Companies like to think of their supply chains as unique, but the issue of supply-chain security can be viewed in general terms, says Wheeler. The biggest risks often are those that are ignored or invisible. Even the failure of a small supplier can have a big impact on global operations. Then there are the events that are virtually impossible to predict, such as the eruption of the volcano in Iceland in 2010.
Companies need to be examining risks both inside and outside their own organizations. Merely berating an independent supplier doesn’t solve the problem. “If it happens again, all you can do is go back and beat them up again, or replace them. All the while this is impacting your supply chain, and causing harm to your brand.”
Most of all, Wheeler says, companies need to guard against complacency, as typified by the attitude of “We’ve been facilitating them because that’s the way they’ve always done it.”
Many top executives aren’t doing all they can to protect against supply-chain disruptions, Wheeler says. They need to do a better job of selling the company on the value of a concerted effort to minimize risk, no matter how low the probability of a given event.
A good security program involves five critical elements: a detailed risk analysis, visibility to the entire supply chain, transparency of suppliers, auditability of the entire process, and good business continuity and planning response.
The management of multiple tiers of suppliers can be “a terrifically difficult task,” says Wheeler, “but it’s an extremely important one. A lot of times companies don’t go beyond their own four walls.” Or they’ll stop with tier one suppliers, losing visibility up the chain.
