Supply Chain Vulnerability, Risk, Robustness and Resilience

1
Supply Chain Vulnerability, Risk, Robustness and
Resilience
Chapter 12

• Donna 2009.5.4.

2
Outline

• Some working definitions
• Changing times and an uncertain world
• The shortcomings of risk management
• The need for holistic approaches
• A simple framework for a wicked problem

3
Some Working Definitions

• Risk
• Supply chain vulnerability
• Robust SCM
• Resilience

4
Risk

• In decision theory a measure of the range of
  possible outcomes from a single totally rational
  decision and their values, in terms of upside
  gains and downside losses (e.g. gambling)
• A particular type of hazard or threat e.g.
  technological risk or political risk
• The downside only consequences of a rational
  decision in terms of the resulting financial
  losses or number of casualties

5
Supply Chain Vulnerability

• We should strive to identify vulnerabilities by
  asking questions such as
• What has disrupted operations in the past?
• What known weaknesses do we have?
• What near misses have we experienced?
• What would be the effect of a shortage of a key
  material?
• What would be the effect of the loss of our
  distribution site?
• What would be the effect of the loss of a key
  supplier or customer?

6
Robust SCM

• Strong in constitution, hardy, or vigorous
• Enable a firm to manage regular fluctuations in
  demand efficiently under normal circumstances
  regardless of occurrence of a major disruption
• But does not in itself make a resilient supply
  chain

7
Resilience

• The ability of a system to return to its
  original or desired state after being
  disturbed
• The core concept of resilience is
• It encourages a whole system perspective
• It explicitly accepts that disturbances happen
• It implies adaptability to changing circumstances

8
Changing Times An Uncertain World

• In a complex inter-organizational supply chain it
  would be difficult if not impossible for anyone
  to identify every possible hazard or point of
  vulnerability
• Known problems are only part of the picture
• Known Unknowns, Knowable Unknowns and Unknowable
  Unknowns
• Y2K The Millennium Bug
• Creeping Crises (e.g. Foot and Mouth disease)
• Post 9/11 Security Matters
• Corporate Scandals, Operational Risk and
  Business Continuity

9
Known Unknowns, Knowable Unknowns and Unknowable
Unknowns

• Known Unknowns
• We know that there exist uncertainties, which we
  know how to solve
• Known known
• Knowable Unknowns
• There are some uncertainties which we dont know
  how to solve, We may choose ignore or face it
• Unknowable Unknowns
• However, there are still uncertainties that we
  dont know that we dont know

10
Y2K The Millennium Bug

• A Known known example
• In the UK, the government encourage businesses to
  take the necessary measures to prevent system
  crashes, and engage in business continuity
  planning

11
Y2K The Millennium Bug

• As a result, nothing happened and the government
  was delighted, believing the planning had saved
  the country from disaster
• But the non-event left many managers skeptical as
  to whether the costly preventive measures had
  really necessary?

12
Y2K The Millennium Bug

• Y2K is one of the intractable problems about
  proactive measures to improve organizational and
  supply chain resilience
• If successful, mean nothing happens, but leads to
  questions of value or cost/benefits justification
• It is very difficult to make a business case for
  proactive just in case measures to improve
  resilience

13
Creeping Crises

• The outbreak of foot and mouth disease(FMD) in
  British livestock herds in February 2001 resulted
  in damage to whole sectors of economy
• FMD was a known threat to livestock, albeit one
  that had not been seen in UK for a generation
• The impact is engaged in production and
  distribution of food

14
Creeping Crises

• But FMD also affected car manufacturers and
  fashion houses across Europe because of the
  shortage of high-quality leather
• All knowable unknowns events could be the
  example of creeping crises
• Creeping crises show the fact that supply chains
  are more than value-adding mechanisms underlying
  competitive business models
• Supply chains link organizations, industries and
  economies, they are part of the fabric of society

15
Post 9/11 Security Matters

• The events of 9/11 were so far out of risk
  managers field of reference, that they can be
  classed as unknowable unknowns
• The closure of US borders and the grounding of
  transatlantic flights dislocated international
  supply chains making supply chain vulnerability
  front page new

16
Post 9/11 Security Matters

• Post 9/11, new security measures were hurriedly
  introduced at US border posts, ports and
  airports, affecting inbound freight to USA,
  including
• Container Security Initiative (CSI)
• CSI looked to new technology to pre-screen high
  risk containers before they arrived at US ports
• Customs-Trade Partnership (C-TPAT)
• C-TPAT is a known shipper programme, which
  allows cargoes from companies certified by US
  Customs to clear customs quickly

