The Need for a Supply Chain Risk Management Plan
What a year 2020 was for supply chains. No wonder more companies are going beyond supply chain management to asking, “What is a risk management plan?” Before COVID-19, many companies had a more reactive approach to supply chain management, assigning teams to respond to disruptions as they happen. A plan, however, puts the organization in a more proactive stance.
Back in 2013, the Institute of Supply Management (ISM) reported that 60 percent of firms had a supply chain risk management plan in place and another 11 percent were actively developing their plan. COVID-19 has surely changed perspectives. A more recent ISM survey taken spring of 2020 found that 97% of respondents said they have been or will be impacted by the coronavirus, and nearly 40% of companies reported a “severe” impact in operations due to supply chain disruptions from COVID-19.
Adding to the COVID challenge are recent trade wars and tariffs. Supply Chain Quarterly explains the issue, saying, “In the past year and a half, the United States has imposed tariffs on three different lists or tranches of goods and has identified a fourth. The first three rounds of tariffs have already resulted in a significant shift away from China and to other countries of origin for goods imported into the United States. As country of origin shifts away from China and toward other markets, there will be reverberating effects elsewhere in all major markets – those in which goods will now be sources, as well as across all markets that are buyers and consumers of those goods.”
Supply chain management has to begin with a supply chain risk management plan.
What Is a Risk Management Plan?
A supply chain risk management plan is a strategy to speed response to as many circumstances as can be predetermined so as to minimize disruptions to the supply chain if they were to occur.
Supply chain risks can come from anywhere, as we have learned. Some of the most common are natural disasters and weather-related risks, perhaps from global warming. COVID-19 is still a threat to supply chains, and Compliance Week adds global trade wars and Brexit, raw materials shortages, and safety recalls to the list.
While some risks happen more frequently than others, even those that appear less emergent can be equally destructive. These may include changing market conditions, the competition gaining market share or operating at lower costs, or evolving customer tastes. The pandemic clearly revealed winners and losers, and those companies able to respond quickly to changes in demand are actually boosting their revenue. Once again, supply chain management can either help or hurt a business.
Companies must be nimble and resilient, keeping an eye on margins, costs, and quality. Customer satisfaction must remain a priority, and that means being able to shift the supply chain management plan as quickly as possible to keep up with customers’ wants and needs. One, even seemingly small, disruption to the supply chain can have a ripple effect that ultimately affects any of these variables.
The supply chain risk assessment is, therefore, crucial for any organization who is dependent on others for their success. Suppliers, distributors, manufacturers, and retailers are the primary stakeholders in the supply chain. From raw materials to parts and carriers, they all must work synergistically in order for the end consumer to get what they expected, when they expected it.
Prior Planning Prevents Poor Performance
As the old military adage goes, “Prior planning prevents poor performance.” The risk management plan requires pre-planning first. It takes time, but proper due diligence is the difference between a company folding due to a crisis or persevering despite the odds.
The following pre-planning steps yield valuable information that ensures the supply chain risk management plan is comprehensive, accurate, and reliable.
Step 1: Assess Your Risks
You can only plan for what you can see. Risks are everywhere, so you need to document them. Supply chain management begins with understanding all risks, at least all of the ones you can possibly anticipate.
Consider each link in your supply chain, as well as each of their risks. Indirect risks count, too. Your suppliers may have risks that you don’t, but that doesn’t mean you won’t feel the effects if they do. Go as far out as possible, even talking with your suppliers to find out what they view as their most probable risks.
Natural disasters, weather-related events, safety recalls, foreign economic instability, and all of the variables mentioned above could result in delays, higher costs, and decreased sales and customer satisfaction on your end. You won’t be able to anticipate every threat, but add as many to the list as warranted, even if those risks seem improbable. Few believed a pandemic would hit our shores as it did, but now we know. Historical references are always welcomed as they add much-needed lessons learned.
We are still learning lessons from COVID-19, but we can still look at historical events from our past to plan ahead and strengthen our supply chain management approach. Take the rare but still occurring government shutdowns as an example. For many companies, government shutdowns do not have a significant impact, particularly if they are only for a few days. But there was a shutdown in 2013 that impacted many organizations.
The Institute for Supply Management released a supply chain risk management study in 2014 that referenced the 2013 government shutdown. They found 52 percent of respondents said their firm’s performance was impaired by the government shutdown, and the majority of those that activated their supply chain management plan missed minor risks, such as delays in government inspections. With this experience and hindsight in mind, those firms would likely confirm their supply chain risk management plan included a government shutdown and delays in government inspections as a risk factors.
Many risks will be highly dependent upon the location of your company, its suppliers, distributors, manufacturers, and retailers. Weather-related events, natural disasters, social unrest, and infrastructure issues are prime examples. Other risks are more general, such as cyber threats and changing industry trends. Once the risks are determined as best as possible, it’s time to move on to step number two.
