Executive Briefings

Managing the High-Risk Business of High-Tech

You would think that proper risk management would be top of mind for high-tech supply chain executives. So why do they keep getting it wrong?

Managing the High-Risk Business of High-Tech

Costly disruptions happen all the time, whether natural disasters, labor issues, equipment shortages, unanticipated demand, or clogged pipelines. Yet many manufacturers continue to get caught out.

Part of the problem can be chalked up to shortsighted management. (Driven, to be sure, by shortsighted investors.) How do you quantify a cost that hasn’t happened yet? How do you convince the C-suite to spend money up front to prepare for an undefined crisis?

When building the case for risk management, “a lot of companies struggle with justification,” said Bindiya Vakil, chief executive officer of Resilinc, a provider of software and services for shoring up supply chains. She chaired a panel on the topic at the Hi-Tech & Electronics Supply Chain Summit, presented earlier this fall in San Francisco by eyefortransport.

The effort has to be framed in terms of return on investment, said Vakil. It’s up to supply-chain managers to communicate the long-term benefits of good risk management – which, after all, is just another form of insurance.

Sometimes it takes a disaster to wake companies up. Lee Wolfe, who leads the Supply Chain Transformation Group at NetApp, Inc., cited the floods that struck Thailand in 2011. Virtually all hard-drive manufacturers in the country were located in the same valley, which became flooded when a dam burst. “That disruption almost killed the storage industry,” Wolfe said.

The event caused NetApp, among others, to begin crafting a risk-management program for its entire supply chain. Today, having such protection “seems to be common table stakes,” said Wolfe. “It’s not a differentiator – it’s a given.”

Not all high-tech companies are laggards. Cisco Systems, Inc. prides itself on its resiliency planning. The company was one of the first to create a “war room” that would leap into action at the first sign of a major disruption. “We’ve always ingrained the mentality of risk management,” said Nghi Luu, senior manager of that discipline at Cisco. “There’s a lot of revenue at stake.”

Risk management at biotechnology giant Amgen, Inc. was initiated via a handwritten letter from the company’s chief executive officer, according to director of supply chain Rod MacLea. “It was definitely a top-down push,” he said. Amgen had put aside some safety stock to deal with supply disruptions, “but we had no idea what was coming in on the front end.”

The push for strong risk management needs to be a top-down effort, said Vakil. “You need an executive champion who understands this problem. Not just anybody in the company can start.”

There’s always the possibility that companies can go too far in socking away buffer inventory, which can become obsolete in an alarmingly short time. Wolfe said the focus should be on calculating time to recover. NetApp determined that metric through intensive conversations with every supplier and factory.

Prior to attaining the necessary visibility of its supply chain, Amgen had bought an entire year’s worth of stock for its most critical products. Now it’s able to make more intelligent decisions, said MacLea.

Luu said Cisco’s audit systems have evolved to the point where the company can quickly pinpoint the suppliers, part numbers and revenue impact within a 30-mile radius of any incident. Then it prioritizes the top 25 parts or factories to be addressed.

Perhaps the toughest part of any risk-management program is deciding which types of disasters to prepare for. Wolfe said NetApp looks at 10 or so possible incidents, then calculates how fast it can recover from each. That determination helps the company to prioritize its efforts. At a higher level, he said, it divides risk management into three areas: anticipate, mitigate and monitor.

Cisco’s recovery scheme isn’t site-specific, opting instead for a more holistic approach. It embraces four “pillars” of risk: round-the-clock incident monitoring, access to critical data, product resiliency reaching back to the design stage, and the locating of test equipment at multiple sites. “We don’t have playbooks around incidents,” said Luu.

Vakil said it’s essential to have detailed information about the location of every factory, and what it makes, “accessible at your fingertips.” Armed with such intelligence, a company can respond to any incident within the hour.

Contract manufacturer Jabil Circuit, Inc. tackles risk within all three stages of its physical supply chain: source, make and deliver. Mudit Bajaj, senior director of supply chain solutions and analytics, said the discipline covers more than just location. The company takes into account such elements as supplier lead time, capacity, machine uptime, product quality, currency exchange, fuel costs, trade compliance and security. All of those considerations get rolled into a calculation of total landed cost, and the full impact on the company’s supply chain of any disruption.

The picture is only getting more complex. “You need to figure out how to manage the complexity, rather than run away from it,” said Bajaj. “Simplification is not happening.”

Bajaj took issue with companies that spend an inordinate amount of time scrutinizing their biggest suppliers. Proper risk management focuses not on the highest level of spend, but the greatest opportunities for disruption, he said. An assembly line can be brought to a halt by the lack of a relatively small and inexpensive part. Just ask Boeing Commercial Airplanes.

Bajaj said it’s important to mitigate risk at the design stage. But many other potential disruptions can occur that are unrelated to the nature of a specific part or product. Geopolitical disruptions affect all types of manufacturers and suppliers. 

To achieve truly effective risk management, companies need end-to-end control over their supply chains. Jabil has built an Intelligent Control Tower which includes huge video displays that highlight the status of links with all of its key supply-chain partners.

Beyond the flash, however, is a need to sustain the effort at all levels of the organization. “Risk mitigation needs to be part of everybody’s job,” said Bajaj.

