As supply chains grow in complexity and businesses become increasingly interdependent, firms need to be more proactive in managing the risks along the chain
The next generation
Only now, after about a decade of headlong growth in supply chains are some important issues being raised. Earlier this year, the British manufacturers’ organisation EEF identified an Achilles’ heel in the country’s supply chains – the supply of essential materials was dangerously concentrated in China, UK manufacturers’ leading supplier. According to a study by the organisation, China produces 22 of 38 elements of strategic economic value and the EEF deems that to be too many.
As a result, the organisation is appealing to the government to protect the economy – and manufacturers – from such risks. “Resource security is dynamic and complex,” explains Susanne Baker, senior policy advisor at EEF. “It requires a flexible response, working in close co-operation with industry and other stakeholders.”
The EEF’s concerns were such that it called on the British government to establish a dedicated Office of Resource Management charged with developing alternative sources of supply. Indeed, the EU has highlighted similar risks that could affect half a dozen industries, including consumer electronics, construction, agriculture and aerospace.
The rapid development in supply chains – thousands of small companies depend on them – has prompted more searching analysis than used to be the case. Not so long ago, the contracting company expected nothing more from its suppliers than the prompt delivery of a reliable product that conformed to local standards. Now, though, the relationship has become more complex.
“It’s no longer sufficient [for companies] to have their own arrangements for business continuity in place,” explains Lyndon Bird, technical director at the Business Continuity Institute. “They must ensure that their suppliers do likewise, and so on down the chain.”
A lot to learn
The first step is to know how supply chain works. Unhappily, a survey of 500 business continuity professionals from 71 countries by Zurich Insurance Group and the UK’s Chartered Institute of Purchasing and Supply found that this was far from typical in companies. Three-quarters of respondents reported they did not have “full visibility” of their supply chains – that is, they do not know how they are operated.
However, they need to know. As customers, particularly in the Western world, set more store on ethical behaviour – a trend spectacularly illustrated by the success of the Fairtrade brand – heads of supply chains must also ensure their producers down the line meet acceptable standards. As the collapse of the Rana Plaza factories in Bangladesh proved in April 2013, good corporate behaviour matters.
“Companies must maintain ethical standards throughout the supply chain,” Bird points out, which has conducted considerable research on the subject. “Most of the retail stores that bought from the factory could have sourced a new supplier, but [they suffered reputational] damage because they tolerated substandard conditions in the factories.”
Keep it simple
Effective management of the supply chain does not have to be complicated. As Rolls-Royce’s head of business continuity James Stevenson explains, the right questions have to be asked. “If a major incident affected a business tomorrow, what are the processes, machinery or even suppliers that would be hard to replace quickly?” he asks.
“The awkward ones,” he elaborates. “The unique machinery or equipment for which there perhaps isn’t a plan, let alone a plan that gets [the contracting company] back within an acceptable recovery time.”
Although household names such as Boeing and Airbus rely on the steady functioning of Rolls-Royce’s production lines, the observation is true of any manufacturer that produces goods.
True to his word, Stevenson and his staff have reduced Rolls-Royce’s business recovery plan to only two pages. More than a tool for recovery, it also influences how the manufacturing giant priorities capital investment decisions.
Disruptions to supply chains are inevitable in the future and risk managers can bet on it. Typically, they will affect staff, buildings, power supplies, information technology and the supply chain.
As Bird points out, the certainty of different kinds of disruption means companies must have strategies for dealing with when, rather than if, they arise. “What can be planned for is the effect of those threats materialising,” he says. “That is the challenge for business continuity professionals in the coming years – to find new ways of dealing with those threats.”
In short, steps must be taken to mitigate these threats. As Stevenson adds: “Spotting the problems is relatively easy, particularly for] manufacturing or supply chain businesses. The challenge for business continuity managers is to do something about [supply chain disruptions] and develop practical, simple recovery plans.”
The mounting threat of digital risk will undoubtedly affect the supply chain. Companies with lax IT and cyber security policies run the risk of suffering an attack that could harm customers and operations. Worryingly, not all suppliers will posses strong IT security. A primary supplier may have robust procedures, but tertiary or smaller suppliers further down the chain may not.
Companies will require their own specialist in the form of a dedicated manager, according to IT research and advisory group Gartner.
The unenviable job of this new breed of digital risk officer (DRO) will be to manage the interlocking dependencies between all the digitally based functions including information technology, operational technology, the so-called ‘internet of things’ and all the other elements that will drive the modern company.
The DRO will have plenty to do. Gartner estimates that within about five years, he will have to deal with regular service failures in 60% of such companies. The sobering thought is that most businesses will be, to a greater or lesser extent, digitally based. SR
Lessons from Christchurch
As New Zealand’s most damaging earthquake proves, natural catastrophes trigger multiple consequences that directly affect the management of supply chains for years. Not only did the earthquake, with a magnitude of 6.3 on the Richter scale, cause NZ$40bn (€25bn) in damages and kill 185 people when it hit the city of Christchurch in February 2011, it also triggered a full-scale, ongoing reappraisal of the stability of factories, warehouses and other buildings across the country.
Almost four years later, suppliers of multinationals such as dairy giant Fonterra are deeply involved in earthquake-proofing programmes.
Indeed, in January 2014, a quake measuring 6.2 on the Richter scale damaged a Fonterra warehouse north of the capital, Wellington.
Catastrophes aside, any event generally produces a chain reaction of measures designed to mitigate damage from a repeat performance.
According to the Business Continuity Institute’s latest survey, reflecting a series of events in these categories, the top 10 risks in 2014 were seen as:
1. Unplanned IT and telecoms outages
2. Cyber attacks
3. Data breaches
4. Adverse weather
5. Interruption to utility supply
7. Security incidents
8. Health and safety incidents
9. Acts of terrorism
10. New laws or regulations