Supply Chain Risk Management in six steps

Supply management is not just about acquiring goods and services at the best possible price. It’s also about identifying possible disruptions to the supply chain and taking steps to mitigate them. So said James Kiser and George Cantrell in their 2006 article Six Steps to Managing Risk, where they discussed six steps that a company can take to build a plan for dealing with potential supply disruptions. While the article may be lacking in academic depth, it makes up for it in its hands-on managerial approach.

The starting point

According to Kiser and Cantrell, a good risk management strategy has several key components.

It must identify risks for the entire life cycle of every product or service the company provides. It must be able to predict the financial impact that a supply disruption can cause. It must offer strategies that can mitigate the effects of any disruption of supplies.  It must delve deeper into the supply chain than the first tier.

The key strategy is the holistic perspective and the focus on the actual impacts.



What are supply chain risks?

Modeled along the lines of Martin Christopher’s book chapter on Managing Risk in the Supply Chain, Kiser and Kitrell define  risks outside and inside the supply chain:

External risks can be driven by events either upstream or downstream in the supply chain:

  • Demand risks related to unpredictable or misunderstood customer or end-customer demand.
  • Supply risks related to any disturbances to the flow of product within your supply chain.
  • Environment risks that originate from shocks outside the supply chain.
  • Business risks related to factors such as suppliers’ financial or management stability.
  • Physical risks related to the condition of a supplier’s physical facilities.

Internal risks are driven by events within company control:

  • Manufacturing risks caused by disruptions of internal operations or processes.
  • Business risks caused by changes in key personnel, management, reporting structures, or business processes.
  • Planning and control risks caused by inadequate assessment and planning, and ineffective management.
  • Mitigation and contingency risks caused by not putting in place contingencies.

No suprises here, except for the last internal risk, which seems somewhat redundant, given the already mentioned planning and control risks. The same risk can also be found in the SCOR Risk Management Framework.

The six steps

Again, very similar to Martin Christopher, understanding and managing supply chain risks involves these steps:

  • Profiling the supplier base
  • Assessing the supply chain vulnerability
  • Evaluating implications
  • Identifying mitigation and contingency actions
  • Analyzing costs and benefits
  • Implementing actions and measures

In describing each step, the level of detail Kiser and Cantrell provide is anything from several long paragraphs to just a few short lines.

Step 1: Supplier base

This is an important task, particularly identifying what is essential for the company to be in control of, and what does not matter so much:

  • Identify each raw material
  • Identify strategic materials
  • Understand the strategic suppliers’ organization

Step 2: Vulnerability

For each of the risks listed, the company must identify what scenarios that are likely to happen, why they happen, and how the company is able or unable to cope with them.

Step 3 : Implications

This is one of the sections where the article falls short of mentioning anything substantially useful besides promoting the Monte Carlo simulation technique.

Step 4: Mitigation

This is where the company needs to set goals and targets and how to achieve them, e.g.:

Within 24 hours of a supply disruption of material X, purchase orders will be placed with the alternate supply source to assure there will be no disruption in the supply of X.

This is in fact very similar to business continuity planning and evaluating how soon the the company can get back to ‘business as usual’.

Step 5: Costs and benefits

Any cost in mitigation actions and measures brings with it the benefit of risk reductions and possible cost savings in case of a disruption. But how much, and is it really worth it?

The figure above, taken from one of my previous articles on this blog, is a good illustration of the relationship of cost-benefit and vulnerability versus reliability: The disruptions costs, and thus vulnerability, increase from right to left (solid line), the cost of countermeasures to overcome potential disruptions, and hence the assumed reliability, increase from left to right (dotted line). At point A, with no measures in place, the cost of disruptions is high, at point B, with (expensive) measures in place, the cost is low, but the benefit/cost ratio is negative. At point C the benefit/cost ratio is positive, but there is still room for improvement. Optimum is reached at point D. An example of how to actually calculate the costs and benefits can be found here: How to calculate the Value at Risk

Step 6: Measures and actions

The most important part of implementing supply chain risk management is the clarification of roles and responsibilities, including involving or partnering with the suppliers to in securing the supply chain, but not only that.

For risk management to be effective, it must be fully integrated into the company’s business processes. The process of identifying risks, analyzing them, and planning mitigation strategies must be documented and reported throughout the organization. To effectively evaluate risk strategy, management must balance the cost of mitigation with available resources and optimum cost management objectives. The risk management strategy should apply to everyone at all levels in the organization and focus on achieving the company’s business objectives.

Conclusion

The final paragraph is what strikes me most here, clearly acknowledging that supply chain risk management is more than just supply chain, it is the business itself. As with Ericsson versus Nokia in the classic case of how not to deal with supply chain disruptions,

A well-handled supply disruption
can turn into business continuity, while
an ill-handled supply disruption
can turn into business dis-continuity.

While the article may be lacking in academic depth, it makes up for it in its hands-on managerial approach. Some parts are (deliberately ?) cursory treated, while other parts are given with much detail. Nonetheless, it is an article that fully supplements the research literature on suply chain risk and risk management, e.g. Martin Christopher’s book chapter on Managing Risk in the Supply Chain.




Reference

Kiser, J., & Cantrell, G. (2006). Six Steps to Managing Risk. Supply Chain Management Review, 10(3), 12-17.

Author links

James Kiser and George Cantrell are working with ADR International,  a global consultancy specialising in procurement.

Related links

Related posts on this blog

Posted in ARTICLES and PAPERS
Tags: , , , , ,

ARTICLES and PAPERS
A new and better way of classifying and managing risks?
Risk. The probability of an event occurring and the consequences of the event occurring. That is how[...]
State of the art in SCRM?
A severe supply chain disruption has hit my own blog: More than a month without a post. It's not tha[...]
BOOKS and BOOK CHAPTERS
Book review: The Network Reliability of Transport
I guess you would have to have attended the conference yourself or be a researcher in this very fiel[...]
Book Review: Strategies and Tactics in Supply Chain Event Management
Operations Management and Logistics have been around for a while, but Supply Chain Management is a r[...]
REPORTS and WHITEPAPERS
Global Risk Reports
While waiting for the World Economic Forum Global Risk Report for 2009, the continuation of the Glob[...]
Risk management - Vocabulary
What is risk management in supply chains? The more I study supply chain risk management, the more co[...]