For today's companies striving for high performance, a lean and efficient supply chain can be a competitive advantage. Yet as supply chains grow in complexity, so does their risk of failure. Consider mountain climbers, who depend on the strength of their ropes. A 10-meter rope will carry some risk of fraying; a 100-meter rope has 10 times the risk. If those climbers were to attach one rope to another, the connecting point would constitute an added risk.

A modern supply chain is no different. It's a huge network extended through diversification and global reach; the supplier base almost inevitably includes multiple locations, some in far-flung places. As with mountain climbers, the risk of a breakdown is a function of the laws of physics and probability.

And breakdowns happen. News headlines have revealed the vulnerability of businesses across all industries. Natural disasters can take a devastating toll; the 2004 Indian Ocean tsunami and 2005's Hurricane Katrina, besides causing terrible losses of life, added up to billions of dollars in business failure. Man-made crises and upheavals are costly as well. The 2006 coup d'état in Thailand—an important sourcing location for global manufacturers—highlighted the political risks inherent in doing business in many parts of the world. And then there are the common, everyday failures that do not make headlines but add up to costly delays.

Unfortunately, the ability to predict and manage supply chain risk has not grown at the same pace as supply chain extension. Traditional risk assessments, which usually measure just a few variables, such as the probability and magnitude of impact, do not provide the specificity and sophistication needed to protect against supply chain disruptions—whether catastrophic or mundane.

For many years, "efficiency" was the primary goal of companies when it came to their supply chains. Today, a high-performance business must pursue something far more elusive: supply chain resilience. The day is coming when the efforts of companies to assure future earnings will be considered as important as hitting earnings-per-share expectations. If such assurance is to be possible, better supply chain risk mitigation and management are essential.

When it comes to business risk and security management, disaster recovery and business continuity (which ensures companies are quick to react so that basic operations continue) are the capabilities companies most often seek to improve. Increasingly, however, failure is not an option, because the margin between surviving a supply chain failure and going out of business is now razor thin (See Sidebar #1).

Indeed, a primary cause for concern today is the failure to take an approach to supply chain risk management that is holistic, continuous and proactive. Companies that do not act until a problem occurs may not be able to recover fast enough. Given the pace of change today, good risk management is increasingly always on and always aware. And it needs to quantify and manage the entire lifecycle of operational and environmental risk to which an extended supply chain is susceptible—which, according to a Conference Board study, is something that rarely happens (See Sidebar #2).

Achieving Business Resilience
What would it mean to have a resilient supply chain? Consider the example several years ago of two high-tech manufacturers that sourced critical manufacturing components from the same overseas facility. When a fire destroyed the plant one day, it crippled one of the companies, which could not meet customer demand for several weeks, contributing to a nearly $2 billion loss for the company that year.

Its competitor, on the other hand, had in place a proactive plan by which alternate suppliers could be quickly notified to ramp up their manufacturing processes. With a more resilient supply chain, the company was able to meet its production goals, and even boost its market share from 27 percent to 30 percent—a level more than two times that of its nearest rival.

Ensuring faster recovery from a supply chain disruption does not quite capture the full extent of the challenge, however. Also needed is a supply chain more resistant to failure—something that can be accomplished by supporting the supply chain with a variety of options and workarounds, including extended partner networks, response plans, deferment strategies and other techniques. Resilience, applied to human health, means not only recovering from illness faster but also warding it off more effectively in the first place. And so it is with a supply chain.

Instead of reactive notification and awareness of disruptions, a resilient supply chain would enable early detection through a 24/7 monitoring and alerting capability. With early warning about a possible risk event, a company can arm the right people with the right information, setting in motion predetermined collaboration and action plans that can prevent a disruption or lessen its impact (See Sidebar #3).

A Comprehensive Model Although developing this resilience takes time, one thing an organization can do right away is begin a more realistic assessment of the true risks facing its extended, global supply chain. Such an assessment is a key step toward developing the kind of holistic response that ultimately evolves into business resilience.

