Three keys to crafting an effective supply chain risk strategy
Before you can decide what actions to take to mitigate or manage a risk, you need to firmly understand your risk maturity level, appetite, and culture.
Gregory L. Schlegel, CPIM, CSP, Jonah, is the founder of The Supply Chain Risk Management Consortium, a former executive in residence, supply chain risk management at Lehigh University, and adjunct professor, enterprise risk management, Villanova University.
The COVID-19 pandemic pushed risk to the top of virtually every corporate agenda. For the first time in about 10 years, most executives (95%) said they had formal supply chain risk management processes, according to a November 2021 McKinsey study, “How COVID-19 is Reshaping Supply Chains.” McKinsey also found that 59% of the companies said they adopted new supply chain risk management practices over the past 12 months. And a small portion of the companies (4%) set up a new risk management function from scratch. Almost all respondents said they had strengthened existing capabilities.
As supply chain risk and resilience (SCR&R) evangelists, we at the Supply Chain Risk Management (SCRM) Consortium found this report to be very encouraging. For the past 13 years, the SCRM Consortium has been building out a body of knowledge in supply chain risk and resiliency in an effort to lead, guide, direct, and coach companies toward successful SCR&R journeys. Over the last three years, we’ve witnessed more companies exercising many of the best practices that we profiled in our book, Supply Chain Risk Management: An Emerging Discipline, back in 2015.
Because COVID has had such an uneven and devastating effect on almost every industry, the watch word during these past few years has been “resiliency.” At the SCRM Consortium, we believe that “A resilient enterprise has the capacity to overcome disruptions and continually transform itself to meet the changing needs and expectations of its customers, shareholders, and other stakeholders.” That is a very tall order. However, in the last few years, we have seen a very robust dialogue among our clients, in our workshops and webinars, and on our social media, covering the strategies of effective or resilient supply chains versus those of super-efficient supply chains. These discussions have covered nearshoring, onshoring, just-in-time versus just-in-case, and the merits of Lean. There has also been a focus and commitment to identifying risks and building out supply chains that can weather several types of risk events. All of these discussions have been in an effort to reinforce resiliency throughout the entire industrial supply chain. This includes U.S. Congressional acts allocating funding to foster more secure, resilient, and strategic supply chains across multiple industries.
However, there is no one-size-fits-all strategy that can be implemented to create a resilient supply chain. Rather, in the supply chain risk and resilience arena, there’s no right or wrong answer—just different answers across every company. It is important to customize your supply chain risk management and resiliency strategy to fit your own operations. To do that effectively you need to understand three things:
Your risk maturity, or where you currently are in terms of risk management practices;
Your risk appetite, or who you are in terms of your tolerance for risk; and
Your culture, or how your supply chain operates.
These three threads are critical to the success of an SCR&R journey. Why? If you don’t know where you are (maturity), who you are (appetite), and how you operate (culture), your SCR&R journey success is at risk.
Risk maturity: Where are you?
A key part of creating a SCR&R strategy is knowing where your company currently is in its risk and resiliency journey and how that compares with other companies. To help companies with this, our Consortium has created a five-stage maturity model (see Figure 1). By knowing where you are currently and what your next steps are, your company will be better able to operate in an era of volatility, uncertainty, complexity, and ambiguity (VUCA).
Stage 1: Foundational. Inthis stage, companies have little or no awareness of risk management or formal education on the tools, techniques, and solutions that are available today. Companies in this stage should develop supply chain processes that incorporate risk and resilience best practices.
Stage 2: Visibility. Visibility and awareness of risk across the supply chain is an important step. Here, transparency is generated across the supply chain—both upstream to suppliers and downstream to customers. The ability to become aware and respond faster than competitors to risk events is a critical success factor.
Stage 3: Predictability. At this stage, companies have the capability to test supply chains in terms of “what-if” scenario planning. Network modeling and mapping tools provide a view into how supply chains might react to risk events. The insights from these tools help companies create risk response plans. Exemplary companies at this stage proactively identify risks through alerts, assess them using digital twin models, and mitigate them (or even turn risks into opportunities).
Stage 4: Resiliency. Risk management leaders now embed their tools, techniques, and key risk indicators into daily supply chain decision-making processes. These frameworks, protocols, metrics, and organizational structures provide a foundation for operational excellence in risk management and building a resilient enterprise.
