Analyst Insight: While many supply chain organizations are on a journey to build resilience, relatively few have reached mature stages of risk management. For example, APQC recently found that only 15% of organizations have a dynamic contingency playbook, with risk and resilience embedded in every function. Given the varied nature of potential disruptions, this level of preparedness for risk may be the bare minimum in the near future.  

An effective contingency playbook is not something that organizations can write in an afternoon. It’s one of the hallmarks of a mature approach to risk management that requires sustained investments in supply chain technologies, processes and people. 

Organizations that have a mature playbook today started by building a strong foundation with at least three elements. The first is end-to-end visibility into supplier risk. Organizations achieve this visibility by mapping their supply chains (including second- and third-tier suppliers) and using systems that provide a risk profile of their suppliers, materials, supplier manufacturing sites, categories and products. 

The most sophisticated risk-monitoring systems not only inform an organization that a disruption has occurred, but also provide information about the potential impacts of a disruption to the business. This latter feature is important for an effective contingency playbook. While there’s some value in knowing about disruptions at a broad level, there’s far more value in knowing what that disruption means for your business specifically, so you can activate the appropriate plans.   

A standardized approach to identifying, prioritizing and mitigating risk is a second important foundation for an effective supply chain contingency playbook. Rather than approaching risk management in an ad hoc or reactive way, leading organizations provide the governance structures, processes and risk analysis activities needed to develop a comprehensive view of risk and manage it strategically. 

For example, leading organizations form risk-governance teams that regularly track measures related to risk, report progress, and continuously review gaps for improvement. Efforts like these not only help organizations know when they need to activate contingency plans, but also help to build resilience over time. 

Supplier mapping and standardized risk management processes set the stage for effective scenario and business-continuity planning. Leading organizations jump feet first into crafting these plans, not only asking “what if,” but also acting out potential crises through simulations and tabletop exercises. Ideally, these exercises should include anyone who would normally be expected to act in a real crisis and model the scenario as closely as possible. The scenario planning and business continuity plans (BCPs) that emerge from these exercises provide the content for an organization’s playbook.

It's not only important to have BCPs for your business but to collect and review them from your suppliers as well. Many organizations have room to improve in this regard. For example, APQC found that only 36% of respondents work to perform risk mitigation and continuously improve the process based on the BCPs they receive from suppliers.  

Outlook: Given the investments that go into building a contingency playbook, it makes sense that relatively few organizations have one that is mature and risk-resilient. The playbook itself is the outcome of an approach to risk management that organizations often spend years building. If you’re just beginning your journey, start by working on foundational elements like supplier mapping and standardized risk management processes. These initial steps help to build resilience as you continue maturing. 

Resource Link: www.apqc.org