Building resilience into the supply chain: interview with Yossi Sheffi
In his new book, The Power of Resilience, MIT professor Yossi Sheffi looks at how businesses can anticipate, prepare for, and respond to disruptive events.
How vulnerable is your supply chain? What can you do to protect it from disruptions, especially those you cannot anticipate? These questions take on more and more urgency in an age of complex global supply chains, where events in one region can disrupt the operations of businesses and their customers on the other side of the world.
In his new book, The Power of Resilience: How the Best Companies Manage the Unexpected, Yossi Sheffi examines what many companies have done—and are doing—to anticipate, prepare for, and respond to disruptions that can range from earthquakes to hurricanes to cyberattacks to issues with sourcing that could harm business reputations.
The book is Sheffi's second on the topic of resilience. His first, The Resilient Enterprise, was published in 2005 in response to the 9/11 attacks. In the intervening decade, much has changed in both the landscape of supply chain risks and the implementation of corporate resiliency programs, Sheffi says. The new book looks at what companies have learned since that time and at new threats that have arisen.
Sheffi, a professor at the Massachusetts Institute of Technology (MIT) and director of the MIT Center for Transportation and Logistics, discussed the new book and supply chain resilience Peter Bradley, the editorial director of CSCMP's Supply Chain Quarterly's sister publication, DC Velocity. This is an edited and condensed version of the interview.
Â
Q: What led you to decide it was time for a second book on the topic of resilience?
A: The first book was motivated by 9/11, looking at what companies were doing to prepare for disruption. When I started work on that book, I figured I'd begin by seeing what had already been written about this topic and I found nothing on logistics, supply chain, and transportation—in academic writing, at least. Since I didn't have any literature to draw from, I did research. I talked to well over a hundred companies. That research, which took four years and involved 30 people, led to the first book.
Then, when I was out talking to companies a few years back, more and more people were telling me, "Look, it's time for a new book because the threats are becoming more serious and more frequent, but we're also becoming a lot better at a number of new activities and processes, and (business continuity planning) has been taken to a higher level in corporations." So I put together a team and starting working on the new book.
Q: You write in the preface that we shouldn't look at this book as a sequel or a new edition of the original, that it really is something different. Tell me how.
A: It looks at a whole new set of threats that I didn't cover very much in the first book. For example, think about cybersecurity problems. Ten years ago, we were just starting to hear about cybersecurity problems. Today, "cyber" is a weapon. Many physical systems are being run by digital means and can be attacked.
It also became very important to talk about social and environmental responsibility: (the factory fires) in Bangladesh; the conflict mineral issues, which forced Intel and Apple to go to this very deep level—10 to 12 tiers deep—in the supply chain to find out where these minerals were coming from. This became a real corporate reputational risk. And, of course, there have been things like the Japanese earthquake and tsunami that changed a lot of companies' views on risk and their own vulnerability to disruption.
In the new book, I also emphasize a point that I did not make and should have made last time that people always look at the top right corner [in a quadrant chart of possible disruptions and estimations of their likelihood and impact] where the probability (of an event) is high and the consequences are high, but that is the wrong place to look. Companies prepare for these events, and as a result, although the impacts could be severe, they are not that high because companies are ready for them. I point out the really worrisome quadrant is the high-consequence/very-low-probability corner because this is the "black swan." This is the 2008 financial meltdown. This is 9/11. This is Chernobyl. These are the things that nobody expected and nobody knew how to deal with. And the question is, how do you prepare for things that you cannot even imagine, things that you don't even know that you don't know. A lot of the issues in the book have to do with general preparation or general resilience for what you can't even imagine because it never happened to you, to your competitors, or to other people in the industry.
Another change that is introduced to this framework is what I call "detectability"—the time from when you know something is going to happen to the first impact. Think of the classic example, a hurricane. You know three days before we see the storm.
But you (also) have to prepare for something that you only find out about after the fact. Think about some sabotage, some people stealing trade secrets, some cyberbug in your system.
