Embed Size (px)
Citation preview
Security, Visibility, and Resiliency:The Keys to Mitigating Supply Chain Risk
Theodore S. Glickman and Susan C. White
School of BusinessThe George Washington University
Washington, DC 20052
May 2004
Working PaperSubmitted to The Journal of Supply Chain Management, May 2004
Security, Visibility, and Resiliency:The Keys to Mitigating Supply Chain Risk
Abstract
Terrorism and war are much more prominent in the minds of supply chain planners today than they were just five years ago. In the 1990s, firms moved to outsource processes and/or capabilities that were not considered key competencies. Certainly technology enabled this transformation as falling information processing costs and increasing global connectivity allowed firms to collaborate across national boundaries more easily. This shift in the business paradigm led to increased reliance on efficient supply chain networks – both with respect to the flow of products and the corollary flow of information. The tragic events of September 11th, 2001, highlighted the risks associated with the dependence on supply chain networks to move products continuously. In this paper, the keys to mitigate these risks are presented, and the interrelationships among them are explored. In order to compete effectively, firms today need to ensure security, visibility, and resiliency throughout their supply chain networks.
1. Introduction
During the last fifteen to twenty years, firms have been focusing more and more on their core competencies and outsourcing other processes and/or capabilities. (See [1-6] for example.) Baiman, Fischer, and Rajan [7] note that:
“… the U.S. automotive industry has steadily increased the number of parts outsourced, while decreasing the number of suppliers. Further, the automotive industry is now experimenting with outsourcing the production and installation of major components by turning over parts of their factories to their suppliers.” (p. 173)
Most analysts believe that this trend toward more and more outsourcing will continue. [8] In concert with the movement toward outsourcing, firms have also moved toward a leaner and/or more agile framework in which inventory levels are reduced. For example, the Defense Logistics Agency, which is responsible for buying and shipping more than 4 million items to U.S. forces in the states and abroad, saw on-hand inventory reduced from $3.96 billion in 1993 to $2.24 billion in 2000. Simultaneously, sales went from $4.1 billion in 1994 to $6.2 billion in 2001. The time needed to fill orders fell from six days in 1999 to four days in 2001. [9]
This trend toward outsourcing coupled with the ongoing drive for reduced inventories and more responsive supply chains has led to greater interdependence among various members of the supply chain. The consequences of such dependencies include the reality that disruptions or disturbances in inbound or outbound flows may have serious adverse effects on the firm’s ongoing operations. These events may come in the form of natural disasters, labor disputes, unanticipated economic shifts, terrorist strikes, wars, and other unexpected occurrences.1
Svensson [10] finds that there is a significant correlation between outsourcing various processes and the occurrence of disturbances or disruptions in a firm’s inbound logistics flow.
The outbreak of severe acute respiratory syndrome (SARS) which struck Asia and then parts of Canada in 2003 highlighted the potential dangers associated with focusing on efficiency alone in supply chains. Firms with sole-source suppliers in China when SARS struck were exposed to serious disruptions in their supply chains. In fact, Motorola and Texas Instruments both lowered their second-quarter 2003 sales and earnings-per-share projections due, at least in part, to supply chain shocks from the SARS outbreak. Since a firm may have very little control over disturbances and/or disruptions in their supply chain, it should focus its efforts on managing its supply chain so that it can deal with the stresses effectively. [11]
Disruptions and/or disturbances in a supply chain are inevitable. An examination of the risk associated with a supply chain should not dwell on whether or not an adverse event will occur; rather, the emphasis should be on developing and managing a supply chain that is able to respond effectively to the shock when it occurs. The next section provides a brief overview of where things stand in the field of supply chain management. Subsequent sections offer keys to mitigating risks in supply chains and their practical implications. This paper concludes with comments on future needs.
1 To some degree, weather-related natural disasters and unresolved labor disputes may be expected; even so, they can have far-ranging impacts on all members of a supply chain.
2. The Current State of Supply Chain Management
Figure 1 depicts a typical supply chain from the perspective of a single firm. Note that the firm’s suppliers may be consumers upstream and may also be suppliers to the firm’s competitors. Furthermore, the firm’s consumers may be suppliers downstream and may also be consumers of goods and services provided by the firm’s competitors.
Lee and Billington [12] highlight fourteen pitfalls in supply chain management and offer insight into six key strategies to improve supply chain performance. The pitfalls which they saw over a decade ago include inaccurate delivery status data, inefficient information systems, poor coordination among divisions within a firm, organizational barriers, and a focus on internal operations only. This would imply that the firm in Figure 1 looks only within its own realm and even then may have poor coordination and incomplete information across the firm. Lee and Billington encourage supply chain managers to integrate databases and control and planning support systems throughout the supply chain and to expand the firm’s view beyond its own realm.
