When it comes to assessing the likelihood of a disaster that can seriously disrupt a supply chain, corporate memories can be remarkably short.
It has been less than seven years since the terrorist attacks of 9/11, less than six since the West Coast ports shutdown, and less than three since Hurricane Katrina. Yet many companies still don't have comprehensive programs in place to keep their supply chains running in the event of a disaster, natural or otherwise.
Maybe it's a case of executives being caught up in day-to-day crises, or the difficulties of maintaining global supply chains in an era of outsourcing. Whatever the reason, "industry is placing the biggest bet in the history of Las Vegas-that nothing will happen," says Jeff Karrenbauer, president of Insight, a provider of supply chain technology and consulting services based in Manassas, Va. "It's amazing how hard it is to get traction with this issue."
Companies are finding it tough to make the case for spending time and money on disaster response programs, says James B. Rice Jr., director of the Integrated Supply Chain Management Program at the Massachusetts Institute of Technology. "The trick question is, what happens when somebody makes a successful security investment? Nothing. It prevents things from happening."
In a sense, having a good disaster response plan is like buying insurance. But too many companies fail to realize that the lack of one is putting their brand identities at risk. Even relatively contained problems such as the lead-tainted toys that were recently discovered in factories making product for Mattel Inc., or the sudden supplier bankruptcy that cut off chassis frames for Land Rover's Discovery vehicles in 2001, can severely damage a company's position in the marketplace. In the well-known case of a fire at a Philips Electronics semiconductor factory in 2000, the resulting shortage of components took LM Ericsson out of the business of making cellular phones under its own name. Says Rice: "These things can really cripple a firm."
It isn't for lack of awareness of the problem. A study by Aberdeen Group found that 82 percent of the companies surveyed were concerned about the ability of their supply chains to withstand major disruptions. The catch: only 11 percent were actively managing the risk. Another 47 percent were "concerned" but had no formal process, while 18 percent weren't concerned about risk at all.
Companies have many "buckets" of profit and expense within their operations, but few if any run actual risk budgets, says Jade Rodysill, senior manager in the supply chain strategy practice of Accenture. Still, she believes that business is beginning to understand the potential for disaster in extended supply chains, with industries such as pharmaceuticals, chemicals and energy ahead of the curve because of the stiff regulatory requirements that they face every day. Others tend to define the risk of disaster in a narrower sense, missing some of the possibilities that can bring the flow of product to a standstill. In the process, they fail to address certain controllable problems, such as West Coast port congestion, which can be minimized through alternative routing strategies.
There are isolated cases of companies with detailed plans and the ability to rise to the occasion. Procter & Gamble, for one, is justifiably proud of its response to Hurricane Katrina. The company, which produces substantial amounts of coffee in the New Orleans region under the Folgers brand, was the first local business back in operation after Katrina hit. It found alternative sources of product while the New Orleans plants were out of commission due to flooding, then worked hard to meet the needs of its 550 local employees during the crisis. The storm had no long-term impact on P&G, other than giving the company ideas for further strengthening its disaster response plans.
A Game of Catch-Up
P&G is among the exceptions. Most companies are forced to play catch-up when their flow of product is halted by disaster. They have only the vaguest idea of which problems are most likely to occur, and how to react when they do. Such ignorance even extends to events that can be foreseen, such as the 2002 employer lockout which left thousands of containers stranded at West Coast ports at the height of the Christmas shipping season.
It isn't as if state and local governments were serving as an example of proper planning. "I've got some shocking news for you," says Rice. "There are very few if any states that have started to think about economic recovery and the impact of freight disruption on their economies."
It might be too much to ask that companies concoct a complete plan all at once. Research by MIT shows that supply chains typically follow a four-stage path to maturity. "Pre-compliant" companies aren't even part of the voluntary Customs-Trade Partnership Against Terrorism (C-TPAT), which requires getting a better handle on the identity of one's suppliers and the contents of containers bound for the U.S. "Compliant" companies have embraced C-TPAT but not much else; they view security merely as a cost of doing business. "Secure" companies know that externally imposed measures aren't enough. They are proactive about working with suppliers and customers to head off disruptions. "Resilient" companies, by contrast, view risk management as part of their business strategy and an opportunity to boost competitiveness. They have built some measure of redundancy into their supplier chains, and can detect and respond to potential crises.
To reach the final stage, Rice says, a company will have considered all six major possibilities of failure: the loss of plant capacity or inventories, transportation infrastructure, supply base, human resources, communications and demand. Of course, a single big disaster can impact on more than one of those categories, necessitating a multi-pronged response. But all six share common needs, says Rice, include external partnerships with critical vendors, "early-warning" risk detection systems, education and training, strict communications protocols for information sharing, and a general culture of awareness throughout the organization.
