First Thoughts
  By Dan Gilmore - Editor-in-Chief  
  Sept. 21, 2012  

Supply Chain Risky Business Part 2


In case you haven't noticed, the world is growing crazy - and that is making supply chain risk management even more impossible than it already is.

So, I have at least one supply chain homework assignment for everyone out there that needs to be completed very soon, or I have to give you an incomplete. If you have not already done so, your company needs to play out the potential supply chain ramifications if Israel does in fact launch a military strike against Iran's nuclear facilities sometime soon.

Gilmore Says:

We can't even write about these risks fast enough - how can supply chains possibly manage them well?

Click Here to See
Reader Feedback

I think it's safe to put the odds of that event at about 50-50 right now. And the impact could range from moderate to severe. You need to be thinking about that in detail. More on that just a little later in this column.

But first, in addition to the possible attack on Iran we have:

• Exploding protests and violence against the US in many countries that may settle down - or escalate

• China and Japan are battling over control of a group of islands in the Pacific, and no kidding China is said to be preparing for potential war against Japan over the issue. Wonder how that might impact lead times out of China. Japan, by the way, is having a big national debate over China sourcing as a result.

• Meanwhile, growth in China is dramatically slowing, which will be bad for companies looking for their own growth in China. There is also growing risk that many manufacturers there will go under as export volumes crash - maybe your supplier, or your supplier's supplier. Exports in China rose just 1% in July and 2.7% in August - from over 20% in both months in 2011. That is looking a lot like a "hard landing." China has too much capacity in many sectors.

• Never ending severe financial woes in Europe. I am frankly sick of hearing about it.

• The US has just filed a major trade complaint at the World Trade Organization against China relative rules-breaking subsidies for its auto parts exporters, and China reciprocated with complaints relative to a number of US products. Many believe the US-China trade imbalance is unsustainable, and perhaps protectionist policies will become a weapon to be used.

There's more - but how many risks can our supply chains really comprehend or manage? I mean, all these sorts of macro risks are on top of the dozens of other risks our individual supply chains have to manage or mitigate on a near daily basis, from supplier failures to input price volatility and a lot more. We can't even write about them fast enough - how can supply chains possibly manage them well?

I have heard many excellent presentations on approaches to risk management that various companies have taken, and been mightily impressed by much of the thinking. And we must recognize that one of the problems is that when a major supply chain disruption impacts a company's financials, stock price, brand, etc., the CEO doesn't say "I realize there were just too many risks for you to possibly mitigate against. Don't worry about it." No, he or she will call the VP of Supply Chain on the carpet, and maybe let him or her keep their job if the damage was only just modest.

So, we have this extreme need to mitigate risks, but in reality there are simply too many of them to understand let alone mitigate, and relatively little "best practices" or tools to apply to the battle. One of my favorite quotes in recent years was from a Toyota executive last year after all of the supply chain fallout from the impact of the earthquake/tsunami in Japan, which cost the company - vaunted of course for its supply chain excellence - billions of dollars. "We thought we had control of our supply chain," he said. "It was an illusion." For how many other companies is this true?

One of those excellent risk presentations I saw was years ago from an executive at Fortune Brands (I believe), who said basically that there were far too many risks for the company to manage centrally. So it applied some six sigma thinking to the problem and basically set up a structure, templates, etc. for different sites and functions to develop their own risk management plans. "Corporate" then created an audit program to check whether those sites and functions were getting their risk work done. Maybe that is the only answer. Decentralize it.

David Simchi Levi of MIT and OPS Rules introduced in SCDigest earlier this year a new Risk Exposure Index, which provides a model to at least quantify a company's financial exposure to a given supply chain disruption, so executives can better understand the full risk potential and make more informed decisions on how much it is worth investing to mitigate the risks.

And that is really good for any specific risk – my point is there are so many of them today they are just more than can possibly be managed using almost any tool or methodology.

Goodrich (just recently acquired by United Technologies) has developed a very nice service that provides an internal "risk register" that details events and developments that could pose supply chain risks, from a supplier's financial troubles to political developments in a given region. It doesn't mitigate the risk, but it provides a very comprehensive list of all the risks that are looming out there. That can then at least enable companies to see all this whirl, and proactively decide what they need to or can take action on, and which they can't or shouldn't.

There are also third party services out there (e.g., Dow Jones Supplier & Risk Monitor) that can provide at one level similar information, but what Goodrich is doing is in an even more company-specific context. I hope Goodrich can maintain the staffing and energy to keep the fine effort going.

So, let's get back to Israel and Iran. Again, in case you missed it, the US and other countries had mine sweeping "exercises" in the Straits of Hormuz this week. This was not a coincidence. This has to indicate that the US thinks an attack on Iran is at least somewhat likely, and that it wanted to show Iran that any ideas it has about mining the Straits in retaliation will be futile.

So, assuming an attack does happen:

• Oil prices will immediately soar to somewhere between $150-200, according to oil industry expert Stephen Schork.

•  How long it stays up there will depend on how Iran responds and how effective that response is. Direct attacks on Israel, for example, or any successful mining operations will prolong/expand the impact.

•  Oil not only impacts transport costs but those of many other inputs/materials (e.g, plastics) that need to be considered.
Ports will be on high alert, and the flow of goods will slow for some period, perhaps substantially.

• Demand in the Middle East will drop dramatically for most things for a while. How much? Who knows? If you have supply sources there, you could also see disruptions as well. Procter & Gamble had to close factories in Egypt for some time earlier last year during the Arab Spring.

•  There could be disruptions in other Muslim countries in response to the attack (e.g., Pakistan, Indonesia), expanding the disruption zone. Apparel companies beware.

• As always, you have to consider not just first tier supplier disruptions, but second and third tier ones.

Companies need to play out some of these scenarios, determine the potential supply chain impact for an event no one wants to think about, and mitigate as appropriate. Again, I would say there is a 50-50 chance, and if it happens, it will likely happen in weeks or months. But of course, if it doesn't happen, all that effort and work were at one level for naught.

But the work still needs to be done. If an attack happens, you will be so much better off from having been proactive and understanding the scenarios and what you are going to do for each one.

I am sensing that supply chain risk management is becoming overwhelming. It's like we would need a whole team of people to really do it well, and even then it is impossible to really well manage a complex supply chain.

But there are two foundations, and those are fully mapping and modeling our supply chains, which offers a path to at least partial success. We'll discuss that in more detail sometime soon.

Or is the job easier than I think?

Is supply chain risk management becoming an almost impossibly large job? What weapons can be effectively used? Let us know your thoughts at the Feedback button below.



Recent Feedback

Just read your article "Supply Chain Risky Business" and I had to let you know how spot on I think you are.

You not only discussed the issues but also did it in a fun and thought provoking way.

One risk you left out: squirrel's knocking the power out.  We monitor global supply chain events and I see them all the time.  An example is available at the link below:  


Jon Bovit
Chief Marketing Officer
Sep, 21 2012

Yes, I agree that SCRM is a overhelming task, and it will be continued. As we have good Enterprise Risk Management frameworks like COSO and ISO 31000, sound supply chain risk management frameworks can ease the daunting task of managing supply chain risks.
First, managers need be clear on the distiction between ERM and SCRM and decide the Scope of SCRM. Then, organization wide capabilites and risk management governance structures can be developed. Its is very difficult for top managers to invest on mitigating the impacts of unknown things.

We are doing research work in this area and need some funding to take it at higher level.

BITS Pilani, India
Oct, 11 2012