Business Dis-Continuity

The now classic textbook example of supply chain continuity, or rather “dis-”continuity, is the difference in how Ericsson and Nokia handled a fire in the chip manufacturing plant that supplied both companies. A well-handled supply chain disruption can result in business continuity, i.e. Nokia, while an ill-handled supply chain disruption can result in business dis-continuity, i.e. Ericsson. Building on this as one of the examples in the early pages of the book, Kildow goes on to explain in detail why and how she thinks that business continuity thinking should be part of supply chain management.

BCM+SCM=SCCM

As far as I can see, this is the first book that successfully marries Business Continuity Management with Supply Chain Management, thus creating Supply Chain Continuity Management, although this term is never used in the book anywhere, but that’s what it is; instead, she uses Supply Chain Business Continuity. Personally, I consider straightforward supply chain continuity the better terminology.

Familiar, but better

In its structure, the book more or less follows the same and familiar steps that Steve Cartland used in his book chapter on business continuity in global supply chains:

• Assess the risk
• Analyze the business impact
• Develop business continuity strategies

However, unlike Cartland’s book chapter, Kildow focuses exclusively on supply chains. As such, she is perhaps closer to the Swedish book on How to secure your supply chain that I have reviewed earlier.

Business Impact Analysis

Every enterprise has a supply chain, so Kildow, and within it there are products and services where disruptions could have a huge impact on business continuity. For each of these there are critical business functions that depend on each other, and mapping these functions is important in establishing their level of criticality. Here is Kildow’s suggested evaluation criteria:

• Function involves direct contact with customers
• Function involves direct contact with suppliers, contractors or shippers

Loss of function would

• Directly result in a loss of revenue and profit
• Potentially result in a loss of customers
• Directly result in increased operating costs
• Result in accounts receivable delays
• Delay distribution of products or service delivery
• Delay shipment or receipt of products
• Delay receipt of materials, parts or components
• Negatively impact the company’s current public image
• Result in significant liability exposure or other legal ramifications
• Prevent the company from meeting regulatory requirements
• Lead to imposition of fines or other penalties for failure to fulfill delivery clauses or meet service level agreements
• Result in financial penalties for late payment of accounts payable.

Considering this exhaustive list, there is maybe not much left that is non-critical, but more important than the assessment of everything important is to develop strategies for ensuring continuity, and in the book, Kildow lays out the steps for doing so.

Developing Business Continuity Strategies

When developing strategies, Kildow says, it is important to remember that business continuity is not business as usual, rather it is best possible business under certain scenarios.  Thus, all strategies must consider two dimensions:

• when a disaster directly impacts the organization
• when a link in the supply chain experiences a disruption that creates a disaster ripple effect

Once basic strategies are identified, it is necessary to dig into all related requirements for for ensuring continuous business flows such as inventory levels, restocking plans, and the movement of materials, components, parts and products.

Why business continuity?

As an argument for the importance of business continuity, Kildow puts forward the 80-20 rule

• 20% of a company’s stock takes up 80% of its warehouse space
• 80% of sales come from 20% of the sales force
• 20% of an organization’s staff causes 80% of its problems
• 20% of an organization’s staff provides 80% of its production
• 20% of the risks to an organization result in 80% of its disasters

Practical and hands-on

Not only does Kildow go into details about risks and strategies specific to supply chains, her book also includes a detailed appendix on

• how to assess your own business continuity readiness,
• what specific hazards a supply chain continuity plan should include,
• how to deal with pandemic issues,
• how to set up your continuity team,
• three continuity plan samples, and
• a supply chain/business continuity glossary.

Reference

Kildow, B. A. (2011) A Supply Chain Management Guide to Business Continuity. New York: AMACOM.

Author link

• linkedin.com: Betty A Kildow

Buy this book

• amazon.com: A Supply Chain Management Guide to Business Continuity

Related posts

• husdal.com: Supply Chain Risk versus Business Continuity
• husdal.com: Business Continuity in Global Supply Chains
• husdal.com: How to secure your supply chain

Unique

Normally, in most supply chain books I have seen, e.g. Logistics Management and Strategy, there is ample ink devoted to theories and concepts with a couple of examples thrown in next to illustrative and basic generic figures. They teach you concepts, but not how to run your own supply chain.

Not so here. Each chapter is based around one or several anecdotes of real life examples that are meant to illustrate certain concepts, e.g. sourcing strategies, and everything in the chapter evolves around that example. It is impossible to just read this book from beginning to end and get a sense of supply chain concepts and issues, you really have to follow through and do the math in the examples, let alone the questions for discussion at the end of each chapter.

Seen from a manager’s or CEO’s perspective, the reader is invited to take part in the solution of the problem in the supply chain of said manager, by trying to understand how that particular supply chain works, and by calculating what to do next. Some of the anecdotes even read like suspense novels, and on occasion I really felt like wanting to skip the math and flip to the end to see how the story went…but then I would miss the point of how the problem was actually solved.

Not for the faint-hearted

Mind you, this is a textbook aimed specifically at graduate students, and while the undergraduate student may be overwhelmed by the sheer volume of information in this book, a graduate student should not. It IS NOT a book for learning by reading and remembering. It IS a book for learning by doing, i.e. taking notes, looking up references, structuring your notes and calculating on your own.