Traditional risk assessments lack both the nuance and scope to deal with a modern supply chain. They also lack the ability to accurately determine the financial consequences of various vulnerabilities, such as the cost of recovery, the cost of lost opportunities and the cost of mitigating those vulnerabilities in the future.

Traditional approaches generally focus on two risk parameters: probability and magnitude—that is, what is the chance of a particular disruption, and what would its impact be on the business? Those are critical dimensions, to be sure, but consider what is missing. Can the risk be detected easily or not? How long would it take for a disruption to be noticed, and what would be the possible impact of that lag time? How would the recovery period for one risk match up against others? To respond effectively, what would be the extent of the necessary supply chain reconfiguration?

These factors are incorporated into the Accenture Supply Chain Resilience Model, which can more accurately assess aggregate risk exposure for an enterprise across a richer set of elements. The model expands current thinking about supply chain risk beyond the obvious parameters of probability and magnitude; by themselves, those assessments often cause organizations to underestimate their total potential exposure.

The Accenture Supply Chain Resilience Model is also more of a living asset than conventional risk assessments. Instead of a one-time study that ends up just sitting on the shelf, the model is a critical tool that is continually administered, refreshed and integrated with supply chain processes.

The model aggregates risk exposure across six elements.

Probability of occurrence. This traditional element of enterprise risk management is augmented in the Accenture Supply Chain Resilience Model through probability simulation that looks beyond a single event, probing the multiple effects of an event on other components.

Magnitude of impact. Another traditional element, this is extended in the model so that impact is measured not only on operations but on business metrics such as shareholder value.

Detection difficulty. The scoring of detection difficulty is similar to the scoring of a Six Sigma technique called Failure Mode and Effects Analysis. That technique, usually used to assess the effectiveness of specific controls in manufacturing environments, is extended to enable an overall assessment of the difficulty companies may have in noticing that a particular failure has occurred.

Detection lead time. The occurrence of some types of events—a storm, a flood, a riot—is immediately apparent. Other types of risks are more subtle. For example, competitor and commercial developments may have profound impacts on a supply chain, but they may not even be understood, much less detected, for several weeks or even months.

Magnitude of recovery. This component is a compound metric of the financial, resource and time implications of a particular outbreak or risk, based on an estimate of the effort required to return a business to pre-outbreak performance levels.

Extent of supply chain reconfiguration. This element, which is related to the previous parameter, looks specifically at the costs and effort required for workarounds. Some responses will be faster and less costly than others, so a truly comprehensive vulnerability assessment would need to be able to compare these effects and weigh the relative costs and benefits of various remediation options.

Applying such a model can help organizations refine and enhance strategies. It can also identify important capability gaps—people and process, as well as technology—and support the creation of a program to close those gaps in a prioritized manner and on a continuous basis. It can also help companies increase their compliance with regulatory or legislative mandates.

Essential for High Performance
Missing from traditional approaches to supply chain risk management has been a clear sense of how intimately connected such a capability is to protecting earnings and shareholder value. Building and sustaining comprehensive business resilience, especially resilience of the supply chain, is essential for achieving high performance.

Older approaches to risk management are not up to the daunting complexity of today's global supply chains. By better understanding the financial consequences of supply chain vulnerabilities, companies can better appreciate more proactive approaches that focus on developing ongoing resilience, not just recovery from disasters or other disruptions.

By building supply chain resilience, companies can reduce the magnitude and duration of major business disruptions. More important, they can develop the kind of predictive capability that helps avoid a disruption, or that puts proactive workarounds in place so that major risk events that do occur have minimal impact on the business.

World-class prizefighters can take a hit and recover quickly. But the champions, the high performers, are those who know how to avoid getting hit in the first place.

Sidebar #1
A false sense of security A recent Conference Board study reveals the prevalence among corporate directors of a fragmented, case-by-case approach to enterprise risk management. The study, based on interviews and a survey of 127 US corporate board members, suggests that corporate directors have a false sense of security with regard to their supply chain risks. When it comes to risk management in general, directors say, they approach risk based on a particular business need—a merger or acquisition, perhaps, or a strategy to expand into a new market.

