The recent supply chain disruption experienced as a result of the Hanjin Shipping Co.’s financial and legal troubles is neither the first nor unfortunately will it be the last case of the supply risks encountered these days. Thus, every organization must consider an integral element of doing business in today’s global economy.
Seeing that an ongoing series of major disasters over recent years, such as the earthquake and tsunami in Japan; flooding in Thailand; fire at a Bangladesh factory that resulted in the loss of 100 garment workers; a dock strike in Belgium; droughts in Brazil; and ongoing political turmoil. In addition, there are many supply chain disruptions caused by events that are so localized, they are not reported by the media or noticed outside the immediate area. Consequently, fragile economies throughout the world must raise the level of concern.
Bottom line, that the supply chain risk is always present, and must be managed, is a business fact of life.
Regardless of the size of an organization or the product or service it delivers, the more global the supply chain, the greater the number of risks, and the greater the potential for supply chain disruptions.
Many companies have made impressive strides over the past several years as they have developed and implemented programs that evolve the management of supply chain risk from a reactive approach to a comprehensive, from a proactive approach to mitigating and managing supply network risk. For some, this has required a significant investment of financial and human resources to improve and expand existing continuity programs. For others, it has meant starting from scratch to identify and address their supply chain vulnerabilities.
Whatever the starting point, questions are often asked regarding a comprehensive business continuity program. “What is enough?” “Are we heading in the right direction?” “How can we measure our business continuity management capability against best practices?” “What are the expectations of interested parties?” What separates the most mature and robust programs from the rest?
We can begin by asking ourselves some rudimentary questions based on accepted best practices and standards. What is the level of executive involvement and support? Is supply chain continuity integrated with other enterprise risk management/continuity programs? In the case of an existing program, how often is the program reviewed and updated?
Primarily, an initial measure of an organization’s supply chain continuity management capability can be based on asking how true the following statements are for the organization:
- The organization has selected and adopted a business continuity standard such as ISO-22301 that encompasses its supply chain.
- Supply chain business units participate in the company’s business continuity program and are fully represented at the business continuity planning table.
- Resources – people skills and hours and financial means – are made available to adequately support supply chain continuity/risk management program development, implementation, and maintenance.
- Supply-chain-related business continuity responsibilities are included in job descriptions, and business continuity knowledge, experience, and certification are taken into account when hiring and promoting.
- Employees with supply chain continuity responsibilities are provided with the necessary business continuity training, fully participating in exercises and tests.
As part of a risk assessment process, the supply chain has been mapped from raw materials through delivery to the customer, to identify and quantify the risks and appropriate risk treatments (mitigation).
- Selection of all suppliers, outsourcing companies, and contractors – upstream and downstream – includes quantifying the associated risk and the business continuity capabilities of the applicants.
- Supplier relationships are developed and cultivated. All suppliers are made aware of business continuity requirements and expectations and are encouraged to develop a robust business continuity program based on an accepted standard. Joint business continuity planning conducted with key suppliers is mutually beneficial.
- Post-contract, suppliers are monitored for “red flags” and negative changes in risk factors such as their financial stability, significant changes in management approach, a decreasing level of quality, or lag in deliveries or response time to inquiries, to avoid today’s dream supplier becoming tomorrow’s nightmare.
- A process is in place to monitor the horizon for new risks and threats, thus avoiding addressing only those supply chain disruptions that have occurred in the past.
There is a cyber-security awareness program that includes securing supply chain internal data and information systems and collaborates with third parties who provide products and services to the company.
- The company has in place trained continuity teams, strategies, plans and adequate resources to respond when there is a disaster or significant supply chain disruption.
Using this checklist will provide an indication of the sufficiency of the organization’s supply chain continuity program and capability, gauge its progress, and identify areas for improvement; however, it is not by any means a replacement for a comprehensive assessment. To fully evaluate how closely the program aligns with organizational policies and objectives, regulatory requirements, and the selected standard, (e.g., ISO-22301), – and an unbiased accounting of strengths and areas needing improvement, requires a comprehensive review or an audit.
Regardless of the current level of program maturity, making supply chains risk resilient must always be a work in progress. Once the initial continuity planning objectives have been achieved, there needs to be a cyclical process of continuous improvement to ensure that the needs and requirements of the organization and its stakeholders are met. Review your Business Continuity Plans. Identify and mitigate your internal and external supply risks. Develop and implement workable strategies and plans to manage supply chain disruptions and disasters.
Presently, supply chain environment is characterized by a growing realization and understanding that some of the major risks an organization faces may come from its supply chain. This realization comes with an undeniable need to identify, mitigate, and when possible, eliminate these risks, and to develop robust strategies to continue with steady business operations when a significant disruption does occur. Moreover, in today’s precarious world, supply chain continuity relies both on internal capability and wisely selected and carefully nurtured supply chain partnerships, creating a firm foundation for both the organization and its suppliers to address supply risks, cooperate during a crisis, and realize greater resiliency.
Betty A. Kildow
Betty has been a Business Continuity Management consultant
for more than 20 years. She is an ISO 22301 Master, an
ISO 28000 Lead Implementer and Lead Auditor and member of
the ContinuityLink Training Team.