There are a lot of new software applications that didn't exist 10 years ago that are designed to alert you as soon as something happens and tell you what the implications are, what the value risk is, which customers and products will be affected, and what problems you're going to have. I cover some of these new software applications in the book.
Q: You talked a few minutes ago about how while the risks are higher today, we have also learned a lot. What have we learned over the last 10 years that we've been able to put to work to help mitigate risks?
A: In terms of things that you can point to, such as an earthquake in an area that's prone to quakes or floods, you have to prepare for things that have happened before and can happen again. What is the communication plan? How should you notify whoever it is: the customers, Wall Street, suppliers, whatever? Who should be notified? Who should be involved in making up the plan? How do you respond?
The other side is the completely unexpected situation where you don't know what to do beyond general resilience measures. For this, you first of all have to have an emergency response operation and you have to have all the communications lines. The number one thing is what I said: You have to know who to call. Who should be the people to man these emergency operations? In a manufacturing company, it should be basically two functions, supply chain management and engineering.
Supply chain management should focus on inventory—looking at how to acquire more supplies where needed and seeking alternative suppliers. Engineering should look for damage solutions. Can we replace a component with another part? How do we qualify another part and so forth?
In general, the response should be two-pronged and involve two separate teams. One team should deal with the people. What is the impact on people? How do we find everybody? How do we deal with our suppliers? The other team should deal with business continuity issues. Because otherwise, depending on the nature of the team, they pay too much attention to one or the other.
Q: Let me go back to risk assessment for a moment. You talked about Intel and how deeply it had to dig to find out where its minerals come from. How does a company find out the risk deep in its supply chain, in its tier three, four, or five?
A: Oh, there was talk about a tier 12 or something. Anyway, Intel learned that four metals used in electronic products might be "conflict minerals," metals that have been mined under conditions of coercion and violence, and mobilized a team to ensure that its operations were "conflict free." The first question was, "Are we using conflict minerals?" But nobody knew. So the company started going backward in the supply chain, and it realized that it had to go back to about level five or six. Beyond this, you cannot tell where a material is coming from because the supplier gets it from multiple sources and just mixes it all together.
Intel decided to focus on the smelters and make sure the smelters' brokers only bought from approved mines. The thought was the company was not going to buy anything from mines in the Democratic Republic of Congo, but that would just throw hundreds of thousands of people out of work in a very poor country. So it couldn't do that.
So then it went to the smelters and tried to convince them to do it, but the problem is, as big as Intel is, it is not a very big customer of the smelter. And the smelter says, "I am not selling to you. I'm selling to some broker who then sells to another customer, who sells it to some other company." So Intel put together an industry consortium [the Electronic Industry Citizenship Coalition]. And it paid the smelters to qualify certain mines so it knew where minerals were coming from. It took Intel years, by the way.
Q: One of the arguments you make in the book is that by looking at your risk, by preparing for risk, you actually strengthen the entire enterprise. Expand on that a bit.
A: For an example, there is Intel. It had to map its entire supply chain. Knowing who the people upstream are, you not only get risk protection—the sense that if something happened to one of them, you know what the implications are—but you also learn more about what's going on in the supply chain. You start understanding your own supply chain a lot better, which always brings good things.
Container imports at U.S. ports are seeing another busy month as retailers and manufacturers hustle to get their orders into the country ahead of a potential labor strike that could stop operations at East Coast and Gulf Coast ports as soon as October 1.
Less than two weeks from now, the existing contract between the International Longshoremen’s Association (ILA) and the United States Maritime Alliance covering East and Gulf Coast ports is set to expire. With negotiations hung up on issues like wages and automation, the ILA has threatened to put its 85,000 members on strike if a new contract is not reached by then, prompting business groups like the National Retail Federation (NRF) to call for both sides to reach an agreement.
But until such an agreement is reached, importers are playing it safe and accelerating their plans. “Import levels are being impacted by concerns about the potential East and Gulf Coast port strike,” Hackett Associates Founder Ben Hackett said in a release. “This has caused some cargo owners to bring forward shipments, bumping up June-through-September imports. In addition, some importers are weighing the decision to bring forward some goods, particularly from China, that could be impacted by rising tariffs following the election.”
