Tom Cruise endeared himself to the movie-going public in 1983's "Risky Business," in which Rebecca de Mornay personified the extent of his peril. Well, supply chain management is a risky business, too. And the risk factors are in no way endearing. Our risks have always been present, but are today more diverse, more plentiful, more global, and more consequential than ever before. Not surprisingly, the responsibility for managing that risk has risen to the forefront of supply chain managers' concerns. We have moved far beyond the once-widespread notion that risk management is an insurance thing, a perspective that overlooks the risks for which insurance is either non-existent or inadequate as a solution.
Identify, categorize, and manage
The real first step in risk management is to determine what risks we face, both in a global economy and in localized operations. As part of the process, management should grade each potential risk event according to both probability and severity. For example, the risk of flood in a given community might be low, but a flood would have severe consequences in the unlikely event that one were to occur. Other risks, such as civil disturbance, while rare in the United States, could be highly likely in some other nations. (For a checklist of potential risks facing warehouses and DCs, see the chart at right.)
Currently, two of the fastest-growing business risks reported are those resulting from government or regulatory sanctions and from competitive threats. OSHA threats may be less of a concern than they might have been a few years ago, but Sarbanes-Oxley (SOX) has raised the stakes in cost of compliance, scope of activities covered, and consequences of violation, elevating issues from the sphere of operations into the boardroom.
Any organization operating in the supply chain management world is at risk in a competitive arena, either from the actions of others or from the failure to take the right actions internally. We can be outbid on costs, outflanked on products, outmaneuvered on location, or outdone on technology.
|Categories of Disaster||Probability*||Severity*|
• Strike at your warehouse
|Strike at supplier or major customer|
|Death or disability of key executives|
|Disruption of water supply|
|Disruption of natural gas supply|
|Mechanical breakdown – conveyors|
|Disruption of road access|
|Disruption of rail service|
|Civil disobedience or riots|
|War or insurrection|
|Sanctions by OSHA|
|Sanctions for SOX violations|
*This will vary for each warehouse
Of property-related risks, respondents to a recent survey identified supply chain disruption and mechanical/electrical breakdown as the most significant. We are betting that supply chain disruption would not have made the list five years ago. Once they have identified potential risks, managers have essentially three ways to minimize potential losses: insurance, loss prevention, and contingency planning.
Nearly everyone has insurance, usually several levels of it. But having insurance does not free us from responsibility to do everything we can to prevent and/or minimize the effects of negative events.
Most companies now give more attention to loss prevention than to risk transfer through insurance. They have caught on to the reality that it's either not possible, or not feasible, to insure against everything. Even with insurance, putting rate escalation and loss of coverage issues aside, the likelihood of insurance compensation for the full value of a loss and its associated costs is close to nil. Today's savvy manager has figured out that the avoidance of loss or disruption is far preferable—and much easier—than reliance on insurance after the fact.
We are being helped to do the right thing by leading property insurance carriers, who now require their customers to establish comprehensive loss prevention programs. They provide their own inspection services and demand the right to make unannounced examinations of operations to check up on the readiness of fire protection equipment and the capabilities of facility emergency organizations.
But having insurance isn't necessarily the same thing as being covered for risks. In supply chain operations, it is vital to recognize the significant differences in liability among logistics service providers, common carriers, and wholesale distributors.
In most nations with English common law, a provider of storage services is defined as a "bailee for hire." As such, the warehouse operator is liable only for losses caused by failure to offer that degree of care that a reasonably prudent owner would exercise. This is the same language that is on the parking ticket you receive when you put your car in a parking ramp. If the loss is due to anything other than negligence, your insurance must cover it. In contrast, a transportation provider is liable for loss of cargo for any reason, although there can be loss limitations provided in the contract.
Further, it is critical to have good contract language when goods are consigned—technically owned by a supplier but resident on the property of a customer—to define insurance responsibility.
These conventions may not apply in international operations, particularly in multinational supply chain operations. It is vital to know how local legal systems treat responsibility for the safety and security of both stored and transported goods.
Plan, prepare, and be flexible
Contingency planning is a longer range but mission-critical approach to addressing the unexpected—and the unthinkable. The process consists of asking—and thoughtfully answering—a comprehensive list of "what if " questions, such as:
Contingency planning can provide reasonable responses— and preventative measures—for an enormous range of disruptions and disasters. The scope of events transcends the minutiae of supply operations and goes to the heart of corporate survival. But the process is truly useful only if it is completely comprehensive—and soul-stirringly honest— about possibilities and solutions.
Yossi Sheffi, author of the book The Resilient Enterprise, has observed that companies that overcome disruptions survive through redundancy and/or flexibility. Redundancy tactics might include amassing excess inventory or excess capacity. Flexibility might be supported through techniques involving postponement and interchangeability.
Obstacles to risk management
Perhaps the biggest roadblock to effectively addressing risk is optimism, the same trait that dooms many a project to disappointment. A hallmark of successful business leaders, particularly in the United States, is the belief that things will go right—that the things that might go wrong won't happen.
Contemplating snags, let alone disasters, in addition to being counter-cultural, isn't much fun. It's even downright depressing. The active manager, focused on future achievement, will tend to avoid the process.
"Insufficient time" was the most-cited reason—excuse—given in the above-referenced survey for a lack of disaster planning. But good managers will find the time for the important things. And risk management is important. Even when it deals with the unlikely, it is not dealing with the trivial. Consider the risks of doing nothing. One analyst jests that the average company has a life span shorter than that of a dog. Even hundred-year business icons can have their lives abruptly cut short by a failure to manage risk.
Moving risk management to the top of the list of corporate priorities seems like a good way to extend an organization's longevity. Maybe active risk management, with frequent reassessments, is a good tool for building competitive advantage, as well.
However vulnerable the individual components of our supply chain operations might be (and however arduous the effort of preparing plans and contingencies might seem), there's good news. Mitigating risk, or recovering from a risk event, is not—speaking of Tom Cruise—a "Mission: Impossible." It only seems that way if you've not invested in analysis, planning, and corrective action for comprehensive risk management.