As has been confirmed by the events of the last year, risks to an organization can come from any number of often unpredictable sources, and can result in an impact far more serious and long-lasting than anyone would have imagined. Relationships that up to now have been assumed to be secure, from banking relationships to the stability of a country’s financial system, have been called into question. From a business continuity perspective these escalating risks were highlighted by an article published in late December on Bloomberg.com (http://www.bloomberg.com/apps/news?pid=20670001&refer=&sid=a67TdTDZscbQ).
In the article, officials from several Japanese auto manufacturers and other industry experts expressed concern about the potential for “supplier shock” resulting from the problems facing the Big 3 U.S. auto makers. Disruptions to common suppliers resulting from the decline in business from a competitor such as General Motors could endanger the supply chain of otherwise stable manufacturers. Those considered particularly at risk, according to the article, are the smaller “…tier-two or tier-three suppliers that often fly under the radar…”
So what can be done from a business continuity perspective to help manage these expanding supply chain risks? Many organizations, as part of their business impact analysis process, identify supplier dependencies. Some make inquiries as part of the contracting process, usually through a questionnaire, to determine if key suppliers have continuity plans. Few, however, carry their analysis much further than that. In order to manage the business risk associated with a supply chain failure, more complete information is needed. New sources of surveillance and expertise that tap into all areas of your organization need to be identified, brought together and focused through a unified process. Regular reviews of key business partners’ financial health should be conducted on an annual basis, potentially by the CFO’s office or other internal finance professionals. At a minimum, reviews of financial statements of public companies should be a baseline part of the process. Smaller, and potentially more dangerous, privately held suppliers may require additional measures, including contract language and more collaborative relationships, to gain access to needed financial data. Beyond the financial stability of key suppliers, a more complete risk picture needs to be assembled to understand supplier risk. Additional sources of information or expertise could include some or all of the following:
Manufacturing might best understand the materials that your organization uses -
- Are they custom and/or single sourced?
- Are they commodities easily purchased from other sources?
- Who else uses these materials?
Supply chain or logistics entities would best understand the source and shipping issues related to key raw materials -
- Are there any potential logistics or shipping points of failure?
- Are there concentrations of suppliers in a particular country or region?
Marketing or sales might best understand the competitive landscape and how key competitors could impact your supply chain -
- Can they estimate the strength and stability of competitors who have similar products utilizing mutual suppliers?
- What are current overall industry trends and forecasts?
Finance might have the clearest picture of the financial landscape of your company and the industry at-large -
- What trends in capital availability are they seeing across the industry? On your company in particular?
It’s probably obvious at this point that much of what is described above falls above and beyond the scope of business continuity as many organizations define it. Which brings us back to the question, “So what can we (business continuity professionals) do?” And the answer is to do what we do best: establish a process and coordinate between multiple client groups. The key problem, as is often the case, is getting the idea in front of the right audience.
If your company has an enterprise risk management (ERM) group and you are not an integral part of their process, now would be a perfect time to approach them and get their support and assistance in applying existing, proven methodologies to the supply chain issue. If formal risk management is not part of your corporate culture, do some research and identify an appropriate methodology, such as the Failure Modes and Effects Analysis (FMEA) that will fit in your environment and approach the executive who has the most exposure to risk management, generally the CFO.
Once a process has been established and data has been collected and analyzed, the organization will hopefully have a clearer picture of the criticality and vulnerability of its key supplies and suppliers from a global perspective. Plans can be put in place to monitor volatile situations, whether it’s the deteriorating credit markets in a supplier’s home country or the rapid decline of another company that has a significant relationship with one of your key suppliers.
After this analysis is complete, the truly difficult part, and the part that business continuity can do the least to influence, begins: building appropriate solutions to mitigate the likelihood or impact of the identified risks. Solutions broadly fall into three categories:
- Buffer supplies to both raw materials and finished products to guard against potential shocks to the delivery system and loss of less critical suppliers
- Establish and support secondary suppliers of critical materials or services
- Work to develop a better understanding of key suppliers and build partnership relationships where possible to encourage greater sharing of information (possibly even spending time with your most important suppliers and business partners and coach them on appropriate planning techniques that meet your expectations)
Some of the solutions mentioned above run contrary to LEAN and just-in-time methods that have dominated business planning for a number of years. However, the documented and escalating risks of the last year have amply demonstrated the need to revisit these business models – not reverse them, but introduce flexibility where appropriate. A more comprehensive model that actively monitors and adapts to maintain business risk at an acceptable level should be examined by all businesses that rely heavily on suppliers, especially those with unique or international characteristics.