A decade later, researchers report that practitioners and academicians alike had failed to make the seamless, efficient supply chain a reality. [13] They note that:
“In a time when we still cannot get departments within companies to work together, why do we believe that we can achieve integration and cooperation among trading partners? In a time when firms are still driven by the short-term financial expectations of their shareholders, why do we expect management to suddenly develop patience and consider SCM’s long-term benefits?” (p. 35)
These authors echo some of the pitfalls described by Lee and Billington and offer their own strategies for overcoming the barriers. These strategies include investing in information technology.
Poirier and Quinn [14] also examine the current state of supply chain management programs. They find that leading firms have established dominant positions in the marketplace, “based in large part on their ability to work collaboratively with carefully selected trading partners.” (p. 40) They refer to the five levels of supply chain evolution:
I. Internal focus on functional and process improvement - the basic focus in Level I is in two major areas: sourcing and logistics.
II. Internal focus on expanding the improvement begun in Level I company-wide - in this level, the firm begins to examine processes which can be outsourced and to develop stronger relationships with suppliers.
III. External focus begins; the firm forms a business network with a few carefully selected business allies who work together to discover mutually beneficial ways to do business.
IV. External focus expands - the firm begins working in earnest with selected upstream and downstream partners; information is shared electronically so that supply chain members can identify opportunities more easily.
V. Theoretical full interconnectivity - supply chain partners are fully networked and use technology to enable them to gain dominant market positions.
In their assessment of the status of supply chain management, Poirier and Quinn report that very few firms feel they have advanced beyond Level III in this framework. Those that have moved to Level IV or V are dominant in their field; the most commonly cited examples were WalMart and Dell. In addition, automotive firms generally received high marks for their supply chain performance; the firms mentioned include Toyota, Honda, John Deere, and Harley-Davidson.
As advances continue to be made in supply chain integration and performance, managers are now faced with the additional challenge of doing more to protect against elevated threats to the smooth functioning of their supply chain operations. It remains clear that the risks associated with interdependent supply chains are real and are only exacerbated by new threats of terrorism and war. It would behoove firms, then, to manage their supply chains so that they are more able
Figure 1: A Typical Supply Chain from the Firm's Perspective
to handle the stresses, disturbances, and disruptions that are sure to come. The next section focuses on the three keys to mitigating supply chain risk: security, visibility, and resiliency.
3. The Keys to Mitigating Supply Chain Risk
Risk management in a supply chain is the art of reducing the likelihood of disruptions when and where possible and increasing the number of options to respond to disturbances when they do happen. [15] In this light, there are three fundamental keys to mitigating supply chain risk: security, visibility, and resiliency. Security is a preventative tool--security seeks to minimize the likelihood of disruptions. Visibility is an intervention tool--visibility throughout the supply chain allows managers the opportunity to respond quickly to disruptions based on accurate, real-time assessment. Finally, resiliency ensures continuity--resiliency is the ability to return the supply chain to an operational level shortly after disruptions have occurred. These issues are closely interrelated and all rely on a core driver: the unimpeded flow of information. This flow of information facilitates both security and visibility and enhances resiliency. In Table 1, each of these keys is examined with regard to seven basic concerns: product, transport, information, collaboration, connectivity, execution, and flexibility. [16] Following the table, the three keys are discussed in further detail.
Security: PreventionProactive steps to ensure security throughout the supply chain should be at the forefront of risk mitigation. This definition of supply chain security includes many facets from supplier selection to transport mode management to connectivity and collaboration. Within the realm of transport mode, new federal initiatives are driving security programs in the U.S. While some have argued that changes in the U.S. Customs Service directly conflict with lean or just-in-time inventory practices, others point out that the new requirements could be good for global supply chains. [17-20]
Certainly the security issues that are being addressed now are not new; rather, they have always been sources of potential disruptions in the supply chain and are being addressed now. One expert notes that “the biggest lesson we learned about security is that there’s a difference between being good and being lucky.” [21] Opportunities exist to strengthen supply chain security at every stage from product development through delivery to the final customer.
With respect to product considerations, it is important that sourcing decisions be included in the product design stage. This will include an examination of transport issues given various suppliers; the transport decision must consider the supply chain partners’ locations and import and/or export issues. With respect to security, access to accurate information and the ability to share it both with supply chain partners and appropriate government agencies must be included in the design of the information system.