Supply chain vendors need disaster response programs as well. San Mateo, Calif.-based Menlo Worldwide Logistics has had one in place for a number of years, according to Joe Dagnese, vice president in charge of the consumer and industrial group. In its case, at least, memories are long. Technology concerns about Y2K got the ball rolling back in 2000, Dagnese says, but Katrina and other recent natural disasters boosted awareness of the subject.
The key lies in sitting down with a customer in advance, and determining what steps must be taken in order to sustain continuity of product flow. Shippers themselves must do some deep soul-searching about how they want to serve their customers in an emergency, Dagnese says.
For its part, Menlo offers "roving real estate" that can be deployed within several hundred miles of the customer's regular facility. The partners decide on a standard set of order sizes and SKUs that will be shipped from those alternative locations. The plan, which is reexamined quarterly, doesn't require the placement of expensive safety stock outside everyday plants or warehouses. Most of the time, the emergency property sits empty; Menlo can make quick deals with landlords when the space is needed.
New York City Acts
Katrina was the catalyst for an emergency response plan put into place by New York City, with the help of Menlo. City officials got to thinking about the potential impact of a hurricane of similar size hitting the northeast coast.
"We looked at a lot of things that had gone on after Katrina," says Alex Markowski, director of logistics in the city's Office of Emergency Management. "If we were in the same situation in New York, we would want all the services ready to go." The city took a logistician's view of what would be needed at shelters-cots, blankets, bottled water and other supplies-then worked out a plan to store the items at two facilities run by Menlo.
One of the "front-line" locations is over the river in New Jersey; a smaller one is in the Bronx. In an emergency, Menlo will follow a detailed plan that allots supplies to various areas of the city according to population and need. Because it's working for a public entity, the vendor will have priority to traverse any bridge or tunnel. If those routes are blocked, it can even resort to airlift, Dagnese says.
The city chose Menlo, following a standard bid process, in part because the vendor also owns trucks, through its sister unit Con-way Freight. "You need someone who has a strong fleet as well as warehousing," Markowski says. Menlo would likely supplement its requirements with outside carriers, though, as it does for most customers.
Another factor in planning was the proper designation of unloading points. "On the other end," Markowski says, "there has to be an operator ready to receive my goods."
The city intends to conduct a field exercise of its entire sheltering plan, of which logistics is one component, during the spring or summer of this year. It has already learned one lesson from an exercise that was conducted last year, prior to the selection of Menlo. Separate transport will be needed to move people's pets, whose cages didn't fit on the buses that were designated for their owners. "We had to ship to more points than we would like," says Markowski. "Things like that, we do pick up on."
In serving the private sector in an emergency, Menlo won't have the luxury of priority access to choke points like bridges and tunnels. And it doesn't always control outbound transportation for commercial customers. But the provider can draw on relationships with hundreds of independent carriers across North America, to supplement the Con-way fleet. "We have to ensure that our capacity list is deep enough," Dagnese says.
A Profile of Risk
New York City-based Marsh & McLennan has a long history of consulting on risk management issues. Managing director Ann Grackin says the firm recommends that clients create a detailed risk profile that examines the end-to-end supply chain. "You are really understanding where the vulnerabilities are, based on product, product integrity, policies, people, technology gaps and process gaps," she says. After that, companies need to apply the analysis to the various elements of a supply chain, including suppliers, plants, transportation, warehouses and customer-facing activities.
Getting one's hands on the necessary facts isn't always easy. Companies need to know how many suppliers they have for the most important raw materials. "I know Fortune 10 companies who can't get that information," Insight's Karrenbauer says. "It's too hard-it's buried."
The highest vulnerability, Grackin says, tends to center on people and the business processes related to monitoring them. On a day-to-day basis, such an oversight can lead to lost, damaged or pilfered goods. The situation grows worse in the event of a disaster, which can play havoc with multi-source supply chains that are subject to problems involving weather, security and political instability. To deal with those eventualities, Grackin says, companies need real-time event tracking. The technology allows for rapid response and the selection of alternative routes and suppliers.
Part of the problem lies in the increasing complexity of global supply chains. Many companies have made themselves more vulnerable by jumping aboard the outsourcing bandwagon, says Rodysill. A reliance by U.S. business on manufacturing in China, for example, creates additional opportunities for failure, and exposes supply chains to more potential disasters. The situation is especially dire for those who are relative newcomers to outsourcing, and haven't experienced a tsunami, earthquake, disease outbreak, or economic and political problems in the host country.
True resiliency isn't just about managing physical locations. It's also about accessing the working capital needed to set up alternative supply chains. Grackin says companies must balance the need for diversifying their sourcing with the cost of redundant facilities and inventory. The formula is a delicate one that will vary from business to business.