Stage 5: Sustainability. Companies build upon their organizational infrastructures through corporate frameworks such as enterprise risk management; governance, risk and compliance; and process standardization. Leaders continually assess their risk profile and leverage their knowledge database to improve processes.
Like any major corporate process, supply chain risk and resilience management requires continuous attention and improvement. Leaders who are ahead in this maturity model will fare much better than their competitors.
Risk appetite: Who are you?
Another key factor to consider when creating a SCR&R strategy is how your company views risk in general, or what its appetite for risk is. McKinsey, in its “Risk Report of 2017,” defined risk appetite as “the aggregate level and types of risk a board of directors and management are willing to assume to achieve its strategic objectives and business plan, consistent with applicable capital, liquidity, and other regulatory requirements.”1
Based on that definition, we’ve provided a profile of what we call the four risk perspectives or appetites, which you can read on the right of Figure 2. The key to understanding the different perspectives lies in the x– and y–axes. On the y–axis, is how a company might perceive risk. At the bottom of the y–axis, the perspective is somewhat risk averse, meaning, the company attempts to avoid any initiative that creates a risk to the bottom line. Moving higher on the y–axis, a company might perceive risk as an opportunity. The x–axis represents the risk strategies/tactics that tend to support the four risk appetite perspectives: nothing, seek to control losses, risk steering in which all decisions are driven by a careful cost/benefit analysis, diversifying, and risk acceptance. There’s no right or wrong risk appetite for a company to have, just differences.
Culture: How do you operate?
Finally, risk, from the Consortium’s point of view, is all about culture. When it comes to devising a SCR&R strategy, it’s important to remember what the world-renowned management guru Peter Drucker allegedly said: “Culture eats strategy for breakfast.” In other words, even the best devised risk and resiliency strategy will fail if it runs counter to a company’s internal culture or how it actually operates.
One way to think about a company’s culture is using the SCRM Consortium’s Operational Propensity graphic, which is shown in Figure 3. We call this graphic: “What’s the shape of your kite?” It uses four characteristics (shown around the edges) to define a company’s culture: speed, external focus and differentiation, agility, and stability and control. The four edges help define four different personas: bureaucratic, trapped, agile, and startup.
No company or organization is all one type of persona, but a company does tend to have an overwhelming propensity in terms of operational style and attitude, which we call the “longest shape of the kite.” The company depicted in this example is mainly bureaucratic, or slow to react and focuses on efficiency. However, the graphic also shows that the organization does have some startup qualities and push for collaboration. Again, there are no right or wrong kites here, just different ones.
Putting it all together
To help companies conceptualize these three key threads, the SCRM Consortium built an online survey, consisting of 92 questions covering risk perspectives, risk processes, risk maturity, risk appetite, and operational propensities. We advocate that companies have five to eight company executives from multiple disciplines take the survey to provide differing perspectives revolving around risk. The answers to the survey questions are then run through artificial intelligence/machine learning (AI/ML) algorithms, which produce:
• A computer-generated graphic positioning the company within our five-stage risk maturity model (where you are);
• A computer-generated graphic depicting your risk appetite (who you are);
• A computer-generated graphic profiling your operational propensity/culture (how you operate); and
• Five to eight action items, based on the above positioning, to move the company forward on an SCR&R journey. This is all encapsulated within a 90-Day SCR&R hardcopy report, packed with insights for a successful SCR&R journey.
The online survey and risk assessment tool helps the Consortium sit with clients and guide them on their risk journey. Typically, there are process checkpoint calls throughout the 90-day project, which includes hours of coaching.
Dow’s engagement
Many companies have used this tool to help them plot out their SCR&R journey, including the materials science company Dow. A global company with annual revenues of over $55 billion in 2022, Dow produces a large portfolio of products including plastics, industrial intermediates, coatings, and silicones at 104 manufacturing sites in 31 countries.
Dow’s executive risk teams have been in place for decades. They have been identifying and assessing risks for operational projects in logistics, procurement, manufacturing, and finance across multiple business units. Dow’s corporatewide approach has been to have its Global Security Operations Center (GSOC) manage external threats.
Recently the company has been trying to better understand what risks there are relative to the company’s own processes as well as how its employees think about and approach risk. As part of that effort, Dow used the Consortium’s online SCR&R assessment tool to profile a major product line’s as-is SCR&R maturity level, risk appetite, and operational propensity/culture.