It is perhaps not so useful as a quick reference book suited for a busy supply chain executive. However, it may serve well as a reference for a supply chain analyst preparing a report for the busy executive.

Book Highlights

With 500+ pages, as already mentioned, and with case examples drawn from a wide range of industries, this is a very comprehensive book, covering in extensive detail almost every nook and cranny of supply chain management:

• Inventory Management and Risk Pooling
• Network Planning
• Supply Contracts
• The Value of Information
• Supply Chain Integration
• Distribution Strategies
• Strategic Alliances
• Procurement and Outsourcing
• Global Logistics and Risk Management
• Coordinated Product and Supply chain Design
• Customer Value
• Smart Pricing
• Information Technology and Business Processes
• Technology Standards

Each chapter begins with a case that thoroughly discusses the topic of the chapter, it ends with a  summary and questions for discussion. Often there is a second or even a third case after this, providing yet further how-to knowledge in supply chain management.

Inventory Management and Risk Pooling

This chapter focuses on an essential task of supply chain management, namely matching supply with demand, by properly managing inventory. Case examples are Steel Works Inc, a manufacturer of custom and specialty use steels, and Sport Obermeyer, a ski clothing manufacturer. Topics covered include inventory holding and setup cost, lead time variability and forecast demand. The chapter discusses the three rules of inventory management,

• forecast demand is always wrong,
• the longer the forecast horizon, the worse is the forecast,
• aggregate demand information is always more accurate than disaggregate data,

and how risk pooling is one strategy that enables a lower inventory level without affecting the service level.

Related post: In The role of elasticity in supply chain performance Hull (2005) develops a model that describes the performance of supply chains based on their elasticities of supply and demand.

Network Planning

This chapter looks at what is the best or most cost-effective strategy for locating manufacturing, warehousing and distribution facilities and how to link these with the right logistics setup. Case examples are the BIS Corporation, a manufacturer of paints, ElecComp Inc., a contract manufacturer of of circuit boards and high-tech parts, and H.C.Starck Inc., a manufacturer of metallurgical products. Among others, topics covered are

• Network design
• Inventory positioning
• Resource allocation

and the chapter describes how to find the best match that considers the entire network and takes into account production, warehousing, transportation, inventory costs and service level requirements.

Related post: In Reliability Models for Facility Location: The Expected Failure Cost Case, Snyder and Daskin (2005) describe how to locate facilities such that disruption cost is minimized.

Supply Contracts

This chapter deals with with supplier relations as they are formed by contracts. American Tool Works, a leading manufacturer of high quality power hand tools is used as a case example. Topics covered are the pros and cons of the various types of contracts and when to use which type of contract, such as

• Buy-Back,
• Revenue-Sharing,
• Quantity-Flexibility,
• Sales Rebate,
• Global Optimization,
• Pay-Back,
• Cost-Sharing,
• Capacity-Reservation,
• Advanced-Purchase,
• Long-term,
• Flexible-Option,
• Spot Purchase, and
• Portfolio Contracts.

Some contracts are covered in extensive detail, while others are more cursory described, presumable reflecting which that is most used.

Related post: Not as comprehensive, but some of the same issues are covered in Giertz (1999) in How to secure your supply chain, a Swedish handbook in supply chain risk and business continuity management.

The Value of Information

Case examples in this chapter are Italian pasta manufacturer Barilla and sports apparel maker Reebok.  The so-called bullwhip effect is at the core of this chapter, which looks at certain techniques that can be used to counteract the bullwhip effect, first and foremost information sharing and centralized demand information. The bullwhip effect is also used to illustrate that a supply chain goes through various stages where conflicting objectives can be met through certain trade-offs that are made possible if sufficient and accurate information on supply and demand is at hand:

• Lot Size Inventory Trade-Off: Smaller lots may be more expensive to manufacture, but lead to less inventory, shorter lead times and a more variable supply to meet variable demand.

• Inventory-Transportation Cost Trade-Off: While shipping large quantities is cheaper than shipping small quantities, shipping Less-Than-Truckload may satisfy immediate demand, but consolidating loads will brings the overall cost down.

• Product Variety-Inventory Cost Trade-Off: Increasing product variety increased manufacturing cost, as well as transportation and warehousing cost, if all warehouses need to stock all products. This can be countered by delayed differentiation, where generic product modules are assembled at warehouses and distribution centers rather than at the factory, thus reducing inventory variability.

• Cost-Customer Service Trade-Off: Reducing inventories, manufacturing costs and transportation costs may come at the expense of customer service level. However, advanced information services coupled with advanced manufacturing and distribution can be used to give customers a service they haven’t been able to realize before, by delivering highly personalized goods that customer may be willing to wait for longer than what they can buy off the shelf.

Related post:  Faisal, Banwet & Shankar (2007) Information risks management in supply chains: an assessment and mitigation  address  that while openness, partnering, trust and particularly sharing of information has often been cited as one way to reduce supply chain risk, it also comes with its own set of risks.

Supply Chain Integration

Using computer manufacturer Dell and chipmaker Cisco as the main case examples, this chapter looks at the different types of supply chains for different types of commodities, in particular

• Push
• Pull
• Push-Pull

and how this effects the different production and distribution decisions, how push and pull link up with economies of scale and demand uncertainty, and how push and pull link up with lead time and demand uncertainty.

