I recently interviewed Jeff Karrenbaurer who discussed supply chain risk management and how companies are not prepared. Even after repeated natural disasters and threats in the Gulf, people are still not taking the necessary steps to be prepared. You see a lot of articles about people doing supplier certification or that they are financially sound, running them through security clearance and CTPAT certification through customs. All of this is important. Cisco for example has a very elaborate risk management process.
However, surveys such as the one from Aberdeen a few years ago said that 13% of their respondents didn't have any kind of formal supply chain vulnerability planning in place. Jeff estimates it is actually 87% of companies do not have formal supply chain vulnerability planning in place.
These are appallingly low numbers. As far as Jeff is concerned it is part of responsible management. You can be placing the enterprise at risk. Many companies strategic plan for IT is to hand you a nice thick binder with detailed plans to bring up business systems of data centers go down.
If you ask the supply chain VP where his risk management binder is they will look at you with a blank stare.
They don't have vulnerability, supply chain interruption analysis, back up plans or contingency plans. The contingency plan Jeff has seen more often than not is a phone tree and if something happens they get together around a conference table and discuss what to do. That is not very sophisticated planning. You don't see very much disciplined planning.
It is like the military where you ask what if the enemy does this or that. The military carries it one step further and asks what they think the enemy will do, how to counter that and assuming the enemy knows my countermeasures, how to disguise or counter the counter measures.
Why do they go through all of this elaborate planning? Because it keeps them alive.
Whether natural disasters or pre-meditated attacks by an intelligent adversary threatening to close the Straight of Hormuz. The Long Beach dock strike of 2003, Katrina, repeated Japanese earthquakes, the Tsunami, Iceland volcano, hurricanes in the Gulf etc. These things recur and we will lose things short term or long term.
What are our contingency plans? How should I build redundancy into my system?
Qualifying secondary suppliers
Qualifying secondary sources of manufacture
Building additional buffer inventory
You don't get rewarded for this. Wall Street certainly doesn't reward you for it. They hammer you for it. It is ironic that the people who should be demanding prudent investment will hammer you for doing prudent management of the investment? The ratios don't look as good and this is all the 24 year olds understand, they don't understand operations. They didn't take it in school, they studied cool things like finance and marketing. They never made a business plan in their life and they will not reward you.
Management very often does not reward you. This requires very disciplined planning, but there is an old adage which says 'Structured Activity Drives Out Unstructured Activity'. You can make contingency planning highly structured. We know how to do that. It is a network tool where you keep asking what if , what if...how do you deal with it?
Structured activity for most most companies is phone calls, emergencies, and meetings. Jeff has a professional colleague at a big pharmaceutical manufacturer who's standard voice mail message replies that he is in various meetings today. This is his standard every day greeting. He is in 5 to 8 hours of meeting almost every day. He gets work done after hours. When this is the case you take contingency planning and put it off for later.
Jeff has posed the following question to the largest companies in the world and still can't get an answer:
Column 1: Imagine a spreadsheet where column 1 is a list of all my raw materials (assume you are a manufacturer).
Column 2: The volume used of each raw material.
Column 3: The total sales volume of all the products this particular raw material is a part of. There will be double counting because some raw materials will be part of a number of different products.
Column 4: The profitability of all of the products which this raw material is a part of. Jeff believes profitability is more important than sales.
Column 5: How many suppliers do you have for this raw material?
The largest companies in the world cannot provide Jeff with this database as part of a risk audit. Jeff is looking for a raw material that is in 40% of the finished products by sales volume or profitability and it comes from a single supplier in a Third World country with an unstable government. These would put the enterprise at risk.
Over 90% of a particular resin which appears in every circuit board out there comes from Japan. Japan sits on a fault! The electronics and automobile industry is still reeling from that and the flooding in Thailand. Yet, we see precious little evidence of people doing formal supply chain interruption, risk and vulnerability planning to deal with these things we know will recur. How much more evidence do we need?
If you qualify secondary suppliers your raw material costs will go up and Wall Street will hammer you and so will management. This is same with manufacturing. If you increase inventory to establish a buffer in case the JIT system goes south. The ratios won't look as good. Capital turns won't look as good. It will hammer your stock price. This is absolute insanity.
Jeff's frustration is that companies won't take action to mitigate these risks. They are just sitting and hoping nothing happens. Yet, we know this isn't true, we know things happen. As a citizen this bothers Jeff. As a supply chain professional it drives him up the wall.
There are ways to approach supply chain vulnerability analysis in a very disciplined way. It is the same network design tool. You don't need anything but the will to sit down and take the time and spend the resources to do it.
About Jeff Karrenbauer
President at Insight, Inc