The stakes are high, since a potential strike would come at a sensitive time when businesses are already facing other global supply chain disruptions, according to FourKites’ Mike DeAngelis, senior director of international solutions. “We're facing a perfect storm — with the Red Sea disruptions preventing normal access to the Suez Canal and the Panama Canal’s still-reduced capacity, an ILA strike would effectively choke off major arteries of global trade,” DeAngelis said in a statement.
Although West Coast and Canadian ports would see a surge in traffic if the strike occurs, they cannot absorb all the volume from the East and Gulf Coast ports. And the influx of freight there could cause weeks, if not months-long backlogs, even after the strikes end, reshaping shipping patterns well into 2025, DeAngelis said.
With an eye on those consequences, importers are also looking at more creative contingency plans, such as turning to air freight, west coast ports, or intermodal combinations of rail and truck modes, according to less than truckload (LTL) carrier Averitt Express.
“While some importers and exporters have already rerouted shipments to West Coast ports or delayed shipping altogether, there are still significant volumes of cargo en route to the East and Gulf Coast ports that cannot be rerouted. Unfortunately, once cargo is on a vessel, it becomes virtually impossible to change its destination, leaving shippers with limited options for those shipments,” Averitt said in a release.
However, one silver lining for coping with a potential strike is that prevailing global supply chain turbulence has already prompted many U.S. companies to stock up for bad weather, said Christian Roeloffs, co-founder and CEO of Container xChange.
"While the threat of strikes looms large, it’s important to note that U.S. inventories are currently strong due to the pulling forward of orders earlier this year to avoid existing disruptions. This stockpile will act as an essential buffer, mitigating the risk of container rates spiking dramatically due to the strikes,” Roeloffs said.
In addition, forecasts for a fairly modest winter peak shopping season could take the edge off the impact of a strike. “With no significant signs of peak season demand strengthening, these strikes might not have as intense an impact as historically seen. However, the overall impact will largely depend on the duration of the strikes, with prolonged disruptions having the potential to intensify the implications for supply chains, leading to more pronounced bottlenecks and greater challenges in container availability, " he said.
A coalition of freight transport and cargo handling organizations is calling on countries to honor their existing resolutions to report the results of national container inspection programs, and for the International Maritime Organization (IMO) to publish those results.
Those two steps would help improve safety in the carriage of goods by sea, according to the Cargo Integrity Group (CIG), which is a is a partnership of industry associations seeking to raise awareness and greater uptake of the IMO/ILO/UNECE Code of Practice for Packing of Cargo Transport Units (2014) – often referred to as CTU Code.
According to the Cargo Integrity Group, member governments of the IMO adopted resolutions more than 20 years ago agreeing to conduct routine inspections of freight containers and the cargoes packed in them. But less than 5% of 167 national administrations covered by the agreement are regularly submitting the results of their inspections to IMO in publicly available form.
The low numbers of reports means that insufficient data is available for IMO or industry to draw reliable conclusions, fundamentally undermining their efforts to improve the safety and sustainability of shipments by sea, CIG said.
Meanwhile, the dangers posed by poorly packed, mis-handled, or mis-declared containerized shipments has been demonstrated again recently in a series of fires and explosions aboard container ships. Whilst the precise circumstances of those incidents remain under investigation, the Cargo Integrity Group says it is concerned that measures already in place to help identify possible weaknesses are not being fully implemented and that opportunities for improving compliance standards are being missed.
By the numbers, overall retail sales in August were up 0.1% seasonally adjusted month over month and up 2.1% unadjusted year over year. That compared with increases of 1.1% month over month and 2.9% year over year in July.
August’s core retail sales as defined by NRF — based on the Census data but excluding automobile dealers, gasoline stations and restaurants — were up 0.3% seasonally adjusted month over month and up 3.3% unadjusted year over year. Core retail sales were up 3.4% year over year for the first eight months of the year, in line with NRF’s forecast for 2024 retail sales to grow between 2.5% and 3.5% over 2023.