Those who rely on a single supplier might find it difficult to locate alternative sources during an emergency. Companies should have alternative logistics plans that they can put into play overnight, when the routing of product changes, Grackin says. At the same time, they should subscribe to monitoring services that can warn of impending problems in a source country.
When Plan B Fails
Companies aren't always free to make changes on the fly. Alternative suppliers won't necessarily spring into action for customers that aren't using them on a regular basis. To avoid that scenario, the buyer should consider reallocating a portion of its supply base before disaster strikes. For example, a firm that rushed to Asia in search of cheap production might move a portion of its manufacturing back to North America. It would be willing to eat the extra cost up front, in favor of having product close to market in case of a supply chain disruption.
Nevertheless, a number of supply chains today continue to rely on a single supplier for vital raw materials or components. That reality stems from efforts to apply classic "Lean" manufacturing concepts across the extended supply chain.
"We have worshiped at the altar of cost minimization at all cost," says Karrenbauer. "We have greatly restricted and even eliminated the possibility of a plan, because there's no slack left in the system."
Certain mitigation measures, he says, should be carried out before disaster strikes. Companies might find it wise to give a portion of their business to secondary or even tertiary suppliers, even if they charge more than the favored vendor. Having those alternative sources on hand during an emergency can more than make up for the additional cost.
"That's especially critical if there's a technology transfer involved," Karrenbauer says. "If you wait for an emergency to occur, you're still facing that burn-in time [for the new supplier to begin making product]."
Rodysill says companies should go beyond a risk profile to conduct a broader "resilience assessment." The goal is to gauge the extent to which the business can bounce back from non-preventable disasters. Having identified potential threats by geography, industry, economics and competitive dynamics, managers should conduct a series of pilot exercises in which those scenarios play out. In addition, individuals from multiple disciplines within the organization should participate in intensive workshops that will prepare them for the worst.
Karrenbauer says companies can use existing network-design technology to test their supply chains for resiliency. Two approaches are possible, he says. One is standard modeling based on the potential loss of raw materials, manufacturing facilities, port capacity, and transportation options. A second involves the practice of customer segmentation-identifying the most important accounts, and ensuring that their needs are met first. "I want to have capacity in the network to take care of my critical customers," Karrenbauer says. "They are my lifeblood."
The IBM Experience
IBM has one of the most extensive-and potentially vulnerable-supply chains in the world. The company draws on its own experience when advising others on how to minimize risk. Karen Butner, global leader for supply chain management in IBM's Institute for Business Value, says executives should have an ongoing conversation about outsourcing versus insourcing. One technique is to employ an "ABC" plan in cooperation with suppliers and logistics providers-"so that if 'A' is not available, you can very quickly switch to 'B.'"
IBM's high-level risk analysis covers customers as well as suppliers. Often there are multiple layers of distribution, and each must be examined for its impact on customer service, Butner says. Then come the simulation exercises which can uncover weaknesses throughout the chain.
Such analyses can be of value in ways unrelated to risk and disaster avoidance. At a time of increased environmental awareness, they can help companies to assess their total carbon footprint and devise suitable trade-offs. Risk, Butner says, is just one factor in a larger examination of opportunities for streamlining global supply chains.
Sometimes the exercise can lead to changes in a supplier network. One client of IBM went to a hub-and-spoke operation that allowed for regional alternatives if the central distribution center were shut down by a disaster.
Businesses are coming to realize that long-distance outsourcing entails certain costs that might not be obvious at the outset. "One vice president [of a consumer products company] said he was reopening a lot of distribution facilities across the world that he had closed three to five years ago," Butner recalls. "One of the reasons was energy, fuel and transportation costs. The second was service."
Karrenbauer sees a "modestly increased awareness" by businesses of the need for comprehensive disaster planning. Some are motivated by the possibility of lawsuits that could emerge following an emergency, if executives are found to have been inadequately prepared. Even more chilling is the prospect of a terrorist attack on some part of the nation's infrastructure. Based on conversations with military experts, Karrenbauer believes that occurrence is only a matter of time. "It's mandatory that we have plans in place," he says.
Editor's note: For more on risk management, see "Snake Eyes! The Failure to Manage Risk in Supply Chain Can Be Catastrophic," GL&SCS, August 2007.
IBM Global Services, www-935.ibm.com/services/us/igs/
Marsh & McLennan, www.mmc.com
Menlo Worldwide Logistics, www.menloworldwide.com
MIT Center for Transportation & Logistics, http://mit-ctl.mit.edu/index.pl?id=0
Timely, incisive articles delivered directly to your inbox.