Step 2: Quantify Risk
Not all risks are the same. In step two, you will assess the likelihood of each risk per location, per shipment, or per whatever matters to your company, and its potential impact on the supply chain. Some risks may only cause minor interruptions, such as a brief winter storm. Other risks could spell disaster, such as a wildfire that destroys the raw materials your business depends on.
To clarify these risks, implement a scoring mechanism everyone can understand. For each of the risks you assess, these scores represent the likelihood of each event occurring, as well as its potential severity.
For example, if you have a distribution facility on the Gulf Coast, and a Category 4 hurricane is barreling toward the facility, the score should reflect the immediacy and severity of the situation. Alternatively, if the hurricane is expected to hit further to the east near Florida, the score will represent the threat level being less severe. By assigning each risk a quantifiable number and/or color, it helps key staff visualize and prioritize the threats.
Step 3: Build Contingencies
How you respond to threats is an essential part of your risk management plan. “If X happens, then we will respond with Y.” By building “what if” scenarios, you can role play to determine who and how teams will respond to each event if it were to happen.
Your models can be as detailed as you believe is necessary, but include roles and responsibilities. From a role-by-role flowchart with strict protocols to a more simple series of actions that would occur in anticipation of an event, during an event, or after the event occurs.
By modeling situations, your company can avoid many risks and be able to respond much faster to ones they can’t. Instead of winging it when something happens, you will know exactly what to do by referencing your plan. These scenarios can be a powerful learning tool and help stakeholders execute the plan with confidence.
The Supply Chain Risk Management Plan
Now that you assessed all conceivable risks, modeled various scenarios, and documented how your company is to respond to each event, you can develop your supply chain risk management plan. No two plans are alike, because each organization faces its own risks and has varying response capabilities. The following are some of the most common line items:
- A list of qualified alternate suppliers
- Communication protocol with critical and major suppliers (first thru fourth-tier suppliers)
- Qualification of more suppliers
- A surplus of critical supplies
- Communication protocols with critical and major clients
- Assistance to critical suppliers
It is critical to review your plan regularly, as much as every six months or annually. Your suppliers and their suppliers may change, markets change, customers change, the world changes. Remember that while your plan is the golden record, it is not static. It must be adaptable, and that requires frequent revisions.
Don’t Forget Logistics
Getting your parts or products from your suppliers on time is always a priority, as is being able to deliver your products or parts to your customers. Logistics is vital, and shipments must be able to run smoothly. One of the more critical components of any supply chain risk management plan is to analyze transportation and routes. Freight is vulnerable to all kinds of risks, from weather-related events to infrastructure outages.
Your risk management plan must include logistics, and it begins with assessing the risks specific to shipments. These risks may be the same or unique to logistics. Follow the same steps as with your supply chain risk assessment, quantifying logistics risks with scores, working through scenarios and modeling, and then developing responses to each.
There are many variables that come into play with logistics, so don’t lose heart. Depending on the freight and route, assessing all of the risks to a shipment from pick-up to final delivery can be a grueling, manual process, but what you don’t want is a partial or inaccurate plan. Don’t rely on assumptions and guesses. You have data, so use it to build out your plan.
Use software, such as Riskpulse, to automate the process. This will save you incredible amounts of time and ensure your data is comprehensive. The technology gathers massive amounts of internal and external data from a variety of sources, then scores each risk so users can quickly see where to focus their attention and trigger the mitigation part of the plan.
The software presents the data in a visual, actionable way to give you a complete picture of all of your risks, as well as the probability of those risks during each leg of the journey and the expected severity of those risks. Users can customize their own dashboards to answer specific questions that matter most to them. The system identifies current problems and potential issues up to 10 days ahead of shipment pickup schedules.
What is a risk management plan as it relates to logistics? It may be simpler to view it as what the plan answers, questions such as:
- What are the risks to each shipment from the time the goods are packed onto trucks, railcars, airplane or ship until they make it to their final destination?
- How likely are those risks and what would their impacts be?
- How would we respond in each case?
- What would trigger the plan?
- What is the prescribed flow of response?
- Would changing the mode of transportation, the route, or the timing of the shipment reduce the risk without adding significant cost?
When you have comprehensive, reliable data early enough in the scheduling process, you can make better decisions that continually improve supply chain management. Your company will be in a better position to avert or minimize risks, and if the worst happens, a plan is in place to recover more quickly.
A risk management plan gives your company the opportunity to save costs while ensuring more on-time deliveries that drives customer satisfaction and loyalty. Even with unavoidable risks, you will know early on so you can set appropriate expectations. Your customers may not love delays, but at least you can make aware of the potential delays so they can plan.
The key to your supply chain risk management plan is to access and utilize the data that is out there. You can’t get to it manually, at least not fast enough. Software will get you what you need, when you need it, giving your company a competitive edge.