The directors certainly understand these need-based risks well—about 90 percent of them said they understand the risk implications of any given strategy. But the numbers dip to 59 percent when it comes to understanding the bigger picture—how business segments interact in a company's overall risk portfolio—and then to 48 percent when it comes to ranking the impact of different kinds of risk.

Sidebar #2
Supply chain risk

An Accenture study led to a detailed summary of the most common supply chain risks. These include volatile fuel prices, the supply and cost of raw materials and labor, the complexity of services and products, and manufacturing capacity. Although the list of risks is ranked in order of severity—as determined by the executives surveyed for the study—there is actually a high degree of volatility in the ranking. That is, one of the real challenges in managing supply chain risk today is that it's not good enough to focus on only the most threatening risks, because the relative severity of those risks may shift from day to day, or even from minute to minute.(See Figure 2)

Sidebar #3
Resilience in action

Here is what supply chain resilience might look like in action. Consider a high-tech manufacturer headquartered in California but with an important optical disk drive factory in Taipei. A major fire breaks out at the factory at 5:30 a.m. US Pacific time. Predesignated managers at the company's San Jose location receive immediate notification from a business resilience service, delivered to their chosen mobile device, alerting them to the situation.

This alert triggers action plans and predetermined responses created through months of risk planning that is part of a comprehensive effort to build a supply chain resilience capability. By 5:39, managers are looking at the action plans to determine the optimal response to the factory fire based on the company's existing and anticipated orders. The managers authorize the Taipei staff to proceed according to established action plans and clearly defined roles. Already the executive dashboard capability provided by the business resilience service is supplying real-time information and status, which continues throughout the crisis.

By 6:00 a.m., a crisis response team has notified an alternate optical disk drive supply source and has distributed a message with a request concerning supplemental orders. Deliveries are re-routed and inventories are rebalanced based on planned shortages. At 6:20, as the fire continues to rage at the Taipei plant, company leadership has confirmed supply commitments from alternate suppliers. By 6:30, only one hour after learning about the fire, the company is assured that it will be able to fill incoming orders and meet existing demand without interruption or loss of business.

A dramatization, to be sure, but a realistic one given existing strategies, technologies and applications. All of the capabilities demonstrated were made possible through a holistic and proactive approach to supply chain resilience, including intelligent planning, continuous monitoring and a well-designed response model.

Sidebar #4
Failure is not an option

Studies of supply chain failure paint a grim picture. A Georgia Tech study found that following the announcement of a supply malfunction, a company's stock price plummets an average of 8.62 percent, and shareholder wealth decreases by $120 million or more.

A recent Accenture study of supply chain risk management has underscored the pervasiveness of supply chain failures. Seventy-three percent of the 151 US companies surveyed had experienced a supply chain disruption in the previous five years. Half of the supply chain executives at these companies think the risk to their company's supply chain will increase in the next three years. Most telling, only 17 percent of these executives say their companies understand and manage supply chain risk well.

About the Authors

Russ Beverly is a senior manager in Accenture's North American Supply Chain Strategy group. With more than 14 years of experience in the high-tech, consumer products industrial products and retail industries, Mr. Beverly's supply chain expertise includes strategy, resilience, collaboration and profit optimization. He is based in Hartford, Connecticut.

Jade Rodysill, a senior manager in Accenture's North American Supply Chain Strategy group, helps clients across industries improve their performance through innovative supply chain strategy solutions. His work focuses on supply chain strategy, fulfillment/logistics and risk management, including freight security. Mr. Rodysill, who is a member of the Council of Supply Chain Management Professionals and a board member of its North Texas Roundtable, frequently speaks with the media on a broad range of supply chain issues. He is based in Dallas.

The following people also contributed to this article: Greg Cudahy, Atlanta-based managing partner of Accenture Pricing Strategy & Profit Optimization and Accenture Supply Chain Strategy; Ken Silbert, New York-based managing partner of Accenture Supply Chain Operations & Delivery; and Steve Kotleba, a Chicago-based consultant.

To Top