Executive Briefings

Resiliency: Bouncing Back When Disaster Strikes

A conversation with Yossi Sheffi, professor of engineering systems at the Massachusetts Institute for Technology and director of the MIT Center for Transportation and Logistics.

Hurricane Katrina was an extreme reminder of the type of uncontrollable event that can severely disrupt supply chains and create operating chaos. How companies deal with and bounce back from such inevitable disruptions is the topic of a new book, "The Resilient Enterprise," by Yossi Sheffi. (MIT Press, mitpress.mit.edu). Sheffi shows how redundancy and flexibility developed before a disruption can do more to enable rapid recovery than any actions taken after the fact.

Q: What is the lesson of Hurricane Katrina for businesses?
Sheffi: The lesson is that even well established enterprises can be brought to their knees when caught off guard by a sudden supply chain dislocation, so all companies need to plan for the unexpected. The fact is that businesses are more vulnerable than ever to sudden disruptions such as natural disasters, terrorist attacks, supplier failures and labor actions, which now are a fact of business life. Companies need to start preparing for the next crisis now by building resilience into their organization.

Q: Even though you started this book in response to 9/11, you focus more on resilience than security. Can you explain that?
Sheffi: The bulk of the book is about resilience for several reasons. First of all, as a general public policy, we put a lot of effort into security--shoring up airports among other things--but there is no commensurate attention on the processes and training needed to get the economic system going again. So I think resilience is a neglected aspect of our homeland security efforts. But I am not a political scientist and I did not write the book for Congress. I wrote it for companies. I wanted to uncover and look at principles that can be used to build supply chains with the ability to bounce back quickly, regardless of what type of disruption comes their way--whether it is an accident like the Exxon Valdez or natural phenomena like a hurricane, an earthquake or a tsunami, or an intentional disruption like a strike or a terrorist attack. Security is an important part of that, particularly when you are dealing with intentional disruptions where security measures can impact the probability of being attacked. But most of the book is about building supply chains that can withstand and come back quickly from any type of disruption.

The book actually is the result of a three-year project at MIT that was funded by the British government through the Cambridge-MIT Institute, a collaboration between Cambridge University and MIT.

And you are right, it was motivated by 9/11. After that attack, I thought it would be useful to examine how companies can prepare, not only for terrorist attacks but for disruptions in general, because the fact is that 85 percent of the infrastructure in the U.S. is in the hands of the private sector. So I wanted to look at low probability, high impact events--not this week's 5 percent spike or 10 percent drop in demand--but the earthquake that causes you to lose a critical supplier or lots of important capacity, or the port strike, or the plant that is disabled by some event--big things that can actually jeopardize the very existence of a business unit.

Q: What are some key elements of resiliency?
Sheffi: When you start thinking about disruptions you have to answer three questions: What can go wrong? How likely is it that this will happen? If it happens, how bad will it be? With the first question, for example, you might look at the possibility of a supplier losing capacity, for whatever reason. For the second question, the likelihood of an event, you also start looking at security and at measures that you can take to reduce the probability that this event will occur. So, in the book, we have a chapter or two talking about methods that companies use to ensure supply chain security and certain principles that can be followed, such as a layered defense. This basically means that you never create a mechanism that either fails or doesn't fail. It is like your car, where you have seat belts and air bags and other safety measures as well--there are lots of examples like this. Many are mentioned in the book because we talked to more than 100 companies.

Q: You say in the book that the fashion and high-tech industries are good models for creating resiliency. Why is that?
Sheffi: Disruptions create a shortage of supply or a mismatch between supply and demand, which is not very different from an unforeseeable demand spike. So my point is you may want to look at industries that suffer regular and substantial demand swings to get some ideas how these industries organize themselves, how they protect themselves against risk, how they hedge their supply chain operations. Fashion products, for example, have a very short life cycle and are subject to the whims of teenagers and, in consumer electronics, the rate of new product introductions is so high that it is very hard to forecast. If you look at what the leaders in these industries do to compensate for those uncertainties you find that they follow practices that involve things like risk pooling. The idea here is that it is easier to forecast over a whole family of products or a big part of the country rather than over a single product or a small area. So then you start looking at interchangeable parts. If you have a part that is used in a whole family of products, you can buy the parts without knowing which product will eventually be made. Furthermore, for this one part you can have two or three suppliers, which creates another level of resilience. Tied to this, of course, is delayed customization or postponement, where you are actually building to order with modular parts.