Comment on This Article

Costly disruptions happen all the time, whether natural disasters, labor issues, equipment shortages, unanticipated demand, or clogged pipelines. Yet many manufacturers continue to get caught out.

Part of the problem can be chalked up to shortsighted management. (Driven, to be sure, by shortsighted investors.) How do you quantify a cost that hasn’t happened yet? How do you convince the C-suite to spend money up front to prepare for an undefined crisis?

When building the case for risk management, “a lot of companies struggle with justification,” said Bindiya Vakil, chief executive officer of Resilinc, a provider of software and services for shoring up supply chains. She chaired a panel on the topic at the Hi-Tech & Electronics Supply Chain Summit, presented earlier this fall in San Francisco by eyefortransport.

The effort has to be framed in terms of return on investment, said Vakil. It’s up to supply-chain managers to communicate the long-term benefits of good risk management – which, after all, is just another form of insurance.

Sometimes it takes a disaster to wake companies up. Lee Wolfe, who leads the Supply Chain Transformation Group at NetApp, Inc., cited the floods that struck Thailand in 2011. Virtually all hard-drive manufacturers in the country were located in the same valley, which became flooded when a dam burst. “That disruption almost killed the storage industry,” Wolfe said.

The event caused NetApp, among others, to begin crafting a risk-management program for its entire supply chain. Today, having such protection “seems to be common table stakes,” said Wolfe. “It’s not a differentiator – it’s a given.”

Not all high-tech companies are laggards. Cisco Systems, Inc. prides itself on its resiliency planning. The company was one of the first to create a “war room” that would leap into action at the first sign of a major disruption. “We’ve always ingrained the mentality of risk management,” said Nghi Luu, senior manager of that discipline at Cisco. “There’s a lot of revenue at stake.”

Risk management at biotechnology giant Amgen, Inc. was initiated via a handwritten letter from the company’s chief executive officer, according to director of supply chain Rod MacLea. “It was definitely a top-down push,” he said. Amgen had put aside some safety stock to deal with supply disruptions, “but we had no idea what was coming in on the front end.”

The push for strong risk management needs to be a top-down effort, said Vakil. “You need an executive champion who understands this problem. Not just anybody in the company can start.”

There’s always the possibility that companies can go too far in socking away buffer inventory, which can become obsolete in an alarmingly short time. Wolfe said the focus should be on calculating time to recover. NetApp determined that metric through intensive conversations with every supplier and factory.

Prior to attaining the necessary visibility of its supply chain, Amgen had bought an entire year’s worth of stock for its most critical products. Now it’s able to make more intelligent decisions, said MacLea.

Luu said Cisco’s audit systems have evolved to the point where the company can quickly pinpoint the suppliers, part numbers and revenue impact within a 30-mile radius of any incident. Then it prioritizes the top 25 parts or factories to be addressed.

Perhaps the toughest part of any risk-management program is deciding which types of disasters to prepare for. Wolfe said NetApp looks at 10 or so possible incidents, then calculates how fast it can recover from each. That determination helps the company to prioritize its efforts. At a higher level, he said, it divides risk management into three areas: anticipate, mitigate and monitor.

Cisco’s recovery scheme isn’t site-specific, opting instead for a more holistic approach. It embraces four “pillars” of risk: round-the-clock incident monitoring, access to critical data, product resiliency reaching back to the design stage, and the locating of test equipment at multiple sites. “We don’t have playbooks around incidents,” said Luu.

Vakil said it’s essential to have detailed information about the location of every factory, and what it makes, “accessible at your fingertips.” Armed with such intelligence, a company can respond to any incident within the hour.

Contract manufacturer Jabil Circuit, Inc. tackles risk within all three stages of its physical supply chain: source, make and deliver. Mudit Bajaj, senior director of supply chain solutions and analytics, said the discipline covers more than just location. The company takes into account such elements as supplier lead time, capacity, machine uptime, product quality, currency exchange, fuel costs, trade compliance and security. All of those considerations get rolled into a calculation of total landed cost, and the full impact on the company’s supply chain of any disruption.

The picture is only getting more complex. “You need to figure out how to manage the complexity, rather than run away from it,” said Bajaj. “Simplification is not happening.”

Bajaj took issue with companies that spend an inordinate amount of time scrutinizing their biggest suppliers. Proper risk management focuses not on the highest level of spend, but the greatest opportunities for disruption, he said. An assembly line can be brought to a halt by the lack of a relatively small and inexpensive part. Just ask Boeing Commercial Airplanes.

Bajaj said it’s important to mitigate risk at the design stage. But many other potential disruptions can occur that are unrelated to the nature of a specific part or product. Geopolitical disruptions affect all types of manufacturers and suppliers. 

To achieve truly effective risk management, companies need end-to-end control over their supply chains. Jabil has built an Intelligent Control Tower which includes huge video displays that highlight the status of links with all of its key supply-chain partners.

Beyond the flash, however, is a need to sustain the effort at all levels of the organization. “Risk mitigation needs to be part of everybody’s job,” said Bajaj.

Comment on This Article

Managing the High-Risk Business of High-Tech