17
Corporate Scandals, Operational Risk and
Business Continuity

• In the world of corporate risk management
  events(e.g. 9/11) were unfolding that would push
  operational risk to the top of the corporate
  agenda
• The Enron Corporation collapsed in late 2001
• Once held up as a model of best practice
  corporate risk management
• Another three companies quickly followed

18
Corporate Scandals, Operational Risk and
Business Continuity

• New regulation, Sarbanes-Oxley Act(SOX) is
  noteworthy (Ch10)
• SOX requires full disclosure of all potential
  risks to corporate well-being within the business
• Board members have become more interested in
  identifying knowable unknowns and have turned
  to risk management and to Business Continuity
  Management(BCM)

19
Business Continuity Management

• Rooted in IT disaster recovery, but its remit has
  expanded greatly
• Helps to prove that management have acted with
  due diligence
• Start with the preparation of a Business
  Continuity Plan
• Best practice
• An on-going programme of training, rehearsals and
  reviews of the initial plans to cope with various
  eventualities
• Careful consideration to the management of an
  after-the-event recovery phase

20
The Shortcomings of Risk Management

• Decision Theory and Managerial Tendencies
• Objective Risk and Perceived Risk

21
Decision Theory and Managerial Tendencies

• Concerned paid little attention to uncertainty
  surrounding positive outcomes, viewing risk in
  terms of dangers or hazards with potentially
  negative outcomes
• Managers focus on the possible losses associated
  with plausible outcomes
• Decisions involving risk are heavily influenced
  by their impact on the managers own performance
  targets

22
Decision Theory and Managerial Tendencies

• In comfortable circumstances managers are likely
  to be risk-averse, but when staring failure in
  the face, researchers show that this tendency
  reverses and they become risk-pron
• There is unlikely to be a single unified attitude
  to risk taking within a large organization

23
Objective Risk and Perceived Risk

• A view of risk set out by the engineers and
  physicists of The Royal Society
• Objective risk determined by experts applying
  quantitative scientific means
• Perceived risk the imprecise and unreliable
  perceptions of general public
• Detriment the numerical measure of harm or
  loss associated with an adverse event

24
Objective Risk and Perceived Risk

• Social scientists contend that, where people were
  involved, objective and perceived risk become
  inseparable
• Risk is not a discrete or objective phenomenon
• Risk is an interactive culturally determined one
• Risk is inherently resistant to objective
  measurement

25
Objective Risk and Perceived Risk

• Engineering-derived objective views lead to a
  business process engineering and control
  perspective
• Open interactive societal systems views offer a
  persuasive argument for perceived risk
• The global supply chain view illustrates that
  culturally determined perceptions of risk could
  vary greatly from one region to another
• Hence the forces of nature can demonstrate just
  how far removed from a controlled environment
  this all might be

26
The Need for Holistic Approaches

• SCM is integrative and interdisciplinary
• Logistics is just one of several established
  sub-disciplines
• Supply chain risk management can be expected to
  display all the characteristics of a wicked
  problem

27
The Need for Holistic Approaches

• Wicked Problems
• Societal problems are inherently different from
  the problems that scientists and some engineers
  tackle
• Involve multiple stakeholders
• Any solution, after being implemented, will
  generate waves of consequences
• Should be considered within valuative frameworks

28
A Simple Framework For A Wicked Problem

• A supply chain as an interactive system

Unfortunately!! We dont live in an ideal world,
so levels two, three and four bring in a host of
other factors that often intervene.

• Socio-political factors, such as action by
  pressure groups can be identified by routine
  horizon scanning using specialist or general
  media sources, allowing measures to be put in
  place to mitigate the impact.
• The creeping crises referred to earlier in this
  chapter could all be regarded as level four
  disruptions, but it would be wrong to regard them
  only as external threats to the supply chain.

• From a pure SCM perspective risk at this level
  is the downside financial consequences of a
  specific event. The loss of a sole supplier or
  customer is the most obvious danger here.

• Focuses on what is being carried- work and
  information flows- and process design within and
  between organizations.
• In the ideal world of scientific management,
  mastery of process control methodologies would
  facilitate the identification, management and
  elimination of risk.

• It is helpful to explore the impact on
  operations of the loss of links or nodes in the
  production/distribution and infrastructure
  networks, through network modeling.
• e.g. With the element of SCM and resource
  requirements are increasing, the probability that
  assets may be damaged, stolen or mislaid along
  the way is increasing.

29
Thank You for Your Attention

• Thank You for Your Attention