Related post: Christopher, Peck,  & Towill (2006)  A taxonomy for selecting global supply chain strategies, use a slight similar approach when they discuss lean, agile and leagile supply chains.

Distribution Strategies

What could be a better case example for discussing distribution decision strategies than Amazon.com? I can’t think of a better case and the book spends not less than 21 pages on this. In addition, this chapter discusses the differences between

• Direct shipment
• Intermediate inventory storage point
• Traditional warehousing
• Cross-Docking
• Transshipment

and how these decisions depend on the nature and characteristics of costs, products, and customers.

Related post: Naim, M., Aryee, G., & Potter, A. (2010) Determining a logistics provider’s flexibility is a good source for choosing the right logistics provider for the desired distribution strategy.

Strategic Alliances

The title of this chapter was a bit misleading to me as it not about the strategic alliances that are built in boardrooms, but the alliances and how they affect the shop floors. The case example is Costco & Kimberley-Clark, with the latter in charge of stocking the shelves of the former, thus being able to match demand with production, while the former has lowered prices and increased customer satisfaction. In particular, this chapter deals with

• Third-party logistics, 3PL,
• Retailer-supplier partnership, RSP, and
• Distributor integration, DI.

While I agree that the three above can take the form of an strategic alliance, employing them per se does not necessarily make it a strategic alliance.

Related post:  Das & Teng (2001) Trust, Control and Risk in Strategic Alliances propose a new integrated framework for these three constructs in the context of strategic alliances, essentially asking: Can strategic alliances really work? 

Procurement and Outsourcing

This chapter considers the benefits and risks of procurement and outsourcing. Spania-based high-end fashion and clothing retailer Zara serves as the case example, along with Solectron, an electronics manufacturer. The positive sides of outsourcing are listed as

• Economies of scale
• Risk pooling
• Reduce capital investment
• Focus on core competence
• Increased flexibility

while the negative sides are

• Loss of competitive knowledge
• Conflicting objectives between buyer and supplier

Related post: Treleven and Schweikhart (1988)  A risk/benefit analysis of sourcing strategies: Single vs. multiple sourcing was among the first papers to examine the costs and benefits of single versus multiple sourcing strategies.

Global Logistics and Risk Management

This chapter focuses on global supply chains specifically, which I find a bit interesting, as most of the case examples already mentioned are global. Wal-Mart’s multinational efforts serves as a case example here, so perhaps a global supply chain in the sense of this book is in fact a multinational supply chain operated by the same company? Issues that such supply chains must account for are

• Global market forces,
• Technological forces,
• Global cost forces, and
• Political and economical forces.

Related post: While there obviously are many that could be cited here, Manuj and Mentzer (2008) Global Supply Chain Risk Management Strategies is the one that first comes to mind.

Coordinated Product and Supply Chain Design

This chapter begins with the case of Hewlett-Packard and their DeskJet printer supply chain, clearly showing how the development chain and supply chain are inextricably linked in that the former affects the latter, and may even hamper the flow of the supply chain. Products, albeit primarily designed for customer satisfaction, should nonetheless also be designed for logistics satisfaction. Issued discussed include

• Modular products
• Modular processes
• Part standardization
• Process standardization

In addition, supplier integration can play a major role in product design, and can take place along a spectrum of integration:

• None
• White box – informal, buyer consults supplier
• Gray box – joint development in collaborative buyer-supplier teams
• Black box – supplier designs product based on buyer’s interface requirements

Related post: Khan, Christopher, & Burnes (2008) The impact of product design on supply chain risk: a case study show how UK-based Mark & Spencer learned its lesson the hard way, but has bounced back after it realized how crucial product design is in supply chain risk.

Customer Value

The essence of this chapter is that excellence in supply chain management translates into customer value in many dimensions, from availability and selection to influencing the price at which a product can be sold. Issues realted to customer value are

• Conformance to requirements, giving customer what he wants and needs
• Product selection, proliferation of customer options
• Price and brand, matching asking prices with brand reputation
• Value-added services, e.g. support and maintenance (free of charge)
• Relationships and experiences, connecting customer and firm
• Achieving excellence, target one attribute and differentiate yourself from competitors

Smart Pricing

This chapter tells the story of how smart pricing can increase or even decrease demand, depending on which you may prefer (if profit margins on a certain product are low, you may in fact prefer the latter). The case is Starbuck’s and how they simply do not list available drinks because they don’t generate much profit, although you may ask for it and you will get it. Or why does the value range at supermarket have such an ugly packaging? Of course, to make you buy the higher priced and more profitable high-end products.

Smart pricing involves issues such as

• Group pricing, discounts for certain groups of customers
• Channel pricing, different prices for different channels
• Regional pricing, exploiting price sensitiveness in different locations
• Time-base differentiation, different price for different delivery times
• Product versioning, different branding of what is essentially the same product
• Coupons and rebates, where the coupon is meant to be a hurdle, not an incentive

However, if customers feel that they have been unfairly treated or outsmarted by these smart prices, it may ultimately hurt the business.