There is an example of this in the book from several years ago where a source of memory chips in Taiwan was knocked out just as Dell and Apple were both coming out with new computer models. Apple had announced its new product four months earlier and had gone ahead and taken about $250,000 of orders for specific configurations that they then were unable to deliver as promised. Dell, on the other hand, never takes an order before it knows that it has everything on hand. So on the same day the disruption hit, Dell was able to change the prices on its web site. Configurations that used the short-supply memory chips suddenly became very expensive and other configurations became very cheap. As a result, during the days of the disruption Dell increased its market share.

Now, what Apple did was in a way very smart. By taking pre-orders, it knew what the market looked like and how many to make, but when a disruption occurred it was stuck with customer contracts for configurations that it could not produce. So this is one example.

There are other examples where I talk about the whole question of safety stock. After 9/11 there was a lot of talk that just-in-time was dead and everybody would go back to just-in-case. This is nonsense, of course. Now, in some cases it may make sense for a company to keep additional inventory, but how do you do that without getting sloppy? I give some examples of companies that hold strategic inventory that is kept in reserve and can only be touched with permission of a higher authority. The Strategic Oil Reserve is an example of this. Johnson & Johnson has a strategic reserve of certain medical supplies that can only be released with the approval of the Pentagon. The J&J stockpile has been released only once, and that was after 9/11. So this type of reserve is for emergency shortages.

Q: Are the strategies in the book ones that will work for any company, regardless of size or industry?
Sheffi: Yes, I believe very strongly that most companies can use the majority of these principles. Of course, not everything is applicable to every company, but generally companies are not as unique as they think they are.

Here is another example. Most companies think they need two or three suppliers for every part. That is nonsense. What they need to do is decide which are the important parts and which are the commodity parts. For the critical part, you may want one supplier, but then you need to have a very deep and strong relationship with this supplier. This supplier is you. If this supplier is disrupted, you are dead, so you must know what is going on with this supplier. Look at what happened with British Airways just a few weeks ago. They had one supplier for catering and this supplier was going to fire 700 people and British Airways didn't even know about it. This is a classic case of having one critical supplier and not realizing that it is really you. I give many examples in the book of companies that were not paying attention to what was going on in one of their critical suppliers.

Now, having a close relationship with a supplier is expensive--it requires investment, it requires people on the ground, so you may not want to do this. If not, then you have to have more than one supplier. So it is either have one supplier that is closely monitored or have many suppliers. Both tactics can work.

Q: You also make the point that low probability events, across a global company, can actually occur fairly frequently.
Sheffi: Yes, this is something that General Motors calculated a few years when it formed a risk management group. This group started cataloging all the different risks across GM's global operations. It found out that while the chances of a tornado hitting the plant in Oklahoma City on a given Tuesday morning are very low, the chances of either a tornado or an earthquake or a flood or a terrorist attack or sabotage hitting somewhere in its vast supply chain is unbelievably high. GM says something happens almost every week. So, if you look at it this way, investing in a resilient supply chain makes a lot more sense than if you think only about defending against another 9/11, which we hope will never come.

Q: What is the role of corporate culture in this?
Sheffi: In talking to a lot of companies, I started realizing that the main difference between companies that make it and companies that don't is their culture. Culture is kind of a nebulous concept, but I looked at what is common to a lot of these companies that seem to be able to withstand disruptions, to absorb them and bounce right back. There are certain principles and a lot of it has to do with pushing decision-making power very low in the organization. On a Navy aircraft carrier, the lowest fellow on the flight operations deck has the responsibility and the authority to stop flight operations. Think about it--this 19-year-old sailor has the responsibility and authority to stop a multibillion-dollar enterprise with 10,000 people involved--if you look at an entire battle group--and never be punished for it.

Another thing these organizations have in common is very strong communications. They all know weekly the status of what they are trying to do, but they also know, sometimes on an hourly basis, what is actually happening. They have listening networks where everybody is listening and monitoring for exceptions.

Another characteristic is people with a passion for work. The vice president of Southwest Airlines says it is about convincing a bricklayer that he is building a church rather than just laying bricks. I look at the way Don Schneider (founder and chairman of Schneider National) motivates employees. He says Schneider is not in the trucking business. It is in the business of raising the standard of living of the U.S. population. So it is the ability to make people understand that they are working on something bigger--a big idea.

