A few weeks ago, my colleague Adrian Gonzalez wrote a posting titled “Supply Chain Risk Management Gains Importance.”  In it, he cites a Financial Times article that discusses how interest in enterprise risk management has increased over the past two years.  I’m not sure I agree with that finding, at least when it comes to supply chain executives.  Risk management may be more important today for executives in finance, legal affairs, or regulatory compliance, but for most supply chain managers, risk management is something they know they should care more about, yet their attention is consumed with other day-to-day activities.

ARC conducted a survey last summer where we asked executives to select their top areas for IT investment within supply chain management.  Only 8 percent of the 114 respondents ranked supply chain risk management in the top three, and nobody ranked it as their top priority (the top two initiatives were improving supply chain performance, in terms of reducing lead times and improving service levels, and reducing supply chain costs). 

Some companies with lean supply chains have discovered (to their chagrin) that focusing too greatly on cost reduction also increases risks significantly.  Increasing supply chain agility and reducing costs are not always opposing goals, except when inventory must be used as a buffer to reduce risk.       

A little over a decade ago, Peter Bernstein wrote a bestseller called “Against the Gods: The Remarkable Story of Risk” where he highlights evidence that shows “the repeated patterns of irrationality, inconsistency, and incompetence in the ways human beings arrive at decisions and choices when faced with uncertainty.”

When a major hurricane hits the Gulf Coast, when transportation costs surge, when the West Coast ports go on strike, supply chain managers need to know how to respond.  What is often lacking, however, is a systemic approach that identifies the vast number of supply chain events that can put a company’s financial performance (or even survival) at risk, and also systematically assesses which risks deserve the most attention and defines how to monitor and control these high priority risks.

Supply chain risks fall into four general categories: supply chain infrastructure, supply disruptions, the inability to predict demand, and product risks.  Different industries should focus on these risks in different ways.

By supply chain infrastructure, I mean facilities and assets that are owned and controlled by your company.  For example, for a chemical manufacturer or oil refiner, the risk of a production facility explosion should take precedence.  This type of event can jeopardize a company’s existence, so companies in these industries should have comprehensive safety programs to prevent these catastrophic events from happening.  They should also look at their key physical assets and ask questions like: Are our facilities exposed to natural risks, such as tornadoes, hurricanes, or floods?  What if our IT system crashes or we lose power for extended periods of time?  How can our supply chain operations continue?  Thus, business continuity planning is also an important consideration.   

Supply disruptions can occur for a variety of reasons-e.g., labor strikes, loss of manufacturing capacity due to a catastrophic incident at a supplier’s facility, quality issues, or suppliers may decide not to conduct business with your company any more.  Companies in the electronics industry often find that certain key components are produced by very few suppliers.  If an earthquake in China, for example, shuts down one of these key suppliers, a large source of revenues could be endangered.  Potential strategies to mitigate these supply-side risks include dual sourcing, paying suppliers more to receive a larger allocation if shortages occur, and setting up redundant production lines.  Companies can use network design tools to understand the tradeoffs between cost and agility.  Some companies have also developed “supply chain resiliency” metrics such as “time to recover” as a way to manage supply risks.

Manufacturers of fast moving consumer goods often face demand-side risks.  For example, a competitor’s promotions and pricing decisions can greatly impact the demand for your key products.  A sales and operations planning (S&OP) process with triggers that set off ad hoc contingency planning is one way to address this risk.  Manufacturers that sell components and subsystems to a very small group of powerful customers also face serious demand-side risks.  This is one reason why suppliers to the big auto companies have been devastated.

The pharmaceutical industry faces product risks in the form of patent infringement, which is also a risk for companies that offshore manufacturing or product development. 

Because of all the different types of supply chains and risks, supply chain risk management is still more art than science.  Companies should recognize that different supply chain risks require different strategies (risk avoidance, risk transfer, hedging, or assumption), monitoring and assessment tools, and different planning horizon frequencies.

What do supply chain risk management programs and Brussels sprouts have in common?  The immediate discomfort of partaking in either is offset by the benefits they might provide in the future.