How do you prepare for a crisis you can't predict? No one really knows, but analysing past problems can inspire future plans and help you build a resilient, responsive business continuity strategy.
The speed at which the coronavirus spread around the world is truly remarkable, but the occurrence of a major disruptor to global supply chains is far from it.
In the past few decades, supply chains have been subjected to innumerable spanners in the works, from natural disasters and economic downturns to health hazards, with SARS being a key example. Yet despite so many warning signs, the emergence of a highly contagious, debilitating disease still caught most by surprise, and as such came up against supply chains that were largely underprepared and vulnerable.
It’s impossible to devise a contingency plan for every eventuality, particularly when dealing with unknowns. However, it will always pay to embed preparedness, agility, and resilience into business plans, to avoid problems you know, and minimise the impact of those you don’t.
This approach applies to each link in the supply chain because delays in one organisation’s response, as well as weaknesses in resilience and continuity, could be exacerbated by the lack of maturity of any third-party suppliers relied upon to meet objectives, goals and targets.
Checking the forecast
Weak resilience and the inability to identify and manage supply chain risk has created a shortage of supply to meet consumer demand, as a result of unplanned and predictable delays from material events, like the global financial collapse, closure of key suppliers or government restrictions around imports and exports. Also, it has created circumstances where teams are unable to meet the requirements of service-level agreements or other contractual obligations, which are often compounded by management’s lack of understanding of the various dependencies in their organisations.
Nicky Downing, CEO at Guideline BizTech, highlights that, given the low levels of governance, risk and compliance maturity we see within mid-size and large multinationals, it’s no surprise so many find themselves stuck in reactive crisis management, rather than proactive crisis preparedness and risk mitigation. Collectively, we need to shift our focus towards building robust, responsive business continuity plans, and when starting out, you can’t go far wrong with forecasting.
The global risk and potential impact field has a wealth of available data, for instance the World Economic Forum’s annual global risk reports. Each year, they assess the economic, environmental, geopolitical, societal and technological effects of global threats, which have consistently expanded to include extreme weather events, natural disasters, climate action failures like extreme pollution and heatwaves, and human-made environmental disasters such as mine site tailings and dam failures.
According to Statista, in 2019 the number of global natural disasters was 409, down from 415 in 2018. Spurred by the supply chain impacts of events such as Hurricane Sandy in 2012, which hit the Atlantic and caused loss of lives, power and fuel, and destroyed ports and warehouses, companies are coming to recognise the importance of dedicated disaster planning, and are subsequently modifying their strategies.
While the majority of companies are still lagging behind on this, others are leading the way. For instance, it was over a decade ago that consumer goods giant Procter & Gamble centralised its response capability to ensure a coordinated, proactive decision-making process that could identify supply chain risks across its 300 global facilities. More recently, logistics major DHL introduced a supply chain resilience solution that acts as a warning for global events and supply chain risk. These are investments in proactive risk analysis that will pay off time and time again.
Practicing business agility
How an organisation responds to warning signs is key. Forecasting is a vital tool, but it cannot reduce the impact alone; organisations should also have a supply chain that is agile enough to respond to any crisis and demonstrate resilience through coordinated action and decision-making.
“Agility does trump forecasting”, Unilever chief supply chain officer Marc Engel declared at the Reuters Transform Europe virtual conference in July. “At the end of the day, every dollar we spent on agility has probably got a 10 times return on every dollar spent on forecasting or scenario planning,” he added.
The Great East Japan earthquake and tsunami in 2011 – and the supply chain disruption caused – highlight lessons, such as the risk to operations caused by relying on single-source suppliers, that long supply chains may be higher risk than short ones, and just-in-time inventory management can have a deep impact where there is supply chain disruption.
For example, construction equipment maker Kenki wasn’t directly impacted by the earthquake and tsunami, but many of its suppliers were. When representatives visited vendor businesses to support their recovery, they identified problems with the local production of semiconductors, and so diversified local and international supply chains.
