In much the same way that generals are often criticized for preparing to fight the last war rather than the next, so might it be said that supply chain executives tend to look backward rather than forward with respect to risk. There are understandable reasons why this is so: The discipline of supply chain risk management is relatively new, the perspective tends to be enterprisewide and from a high level, and metrics are hard to come by.
More troubling, however, is a fundamental flaw in risk management design that threatens to undermine the best-intended efforts. The problem is that the supply chain model that typically is being addressed constitutes an older, increasingly obsolete paradigm that no longer adequately speaks to the processes that are rapidly evolving in the real world.
![[Figure 1] Managing corporate-level risk](/media-library/201203risk-ex1.jpg?id=53612148)
![[Figure 2] Factoring supplier risk into sourcing decisions](/media-library/201203risk-ex2.jpg?id=53612149)
This older paradigm was engineered to manage reasonably stable, high-volume production supported by relatively sustainable capital flows in a relatively fixed pool of low-cost-labor countries, most notably China. The emerging economic order, however, will have markedly different characteristics. The comparative attractiveness of manufacturing locations will change quickly, trade and capital flows will be turbulent, and the growing wealth of the developing countries will make markets more competitive and drive up costs.
We are entering an economic era that will be characterized by continual, fast-moving, and momentous change. With respect to the supply chain, perhaps the most unsettling thing about this environment is that if managers are "looking backward" at lagging indicators to trigger their response to risk, then the moves in their playbooks may have already been rendered less than optimal by the time they're implemented.
What this means on the operational level is that the enterprise is facing increasing danger that key sourcing decisions will prove uneconomic sooner, and with more damaging consequences than would normally have been anticipated by risk equations that presumed the older supply chain model. Starkly put, the odds of supply chain disruption are growing and will grow even greater in the future.
We estimate that probably only five out of 10 companies now have even nominal due diligence in place to alert them to supply chain risk. The vast majority of these companies, moreover, rely on some simple financial research carried out when they establish a supplier in their vendor-governance master, but then they conduct little to no diligence afterward. When a supplier risk model is in place, it often is based on modeling historical financial performance and trends as a predictive indicator of future supplier financial stress.
Even when this approach is most effectively employed it is not without drawbacks. In a mature company with public financial reporting, the information used is, at best, one month in arrears (and is likely even older). As we've seen in recent memory, notably in the aftermath of the Japanese tsunami and the severe problems auto manufacturers faced as their suppliers struggled, a lot of bad things can happen to the supply chain within a single quarter. The global economy and its supply chain operations move much faster than financials. Another concern: In many emerging markets, the practices and standards of presenting financial information vary, making a formulaic risk-modeling methodology more challenging to apply.
That's the bad news.
The good news is that by using a new category of leading indicators to monitor risk, companies will increasingly be able to anticipate supply chain disruption before it becomes a crisis. Similarly, by refining the cost of goods to incorporate supply chain risk as "risk-adjusted price," companies will be better prepared strategically for disruptions. Needless to say, integrating into a company's cultural DNA two major innovations like these—leading risk indicators and risk-adjusted prices—will not be easy. However, developments in methodology, information gathering, and data analysis make it possible.
Rethink costs to reflect risk
"Risk-adjusted price" provides the conceptual underpinning to this new approach. While formally factoring a risk function into the cost of goods in order to generate a hard number remains a distant goal, it is feasible for companies to begin rethinking costs to include supply chain considerations. In the same way that sourcing and procurement organizations broadened their initial focus from price to landed cost, so can they begin exploring how to expand their accounting to include risk. Figure 1 provides an overview of the types of considerations that enter into this broader approach to risk assessment.
The working formula for this goes as follows: "risk-adjusted price is the aggregate of the cost of goods plus the cost of the relationship with the supplier plus the cost of governance." To calculate values, one would ask such questions as: How much am I directly investing in the supplier? How much of my pool of risk-monitoring governance money do I have to allocate to this supplier? How much would it cost to replace this supplier? Figure 2 shows a hypothetical example of how supplier risk can be factored into sourcing decisions.