A small group of Dow executives engaged in the online survey. It took Dow about 30 days to get 100% completion. The executives were from Risk Management, Supply Chain, Logistics, Engineering, the Tech Center, Finance, and Analytics. The feedback from the Dow team aligned very closely with the AI/ML computer-generated graphs depicting where they are on the risk maturity model, who they are from a risk appetite perspective, and how they operate. The SCR&R assessment tool report produced a 90-day plan and recommended new metrics for measuring supply chain resilience at Dow. The table in Figure 4 represents Dow’s future state metrics going forward in this space, identifying key performance indicators for each stage of the risk management process including: sensing a risk, interpreting it, generating alternatives, deciding what action to take, and executing on the action.
Dow’s experience with the SCR&R Assessment Tool is very reminiscent of other companies that have used it. The concept of using current risk maturity level, risk appetite, and culture to help formulate a SCR&R strategy has proven helpful to executives across multiple industry sectors, including consumer packaged goods, software, electronics, industrials, health care, and chemicals.
Risk and VUCA
It’s clear that we are operating in an increasingly complex and interconnected business environment that is experiencing many rapid and unpredictable changes. Often times it can be difficult to judge what these changes might mean for the future of our organizations. Some people describe this environment using the acronym “VUCA,” which stands for volatility, uncertainty, complexity, and ambiguity. In a VUCA world, supply chain risk and resilience become more important than ever.
While identifying and assessing risks is an important start on the supply chain risk management journey, it’s not enough. Unless you take real action, risk identification and assessment end up being only academic exercises. To truly know how your company should act to mitigate or manage those risks, you need to first understand where you are on the risk maturity curve, who you are in terms of risk appetite, and how you operate. Otherwise, you might create a plan that does not match your particular organization’s operations and needs. Only by understanding your risk maturity, appetite, and culture can you hope to realize the benefits of risk mitigation and management, which include cost reductions, cost avoidance, top-line revenue growth, market share growth and working capital improvement.
We may be living in a world full of technology, but strategy and focus remain the top priorities when it comes to managing a business and its supply chains. So says Roberto Isaias, executive vice president and chief supply chain officer for toy manufacturing and entertainment company Mattel.
Isaias emphasized the point during his keynote presentation on day two of EDGE 2024, a supply chain conference sponsored by the Council of Supply Chain Management Professionals (CSCMP), being held in Nashville this week. He described Mattel’s journey to transform its business and its supply chain amid surging demand for Barbie-branded items following the success of the Barbie movie last year.
Isaias discussed the transformation on two fronts: Commercially, through the revitalization of its brands that began years ago, and logistically, through a supply chain strategy focused on effectiveness and cost leadership.
Today, Mattel makes millions of toys and is steadily moving beyond the toy aisle with its franchise mindset, becoming a major entertainment company as well. Isaias told the audience Mattel currently has two films in production and 14 others in development, and its television studios business has 13 series’ in production with more than 35 in development.
And as for those supply chain gains? The company has saved millions, increased productivity, and improved profit margins—even amid cost increases and inflation. For the full story on Mattel’s transformation, see our feature story from this past summer.
And Isaias left the EDGE audience with five lessons he learned from his experience in leading change:
The business is our boss;
Don’t delegate complexity;
Take bad news well;
Be fair and take care of people;
Lead the execution.
CSCMP’s EDGE 2024 conference runs through Wednesday, October 2, at Nashville’s Gaylord Opryland Hotel & Convention Center.
Confronted with the closed ports, most companies can either route their imports to standard East Coast destinations and wait for the strike to clear, or else re-route those containers to West Coast sites, incurring a three week delay for extra sailing time plus another week required to truck those goods back east, Ron said in an interview at the Council of Supply Chain Management Professionals (CSCMP)’s EDGE Conference in Nashville.
However, Uber Freight says its latest platform updates offer a series of mitigation options, including alternative routings, pre-booked allocation and volume during peak season, and providing daily visibility reports on shipments impacted by routings via U.S. east and gulf coast ports. And Ron said the company can also leverage its pool of some 2.3 million truck drivers who have downloaded its smartphone app, targeting them with freight hauling opportunities in the affected regions by pricing those loads “appropriately” through its surge-pricing model.
