Author: Benjamin Longworth
While developing a travel risk management program is critical, organizations should also consider alternative global and domestic risks that can affect their people, assets, profits, and reputation. When organizations evaluate their supply chain risk, many tend to focus internally rather than on global threats with severe and long-term disruption implications. While some organizations may have a fairly simple supply chain structure involving one source and one mode of transport (such as only using trucks), in today’s global economy, the tendency is to have an intermodal supply chain that uses some combination of ships, trucks, plane, and rail. Supply chains should be assessed holistically; this includes the security of third party vendors, geo-political issues, natural disasters, protests and civil unrest, and rising cyber threats. Cargo theft is generally the primary threat to supply chains, and understandably receives the most attention. However, below are some examples of other risk considerations to keep in mind.
On June 27th, the Petya Virus cyberattack that, among many targets, damaged A.P. Moller-Maersk shipping should serve as a wakeup call to not only the maritime industry, but to the manufacturing industry worldwide. Maersk is the largest container shipping company in the world; on average, it moves one in every seven containers. The Petya Virus forced Maersk to temporarily stop taking orders for shipments and halt the loading and unloading of cargo in many key ports in Europe, the United States, and India. Although Maersk was mostly functional within a week, the incident will likely have a lagging effect on the global supply chain for some time.
Your organization may feel adequately comfortable with its level of cyber-security protection. However, conducting due diligence on the security of cyber networks outside of your direct control, but that are integrated into your supply chain, should become a priority.
Hanjin Shipping Company filed for bankruptcy in the fall of 2016. The sudden bankruptcy announcement forced Hanjin ships to remain idle at sea, carrying roughly half a million cargo containers because of questions over payment to unload the vessels. Samsung Electronics Co. had roughly $38 million in cargo stuck on the Hanjin vessels, unable to unload their products.
This demonstrates the need to conduct due diligence on any third-party stakeholder involved in your supply chain, bearing in mind that financial stability and physical vulnerabilities are crucial.
Developing multiple vetted sources in your supply chain is key, and considerations should also be made for locational sourcing. The 2011 floods in Thailand had a particularly devastating impact on the automobile and technology industries because many suppliers of similar products were clustered in the affected region.
A thorough risk management plan would entail the ability to quickly and seamlessly adapt alternative supply chain sourcing lanes to counter threats. Adequate risk forecasting for natural disasters could provide crucial time to pre-stage inventory or overstock items that will surely draw an exaggerated demand with an impending storm, such as overstocking on bottled water at supermarkets prior to a hurricane.
While terrorism or geo-political events are less likely to affect your supply chain than traditional everyday threats such as cargo theft, they can result in high-impact ramifications. Transportation-related strikes can sometimes be known ahead of time, but terrorist attacks are unpredictable by nature. Shortly after the September 11th attacks, the U.S. Customs and Border Protection Agency launched the Customs-Trade Partnership Against Terrorism (C-TPAT), a voluntary partnership between the government and the private sector to bolster port/transportation security. The government incentivizes organizations to become C-TPAT compliant and to strengthen their supply-chain security program by offering expedited border crossing privileges and container entry. The C-TPAT program resembles the Transportation Security Administration’s Pre-check model for frequent airline passengers, but for cargo entering the country.
A resilient approach to terror threats that could affect your supply chain is to evaluate the security and preparedness of the chain. A recommended policy for organizations to adapt: provide preference to utilizing C-TPAT certified vendors, thus meeting a base level requirement of security standards.
Supply Chain Design Vulnerabilities
Organizations that use a common lean manufacturing model of Just in Time (JIT) are particularly vulnerable to a substantial cyber-attack or disruption by global threats. JIT is the process of eliminating waste in an organization by minimizing inventory and storage. The key premise of JIT is that every component in the manufacturing process arrives just in time to be used, or that every product arrives just in time to be sold or distributed. While the benefit of reducing waste and eliminating inventory surplus is excellent for a company’s bottom line, the organization could be drastically affected should a significant disruption occur in the supply chain. The JIT method is used by major manufacturers in the automotive and electronics industries, and even by major fast food franchises.
While significant demand forecasting is needed to effectively operate a JIT model, companies should equally emphasize global risk forecasting to predict disruptions and conduct extensive planning to counter these wide-ranging threats.
What would a holistic approach to supply chain risk management look like?
A holistic approach would entail a thorough vetting of your organization’s entire supply chain for physical security, susceptibility to natural disasters, and exposure to indirect risks such as strikes. Weighing the likelihood versus impact of threats is crucial for developing adequate crisis management and resilience planning. Just because the likelihood of a risk is rare, this does not mean an organization can afford to ignore the threat. However, realistically, organizations are always going to be restricted by budget constraints and strategic priorities. It can often be hard to justify building out resiliency if there is no immediate return on the investment. This concept of security and risk management acting as a bottom line cost is similar to the way cyber security was viewed a decade ago, but likewise, it is a necessity and has the potential to save an organization a significant amount of time and money in the long term. The consequences of reputational risk to the organization, a less tangible and quantifiable metric, should also be considered if adequate protection is not in place.
The overall development of a supply chain risk management plan should be based around actionable intelligence and insight from risk forecasting experts. Optimally, risk forecasting should be brought into the process prior to the selection of specific third-party vendors, carriers, and material sourcing. However, due diligence is a constant process of review and reconsideration that should routinely incorporate discussions of risk.