Related post: In Tang, C. (2006) Robust strategies for mitigating supply chain disruptions smart pricing is used by Dell to avert the effect of a supply chain disruption, by discounting available products and marking up items with little or no inventory, thus channeling customers towards certain items.

Information Technology and Business Processes

This chapter takes a close look at how changes in IT change business processes which ultimately change supply chain management decisions. Appliances manufacturer Whirlpool and convenience store chain 7Eleven are case examples here, showing how companies that apply business processes and technology properly outperform their peers.

Technology Standards

This last chapter looks at two technologies that are likely to become major future standards, SOA and RFID. While SOA provides the backbone for building more adaptable systems, the implementation of RFID will allow for real time tracking of products. The case example is Pacorini, and Italy-based logistics provider, who put in place a service-oriented architecture (SOA) that integrates online and offline processes.

Critique

This book is for graduate students, and for that audience  it is an excellent book. Interestingly, if you read the reviews at amazon.com, it doesn’t fall in such good soil. Most reviewers are quite negative, perhaps for lack of appreciation of the subject?

One reviewer said “…Also, every time there is a new term they write [see 101] or [96] etc. I am assuming they mean page numbers by that? But so far I was not successful in finding these mysterious terms or any meaningful explanation for them. I always end up searching the terms through Google…” Seriously, you can not have read many books in your career if that is supposed to be a turn-off…those numbers simply refer to the same number in the list of references in the Bibliography at the end of the book. That is a very common way of referencing that I think every student should be familiar with.

If there is one negative side to this book, it is that it is overly long in some parts, while other parts are kept very brief. I would have loved to see a separate chapter on supply chain risk, and also a chapter on reverse logistics and sustainable supply chains, and perhaps even a bit of corporate social responsibility. That would have truly made this a complete supply chain management book, That said, a fourth edition of this book is currently in progress, so perhaps it will be included there?

Conclusion

If I were an MBA student this book would be one of my favorite companions. Yes, it’s not an easy read, but it’s a rewarding read, when you do the follow-up as you should. If you’re expecting a Supply Chain 101 book that serves you everything in teaspoon by teaspoon, as we say in Norway, this is not the book for you. Personally, I love this book; it is perhaps more than I ever wanted to and ever needed to know about supply chains, but that is a good thing, meaning that I will not grow tired of it.

Reference

Simchi-Levi, D. ; Kaminsky, P. and Simchi-Levi, E. (2007) Designing and Managing the Supply Chain. New York: McGraw-Hill.

Author links

• mit.edu: David Simchi-Levi
• berkeley.edu: Philip M. Kaminsky
• linkedin.com: Edith Simchi-Levi

Buy this book

• amazon.com: Designing and Managing the Supply Chain

Related posts

• husdal.com: Operations Rules
• husdal.com: Supply Chain as Strategic Asset

Find related books

What is resilience?

In her book Liisa Välikangas’ begins by referring to a 2003 article in the Harvard Business Review, “The Quest for Resilience” that she co-authored with Gary Hamel, and where she writes about resilience as a response to turbulent enviroments. Resilience, so the article, refers to a capacity for continuous reconstruction, and Välikangas sees resilience as a strategic much more than an operational ability.

Most importantly perhaps, she sees resilience as inextricably linked to sustainability, where true resilience can only be achieved through sustainable practices, and the book is a call for reforming resilience from a way of returning to a balanced state to a way of sustaining a balanced state. In such a state crises simply don’t occur, because they will be met and overcome (with resilience) even before they can manifest themselves.

Resilience, then, is seen as a facilitator or a catalyst for change, not as a means for quick recovery, even going further than Sutcliffe and Vogus in their Organizing Resilience, and Välikangas shows how “resilient” companies have managed the change despite the turbulence they may be in, while “not so resilient” companies have failed. Be that as it may, that is not my view of resilience.

Resilience I and Resilience II

Välikangas is aware of the popular notion of what resilience entails, namely the ability to bounce back, to make a recovery, or to persist during a crisis. This she calls Resilience II. Her new proposed notion of resilience, however, entails taking timely action before the misfortune has a chance to wreck havoc. This she calls Resilience I.

Välikangas also introduces what she calls strategic resilience, which supersedes both resilience I and resilience II, namely

the capability to turn threats into opportunities prior to their becoming either

Thus, resilience is not simply about having a highly competitive strategy; it is about the company’s capacity to benefit from unlikely events, which could have turned into threats, but instead turning them into opportunities. It is about the capacity to take advantage of serendipity, to take advantage of involuntary sagacity.

Basically then, resilience is not just bouncing back, it is skipping past something you otherwise would have had to bounce back from, perhaps a sort of preemptive resilience (the latter definition being my words, not Välikangas’). 

Operational versus strategic resilience

Välikangas draws a clear line between strategic resilience (defined above) and what she calls operational resilience, which is a defensive rather than offensive capability, and this type of resilience is seen as

the capacity to sustain threat and to accomplish accident recovery

While this kind of resilience can serve very well as the antidote for a sudden shock or jolt, it cannot combat long-lasting organizational decline, she says. That is why strategic resilience is needed, aimed at preventing the organization from falling into decline, and ultimately ensuring that crisis is averted before it can develop, as Cristophe Roux-Dufort describes in his Devil is in the Details.

