Too many organisations lack deep visibility into their supply networks and therefore cannot understand the risks they face, believes Markus Groth
As the world economy changes with increasing velocity, global supply networks grow correspondingly more complex and vulnerable. While rapid advancements in automation, single sourcing, cloud computing, and offshoring in emerging economies have provided competitive efficiencies for organisations, these advantages are threatened by a growing array of risks. In this volatile business environment, a deep understanding of supply network ecosystems and the organisational resilience to respond quickly to threats and their impact is critical to business success.
Learning from disasters
The aftershocks from the devastating natural catastrophes of 2011, most notably in Japan, Thailand, and New Zealand, are still rippling through global supply networks. Companies that had believed their supply networks were secure found out otherwise – the hard way. Many organisations that were not affected saw a warning sign in the global string of floods, earthquakes, tornadoes, and other events during that year. As a consequence, more and more companies are now beginning to fully understand that it is imperative to ensure resilience in the critical areas of their supply networks
In various ways, the effects of 2011’s catastrophes were obvious – significant loss of life and stresses to many organisations’ operations, personnel, business models, projects, balance sheets, and equity. But beyond these direct impacts, 2011 gave a clear lesson to risk managers and business executives – an organisation does not have to be in the direct path of a storm, in order to suffer a major loss.
Such losses typically manifest in a company’s supply network, which is often an integral component of the value that a company can deliver to its customers and stakeholders. But supply networks have become increasingly complex, globally interconnected, and largely managed by third parties. After years of focus on cost, efficiency, and speed to market, supply networks are more vulnerable to geographically remote, disruptive events than ever before.
Although some organisations recognise this vulnerability, the truth is that many still are not prepared for a supply network disruption. Too many organisations lack deep visibility into their supply networks and therefore cannot understand the risks they face, the tools that are available to them to better control their risk and improve resilience, as well as the competitive advantages and bottom line benefits that a superior supply network can yield.
Creating mutual risk perception
Many organisations lack structural knowledge about the supply network they are part of. Through what amounts to a ‘trust-but-don’t-verify’ approach, many organisations make broad assumptions about the risk management activities of their business partners – opening the door to disruptions and losses. Interestingly, many organisations expect their suppliers to manage risk to the same degree as their customers. Quite often organisations do not think it is their responsibility to “manage down the line”, even though a disruption further along the supply streams can have a substantial impact.
It is important for any organisation and for most, if not all, the companies that are part of a supply network to have a similar – and in the best case – the same understanding of risk and of the impact that a disruption will have on delivering value. To improve the resilience of supply networks, organisations should drive home a risk management world view with their suppliers and customers, and ensure that they take the matter seriously. This, however, is easier said than done. This may require adding compliance language and penalties to contracts or establishing near-real-time event monitoring systems for instance.
Understanding risk consistency
When organisations closely examine their supply network risks, many focus purely on the potential physical disruptions – damage or destruction to their operations or those of their suppliers or customers. But global supply networks can be disrupted by more than natural event triggers. Disruptions to supply networks can come about due to social, technical, or hybrid events as well such as political and social unrest, cyber-attacks, or an economic downturn that puts one or more suppliers out of business.
Similarly, many organisations view the supply network itself as being purely physical – comprising only those mechanisms that create and transport physical products and goods. But physical assets are just one aspect of how any company delivers value through its supply network: critical technologies, relationships, knowledge, skills, and people all contribute heavily to the flow of money or goods that create and deliver any product, from smart phones to financial advice.
Developing resilience strategies
The strategies for providing greater resilience can be divided into four broad categories:
• Insurance-driven/asset-based programmes
• Compliance-driven/functional-based programmes
• Threat-driven/event-based programmes
• Value-driven/flow-based programmes
The first three categories, which represent most organisations’ current strategies, are not comprehensive. They take into consideration only a small portion of an organisation’s total exposures and result in risk investments that are aligned to physical resources. What they leave out are non-physical risks, such as the failure of a supplier or the lack of public infrastructure, such as roads and ports.
The value-driven or flow-based programme can deliver a complete, integrated approach to supply network risk management. Aligned with the organisation’s business, this approach extends the view of the supply network beyond the organisation’s physical boundaries. Risk is viewed in the context of the value delivered to all stakeholders by a given product, product category, or product family. Industries that use this value-based strategy include those with the most highly complex and advanced supply networks, including automotive and high-tech manufacturing.
The value-based approach begins with a clear articulation of what is of greatest organisational value. If all of an organisation’s capabilities were destroyed and it had to start from scratch, which market and product or service would it focus on first?
Once this priority is defined, the value and supply network to support it can be shaped. Single points of failure can be analysed to determine the impacts at various ‘pinch points’ – such as the number of weeks and financial impact of production being halted. These can then be quantified and prioritised to determine the level of investment needed to manage risk at a detailed level.
Transferring the network risk
Risk managers have historically looked to contingent business interruption (CBI) and contingent extra expenses (CEE) insurance as a way to mitigate financial risks associated with loss events that affect their suppliers and customers. CBI reimburses insureds for loss of gross profits resulting from an interruption of business due to insured physical loss or damage at a supplier or customer location(s). CEE reimburses insureds for the additional expenses over and above normal operating costs to avoid or diminish an interruption of business following insured physical loss or damage at a supplier or customer location(s). The cause of the interruption – a fire or an earthquake, for example – must be from a covered peril and must result in physical damage that inhibits the third-party supplier or customer from being able to supply or receive the insured’s goods.
CBI and CEE, however, do not cover the increasingly frequent disruptions that many organisations face that are not related to physical damage. For example, the eruptions of Iceland’s Eyjafjallajökull volcano caused little physical damage to insured property, yet air traffic was interrupted, leading to significant disruptions and delays in the transport of goods and services into and out of Europe. Following the events of 2011 in Japan, many buyers of CBI and CEE came to realise it often is restricted to first-tier suppliers or customers, meaning that CBI or CEE resulting from damage to ‘indirect’ second or third tier suppliers or customers will not be covered.
Emerging risk financing solutions for covering supply network interruptions are considerably broader than CBI and can offer additional protection. In addition to indemnifying for business interruption and extra expenses resulting from physical damage to a supplier or customer (i.e. typically excess of ‘all risk’ programme CBI and CEE limits), insurance products also offer insureds protection against non-physical interruptions to their supply networks, such as strikes, riots, ingress/egress, service interruption, pandemics, cyber-attacks, and more. Such coverage can be tailored to an insured’s unique supply network exposures.
A final thought
Claiming success in supply network risk management is about more than simply having a plan in a binder. To truly achieve resilience, traditional plans and related risk transfer mechanisms need to be re-engineered and more voices added to the supply network risk management discussion. Managing resilience is not just about quickly recovering from catastrophic events; it is about avoiding or minimising exposure to such risks in the first place.
This article was previously published by the BCI in Continuity magazine.
About the Author:
Markus Groth is head of Marsh Risk Consulting, Germany, and a council member of Marsh’s Business Interruption Centre of Excellence.
