I interviewed Guillaume Akbaraly who discussed Supply Chain Risk Management.
Can you provide a definition of supply chain risk management?
Yeah. Hi, Dustin. Supply chain risk and I would put together supply chain risk and supply chain security, It's the application of the policy and procedures to protect your supply chain assets. We have two types of assets. We have the physical, which is the warehousing and the transportation, etc… (how you protect yourself against theft and damage and so on). And then you have the cyber part, which is the data protection.
Can you talk about some of the main threats of the supply chain?
Just an introduction before talking about the main threats. I would suggest the all to read the BCI report, which is about supply chain resilience and which is published every and available on the internet, and it's interesting because it gives you a lot of insights on the trends and on the supply chain risks based on the survey involving many supply chain professionals. The main threat that has been coming out from the survey is data breach. Interestingly, on this first threat, one of the things that we don't think about, is that the main data breach happening within the company, we have the important case of cyber-attack that we are hearing on the news.
But the main data breach, more than 50% of data breaches are happening from inside, from employees of the companies. For example, in the supply chain, you usually will work with ERP, and a simple thing is that sometimes, like you would have more account than people working in the company, which means that someone can use a login and password and can do doing operations from the system. Then, of course, in the top of the list of the main threats, you will have the change of the regulation, then how you manage your talent pool and skills because that's part of the way you manage your risk in your supply chain. So those are the main ones which are coming out of the survey.
And, interestingly, those are not the one that we think about.
How do you maintain the security of the supply chain -- both the physical and the digital supply chain?
The most important thing is to have visibility along your supply chain. And usually, the more you go further on your supply chain, the less you have visibilities. You have more or less a good visibility of where you are and of your tier 1 one customer or supplier. And then the farther you go, for example, the supplier of your supplier or the customer of your customer, the less you have visibility on that. So that's important first to have a proper visibility around your supply chain.
And then you start to, thanks to that to evaluate the risk, which can be, for example, the transportation risk. It can be a supply at your supplier etc. Once you have identified it, you quantify the impact on any adverse event happening in the supply chain. So typically, you have identified that this supplier is important. If they stop to supply you, how long you can survive with your business without having the supplier supplying you continuously. And then, how long you can survive, meaning how much business you can still keep doing, even if you don't have the supply.
Then you start to work on the mitigation plan. So a typical case would be what are my alternate supplier possibility and how long it should take to start this mitigation plan so to and then how long you need to have your business coming back. It can be like for example, your transporter company is stopping the supply to a specific country, so what is your backup plan for that. And this is the way you deal with that. Usually, for all the risks, you try to define the time to recovery, which is an important concept. The time to recovery would be to measure how long it would take for you to recover to a more or less normal situation from the moment where there is the disruptive event happening in your supply chain.
Do you have any final recommendations regarding supply chain risk management?
The important recommendation is really to go beyond what is close to you. In our case, I'm working in the pharma companies if you want to implement a new supplier, it takes around two years to approve a new supplier between the qualification quality-wise and then to also get the different regulatory approval. So if you have a disruptive event is in your supply side, it will take two years for you to recover. That's a huge business impact So it's important to know that your what happening to you supplier side. The visibility is really important in the supply chain.
Thanks for sharing today. Can you provide us with a brief background of yourself?
I have more than 10 years of experience in supply chain. I'm an industrial engineer working in the supply chain from the beginning of my career in different position from the supply side to the demand side of the supply chain, also in warehousing, network optimization, etc.. And then now I'm heading the supply chain for Globalpharma a Sanofi company.
About Guillaume Akbaraly
Head of Supply Chain at Globalpharma a Sanofi Company