The end result of this exercise is to produce a reasonable estimate of total cost including supply chain risk. The amount of risk an organization is willing to assume is proportionate to the cost of replacing the supplier in question.
The case for supplier segmentation
Before they can realize the potential benefits of agile, proactive risk response, however, companies must first lay substantive analytic groundwork. Supply chains will require reappraisal and reconfiguration as product complexity itself becomes a risk factor to be managed.
Supply chains in the "old" economy were largely driven by the quest for economies of scale; as such, they tended to be centrally managed and enterprisewide. That approach, however, is unlikely to get the job done in the future. Instead, the imperative at leading companies is to not simply plan for the unexpected, but to develop risk management practices that segment suppliers into different categories according to the way the company does business.
The high-tech industry provides a glimpse of how segmentation works. Leaders in this sector regularly "compartmentalize" their supply chains, routing multiple supply chains into networks where product complexity delivers competitive advantages, but also reducing complexity in later phases of the product lifecycle. These supply chains are periodically reconfigured to align with strategy by being customized when complexity is mandated, or standardized when it isn't.
Supply chain segmentation can be organized in different ways depending on the specifics of the company and the industry involved. In general terms, lines can be drawn between products with short and long lead times, with high and low gross margins, or with high and low levels of innovation. Distinctions may be arbitrary, but the intent is to design flexible, responsive supply chains that are capable of shifting back and forth between complexity and standardization.
The principle here is that supply chain capability will be a core competency for successful companies in the future. As "seismic shocks" from economic, political, and natural events become more frequent, the challenge of maintaining agile, resilient supply chains correspondingly grows. At the same time, markets can be expected to increasingly fragment, thus requiring different products for different customer groups at different times. This dynamic affords little margin for supply chain delay or disruption. Achieving the requisite resilience without incurring excessive costs is, to say the least, a worthy challenge.
Different players, different risks
For companies that want to achieve that level of resilience, the place to start is with supplier-governance policies.
When it comes to supply chain risk, the current norm at nearly every enterprise is "one size fits all" governance. All suppliers are effectively subject to the same criteria, regardless of where they fit into the segmented supply chain. In our experience, even some very large corporations that spend billions of dollars across tens of thousands of suppliers apply essentially the same governance covenants to both the biggest, most critical suppliers and the smallest, most incidental ones. Not until an event occurs or a problem arises are serious questions asked about whether there should be different risk criteria for different segments of the supply chain.
The governance concerns that typically draw the attention of an effective supply chain executive today include conducting ongoing financial reviews, monitoring delivery performance, and addressing pricing errors. That approach is fine for addressing past history and current activity, but it will neither anticipate a crisis nor manage through one that arises.
We suggest a different way to approach risk than springing into action in the aftermath of a crisis like the Japanese tsunami or Thai floods. Instead of lumping suppliers together into the same "one size fits all" bucket, we recommend assessing and governing them based on how they fit into the company's holistic value chain. In conducting such a comprehensive survey across the entire enterprise, the specialized nature of the risks associated with each supply segment becomes more readily apparent.
The current governance model seeks to ensure maximum supply chain protection against a maximum number of conventional risks from a maximum number of suppliers that are all governed by the same rules; significant advances in risk protection within such a model are prohibitively expensive. On the other hand, a model that attaches different sets of risks to different categories of players can be more easily customized to deliver more finely tuned measures of protection and—even more importantly—proactive prediction of danger.
Three categories of suppliers
The essence of risk segmentation is to sort out the company's relationship with individual suppliers into one of three modes: strategic, tactical, or transactional. The distinctions are fluid, and who fits where will often change over time. But as organizing principles, these distinctions capture critical aspects of differentiated states of collaborative dependency and allow for accordingly differentiated governance agreements, proactive measures of performance, and risk management.