Basically then, strategic resilience becomes a means for survival. Operational resilience can only sustain you for so long, and I’m temped to use a Norwegian saying here, whereby operational resilience would be described as “peeing your pants”: It’s nice and warm for a while, but it doesn’t last long.

Tests for resilience

Resilience, so Välikangas is a matter of strategy and its consequences. Resilience can only be obtained over time, by successfully applying the right strategy. Resilience is not a one-event quality, it must prove itself time and again. That is why she devised three tests of resilience:

• Competition – a company that has survived a competitive threat is by definition resilient (at that point in time).
• Legitimacy – the degree to which a company that has a legacy (history) and institutional depth (how embedded and interwoven into the society it is) determines the degree of resilience a company has.
• Toughness – a company that has experienced and overcome hardship and resource scarcity is resilient.

“Resilient” responses to future challenges

After reading the book I am compelled to rename the the title of Välikangas’ book. It should have been titled The Sustainable-Competitive Organization (or similar), because that is what it is about, to remain competitive, while at the same time being sustainable and socially responsible. Nowhere is this more apparent than in a table meant to highlight future issues:

That notion of sustainability is something that companies definitely need to consider, if they are to survive in the long term.

Critique

What does it mean to be a resilient organization? After reading this book, frankly, I don’t feel that I have come closer to an answer. While this undoubtedly is an excellent academic discourse on resilience that embraces all possible facets of the subject matter, drawing on an impressive and wide body of knowledge, it doesn’t provide a clear direction.

After reading Ted Goranson’s book on The Agile Virtual Enterprise I knew quite well what constitutes an agile enterprise; after reading Liisa Välikangas book on The Resilient Organization I don’t know equally well what constitutes a resilient organization. The book starts off well and keeps the reader engaged, but somewhere in the middle I got lost in all the sidetracks, textboxes, examples, sidebar notes, case studies and different perspectives and related terms that Välikangas brings to the table, there was just too much of it.

Välikangas brings together many ideas and thoughts on resilience that are worth pondering, but perhaps too many. Each chapter spreads out in a different direction (actually many different directions) and is a discourse in itself, where I found it hard to connect the dots between the chapters. Some even seemed completely out of context. This may be caused by some chapters or parts of chapters having been previously published as articles, and now put together to make a book, something that doesn’t always turn out well.

I know what kind of organization she wants to create, an organization that is innovative, robust, adaptable and strong, an organization that is engaged, competitive and strives for success, and maybe she is right that when an organization is all this it will also be resilient…or maybe it is vice versa, that being resilient implies the above. Maybe it’s just me, or maybe it’s just semantics, but that is not how I view resilience. In my world, resilience has a very specific and perhaps narrow definition, and I’m much more in line with the Australian view on Organisational Resilience.To me, one of the major driving forces in building resilience is adversity, and I didn’t find much of that in this book.

Conclusion

For anyone interested in a deep-dive into what business strategies that promote an enterprise that is innovative, robust, adaptable and strong, this book is highly recommended reading. It is also perhaps a book much more suited for rethinking organizational strategy towards greater sustainability than for creating organizational resilience; at least that’s what I think.

Perhaps the best way to describe Välikangas view of resilience is to take Porter’s “competitive advantage” and add “sustainable” in front, thus creating sustainable competitive advantage. That is in my opinion what the whole book is about, not resilience. Admittedly, maybe I am the one who is mistaken, and this is how resilience is really meant to be understood. What do you think?

Reference

Välinkangas, L. (2010) The Resilient Organization – How Adaptive Cultures Thrive Even When Strategy Fails. New York: McGraw-Hill

Author links

• linkedin.com: Liisa Välikangas

Buy this book

• amazon.com: The Resilient Organization

Related links

• gilbertacton.com: The Quest for Resilience

Related posts

• husdal.com: Resilient Organisations
• husdal.com: The Resilient Enterprise

For my German readers

I am multi-lingual, and that is very fortunate, because it gives me access to a wide range of literature otherwise only available and known to those who speak the language. German is perhaps not the most widely spoken language in business, but Germany is definitely a – if not the – economic powerhouse in Europe and it is no surprise to find excellent German literature in logistics and supply chain management, including supply chain risks in Germany.

This book is no exception, and while my German readers undoubtedly will benefit most from this review, I hope that my other readers will find it equally interesting and inspiring for their own research.

Three-In-One

The book has three main parts

• a review of the current state of supply chain risk management theories and how they pertain to low-cost country sourcing
• a model for explaining how certain supplier attributes influence certain supplier risks
• a case study based on the model that quantifies cause and effect of supplier risks in China and in Turkey

This review will focus primarily on the first bullet point, which is the most interesting to me, along with the second part which I will spend some words on, and I will not delve to deeply into a review of the third part, besides summarizing the results and managerial implications.

What is risk?

One very interesting figures in the book is the definition of risk. Here, risk is divided into pure risk (Reines Risiko) and speculative risk (Spekulatives Risiko), with the former having damage potential as the only possible outcome, while the latter has potential for both negative as well as positive outcomes.

