Marsh's Supply Chain Risk Management Practice recently conducted a survey of 110 risk management professionals to assess risks related to the supply chain and best practices in managing those risks. Beth Enslow, who has more than 20 years' experience researching and advising companies on physical and financial supply chain optimization and related risks, authored the resulting report, Stemming the Rising Tide of Supply Chain Risks, http://global.marsh.com/risk/supply_chain/register.php. Enslow sat down with us to discuss the survey's findings.

Q: Before we get into the survey results, can you help us understand how supply chain professionals and risk management professionals typically relate to one another within the enterprise?

Enslow: Traditionally, risk management professionals have dealt in a very quantitative way with risk inside the four walls of a company, which includes issues like workers' compensation or property insurance to protect you in case there is a fire in your plant or a plant is struck by a tornado - things like that. Mostly, they have reported up through Finance to the CFO or Treasurer and they haven't really had much interaction with supply chain operations and functions. Supply chain professionals have basically managed risk and disruptions in the supply chain sort of on the fly, perhaps having a contingency plan in the back of their minds in case something goes wrong. Historically, there has been no merger between the strategic view of enterprise risk and the functional activities of the supply chain. Supply chain risk really was not thought of from an enterprise viewpoint.

As our study shows, however, a variety of drivers are causing companies to realize that supply chain risks are increasing and can have a domino effect. Procurement may make a decision on a supplier because it looks good on paper, but perhaps that supplier doesn't have good quality processes in place or maybe its factory is sitting in an earthquake zone or logistics and transportation services from that supplier turn out not to be reliable. Those problems can run downhill through the rest of the organization and have a significant strategic impact. So companies need to be proactive in managing these risks versus just reacting to things that go wrong. The way to do this is to have a cross-functional team that includes both supply chain and risk managers, which is what we are seeing the best companies start to do now.

Q: What are some of the causes for increased supply chain risks?

Enslow: The growth that companies see in supply chain risk was one of the big "ah-ha's" of this study. Close to three out of four companies that we surveyed say their supply chain risk levels have increased since 2005. So we have to ask why this is the case. We believe there are two clear reasons. One is the continued leaning out of supply chains. With lean manufacturing and inventory processes and just-in-time initiatives, we have taken a lot of the traditional shock absorbers to risk out of the supply chain. Two, we have, at the same time, become more global from a manufacturing and sourcing perspective, which means we have more hand-offs between partners and more opportunities for things to go wrong because the supply chain is so much longer. These are the two issues that are causing this dramatic growth in supply chain risk.

As risks increase, executives are paying more attention. The CEO, the CFO and boards of directors are seeing that supply chain risk is no longer just about whether you are able to deliver to the customer on time. It becomes an issue of corporate brand and reputation and even an issue of earnings and stock price. So they are now actually going to their risk manager and asking whether supply chain risk is under control. And the risk manager is looking at this and having to say, "not so much." A company might be doing a good job of understanding its risk within the four walls, but does it understand the vulnerability of its suppliers or its suppliers' suppliers and the impact those vulnerabilities can have on the enterprise? According to this study, the answer is overwhelmingly no. So companies are starting to think about this and about the processes and policies and contingency plans they need to have in place to protect themselves. They are just at the beginning of that process. The good news is that we are seeing these discussions start to happen. We are seeing companies start to form these cross-functional teams, which use their collective knowledge to make different business decisions.

Q: Were there other ah-ha's for you in the survey results?

Enslow: The other big ah-ha was around the different ways that people define a "critical" supplier. If you ask your procurement director whether the company has contingency plans in place with its top 10 critical suppliers, he may very well say, "yes, we do." But, in his mind, the top 10 suppliers are those that the company buys the most from. In reality, though, what could bring the company down is a low-cost screw or something that is sourced from only one supplier. I recently saw a case like this where the part was a paper filter, which was very inexpensive but it was sourced from one supplier that had only one factory, so this was a critical vulnerability. When you look at risk, you need to put on a different lens in order to find the hidden vulnerabilities in the supply chain. For example, in a large organization with multiple business units, each unit might be doing its own sourcing. Without realizing it, a company could end up with a majority of its supply coming from one geographic region and that might be in an area that is vulnerable to hurricanes or tsunamis or political unrest. From a corporate perspective, you might not want to put all your eggs in that particular market basket.

Q: What are the innovators in this area doing differently?

Enslow: Cross-functional teams are a significant way that innovators are improving performance in these areas, for all the reasons we just talked about. We see companies with these teams making different business decisions. I recently was talking with an apparel manufacturer that used to source its highest revenue-producing product line from one supplier and one geography. After creating a cross-functional risk team that included the vice president of finance, the company decided that it needed to have five different suppliers in five different areas of the world to ensure that it could continue to get this product on the shelf and maintain the company's revenue stream, no matter what happens. Another example that I find fascinating is a spice and nut importer, a small company, that traditionally sourced by going to the low-cost supplier. But some of the countries it sourced from in Southeast Asia and other emerging markets began putting restrictions on how much of these goods could be exported and in some cases those restrictions might vary month to month depending on the local market needs. So now this company only sources from suppliers with operations in multiple countries. With all the food shortages we are reading about now, I think this is going to be a more common occurrence.

Q: Are there other best practices?

Enslow: The biggest differentiator betweens innovators and others is that innovators are nine times more likely to have consistent company-wide processes for supply chain risk management. It's hard to have that if you don't have some kind of cross-functional group in place. That's the biggest hurdle companies' face. There may be pockets in the organization, either geographically or functionally, that are doing a really good job with supply chain risk management and pockets that are not. Making sure there is consistency across the organization from a supply chain risk management perspective and embedding those responsibilities into supply chain operations is key. This may just mean that within your normal supply chain processes, you ask a couple of smarter questions so you are able to perhaps analyze with more precision which parts are critical and where those interdependencies are hiding. It's not like bringing a whole new process into the organization, but rather strengthening and enhancing existing processes.

At the end of the day, what executives want is to be able to have reliable answers to questions like: What are our supply chain risk levels? Which of our regions or suppliers need more attention? How would a disruption impact our cash flow or market share? What will be the impact on our customers? Again, we are in really early days here. Even innovators that tend to adopt these processes earlier than others are still refining metrics around supply chain risk.

Q: So the first step for companies to take would be to develop a cross-functional supply chain risk team?

Enslow: Yes, definitely. This team should start asking hard questions, even if the company may not want to hear the answers. As one example, one thing that companies need to take a look at now is the whole issue of the cost of doing business in China. Food prices there have risen 23 percent since February. Studies show wages going up between 5 percent to 10 percent a year and raw material costs rising 7 percent a year. Fuel costs are a huge issue and as China becomes more concerned about the environment, costs will rise. Companies are fooling themselves if they think their China-based costs will remain the same.

But when you start down this path, don't try to do everything at once-today's supply chains are too complex for that. Start from a value-based perspective, by identifying your most valuable product lines, whether based on brand reputation or revenue stream or future growth market. Look at a limited range of products and find out where there may be some hidden exposures that you can take action against.

RESOURCE LINK:

Marsh, www.global.marsh.com