1. Strategic suppliers are the smallest tranche, representing only about 5 percent of the total. Relatively small in number, they are disproportionately vital. These are partners with whom the company is aligning its future. They are helping with the forward-looking aspects of the business, and therefore the company is making investments in technology, intellectual property, and new-product development predicated in no small part on the supplier's ability to deliver as promised. Failure at this level would cause significant damage.
Governance of strategic partners addresses the risk of company and supplier not proceeding along the same synergistic, developmental road map. The kinds of questions that companies should ask (and then verify the answers) presume the considerable transparency that a company should require from a strategic supplier. Are they aligning their strategy and path forward with that of the company? Are they investing in technology and intellectual property at appropriate levels? Are they meeting cycle times for new development? Is there sufficient collaboration in development of highly engineered products that the company will not end up a captive customer? Is the intellectual property that is being mutually developed sufficiently protected that the supplier cannot offer a variant to the company's competitors?
With strategic partners, the intent of the governance model is to facilitate access to forward-looking signals that indicate ongoing reliability and alignment at the highest levels.
2. Tactical, or core, suppliers, constituting approximately 15 percent of the total, are those required to run the company business on an everyday basis. The loss of a tactical supplier would not be irreparable, but it would put stress on operations. Risk measures for this category center on such areas as cost, execution (on-time deliveries, quality standards, percentage of returns); reputation (avoiding ethical issues); process controls around security and technology; and conformance to contractual terms.
At the same time, however, there is risk associated with the supplier's viability as an enterprise, independent of its relationship with the company. Governance models should therefore monitor traditional financial and reputational factors and also include supplemental information that can raise warning flags if the supplier is foundering. Is the supplier investing in development and expansion? Are earnings and performance consistent with financial analysts' expectations? Is its cost of key materials stable? Does it have a resilient sales portfolio, or is it dependent on a few large customers, the loss of which would be severely damaging? If the supplier is a public company, is there a significant change in the pattern of insider and senior executive share transactions? Is there a change in ownership?
A second group of predictive indicators requires moving down a tier (or more) to the supplier's suppliers. What are the major cost drivers for the suppliers of the materials you are purchasing? Do they have a diversity of sources, particularly for key parts? For example, a computer manufacturer may have several sources for key components, but if each of these utilizes the same chip from a single supplier, then an unacceptable level of risk exists. Monitoring such developments throughout the network should reduce the likelihood of being outflanked by unexpected disruptions upstream.
Predictive signals are particularly relevant with core, tactical suppliers since, in a well-developed risk management plan, redundancy is built in at this level with alternative providers that are prepared for rapid engagement. These indicators tend to be subjective and are often gleaned from the loading dock and plant floor, but they can prove invaluable in foreseeing bigger problems ahead. Is there a change in shipping performance? Unpredictable deliveries? Changes in packaging quality? Inconsistent product quality? Is the supplier unresponsive when asked to quickly fill special requests or change orders? Emerging patterns of such problems could well be the first signs that the supplier is on the verge of big trouble.
The challenge in implementing such subjective risk monitoring is to develop process steps that empower employees to "raise their hand" when they spot a problem. Establishing a culture that does not allow a defect to pass through the system without addressing the source of the problem, and providing a process to effectively communicate any observed changes that may indicate a problem are both critical. The payoff, though, is sizable. Ongoing performance monitoring of tactical suppliers can be integrated with more analytic measures to identify festering risk and trigger corrective action.
There are areas where this approach is already in use. For example, the automobile sector, shocked several years ago by unanticipated failures among its suppliers (made all the more urgent because of the shrunken base size after years of aggressive margin squeezing), is taking the lead in anticipating problems. With a pressing need to keep its suppliers in business, automakers are using early warning signs to prompt such mitigation responses as selective price relief and changing inventory strategies to hedge against potential disruptions.
