How Resilient is Your Company’s Supply Chain Risk Management Strategy?
Different businesses achieve varying levels of maturity in their practice of supply chain resiliency management. At one end of the spectrum, well-defined resiliency considerations are explicitly incorporated into processes and tools–indicating a high level of maturity.
At the other end, the risk is weighed implicitly as different people across the company apply their personal risk tolerances. Most companies fall somewhere in the middle of these two extremes. The first objective is to understand where the organization falls along this spectrum. So, you may ask: how resilient is my company’s supply chain risk management strategy, and where do I start? Building a supply chain risk management program can be accomplished via a resiliency assessment effort.
Resiliency Blind Spots
A resiliency assessment exercise begins with determining what type of risk-related data is maintained and periodically tracked throughout the organization. This helps to distinguish the known versus the unknowns and identify resiliency “blind spots” from an information and intelligence perspective. Some companies track the financial resiliency of suppliers who are public companies since this data is available through Moody’s, D&B, or other sources. Some operational teams run metrics to determine the on-time delivery performance of their suppliers and others supplement this with intelligence about suppliers’ flexibility, the strength of their contracts, quality performance of their components, etc. Mapping what is known helps to pinpoints areas where information needs to be collected.
- Spend Based: Most companies use the 80-20 rule for supplier management – they actively manage the 20% of suppliers who have 80% of the overall spend. While efficient from a spend management standpoint, this practice leaves resiliency gaps. For a product to be shipped, every single part has to be available. Some years back, a German automaker had a disruption at their cup holder supplier. This rendered expensive US-bound luxury cars un-shippable… Thus, from a resiliency standpoint, each part is needed. This is not to advocate establishing deep supplier relationships with all the partners as this is commercially unfeasible. Many blind spots can be eliminated by tracking key pieces of information collected from all suppliers.
- Location-Based: Most companies lack supply chain visibility into their suppliers’ manufacturing footprint. With more suppliers manufacturing components in lower-cost countries, it is important to understand the locational risks that are inherent in different geographies, be it local or macro level. With a greater prevalence of outsourced manufacturing, a sub-contractor dependency can develop. In the high tech industry, Taiwan-based TSMC or UMC are examples of this. Many fabless semiconductor companies use these highly sophisticated wafer fab companies and create an indirect and sometimes unknown dependency. In some cases, dual sourced parts can be traced back as originating from the same sub-contractor. Lack of information creates difficulties in applying an appropriate mitigation strategy to attain desired thresholds. For example, an automaker might decide to hold high levels of inventories for inexpensive components using lead times as a gauge. However, lead times can be artificially low. In the absence of visibility to where they originate, the right inventory level can only be guessed. Likewise, if an alternate source uses the same sub-contractor to make the part, then second sourcing is not necessarily the right strategy to cover location-based risks. An initial resiliency assessment should expose these unknowns for the company to decide whether to fix the blind spot.
- Impact Analytics: Other information is more intrinsic – since supply chain organizations are primarily cost centric, most of the prevalent analytics is related to spend. Robust revenue impact analytics which can pinpoint critical components, nodes, or suppliers is not always available. However, this type of analysis can really help identify top business priorities where mitigation efforts should be focused.
Focused Risk Mitigation for Maximum Impact
Combining intrinsic impact analyses with supplier resiliency intelligence can highlight the biggest vulnerabilities and highest risks. Armed with this type of intelligence then, a risk manager can clearly articulate where the bulk of efforts should be focused in the short run and how to effectively spend risk mitigation dollars. They can also decide on the mitigation strategies that will address most of the biggest risks.
A robust resiliency assessment effort identifies blind spots, generates revenue impact analytics, and helps identify critical areas. It really helps to set a foundation for supply chain resilience where the right set of information is defined that can drive resilient decisions. It paves the way to define risk tolerance levels and choose appropriate mitigation strategies that will address the right set of risks. Most of all, it helps companies to focus efforts and money for maximum impact.
Bindiya Vakil is CEO and founder of Resilinc and is a recognized thought leader in the area of supply chain risk management. She has been a practitioner in high-tech supply chain management with companies including Flextronics, Cisco, and Broadcom. Ms. Vakil has a master’s degree in supply chain management from MIT and an MBA in Finance. She is a published author and frequent speaker at top supply chain conferences and universities on the topic of supply chain resiliency. Ms. Vakil’s concept of “Design for Resiliency” is being widely adopted as a best practice in the industry.