“If this [strike] continues a month, we will see severe disruptions,” Ron said. “So we can offer them alternatives. We say, if one door is closed, we can open another door? But even with that, there are no magic solutions.”
Turning around a failing warehouse operation demands a similar methodology to how emergency room doctors triage troubled patients at the hospital, a speaker said today in a session at the Council of Supply Chain Management Professionals (CSCMP)’s EDGE Conference in Nashville.
There are many reasons that a warehouse might start to miss its targets, such as a sudden volume increase or a new IT system implementation gone wrong, said Adri McCaskill, general manager for iPlan’s Warehouse Management business unit. But whatever the cause, the basic rescue strategy is the same: “Just like medicine, you do triage,” she said. “The most life-threatening problem we try to solve first. And only then, once we’ve stopped the bleeding, we can move on.”
In McCaskill’s comparison, just as a doctor might have to break some ribs through energetic CPR to get a patient’s heart beating again, a failing warehouse might need to recover by “breaking some ribs” in a business sense, such as making management changes or stock write-downs.
Once the business has made some stopgap solutions to “stop the bleeding,” it can proceed to a disciplined recovery, she said. And to reach their final goal, managers can use the classic tools of people, process, and technology to improve what she called the three most important key performance indicators (KPIs): on time in full (OTIF), inventory accuracy, and staff turnover.
CSCMP EDGE attendees gathered Tuesday afternoon for an update and outlook on the truckload (TL) market, which is on the upswing following the longest down cycle in recorded history. Kevin Adamik of RXO (formerly Coyote Logistics), offered an overview of truckload market cycles, highlighting major trends from the recent freight recession and providing an update on where the TL cycle is now.
EDGE 2024, sponsored by the Council of Supply Chain Management Professionals (CSCMP), is taking place this week in Nashville.
Citing data from the Coyote Curve index (which measures year-over-year changes in spot market rates) and other sources, Adamik outlined the dynamics of the TL market. He explained that the last cycle—which lasted from about 2019 to 2024—was longer than the typical three to four-year market cycle, marked by volatile conditions spurred by the Covid-19 pandemic. That cycle is behind us now, he said, adding that the market has reached equilibrium and is headed toward an inflationary environment.
Adamik also told attendees that he expects the new TL cycle to be marked by far less volatility, with a return to more typical conditions. And he offered a slate of supply and demand trends to note as the industry moves into the new cycle.
Supply trends include:
Carrier operating authorities are declining;
Employment in the trucking industry is declining;
Private fleets have expanded, but the expansion has stopped;
Truckload orders are falling.
Demand trends include:
Consumer spending is stable, but is still more service-centric and less goods-intensive;
After a steep decline, imports are on the rise;
Freight volumes have been sluggish but are showing signs of life.
CSCMP EDGE runs through Wednesday, October 2, at Nashville’s Gaylord Opryland Hotel & Resort.
The relationship between shippers and third-party logistics services providers (3PLs) is at the core of successful supply chain management—so getting that relationship right is vital. A panel of industry experts from both sides of the aisle weighed in on what it takes to create strong 3PL/shipper partnerships on day two of the CSCMP EDGE conference, being held this week in Nashville.
Trust, empathy, and transparency ranked high on the list of key elements required for success in all aspects of the partnership, but there are some specifics for each step of the journey. The panel recommended a handful of actions that should take place early on, including:
Establish relationships.
For 3PLs, understand and get to the heart of the shipper’s data.
Also for 3PLs: Understand the shipper’s reason for outsourcing to a 3PL, along with the shipper’s ultimate goals.
Understand company cultures and be sure they align.
Nurture long-term relationships with good communication.
For shippers, be transparent so that the 3PL fully understands your business.
And there are also some “non-negotiables” when it comes to managing the relationship:
3PLs must demonstrate their commitment to engaging with the shipper’s personnel.
3PLs must also demonstrate their commitment to process discipline, continuous improvement, and innovation.
Shippers should ensure that they understand the 3PL’s demonstrated implementation capabilities—ask to visit established clients.
Trust—which takes longer to establish than both sides may expect.
EDGE 2024 is sponsored by the Council of Supply Chain Management Professionals (CSCMP) and runs through Wednesday, October 2, at the Gaylord Opryland Resort & Convention Center in Nashville.