Table 1: Security, Visibility and Resiliency Considerations in Supply Chain Management
Security Visibility Resiliency
Product Concerns
Supplier selection based on security concerns may affect product design
Real-time inter-connectivity enhances visibility but may limit supplier selection
Modular product designs enhance resiliency and allow for multiple suppliers
Transport Concerns
Mode selection must account for security concerns and may involve customs issues
The need to maintain visibility throughout the entire supply net-work may limit scale
Allow for multiple modes as back-ups in case of blockages or failures
Information Concerns
Need ability to share requisite data with governmental agencies in a timely fashion
Tracking the flow and status of goods across the entire supply network is required
Accurate, timely data is vital to resiliency in order to react, adapt, and respond
Collaboration Concerns
Partner security is required due to mutual interrelationships and dependencies
Visibility within partners’ domain as well as one’s own must be established
Partners should be resilient, too, because of impacts on one’s own resiliency
Connectivity Concerns
Secure networks must be provided to safeguard data flows and communications
Accurate, timely infor-mation including exception reports must always be available
Connections need to have redundancies built in to ensure continued operations
Execution Concerns
The design and use of security protocols has to facilitate the free flow of goods and data
Real-time accuracy with respect to location and volume is essential
Simulations and test exercises should be used to confirm and improve resiliency
Flexibility Concerns
Security protocols and enforcement should be changeable in response to events
To maintain visibility, it is necessary to adapt to obstacles efficiently and effectively
By its very nature, resiliency requires the ability to change smoothly and rapidly
Visibility: InterventionWhen disruptions occur, whether due to breakdowns in security or to events beyond the control of the supply chain partners, visibility throughout the supply chain is the key to effective, timely efforts to intervene and minimize the adverse effects of the disruptions. [22-25] In fact, Montgomery, Holcomb, and Manrodt [16] argue that visibility is not only a tactical issue in supply chains, but that it also has enormous strategic implications for the entire organization. Specifically, they state that:
“Visibility enables all supply chain members to easily see and manage the flow of products, services and information in real time or near real time, from end-to-end, as needed. True visibility is present when supply chain members can do this in concert, and they can do it across their existing technology platforms.” (p. 3)
Figure 1: Security, Visibility, and Resiliency in Supply Chains
They offer the example of a global pharmaceutical company that was contacted by a government agency shortly after the events of September 11, 2001, requesting the diversion to New York of a very large supply of antibiotics they produced. The firm, because they had instituted visibility in their supply chains, was able to determine the feasibility of the request in less than half an hour.
Visibility throughout the supply chain relies heavily on good information systems, connectivity throughout the supply chain, and collaboration among all supply chain partners. Visibility cannot end at a nation’s borders; rather, products, supplies, components, and all associated information must be shared globally. Transport modes should be chosen in concert with all supply chain partners to ensure accurate information flow during transport. With timely information, supply chain members can respond quickly to disruptions as they occur.
Resiliency: ContinuityOnce intervention has addressed the immediate concerns of the supply chain disruption, the entire supply chain must respond in a resilient fashion. According to Rice and Caniato [26], resiliency in a supply chain is the ability of the supply chain to react to a disruption and restore normal operations. Certainly, visibility is vital to resiliency; it is virtually impossible to make good decisions without accurate knowledge. However, resiliency goes beyond visibility. After the initial response to the disruption, there must be plans ready to execute to ensure continued viability. Moreover, the genesis of this resiliency must be planted long before the disruption occurs.
Resiliency should be kept in mind during the product design phase since the response might require using different suppliers for a time. Additionally, the transport decision should include a consideration for contingencies following disruptions. As information systems and connectivity platforms evolve with the supply chain, managers should ensure that backup systems are in place and ready to use should the need arise. Such planning requires collaboration among all members of the supply chain. Flexibility – in operations, in product design, in volume, in capacity, in routing – will make resiliency easier to achieve.
4. Practical Implications
Security, visibility, and resiliency are the keys to mitigating supply chain risk. While technology can aid in developing each of these competencies throughout the supply chain, technology alone is not the solution. In fact, Barami [27] posits that too much reliance on technology alone to ensure security, aid visibility, and promote resiliency could leave the supply chain vulnerable to asymmetric and non-linear threats.
Russell and Saldanha [28] offer five tenets of security-aware logistics and supply chain operations. Even though their focus is on security, these tenets also ring true for visibility and resiliency; they write that “firms should …
1. … partner with local, state, and federal organizations that impact the movement of freight.
2. … know overseas trading partners and take responsibility for securing cross-border supply chains.
3. … have a mode-shifting capability to accommodate interruptions.
4. … develop a suite of communication channels and media.5. … adopt the concepts of agility, reservists, and pre-positioning.
Firms who adopt these tenets and who move toward Levels IV and V in the supply chain evolution [14] will be best positioned to secure their supply chains, to make products and relevant information visible throughout the supply chain, and to respond to disruptions effectively and efficiently.