Another great example is Walmart, which analysed point-of-purchase data from historical hurricane events to understand what consumers tend to buy before and after a storm. When Hurricane Katrina hit in 2005, Walmart put its supply chain strategy into action, and was able to respond more quickly and effectively than emergency management agencies and the Red Cross. Also, by monitoring weather patterns it was possible to reroute logistics to the worst affected areas of the country to have provisions in place before the hurricane landed.
The benefits of preparedness don’t stop with one company, or even the supply chain, but carry through to benefit the wider industry and consumers. Clearly, no business should be without a detailed and comprehensive Business Impact Rating or an assessment of its supply chain exposure, and these exercises need to include risk evaluation assessments and composite risk scenario analysis with resilience tests.
Unfortunately, given that in many instances GRC activities are still not considered critical core business functions, they’re often completed in silos or not done at all. The true impact of this immaturity culminates when an unpredicted event, such as a global pandemic, emerges overnight and organisations can see the tangible impact and losses due to their gaps in risk management.
Those that have invested in preparedness have greater agility when addressing the unpredictable from a base of informed decision-making and locked and loaded business continuity plans.
For many organisations, Covid-19 has highlighted just how significant their unpreparedness was in terms of their ability to deal with the impact of the outbreak on their operations. The pandemic and resultant lockdowns have brought to light the concerning fragility of certain approaches to resilience planning, and a widespread lack of ability and agility to predict, assess and mitigate what is to come, relating to supply chain risks.
Supply chain assurance and business continuity are two areas that have set many companies above the rest when it came to coping with the supply chain impact from Covid-19 and international lockdowns.
Strong communication and technology solutions are an integral part of risk planning and preparedness for supply chain impact and continuity. Risk assessment and forecasting are also important, however, building agile supply chains, where decisions can be made quickly and changes responded to effectively, can make the difference between a small, medium and large-scale impact.
Six steps to stay ahead of the next crisis:
1. Implement an information discovery process to determine the ‘context’ of your organisation
This should be completed with participation from all functional heads and critical role players to ensure all aspects of the organisation are assessed. A business impact rating exercise should include consideration of supplier dependencies, legislative and regulatory changes, the IT landscape, the workforce, and political climate and economic change impacts.
2. Prepare a detailed business impact assessment, including a full data and IT landscape mapping exercise
This simple approach enables leaders to identify areas that exacerbate the silos and hidden information challenges which exist in so many organisations. Identifying the most important services to the organisation is key to helping drive the strategy in general, and it is equally valuable for risk and disaster response planning.
3. Use risk evaluations and supplier risk assessments to determine the impact on objectives
It is vital that all key suppliers identified in steps one and two above are effectively evaluated through an efficient vendor management process. When carried out appropriately, these tools produce the right environment that ensures risk evaluation steps are relevant and meaningful, and that no gaps are created in the process.
4. Define and activate Crisis or Supply Chain Task Teams, inclusive of all stakeholders
A communication strategy with information centrally gathered that is known and understood will support both internal and supply chain partners in determining the cross-functional activities required to be put into place to ensure that visibility is maintained at critical task level on an ongoing basis.
5. Perform scenario planning and response for the short, medium and long-term impact, building out your supply chain ecosystem response and resumption plan
It is recommended that scenario analysis and development of continuity plans is carried out again with all the relevant key stakeholders, as in step one. However, this time it will not include engagement with critical suppliers. It is important for clients and suppliers to understand their respective roles, dependences and responsibilities within the end-to-end supply chain risk scenario, and this preparation supports that result.
6. Launch the digital insights
With the foundation blocks now in place, it is possible to build an effective, integrated reporting framework; one which will support transparency and visibility, with best practices in process to enable early warning detection and alert notifications.
☛ Stephen Tosh is the director of Global Risk Alliance Ltd