This article discusses how supply chain disruptions have become one of the key issues facing business continuity and risk professionals. It considers the need for organizations to establish and maintain resilient and sustainable supply chains and why this has become more complex to manage. The article draws upon research work undertaken by Lee Glendon for the Business Continuity Institute. The article concludes with six practical tips for the BCM professional to use in managing this complex subject.
Increasing Supply Chain Complexity
In the BCI’s Horizon Scan 2013, one of the key trends of concern identified by business continuity professionals was increasing supply chain length and complexity. There were three main reasons for this. The first was changing customer demands, the second was changing supply chain management practices, and the third was the way in which business innovation gives less time to adapt to both changes. These problems are not created purely by globalization but they are accentuated by it because geographic separation often leads to reduced visibility (and hence control) of key dependencies and exposures.
Increasing supply chain complexity makes it harder to maintain confidence in either the resilience or ethical nature of supply chains. Resilience is a key requirement to achieve continuity of supply and ethical sourcing is particularly important for brands whose customers place importance on this attribute in their buying decision. Extending supply chains around the world accentuates the problem of developing confidence. It is hard to be confident when you do not fully know who is in your supply chain at lower tier levels.
Perhaps, the most important driver of complexity is the customer and the desire of businesses to develop the right supply chain to meet the needs of the customer. Shorter, more responsive product lifecycles in consumer electronics and the fashion industry are leading the way in terms of developing agile supply chains that can deliver new products every few months or new clothing styles virtually every week.
Likewise meeting the price point of some lower end products sets its own supply chain structure, but it is not just about the price. For example, the supply chain required to be able to sell a branded product sets its own restrictions and creates reputation risks that need to be managed. In another example, public sector bodies may be mandated to buy from smaller businesses, which in itself creates complexity in terms of the number of suppliers and the need to train and develop them to meet the requirements of government contracts.
Tier one supplier concentration has been a widely adopted supply chain management practice to allow companies to focus on a smaller number of suppliers. While this approach simplifies the number of interfaces at tier one, it has created in practice more tiers below the immediate supplier, reducing visibility. It has also increased dependency on those prime suppliers as the ability to switch back becomes harder over time. In BCI surveys, 40% of supply chain disruption originates below the immediate supplier and few organizations work through their entire supply chain to the source. It is not now uncommon for organizations to experience disruption even at tiers five and six.
Various research studies have demonstrated that after severe weather and technology outages, the most likely cause of business disruption is when suppliers fail to meet their delivery or quality obligations. This means that it is very much a business continuity issue, although many BC professionals have difficulty in getting their organizations to see it as such. Supplier and supply chains are primarily the responsibility of procurement specialists, who defend their territory with some vigor. They often feel that they are the experts – so what could a BCM expert possibly bring to bear on this specialist problem?
If we are honest, we must accept that most BCM specialists are not really solution providers, except perhaps in the limited IT service availability arena. Yet, virtually all BCM managers claim to be responsible for response and contingency planning to deal with a pandemic, a terrorist attack, fire or flood, a political demonstration, a large-scale event like the Olympics and even cyber-attacks. I have not met many BCM managers who have any professional qualifications in medicine, terrorist surveillance, policing civil events, crowd management or cyber security. I have never met a BCM manager who is an expert on all of these topics – yet they still feel responsible for protecting their businesses against the negative consequences of these diverse challenges. Why should supply chain disruption be any different? There is a clear and increasing threat from the adoption of longer supply chains in riskier parts of the world; supply chain failure can cause one of the greatest impacts to business reputation and sometimes can prove fatal to a business.
It is easy to find global examples of supply chain failures causing serious business damage, but less easy to formulate how a BCM professional can help mitigate such problems. Where a BCM professional is strong is concentrating on consequences rather than causes. It does not matter why a specific process is interrupted; the problem is to know if it really is a critical process and, if so, how you can deal with the operational consequences of interruption. An example is the Eyjafjallajokull volcano in Iceland which erupted in 2010 and created an ash cloud that stopped the vast majority of air travel across Central and Northern Europe. The BC planner did not need to be a geologist or an aeronautical engineer to understand that this would interrupt the ability to receive raw materials and ship finished product. He or she did, however, need to have alternate means of handling the logistical challenge, bearing in mind that there were many more likely things that could have caused a similar interruption such as a major terrorist attack or coordinated labor disputes.
Supply chain professionals have long recognized the risks of relying on a single supplier of a critical component or service. Where options exist for establishing diversity of supply, dual-sourcing is common practice. However, dual-sourcing is only usually implemented at tier one, and research has shown that they might well unknowingly be reliant on single suppliers at a lower level. Using the techniques that BC planners know as Business Impact Analysis (BIA) can often be helpful. It looks at dependencies and why specific disruptions might have a much higher impact than would have been assumed.