Speculative risk can be further dived into risk in a strict sense (Risiko im engeren Sinne) and risk in a wider sense (Risiko in weiteren Sinne), where strict risk has a potential for loss only, and wide risk has a potential for both loss and profit (chance).

I’ve never seen this comparison before. More often than not, in everyday and popular understanding, risk is the potential for loss, as in Harland et al. (2003), although the ISO standard defines risk in terms of uncertainty. This is a figure I will most certainly use in my future deliberations on risk.

How to mange risk?

Another figure I will start using instead of what I am using so far is a figure describing the various ways of managing and reducing risk. It follows the traditional line of Avoid-Reduce-Transfer-Retain but not fully.

On the left is the overall risk (Gesamtrisiko), which through  avoiding (Vermeiden), reducing (Vermindern), limiting or containing (Begrenzen) and insuring or transferring (Versichern) is reduced to the leftover risk (Restrisiko) that is retained (Selbsttragen) by the company.

Note that avoiding and reducing are aimed at the causes of risks (Ursachenbezogen), while reducing, limiting, insuring and retaining are aimed at the effects of risks (Wirkungsbezogen). The two latter are seen as passive risk management (Passiv), while the three former are seen as active risk management (Aktiv).

While this figure uses the 4 classic approaches to risk management, it does not use a risk matrix approach and displays them differently. I think this way is better in illustrating how larger risks are turned into smaller risks.

The notion of active and cause-related versus passive and effect-related is very similar to what I wrote in my post on contingent versus mitigative risk management, and I am glad to see that I am not the only one viewing risk management in this perspective.

What types of supply chain risks exist?

Supply chain risks exist on different levels throughout the supply chain, some within the chain, some outside, but still within the network, and some entirely outside of the network, as illustrated by Martin Christopher in his book chapter on supply chain risk. Köhler’s division of levels is similar, but at the same time very different and perhaps more complete:

The innermost are risks that are endogenous to the supply chain (Supply-chain-endogene Risiken) and pertain to supplier (Lieferant) and customer (Abnehmer), i.e. information risks (Informationsrisiken), legal or contractual risks (Rechtsrisiken), financial risks (Finanzrisiken) and supply risks (Lieferisiken).

Outside of this are risks that are exogenous to the supply chain, but specific to the sourcing market (Supply-chain-exogene beschaffungsmarktspezifische Risiken), i.e. social and cultural risks (Sozio-kulturelle Risiken), legal risks (Rechtliche Risiken), technological risks (Technologische Risiken), political risks (Politische Risiken) and economical risks (Wirtschaftliche Risiken).

On the very outside are risks that are exogenous to the supply chain and independent of the sourcing market, that is every else and unrelated that can go wrong.

I like this figure. It is compact, and it manages to convey the big picture while not leaving out (m)any details. In a way it is reminiscent of Helen Peck and her four levels of supply chain risk, interestingly not referenced by Köhler.

Another not-referenced article that lists many of the same risks is Ghoshal’s organizing framework for going global from 1987, later picked up in an article on global supply chain risk management by Manuj and Mentzer in 2008 (also not referenced).

Don’t get me wrong here: I cannot hold against Köhler that he has missed or omitted some articles that I know of and that I would have mentioned; his reference list is more than sufficient by any standard, and it even contains references dating back to 1932, clearly showing that he has done his homework and done it well.

And while Köhler uses this framework as specific to low-cost country sourcing, I would say that it applies to any kind of international purchasing or global sourcing.

Risk drivers and moderators in low-cost country sourcing

This is where it gets tricky and this is where Köhler builds his model and puts forwards his hypotheses, no less than 27 in total, which I will refrain from listing, although in most of my reviews I do. Essentially, he divides his model into

• supplier-related factors (Lieferantenbedingte Einflussfaktoren),
• the impact these factors have on the sourcing company (Risikowirkung auf beschaffendes Unternehmen), and
• contextual moderating factors (Moderierende Kontextfaktoren).

How these work together is described in the figure below:

Supplier-related factors
are divided into three main groups: export readiness (Exportbereitschaft), export competence (Exportkompetenz) and export relationship (Exportbeziehung).

Export readiness
is determined by top management commitment (obviously no German word for that), strategic relevance (Strategische Relevanz), strategic value (Strategische Bewertung) and readiness to change (Änderungsbereitschaft).

In other words, these are the prerequisites for a supplier before engaging in exporting. These prerequisites determines whether the supplier actively seeks exporting opportunities and sees them as valuable or whether the supplier is perhaps not that much interested in exporting.

Export competence
is determined by financial skills (Finanzielle Fähigkeiten), operational skills (Operationelle Fähigkeiten), team skills (Mitarbeiterfähigkeiten) and technological skills (Technologische Fähigkeiten).

In other words, these are the day-to-day working skills necessary to ensure the smooth operation of the export supply chain. Obviously, exporting requires a different set of financial skills and a different kind of financial backing than if operating domestically. Team skills can be hampered by frequent staff turnover, while operational skills relate to efficient production processes, backed up by adequate technology, in particular for exchanging vital and timely information.

Export relationship
is made up of trust (Vertrauen), bonding (Verbundenheit), empathy (Empathie), shared values (Gemeinsame Werte), and communication (Kommunikation). In other words, this is what makes the relationship tick (or not).