“These numbers show the continued resiliency of the American consumer,” NRF Chief Economist Jack Kleinhenz said in a release. “While sales growth decelerated from last month’s pace, there is little hint of consumer spending unraveling. Households have the underpinnings to spend as recent wage gains have outpaced inflation even though payroll growth saw a slowdown in July and August. Easing inflation is providing added spending capacity to cost-weary shoppers and the interest rate cuts expected to come from the Fed should help create a more positive environment for consumers in the future.”
The U.S., U.K., and Australia will strengthen supply chain resiliency by sharing data and taking joint actions under the terms of a pact signed last week, the three nations said.
The agreement creates a “Supply Chain Resilience Cooperation Group” designed to build resilience in priority supply chains and to enhance the members’ mutual ability to identify and address risks, threats, and disruptions, according to the U.K.’s Department for Business and Trade.
One of the top priorities for the new group is developing an early warning pilot focused on the telecommunications supply chain, which is essential for the three countries’ global, digitized economies, they said. By identifying and monitoring disruption risks to the telecommunications supply chain, this pilot will enhance all three countries’ knowledge of relevant vulnerabilities, criticality, and residual risks. It will also develop procedures for sharing this information and responding cooperatively to disruptions.
According to the U.S. Department of Homeland Security (DHS), the group chose that sector because telecommunications infrastructure is vital to the distribution of public safety information, emergency services, and the day to day lives of many citizens. For example, undersea fiberoptic cables carry over 95% of transoceanic data traffic without which smartphones, financial networks, and communications systems would cease to function reliably.
“The resilience of our critical supply chains is a homeland security and economic security imperative,” Secretary of Homeland Security Alejandro N. Mayorkas said in a release. “Collaboration with international partners allows us to anticipate and mitigate disruptions before they occur. Our new U.S.-U.K.-Australia Supply Chain Resilience Cooperation Group will help ensure that our communities continue to have the essential goods and services they need, when they need them.”
A new survey finds a disconnect in organizations’ approach to maintenance, repair, and operations (MRO), as specialists call for greater focus than executives are providing, according to a report from Verusen, a provider of inventory optimization software.
Nearly three-quarters (71%) of the 250 procurement and operations leaders surveyed think MRO procurement/operations should be treated as a strategic initiative for continuous improvement and a potential innovation source. However, just over half (58%) of respondents note that MRO procurement/operations are treated as strategic organizational initiatives.
That result comes from “Future Strategies for MRO Inventory Optimization,” a survey produced by Atlanta-based Verusen along with WBR Insights and ProcureCon MRO.
Balancing MRO working capital and risk has become increasingly important as large asset-intensive industries such as oil and gas, mining, energy and utilities, resources, and heavy manufacturing seek solutions to optimize their MRO inventories, spend, and risk with deeper intelligence. Roughly half of organizations need to take a risk-based approach, as the survey found that 46% of organizations do not include asset criticality (spare parts deemed the most critical to continuous operations) in their materials planning process.
“Rather than merely seeing the MRO function as a necessary project or cost, businesses now see it as a mission-critical deliverable, and companies are more apt to explore new methods and technologies, including AI, to enhance this capability and drive innovation,” Scott Matthews, CEO of Verusen, said in a release. “This is because improving MRO, while addressing asset criticality, delivers tangible results by removing risk and expense from procurement initiatives.”
Survey respondents expressed specific challenges with product data inconsistencies and inaccuracies from different systems and sources. A lack of standardized data formats and incomplete information hampers efficient inventory management. The problem is further compounded by the complexity of integrating legacy systems with modern data management, leading to fragmented/siloed data. Centralizing inventory management and optimizing procurement without standardized product data is especially challenging.
In fact, only 39% of survey respondents report full data uniformity across all materials, and many respondents do not regularly review asset criticality, which adds to the challenges.