As difficult as it is to respond to events that cause global disruption, I’ve noticed that all parties involved in problem solving lack the ability to respond with the speed required to mitigate risk. When you see what is required to collect all the data for global systems and then to make sense of that data, you start to understand the lag in response times.
This makes me think as a supply chain practitioner that we need an agile mechanism to enable the ability to sense and predict the possibility of risk well in advance of it occurring. This can give your company precious time to come up with necessary response plans, or even better, a preventive plan.
Here are 3 steps to build your supply chain risk management capability:
Step 1: Identify potential supply chain risks
There are many types of supply chain risks that include:
- single/sole sources
- risks of key suppliers in locations with demographic or geopolitical change
- risks caused by natural disaster
- international trade policy, or fiscal and monetary policy in related countries
Step 2: Develop a mitigation plan
Mitigation plans can include both preemptive plans which mitigate risks as well as response plans which enable quick recovery should the risk become reality.
When you develop mitigation plans, you need the capability to conduct what-if simulations. This helps you to quickly understand the level or severity of a risk, so you can judge the business case for the investment required to implement a corresponding mitigation plan. This includes developing alternative sources or building up safety stock.
Step 3: Monitor and respond
After mitigation plans are ready, you must be able to continuously monitor the supply chain for a risk event. Mitigation needs to happen before an event occurs, so that if disruption occurs, response plans can instantly kick in.
So how can we effectively monitor supply chain risk events? In my previous working experience in one of the big four auditing firms, I had the opportunity to work with colleagues from the risk management team to develop a framework for integrating key risk indicators (KRIs) with key performance indicators (KPIs) for a global leading chemical company. I think that it is valid to apply this framework to supply chain management as well.
Let me clarify the definition of business drivers, KPIs and KRIs first.
- Business drivers: The drivers (processes, competencies, information or tasks) that help to support the fulfillment of a business objective. These external or internal influences significantly impact key outcome metrics. Business drivers provide the linkage to outcomes.
- Key performance indicators (KPIs): Metrics for measuring and evaluating business performance and the attainment of organizational goals and objectives. KPIs are directly linked to the organization’s strategy and developed through the strategic planning process.
- Key risk indicators (KRIs): Measures to determine the level of risk in an activity and to indicate the possibility of future adverse impact. KRIs could be drivers that are correlated to KPIs.
Here is a sample value tree of supply chain KPIs which we use to measure supply chain efficiency and effectiveness and its contribution to business objectives.
For each KPI, we can identify corresponding KRIs. For example, supplier delivery performance will impact the achievement of the on-time-in-full KPI. In Japan, we know that there are lots of natural disasters; furthermore, due to the decreasing birthrate, many small suppliers are facing successor problems. We can develop a KRI to measure the adoption rate of a single source supplier’s business continuity management (BCM) programs. If the adoption rate decreases quickly or is under predefined thresholds, an alert would be triggered for action. You can also define another KRI to measure key suppliers’ time to recover if they are directly impacted by a disaster.
You can then develop an integrated value tree by combining KPIs and KRIs. You can see below how risks will impact your objective realization.
It may be difficult to define a formula to calculate the correlation between KRIs and KPIs. This could be a use case for statistical tools or machine learning technology.
If you use a control tower system, such as Kinaxis® RapidResponse®, you can incorporate KPIs and KRIs. This gives you the ability to generate alerts triggered by external events, so you can proactively take action instead of being in firefighting mode after a disruption happens. P&G is a great example. The company sensed weather information to identify the potential disruption caused by a looming hurricane. P&G was able to develop business continuity plans to move resources to other sites so it could continue serving its customers. Along with maintaining exceptional service levels, the company experienced little impact on its financial results.
Many other companies have employed similar strategies to mitigate risk in the face of disruption. Learn more about their experiences and advice for creating your own risk mitigation strategies on our disruption best practices page.