Supply Chain Risk is Everyone’s Business
Supply disruption risk has risen as one of the top challenges for supply chain managers. Recent disruptions such as the Texas Polar Vortex that impacted resin markets, the North Carolina tornado which impacted pharmaceutical supply chains, and other events have raised increased concerns about the impact of such disruptions on supply networks. This has resulted in increased activity for firms that monitor supply chain riskssuch as Resilinc, Risk Metrics, and Everstream Analytics. These platforms assess all the risks inherent in a firm’s supply chain, by mapping out the tier 1 suppliers, identifying events that could impact these suppliers, and alerting the firm when these events occur. This allows organizations to quickly react to problems as they occur and identify alternative sources of supply.
One of the problems with this approach, however, is that it is too reactive, not proactive. This problem is also related to the fact that too often, supply chain risk remains a procurement problem, when in fact it is a business problem! Proactive risk management involves identifying the hidden risks in the supply chain, and establishing a business continuity plan that can be put into place prior to a disaster occurring. This requires identifying the vulnerable nodes in the supply chain, and putting a plan into place. Such a plan must be developed in conjunction with category managers and other key stakeholders.
An automotive organization described how its supply risk Center of Excellence has expanded significantly, due to the recent challenges associated with supplying its production line in the last two years.
“A year and a half ago, we had about 10 to 20 people in our COE, but when the semiconductor problem hit, we realized we needed a large group to support the organization. Over four to five months we came up with a structure to create three key areas. The COE would have a direct line report to the CPO, but also dotted line to key category teams, including interior, exterior, engine, chassis, and body. Each team had a team of managers co-located at our headquarters, who worked with the category buyers to map out supply chain risk. We had a total of about 60 people in the end. First, we had about 30 folks reporting to five managers. Five were integrated directly with the category teams, two were working on broader strategic trends. We then had two groups, one who worked with IT to develop software and one that began to map out the entire end-to-end supply chain, about 15 in each group. This team was focused on how we take our supply chain mapping information and house it in a way to identify hidden risks that alert our category buyers on risks.“
In a recent paper, my former PhD student, Srinivasan Balan and I, established a model to support decision-making. In this paper, we propose a two-phase approach that seeks to create insights into disruptions, allowing managers to mitigate supply chain risks using an integrated risk-mitigation tool. In the first phase, the problem is formulated as a Markov Decision Process (MDP) that maximizes the expected long-run revenue induced by supply chain risks, given the current state of the risk score. We map four decision states to four specific managerial actions: “do nothing,” “track the supplier,” “monitor the supplier,” and “change the supplier.” If the optimal policy is “do nothing”, then the supply chain risk scores are continued to be monitored. In the case of “track the supplier”, the firm will track the supplier’s performance internally, however, in the case of “monitor the supplier”, the firm will hire an external contractor to monitor the external supply chain risks in the supplier’s country and macroeconomic factors. Lastly, if the optimal policy from phase 1 is to ’change the supplier,’ the best-performing supplier is identified using an integrated programming model that can help allocate supply contracts to the least risky supplier.
This tool was developed in conjunction with a major building technologies procurement organization. Their Chief Procurement Officer had this to say about the tool.
“The supplier risk tool provides us with a method for assessing multi-faceted risks. We already knew the problems with the bigger players, but for suppliers with smaller volumes, we didn’t know what their risks were. Today we have a quarterly meeting with these suppliers and use the tool output to drive the discussion and see what is going on with their business. This has increased pressure on procurement and the business to make decisions to reduce risk in the supply base. For instance, should the business spend the money needed to create an alternative source? Once we put a spotlight on the problem and the potential impact on revenue and profit, they are now held accountable for such risks, as they have been informed. If the business refuses to acknowledge the problem, they are held accountable if supply disruptions occur.
The supplier risk tool is fully functional, and in my opinion it is the only effective supplier risk tool I’ve seen. It allows us to convert all the risks – weather, geopolitical issues, supplier problems – and generates a revenue impact by assessing the impact through the BOM STRUCTURE. Senior executives can now absorb what the impact of supply risk is on the business. We can tell that what it means when a supplier moves into the red zone, and they now have a way to measure and assess how they will react to the information. Actionable data affects behavior – and this tool allows us to close the loop on this.”
The other problem is that too many organizations just focus on their first tier suppliers. This is not enough. In fact, many disruptions occur within the tier 2 supply base (or even tier 3 and 4), and ultimately work their way up to the buying organization. Thus, it is important to map your supply chain to understand who these suppliers are.
There has been a slew of companies that claim they can use artificial intelligence (AI) to map out supply chains, yet none of these models have been validated and confirmed. Companies that were successful in mapping out supply chains tended to rely on a combination of established supplier risk management platforms, as well as increasing reliance on manual mapping activities, which in turn relies on building solid relationships with your tier-one suppliers. One executive interviewed for this research said:
We don’t rely on AI, instead we send out surveys twice a year, and tell our tier ones that we need to understand who your suppliers are! Over time, we have started to collect this data, and in some cases, are physically calling up the tier ones and asking them for this information. Many suppliers want to know why, and are suspicious that we are going after cost savings or want to disintermediate them. We have had to spend time convincing the tier ones to get on board, and let them know this is about understanding risk, ESG data, and traceability to identify vulnerabilities. We’ve found that we can get the tier-one and-two data – but when you get to tier three or below, it is almost impossible. This has been a very relationship-based, intensive project. Suppliers may be all over the country or in another country, and creating a relationship between all of these sites that rolls up to one of our products sites … is a real challenge. But this is the only way we’ve found that works.
Our research supports the idea that ownership of supply chain risk belongs to all key stakeholders in the business: engineering, finance, operations, marketing, and of course procurement. By identifying the primary sources of supply risk ahead of time, including tier 2 suppliers, organizations can be more prepared with a firm plan of action when disaster strikes nodes in their supply chains.