Trust relates to the extent to which the partners perceive either other as credible and benevolent. Bonding express the degree of unison behavior towards reaching a common goal. Empathy, the ability of the supplier to understand, foresee and meet the company’s needs is crucial to the success of an export relationship. Shared values is the extent to which the partners have beliefs in common about what matters most or not; without it misunderstandings and culture shocks may develop. Communication forms the base and relates to the formal and informal exchange of information.

FYI, Göran Svensson has written a very good article on the gap between trust and dependence in business relationships, and Stephan Wagner looks at how buyer-supplier relationships evolve over time.

Contextual moderating factors
are either seen as either external or internal.

External moderating factors
are the export market complexity (Marktkomplexität), the environmental dynamics or pace of change (Umweltdynamik), and the performance of the logistics provider or 3PL (LDL Performance).

Export market complexity
is determined using 5 indices, and an export market is seen as complex if every year it is necessary to (1) significantly decrease costs, (2) and increase quality, (3) make considerable changes (leaps) in technology, (4) cut down product development times and (5) make more timely deliveries.

Environmental dynamics
expresses (1) how fast laws, regulations and standards change, in particular relating to customs and trade, and (2) how extensive the scope of change is. For more on this, see Catherine Truel’s book on customs risk and Pekka and Hameri’s paper on cross-border supply chains.

Logistics provider performance
consists of (1) delivery lead time (on time), (2) delivery reliability (as agreed upon), (3) delivery accuracy (no items missing, not too many), (4) delivery quality (no damaged items) and (4) delivery flexibility (ability to comply with a change of plans). In fact,  logistics providers play a major role in orchestrating not only the supply chain, but also the risks in the supply chain.

Internal moderating factors
are the ownership of the exporting company (Eigentumsverhältnisse), in particular whether it is (1) a privately held company or (2) a government-owned facility.

Moderating factors do not directly influence the outcome, but they influence the direction of the other variables.

Impacts on sourcing companies
are divided into two categories, supply failure risks (Liefermängelrisiken) and supply outage risks (Lieferausfallrisiken).

Supply failure risks
are defined by deviations in (1) delivery volume (more or less than asked for), (2) delivery place (not delivered to where it was supposed to), (3) delivery price (not as agreed), (4) delivery quality (not according to contract specifications), and (5) delivery time or lead time (not on time, too early or too late).

Supply outage risks
are defined differently from what I would expect, and are classified as (1) supplier defaults on contract because other customers are seen as more important, (2) supplier defaults because his product portfolio changes and he no longer can supply the desired product, (3) supplier aborts the contract because realizes that he cannot meet the high standards set by customer, and (4) supplier has contingency plans in place to ensure that the contract is met should his own suppliers default.

This is quite a complex model, and I am impressed with how simple it looks like from the outside, and how complex it must be to work with in detail. I am perhaps even more impressed with the statistical analyses and comparisons undertaken on the basis of this model, where each and every hypothesis is tested and evaluated. It is completely outside the scope of this blog post to go into any details here, but it is highly valuable and highly recommendable reading. Hopefully my description of the parts of the model, albeit a bit tedious maybe, can inspire others to follow in Holger’s footsteps or apply his thinking to other areas of supply chain risk.

Risk management in low-cost country sourcing

In the end, Köhler links up his model and his findings with the supply chain risk management cycle, thus illustrating the managerial implications for addressing risks in low-cost country sourcing. The risk management cycle has 4 iterative steps, (1) Risk identification, (2) Risk evaluation, (3) Risk management, and (4) Risk audit. Note here that the risk evaluation has two directions, effects (Wirkungsbezogen) and causes (Ursachenbezogen), as already outlined above.

Supply risk management has two perspectives, passive and reactive (Passives, reaktives Management von Lieferrisiken) on one side, and three active management approaches on the other side:

• (1) Relationship-oriented (Aktives beziehungsorientiertes Management), aimed at the export relationship of the supplier.
• (2) Competence-oriented (Aktives kompetenzorientiertes Management), aimed at the export competence of the supplier
• (3) Potential-oriented (Aktives kompetenzorientiertes Management), aimed at the export readiness of the supplier.

The “sliding triangle” on the left signifies the relevance that each subfactor has within the 3 main factors, and I am quite amazed how Holger managed to squeeze his whole PhD (almost) into this single figure.

Conclusion

This book, or PhD dissertation if you so wish, is solid work. That much I can say. It is not a book you can read like you would read a novel; it does take time, but it is definitely worth the time – for those who can read German. Even if you don’t the language many of the figures are nonetheless almost self-explanatory if you know a little bit of supply chain (risk) management.

I wish I could have this post longer, because this book is full of intriguing concepts, valuable insights and clear-cut easy to read illustrations, it’s that good, but I have to stop somewhere.

It really is too bad that this book is available in German only, and in my opinion it constitutes by far one of the better publications that have come across my desk in recent time. I do hope that Holger will think about publishing some of his work in English journals, because his work deserves recognition beyond the German-speaking realm.

Holger struck a nerve with me and I am sure he will do the same with many of my followers, and I definitelylook forward to referencing his future works on this blog.

Reference

Köhler, H. (2011) Supply Chain Risiken im Low Cost Country Sourcing: Reduktion von Lieferrisiken in China und der Türkei. Berlin: Erich Schmidt Verlag.

