example named since the beginning of the pandemic is to make sure to increase diversity of suppliers. It will potentially reduce economies of scale but having two suppliers from two different parts of the world, can help reduce the risk of stopping supplies because of any type of vulnerability. Of course, this is not always possible, and other solutions must be developed to compensate.
The exercises mentioned above are as good as the effort we put in creating them and maintaining them. They require constant revision and upkeep. They also need to be challenged with different scenarios, with what-if analysis. It’s impossible to think of everything so using the tools and techniques that are available to make us think outside the box will help in covering more options. Tools such as the FMEA, vulnerability map, SWOT, PESTEL, 5 forces, probability/impact matrix, and others will all provide ways of thinking about risks and potential mitigation plans to identify and face them. Don’t limit the reflection to known situations, think well outside the box, it’s the only way to gather as many ideas as possible so that we are better prepared for any eventuality. For example, a few years ago to improve their resilience, the Quebec public safety offices organized an exercise of a zombie attack!
“Supply chains are these dynamic, complex systems [that] are vulnerable to numerous risks. Because of their interconnectedness, even small, localized events can escalate rapidly and cause significant disruptions”. (WEF, 2013)
Finally, we also need to establish the response to a crisis. Even though we can’t predict with certainty what will happen, we can make plans and high-level processes establishing how, when and by whom the disruption will be handled. Creating a task force to handle these situations is a step towards a rapid reaction time. This team is then separate in three specific groups:
These three teams know their responsibilities and where they cross paths because they practiced, they rehearsed, and they learned together. Much like we all do in our organizations when, at -20C, we perform fire drills to make sure that no one is left behind.
No one has a crystal ball that accurately predicts 100% of events, the best we can do is look at the data we have and make the right decisions for that moment. And accept that sometimes the decisions we make will have been the wrong one, even if they were made with the best intentions and following our organizational culture and strategy.
To receive all the articles, please register for our newsletter
Photo credit: Pete Linforth from Pixabay
(2020) Supply Chain Transparency Creates Resilient Operations. Ryder
Aylor, B. et al. (2020) Designing Resilience into Global Supply Chains. BCG.
Fiksel, J. et al. (2015) From Risk to Resilience: Learning to Deal with Disruption. MIT Sloan Management Review. Winter 2015, vol. 56, no.2.
Gandhi, S. and S. Mehltretter (2020) Toward a more resilient supply chain. CSCMP’s Supply Chain Quarterly.
Gartner for Supply Chain (2020) Weathering the Storm: Supply Chain Resilience in an Age of Disruption. May 2020.
Heath, B. and A. Christidis (2020) Invest in People to Best Manage Through Disruption. MIT Sloan Management Review.
(Kaplan. R. et al. (2020) The Risks You Can’t Foresee. HBR November-December 2020
Kirkman, B. et al. (2019) The 4 Things Resilient Teams Do. HBR.org
Linton, T. and B. Vakil (2020) Coronavirus is Proving We Need More Resilient Supply Chains. HBR.org
Lund, S. et al. (2020) Risk, resilience, and rebalancing in global value chains. McKinsey Global Institute
Raman, K. and D. Ryntjes (2020) The Route to a More Resilient Supply Chain. Gartner Business Quarterly
Schrage, M. (2020) Data, Not Digitalization, Transforms The Post-Pandemic Supply Chain. MIT Sloan Management Review
Shaikh, S. and J. Baker (2020) Building Supply Chain Resilience Through a Boundaryless S&OP and S&OE Process. BlueYonder
Sheffi, Y. and James B. Rice Jr. (2005) A Supply Chain View of the Resilient Enterprise. MIT Sloan Management Review, Fall 2005, vol. 47, no.1.
Unruh, G. (2016) Strategies for Business Resilience. MIT Sloan Management Review
Unruh, G. (2016) The Surprising Secret of Business Resilience. MIT Sloan Management Review
Urciuoli, L. Automating Supply Chain Resilience Should Be High on Your Digital Agenda, MIT Sloan Management Review, Jan 2017.
World Economic Forum (WEF), 2013, Industry Agenda: Building Resilience in Supply Chains. An initiative of the Risk Response Network in collaboration with Accenture.