Do you feel supply chain risk management is too complicated to implement?
It's ok if you feel overwhelmed by theories because you're not alone. Based on literature review by Behdani et al 2012 called "How to Handle Disruptions in Supply Chains – An Integrated Framework and a Review of Literature", academic articles in this area is centered around 2 themes, namely, Risk Management (before disaster strikes) and Disruption Management (after disaster strikes).
There are so many sophisticated methods to analyze supply chain risks. To be exact, if you read one article every day you will have different articles to read for more than 4 years straight! But when it comes to the disruption management, there are less than 10 articles indirectly discuss about this.
For practitioners, one question arises, how do I know supply chain risk theories actually work? Because it's quite difficult to put theories to the test and nobody wants to test it!
Cisco System Case Study
The only solid case study about supply chain risk is definitely from Cisco System. The company won the ISM 2012 Award for Excellence in Supply Management (category:process). And according to the U.S. Resilience Project, its methods has been tested under many extreme circumstances such as,
- 2008: Chengdu Earthquake in China
- 2009: H1N1 Outbreak in Mexico
- 2011: Earthquake/Tsunami in Japan
- 2011: Thailand Floods
There are very unique ways how Cisco Handles major supply chain disruptions. They develop a system called "Risk Engine" which incorporates 100-year flood data, geological and geopolitical data, site incident data, supplier performance and so on so they can predict the magnitude of disruptions. Another thing is a very extensive supplier database.
However, the logic Cisco uses to manage the disruption is very robust and details are summarized into the infographic below,
In details, the whole system Cisco develops is far more complex than this. But the purpose of this infographic is to extract the goodness that the ordinary people in the ordinary companies can use with confidence. Nevertheless, there are things to consider as below,
- This article doesn't show you how to classify/identify risks. Then, it's highly recommend to adopt any method you feel comfortable with, simple risk analysis method may work well. The reason is that, from my observation, Cisco manages suppliers at scale. If you can manage more than 1,000 suppliers (>95% of your total spends). You are most likely to survive and thrive like Cisco.
- Robust risk mitigation strategies really work. Cross-functional team, part standardization, back-up suppliers, dual-sourcing, supplier collaboration are the basic foundation that is tried and true. These strategies will help you in both normal circumstance and situation under disruptions.
- Metrics look very simple and it's kind of nice to have something like these. But when you look closely, metrics are segmented by the level of impact (impact at component level, process level and site level). In general, you may not be able to get all level of metrics.
- Even though there are some methods that can help you to quantify the financial impact of disruptions, it can be illusive. Because the impact of disruption is time-based, you need to determine the length of time under disruptions. In my opinions, you can segment the impact by product category (strategic or non-strategic products) or constrained materials (product with long lead-time).
- You need a very extensive database that you can pull out the necessary data easily so assemble of war room will be productive. Also, Cisco includes many stakeholders in the war room such as internal parties, representatives of all related suppliers, logistics providers and someone from sale channel. This is definitely the secret sauce to the success.
Since Cisco outsources most of their manufacturing activities, this method may not work if you're a manufacturing company and you're in the impact zone. Yes, there is one paper discussing about how the manufacturing companies in Japan survived disruptions (the hard way) called "Supply chain lessons from the catastrophic natural disaster in Japan" by Park et al 2013. Common robust strategies are supplier collaboration and part standardization.
The interesting point about the incident in Japan is that, even though you have back-up suppliers (someone you're not currently buying from but you can switch to if you want) or you currently do dual sourcing (you're buying the same products from 2 or more suppliers at the same time), if these alternative sources are in the same area, it's game over! So the alternative sources should be in totally different locations or ideally, in the different countries.
Lesson learned from Japan is that, you need another kind of IT system if you're in a manufacturing company. You need the offsite data storage that contains the manufacturing data such as BOM, routing, manufacturing procedures, supplier/customer data. So when your own factory is hit, the alternative sources can use these data to start a production.