This blog post is the continuation of our Identifying the Factors for Successfully Managing Supply Chain Risks - Factor 2 – Supply Chain Organization (Part 2 of 5) research post. Our recent study to better understand supply chain risks focused on the structure, implementation, and maintenance of a formal system for managing risks in the supply chain. These factors included: 1) Corporate Strategy, 2) Supply Chain Organization, 3) Process Management, 4) Performance Metrics, and 5) Information & Technology. We will now further explore Factor 3 Process Management.
Factor 3) Process Management:
This study showed that documenting the likelihood & impact of risks was not a key part of SCM and that supply chain risk information was not readily available to key-decision makers. Furthermore, very few of the firms are actually able to exploit risk to an advantage by taking calculated risks in the supply chain and even fewer were prepared to minimize the effects of disruptions. These questions were asked on 1 to 7 scale (strongly disagree to strongly agree): 1) A key part of our supply chain management is documenting the likelihood & impact of risks (mean=4.20, var.=2.86); and 2) Supply chain risk information is accurate and readily available to key-decision makers (mean=3.87, var.=2.78). There was some debate as to the validity and usefulness of tools to operationalize the process. The managers did tend to prefer approaches which combine subjective and objective measures because this allows them some freedom rather than being pushed into taking decisions solely on complicated numerical analysis. Failure Mode Effects and Analysis (FMEA) is a mainstream tool used to collect information related to risk management decisions for most companies in an engineering capacity, but not in a supply chain capacity. There were several documented procedures to complete an FMEA across industries in this study, especially in automotive. Most managers supported a modified version of the tool that could be used to help evaluate the risk of SCM decisions.
Several of the firms used financial reports and questionnaires during supplier approval to compare supply candidates to the business requirements of the buyers or project teams. When justified by a perceived level of risk, a few of the firms went one step further and had candidate comparison matrices (e.g., supplier profiling form and supply Chain PFMEA). Additionally, most had formal processes for supplier visits (e.g., Rapid Plant assessment, site verification of the supplier questionnaire, etc.). Some firms actually used life cycle management with supplier report cards and their buyers would conduct periodic supply chain reviews. In one firm, sourcing was assigned risk ownership and they used FMEA principles to evaluate risk impact. For each risk, they would assess what the financial impact would be in the event of a disruption. They then assigned a probability to each risk area and then they prioritized by multiplying the financial impact by the risk probability. Again, most firms are only using existing SCM applications for managing risk with no formal risk management system in place. In the absence of risk management applications, these firms are building risk considerations into traditional SCM applications.
Managing supply chain risks should occur at all levels of the supply chain, and the process should support integration with supplier and customer risk management activities. The process should be active in all stages of the acquisition life cycle, starting with technology development and continuing through acquisition, production, maintenance, repair, and disposal. The scope of the process should include all types of risks appropriate for the supply chain. In addition to the common causes of disruption, risk identification should consider economic, political, environmental, regulatory, manufacturing readiness, and technological obsolescence issues. All levels of management should be actively engaged in risk management, including strategic, business, program, technical, and tactical levels. The process should both leverage common tools for assessing risk, but also develop specific SCM mitigation tools and solutions.
A method for analyzing supply chain risk must be a cross-functional process that involves senior management as well as key stakeholders from finance, operations, internal audit, and risk management. However, the companies in this study have not adopted this boundary spanning process. Instead, they have managed risks within functional areas. However, it was acknowledged that the most effective forms of risk management demands involvement across multiple areas of the organization.
The process begins with an assessment of the supply chain. This can usually be done with internal resources but might require the assistance of outside consultants. In either case, it was agreed that this assessment would take the most effort. While generally lacking among firms, this study indicates the importance of having a process that will allow an organization to analyze, prioritize, and measure the economic impact of risks in the supply chain. Such a process should provide decision makers with financially justified value propositions for initiatives that are aligned with the company’s strategic goals. Though a number of different risk management processes have been put forward, most tend to follow the generic process offered in this study with the following key elements.
- SCM Risk Planning, Identification, Analysis, Handling, and Monitoring.
Understanding the risks within a supply chain requires an in-depth knowledge of business operations. To develop this understanding, the company must begin with interviews and workshops typically involving a cross-functional team of subject matter experts representing sourcing, manufacturing, and logistics. The company must collect its financial and risk performance data (e.g., average lead times, safety stock levels, other inventory levels, etc.) and benchmark it against industry and functional comparisons. This process enables the organization to develop a detailed picture of its supply chain, which in turn helps it identify potential risks more easily. A few managers took the view that effective supply chain risk management does not need to be a highly formalized and structured process. However, this study favors a more formal, structured process for managing risk.
We hope Part 3 of the research study helps highlight the Process Management Factor for Successfully Managing Supply Chain Risks. We will be exploring our Factor 4 Performance Metrics study results next month.