3. Transactional suppliers represent the third tranche of the segmented supplier base. This constitutes the vast majority of suppliers offering commodity or fungible goods and services. The standardization of metrics within this realm and the ability to automatically collect data facilitate monitoring. Governance here is built almost exclusively around conformance on price and terms. With respect to transactional suppliers, the fundamental risk question for the company to ask is whether it is receiving what it was supposed to receive at the promised price.
Where to begin
At a theoretical level, the advantages of segmented supply chain risk management appear clear. The operational challenge is how to begin implementing the process, particularly when the prevailing mindset at many companies puts a low priority on risk mitigation until after disruption has occurred.
We recommend starting with a risk analysis of the entire supply chain, paying particular attention to factors or areas that typically are not recognized as risks. There are several places to look.
Supply chains that struggle with disruption are often those where it was presumed that the supplier base was heavily commoditized, and thus could easily be replaced. Too often, the assumed degree of commoditization turns out to be an illusion during the "moment of truth," when adequate substitutes cannot be found.
It is wise to examine the suppliers of those "commodities" in terms of their supply chains and their materials to identify potential weak links. For example, as part of its cost-control strategy a company may have sourced a simple component from a single supplier. Over time, the specifications may have slightly changed, with the supplier performing the engineering. If a disruption occurs, this can create a barrier to rapid supplier changeover: The company may have difficulty finding new suppliers that not only have the necessary capacity but also fully understand how the specifications changed.
In addition, supply chains that include intellectual property (IP) in their products typically are less resilient than is generally acknowledged. That was the painful lesson learned by some IP-dependent companies that were confident they had redundancy with their Tier 1 suppliers; that confidence disappeared when it became evident that each of those suppliers was itself dependent on the same upstream supplier.
Similarly, supply chains that rely on heavily engineered products are more at risk than is usually appreciated. In certain industries (for example, automotive, defense, and aerospace), many companies have effectively outsourced much of their engineering to their supply base. The practice of asking for successive "tweaks" means that by the time the nth change has been made, the supplier realistically is the sole producer of the part. At that point, it would require considerable reverse engineering to replicate the part, thus it cannot be easily replaced.
Another risk factor that is often overlooked is the impact of transportation services on supply chain performance. Changes in shipping lanes can have a significant impact both directly and on upstream suppliers. When the expanded Panama Canal opens in 2014 to ships twice the current capacity, for example, supply chain risk managers should be prepared to deal with congestion and delays at the limited number of ports able to accommodate the giant vessels. At the same time, "super ships" carrying 18,000 twenty-foot equivalent units (TEUs) will begin coming on line next year, and this additional capacity may drive down freight rates. In an ocean transport industry where margins are already thin, those conditions could reduce the number of service providers in key shipping lanes; that, in turn, could alter port rotations and lead to denser product flows through fewer ports. The net effect of this scenario would likely be increased congestion, resulting in greater probabilities of supply chain delays and disruption.
By concentrating on such "hidden" factors as well as on conventional aspects of risk, a company will have a more realistic appraisal of its supply chain resiliency. Differentiating critical suppliers endangered by such risks is a good way to launch supply chain segmentation initiatives.
Segment, and be forewarned
The rate of change for businesses can only be expected to accelerate. In a context of unpredictability, unnecessarily complex supply chains can quickly shift from assets to liabilities as disruption becomes increasingly probable.
Conventional approaches to supply chain risk fail to include complexity itself as a risk factor. Moreover, the prevailing metrics of supply chain stress, almost exclusively financial, are backward-looking, which itself contributes to risk.
The "leading practices" response to this changing context is to segment supply chains and differentiate suppliers as being strategic, tactical, or transactional. Rather than the current "one size fits all" approach to governance, suppliers should be governed by customized requirements that are appropriate to their category and specific role in the supply chain. This approach provides leading indicators of supply chain danger, which can trigger proactive, preventive responses.
© 2012 PwC. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.
