Gary Lynch, global leader of the supply chain risk management practice at Marsh Risk Consulting, has a new book out: Single Point of Failure: The 10 Essential Laws of Supply Chain Risk Management. The book is available now on Amazon.com and will be in major bookstores on Nov. 2.

The title alludes to "any choke point that jeopardizes an organization's ability to provide value," Lynch says. "It could be a physical choke point, such as a port; it could be documentation delays at Customs; it could be environmental regulations that prevent an organization from working in a certain way. But all the value that an organization creates is dependent on flowing through that choke point."

The root cause is the way that supply chains have been redesigned and reconfigured over the last decade in response to outsourcing, off-shoring and customer/vendor empowerment, he says "As the supply chain footprint changed, so did the organization's exposure to uncertainty," says Lynch. "Now you have all of these links that have to be pieced together, and over time a little bit of corrosion begins to occur at each link. It is like having a parasite residing at all these different points. The question is whether that parasite will remain dormant or will become active - and that depends on whether or not there is an adverse event or whether someone is motivated to take advantage of the weak link."

Single Point of Failure uses analogies and dozens of case histories from companies like Rockwell, Nike, Roche and BAE Systems to describe the risk parasite that infects all supply chains while revealing methods to neutralize that parasite.

These methods are organized around the 10 vital laws to successfully identifying, measuring, mitigating and financing risk, with guidance for establishing a supply risk management program, avoiding bad decisions, and gathering better information and data to make good decisions.

Lynch also identifies four "laws of the laws" that are pervasive through every aspect of managing supply chain risk. These are:

• Everyone, without exception, is part of a supply chain. "Therefore, who owns a problem and how the problem is managed must be looked at from that perspective," says Lynch. "Unfortunately, big companies don't work that way, which in itself creates enormous vulnerability."

• No risk strategy is a substitute for bad decisions and a lack of risk consciousness. "A company can have the best risk strategy in the world, but it doesn't help if the company lacks the processes and data for making good decisions."

• Get the details right but see the whole picture. "Too many departments worry about their little piece of the supply chain and really don't understand or care about risk in the rest of the supply chain." 

• People always operate from their own self interest. "This gets to the need to understand motivations and incentives."

"Believing that all is well is a self-deception," says Lynch. "You need to continually analyze and evaluate the risks to your supply chains and business networks, determine and learn the root cause of problems, and decide whether you have the proper philosophy, culture, and systems in place to identify, measure, mitigate and finance risk."

Do you see these laws at work in your organization?

Comment on This Article