Hurricane Katrina was an extreme reminder of the type of uncontrollable event that can severely disrupt supply chains and create operating chaos. How companies deal with and bounce back from such inevitable disruptions is the topic of a new book, "The Resilient Enterprise," by Yossi Sheffi. (MIT Press, mitpress.mit.edu). Sheffi shows how redundancy and flexibility developed before a disruption can do more to enable rapid recovery than any actions taken after the fact.

Q: What is the lesson of Hurricane Katrina for businesses?
Sheffi: The lesson is that even well established enterprises can be brought to their knees when caught off guard by a sudden supply chain dislocation, so all companies need to plan for the unexpected. The fact is that businesses are more vulnerable than ever to sudden disruptions such as natural disasters, terrorist attacks, supplier failures and labor actions, which now are a fact of business life. Companies need to start preparing for the next crisis now by building resilience into their organization.

Q: Even though you started this book in response to 9/11, you focus more on resilience than security. Can you explain that?
Sheffi: The bulk of the book is about resilience for several reasons. First of all, as a general public policy, we put a lot of effort into security--shoring up airports among other things--but there is no commensurate attention on the processes and training needed to get the economic system going again. So I think resilience is a neglected aspect of our homeland security efforts. But I am not a political scientist and I did not write the book for Congress. I wrote it for companies. I wanted to uncover and look at principles that can be used to build supply chains with the ability to bounce back quickly, regardless of what type of disruption comes their way--whether it is an accident like the Exxon Valdez or natural phenomena like a hurricane, an earthquake or a tsunami, or an intentional disruption like a strike or a terrorist attack. Security is an important part of that, particularly when you are dealing with intentional disruptions where security measures can impact the probability of being attacked. But most of the book is about building supply chains that can withstand and come back quickly from any type of disruption.

The book actually is the result of a three-year project at MIT that was funded by the British government through the Cambridge-MIT Institute, a collaboration between Cambridge University and MIT.

And you are right, it was motivated by 9/11. After that attack, I thought it would be useful to examine how companies can prepare, not only for terrorist attacks but for disruptions in general, because the fact is that 85 percent of the infrastructure in the U.S. is in the hands of the private sector. So I wanted to look at low probability, high impact events--not this week's 5 percent spike or 10 percent drop in demand--but the earthquake that causes you to lose a critical supplier or lots of important capacity, or the port strike, or the plant that is disabled by some event--big things that can actually jeopardize the very existence of a business unit.

Q: What are some key elements of resiliency?
Sheffi: When you start thinking about disruptions you have to answer three questions: What can go wrong? How likely is it that this will happen? If it happens, how bad will it be? With the first question, for example, you might look at the possibility of a supplier losing capacity, for whatever reason. For the second question, the likelihood of an event, you also start looking at security and at measures that you can take to reduce the probability that this event will occur. So, in the book, we have a chapter or two talking about methods that companies use to ensure supply chain security and certain principles that can be followed, such as a layered defense. This basically means that you never create a mechanism that either fails or doesn't fail. It is like your car, where you have seat belts and air bags and other safety measures as well--there are lots of examples like this. Many are mentioned in the book because we talked to more than 100 companies.

Q: You say in the book that the fashion and high-tech industries are good models for creating resiliency. Why is that?
Sheffi: Disruptions create a shortage of supply or a mismatch between supply and demand, which is not very different from an unforeseeable demand spike. So my point is you may want to look at industries that suffer regular and substantial demand swings to get some ideas how these industries organize themselves, how they protect themselves against risk, how they hedge their supply chain operations. Fashion products, for example, have a very short life cycle and are subject to the whims of teenagers and, in consumer electronics, the rate of new product introductions is so high that it is very hard to forecast. If you look at what the leaders in these industries do to compensate for those uncertainties you find that they follow practices that involve things like risk pooling. The idea here is that it is easier to forecast over a whole family of products or a big part of the country rather than over a single product or a small area. So then you start looking at interchangeable parts. If you have a part that is used in a whole family of products, you can buy the parts without knowing which product will eventually be made. Furthermore, for this one part you can have two or three suppliers, which creates another level of resilience. Tied to this, of course, is delayed customization or postponement, where you are actually building to order with modular parts.