Future Directions
Moberg, Speh, and Freese [13] note that the full potential of integrated supply chain management has yet to be realized. In an effort to address this shortcoming, they have identified major barriers to effective integration and offered action plans to overcome them. Three of their action plans are crucial to ensure security, visibility, and resiliency in supply chains: establishing interorganizational teams, investing in information technology, and engaging in more practical and applied supply chain research. As we have discussed, security, visibility, and resiliency are the three keys to mitigating risk in supply chains. In order to implement them, integrated supply chain management must become a reality.
References
1. Drejer, A. and S. Sorensen, Succeeding with sourcing of competencies in technology-intensive industries. Benchmarking, 2002. 9(4): p. 388.
2. Ghausi, N., Trends in outsourced manufacturing--reducing risk and maintaining flexibility when moving to an outsourced model. Assembly Automation, 2002. 22(1): p. 21.
3. Leavy, B., Supply strategy - what to outsource and where. Irish Marketing Review, 2001. 14(2): p. 46.
4. Novak, S. and S.D. Eppinger, Sourcing by design: Product complexity and the supply chain. Management Science, 2001. 47(1): p. 189.
5. Prahalad, C.K. and G. Hamel, The Core Competence of the Corporation. Harvard Business Review, 1990(May - June 1990): p. 16 - 28.
6. Yano, C.A., IIE Transactions special issue on planning and coordination of supply chains with outsourcing. IIE Transactions, 2002. 34(8): p. IV.
7. Baiman, S., P.E. Fischer, and M.V. Rajan, Performance measurement and design in supply chains. Management Science, 2001. 47(1): p. 173.
8. Demers, D. and P. Sathyanarayanan, Charting the SUPPLY CHAIN DNA. Supply Chain Management Review, 2003. 7(6): p. 48.
9. Weinstock, M., Risky business. Government Executive, 2002. 34(16): p. 40.10. Svensson, G., The impact of outsourcing on inbound logistics flows. International Journal
of Logistics Management, 2001. 12(1): p. 21.11. McClenahen, J.S., Get ready for the next SARS. Industry Week, 2003. 252(8): p. 12.12. Lee, H.L. and C. Billington, Managing Supply Chain Inventory: Pitfalls and
Opportunities. Sloan Management Review, 1992. 33(3): p. 65.
13. Moberg, C.R., T.W. Speh, and T.L. Freese, SCM: Making the vision a reality. Supply Chain Management Review, 2003. 7(5): p. 34.
14. Poirier, C.C. and F.J. Quinn, A survey of Supply Chain progress. Supply Chain Management Review, 2003. 7(5): p. 40.
15. Billington, C., HP cuts risk with portfolio approach. Purchasing, 2002. 131(3): p. 43.16. Montgomery, A., M.C. Holcomb, and K.B. Manrodt, Visibility: Tactical Solutions,
Strategic Implications, in Cap Gemini, Ernst & Young, Georgia Southern University, and the University of Tennessee. 2002. p. 21.
17. Piszczalski, M., Homeland Security vs. Global Supply Chains. Automotive Design & Production, 2002. 114(12): p. 16-17.
18. Bowman, R.J., Cargo Security, Good Business Practices May Go Hand in Hand. Global Logistics & Supply Chain Strategy, 2003(February 2003).
19. Whitten, D.L., Supply chain managers balance risk vs. cost in security and contingency plans. Transport Topics, 2003(3529): p. 3.
20. Cook, T.A., A New Security Mandate. Supply Chain Management Review, 2003: p. 11 - 12.
21. Quinn, F.J., Security matters. Supply Chain Management Review, 2003. 7(4): p. 38.22. D'Antoni, H., Behind the numbers: Real-time information aids supply chains.
InformationWeek, 2003(936): p. 71.23. Konicki, S., He's fixed on keeping the supply chain strong. InformationWeek, 2001(869):
p. 41.24. Konicki, S., Supply-chain adjustments key after attacks. InformationWeek, 2001(866): p.
72.25. Sheffi, Y., Supply Chain Management under the Threat of International Terrorism. The
International Journal of Logistics Management, 2001. 12(2): p. 1 - 11.26. Rice, J.B. and F. Caniato, Building a Secure and Resilient Supply Network. Supply Chain
Management Review, 2003: p. 22-30.27. Barami, B., Technology Fixes for the New Global Risks: Do they Address Asymmetric
and Non-linear Threats? Logistics Spectrum, 2003. 37(1): p. 14.28. Russell, D.M. and J.P. Saldanha, Five tenets of security-aware logistics and supply chain
operation. Transportation Journal, 2003. 42(4): p. 44.