Another area in which BC professionals are generally strong is in facilitating decisions through workshops, one to one meetings and cross functional understanding. Procurement people are good at negotiation and do not always see the implications of some of their supplier selections. Being closer to operational problems, BC planners can help identify potential problems and mitigate risks that might occur. Extended global supply chains are not static: staff change, locations change and subcontracting obscures where activities are really being performed. A lack of relationships, communication and understanding of different cultures increase opacity. Some sectors suffer from lack of communication around changes in their extended supply chain. The consequence is that suppliers change the location of production or the people providing a service without informing clients, so organizations are surprised by finding that an event, for example industrial action, in one location affects them, even though their analysis did not reveal any exposure to the event. This type of analysis is usually more in line with the thinking of Business Continuity than Procurement.
Again, outsourcing is often seen as an innovative way to access the expertise of third parties, reduce risk and allow a firm to focus its resources on its core activities. Those organizations that offer outsourcing services have in turn created their own language for service delivery models with terms such as ‘off-shore’, ‘near-shore’, ‘blended-shore’ and ‘right-shore’. In essence, these models have different risk/cost trade-offs for the client organization. Across four annual BCI supply chain disruption surveys, service failures by outsourcers have featured prominently. In 2012, 35% of reported disruptions – which had ‘some’ or ‘high’ impact – were attributed to this cause, double the level of 2011. Business Continuity professionals can provide very valuable input when such strategic decisions are being made, but unfortunately they are often only brought into the picture to sort out a plan once the contract is already in place. Joint exercises are an essential means by which outsourcers and their clients can work together, anticipate problems and exercise solutions. There are no better people in an organization to manage and facilitate such an exercise than the BC team.
Hopefully, this article has demonstrated that although business continuity people cannot expect to select suppliers, decide on outsourcing strategy or manage the procurement process, they can still provide a level of support in terms of analyzing impacts, facilitating debate and designing exercises. These all add value and reduce risk to the overall supply chain.
The main conclusion is that business continuity management can provide an important contribution to identification and mitigation of the impacts of supply chain problems but it can only be fully effective in collaboration with risk management and supply chain professionals. These groups must work together to improve visibility by focusing efforts through identifying key suppliers, working through lower-level tiers, building stronger relationships, looking beyond contracts and service level agreements, while proactively monitoring trends and streamlining control processes.
About The Authors
Lyndon Bird, FBCI, has 25 years of BCM experience and is currently the Technical Director of The Business Continuity Institute. He leads the Institute’s Intellectual Property Team, producing thought leadership papers and research studies which make up the Institutes Body of Knowledge, education syllabus and certification program. He can be reached at firstname.lastname@example.org.
Lee Glendon, CBCI, was formally Head of Research and Advocacy at The Business Continuity Institute, with particular specialization in Supply Chain Continuity and Horizon Scanning. He has recently left the Institute to concentrate his research efforts into all aspects of Supply Chain Risk Management for a leading global research organization.
Practical Tips for a BC Planner
- Use your skills as an exercise planner, facilitator and scenario designer. You are good at this, procurement usually isn’t. Where possible get key suppliers involved in your exercises and try to be invited to observe their exercises. As trust builds look to schedule full joint exercises, involving managers from both organizations. This focuses minds and reassures both sides that they have a common goal.
- Persuade your senior management to ask key suppliers to allow you to audit their plan and their test schedules. Consider this part of a regular audit program of work, rather than an occasional or ad-hoc activity. Once it becomes scheduled, it becomes official and hence serious. However, use this opportunity to build relationships, not to show off your auditing skills.
- Map your suppliers’ incident management protocols against your plan assumptions, including fully understanding the resources they might have available to deal with a crisis. Suppliers might actually be larger and better resourced than you, so take advantage of any support they might be able to offer. Collaborative working is the way forward, so try and get your company to embrace it.
- Really analyze your supplier base by operational importance, not just by amounts spent with them. Procurement should have done the due diligence on the finances so make it clear you are not duplicating that. Prioritize suppliers based upon the degree of impact supply failure would have on continuity of operations, not on how much you spend with them. If you do it as part of a BIA, procurement will never realize what you are doing until you have done it.
- Offer to train all procurement contract officers in the basics of BCM. If this fails then talk to senior management and HR about the need for these people to better understand risks. Some- times a joint training with risk managers and BC managers talking to their counterparts in procurement is a very effective learning experience for all parties.
- As better understanding of BCM emerges, make sure that every supplier has a “continuity and resilience” score assigned to them and get policy approved at senior levels to authorize extra monitoring. Focus resources on single source suppliers of key services that are consistently scoring poorly.