There is an example of this in the book from several years ago where a source of memory chips in Taiwan was knocked out just as Dell and Apple were both coming out with new computer models. Apple had announced its new product four months earlier and had gone ahead and taken about $250,000 of orders for specific configurations that they then were unable to deliver as promised. Dell, on the other hand, never takes an order before it knows that it has everything on hand. So on the same day the disruption hit, Dell was able to change the prices on its web site. Configurations that used the short-supply memory chips suddenly became very expensive and other configurations became very cheap. As a result, during the days of the disruption Dell increased its market share.

Now, what Apple did was in a way very smart. By taking pre-orders, it knew what the market looked like and how many to make, but when a disruption occurred it was stuck with customer contracts for configurations that it could not produce. So this is one example.

There are other examples where I talk about the whole question of safety stock. After 9/11 there was a lot of talk that just-in-time was dead and everybody would go back to just-in-case. This is nonsense, of course. Now, in some cases it may make sense for a company to keep additional inventory, but how do you do that without getting sloppy? I give some examples of companies that hold strategic inventory that is kept in reserve and can only be touched with permission of a higher authority. The Strategic Oil Reserve is an example of this. Johnson & Johnson has a strategic reserve of certain medical supplies that can only be released with the approval of the Pentagon. The J&J stockpile has been released only once, and that was after 9/11. So this type of reserve is for emergency shortages.

Q: Are the strategies in the book ones that will work for any company, regardless of size or industry?
Sheffi: Yes, I believe very strongly that most companies can use the majority of these principles. Of course, not everything is applicable to every company, but generally companies are not as unique as they think they are.

Here is another example. Most companies think they need two or three suppliers for every part. That is nonsense. What they need to do is decide which are the important parts and which are the commodity parts. For the critical part, you may want one supplier, but then you need to have a very deep and strong relationship with this supplier. This supplier is you. If this supplier is disrupted, you are dead, so you must know what is going on with this supplier. Look at what happened with British Airways just a few weeks ago. They had one supplier for catering and this supplier was going to fire 700 people and British Airways didn't even know about it. This is a classic case of having one critical supplier and not realizing that it is really you. I give many examples in the book of companies that were not paying attention to what was going on in one of their critical suppliers.

Now, having a close relationship with a supplier is expensive--it requires investment, it requires people on the ground, so you may not want to do this. If not, then you have to have more than one supplier. So it is either have one supplier that is closely monitored or have many suppliers. Both tactics can work.

Q: You also make the point that low probability events, across a global company, can actually occur fairly frequently.
Sheffi: Yes, this is something that General Motors calculated a few years when it formed a risk management group. This group started cataloging all the different risks across GM's global operations. It found out that while the chances of a tornado hitting the plant in Oklahoma City on a given Tuesday morning are very low, the chances of either a tornado or an earthquake or a flood or a terrorist attack or sabotage hitting somewhere in its vast supply chain is unbelievably high. GM says something happens almost every week. So, if you look at it this way, investing in a resilient supply chain makes a lot more sense than if you think only about defending against another 9/11, which we hope will never come.

Q: What is the role of corporate culture in this?
Sheffi: In talking to a lot of companies, I started realizing that the main difference between companies that make it and companies that don't is their culture. Culture is kind of a nebulous concept, but I looked at what is common to a lot of these companies that seem to be able to withstand disruptions, to absorb them and bounce right back. There are certain principles and a lot of it has to do with pushing decision-making power very low in the organization. On a Navy aircraft carrier, the lowest fellow on the flight operations deck has the responsibility and the authority to stop flight operations. Think about it--this 19-year-old sailor has the responsibility and authority to stop a multibillion-dollar enterprise with 10,000 people involved--if you look at an entire battle group--and never be punished for it.

Another thing these organizations have in common is very strong communications. They all know weekly the status of what they are trying to do, but they also know, sometimes on an hourly basis, what is actually happening. They have listening networks where everybody is listening and monitoring for exceptions.

Another characteristic is people with a passion for work. The vice president of Southwest Airlines says it is about convincing a bricklayer that he is building a church rather than just laying bricks. I look at the way Don Schneider (founder and chairman of Schneider National) motivates employees. He says Schneider is not in the trucking business. It is in the business of raising the standard of living of the U.S. population. So it is the ability to make people understand that they are working on something bigger--a big idea.