Publisher link

• esv.info: Supply Chain Risiken im Low Cost Country Sourcing

Author link

• tu-darmstadt.de: Holger Köhler

Buy this book

• amazon.de: Supply Chain Risiken im Low Cost Country Sourcing

Related posts

• husdal.com: Why all firms are snakes
• husdal.com: Managing risk together

Find more books

From a PhD…

The book is based on the research and the survey of German SMEs that Thomas Henschel undertook for his PhD thesis, and it is a book not only for SMEs, but also for banks, government agencies and management consultants to rate and evaluate risk management systems on a common basis. The book presents a scoring approach, which looks at how the SMEs use (or not use) the following components:

• business planning
• balanced scorecards and similar instruments
• risk management process
• risk management organization
• project risk management

Based on the survey, and based on the typology developed by Miles and Snow (1978),  companies were classified as

• reactors
  • a company that simply reacts to whatever occurs, without a clear strategy
• defenders
  • a company that competes on price and only slowly gives in to change
• prospectors
  • a company that competes on product and is open to innovation and rapid change
• analyzers
  • a company in between the two above

This is a very interesting framework and reminds me of the fact that I have yet to read Miles and Snow (1978), a classic I seem to have missed in my own literature searches on risk management.

…to a research project

Thomas Henschel has written several papers on risk management in SMEs:

• Henschel, T. (2006). Risk management practices in German SMEs: an empirical investigation. International Journal of Entrepreneurship and Small Business,  3 (5 ), 554-571
• Henschel, T. (2010). Typology of risk management practices: an empirical investigation into German SMEs. International Journal of Entrepreneurship and Small Business,  9 (3 ), 294-294

He is also a leading researcher in the SME at risk research project, based at Napier University, UK.

Risk Categories

In the book, Henschel uses the following classification of risks in direct and indirect risks:

This is slightly different from, but very similar to the SCOR supply chain risk framework.

Do SMEs increase risk?

In a paper from 2004, previously reviewed on this blog, Peter Finch looked at SMEs and supply chain risk and asked the question “Does having SMEs in your supply chain constitute an increased exposure to supply chain risk?”. The answer:

Many SMEs are not used to or trained in wide-ranging risk assessments to the same degree as large corporations are, and corporate supply chains my thus increase their exposure to risk by taking in SMEs, who in turn increase their own risk exposure to risks that are essentially outside of their control. However, all SMEs are capable of understanding and appreciating their own set of risks, and the risks they bring into the supply chain, as well as the overall corporate risks and the role they play in the wider perspective, if this is communicated clearly enough.

That is perhaps somewhat ambiguous at best and Thomas Henschel has taken the matter further. If you would like to know more about logistics challenges and supply chain risk in Germany in general, I suggest reading this book chapter about Risikomanagement in der Supply Chain – Status Quo und Herausforderungen aus Industrie-, Handels- und Dienstleisterperspektive.

Conclusion

The book is a PhD thesis, relies heavily on theory, and is not a handbook for risk management, unlike say, Risk Management Simplified by Andy Osborne, which is a dive straight into it recipe book for risk management in SMEs. That said, what fascinates me about Thomas Henschel’s approach is nonetheless his solid theoretical foundation.

Reference

Henschel, T. (2008). Risk Management Practices of SMEs: Evaluating and Implementing Effective Risk Management Practices. Berlin: Erich Schmidt Verlag.

Author links

• napier.ac.uk: Thomas Henschel

Publisher link

• esv.info: Risk Management Practices of SMEs

Buy this book

• amazon.com: Risk Management Practices of SMEs

Related links

• sme-at-risk.org: SME at Risk Research Group

Related posts

• husdal.com: Are SMEs a supply chain risk?
• husdal.com: Risk Management Simplified
• husdal.com: SCOR Risk Management

Read online

• books.google.com: SME Risk Management Practices

Gower Short Guides to Business Risk

I am quite happy to have the Gower Short Guides to Business Risk Series as a regular topic on my blog, since the series covers topics such as reputation risk, political risk, fraud risk, ethical risk, procurement risk and customs risk, operational risk, compliance risk, kidnap and ransom risk, corruption risk, equality risk and how to facilitate risk management, all topics that one way or the other can be linked to supply chain risk and business continuity, two of the main pillars of this blog, as I talked about recently.

The Fraud Triangle

What are the prerequisites needed for someone to disregard ethical behaviour? According to Patetta, three elements are necessary: Psychological pressure, Opportunity, and Rationalization. Psychological pressure can stem from an excessive amount of work, very heavy responsibilities, lack of support and guidance, a difficult working environment and a lack of professional fulfilment, to mention but a few possibilities. Opportunity is the ease with which an individual can elude the company’s internal controls. Some internal control methods, as they relate to fraud, are covered in the Gower Short Guide to Fraud Risk. Rationalization is the individual’s ability to justify to oneself a behaviour the individual knows is not morally correct. When all free come together, the stage is set for potentially unethical behaviour.

Retain-Transfer-Mitigate-Avoid

Interestingly, Patetta shows that applying traditional risk management methods of Retain-Transfer-Mitigate-Avoid, which I have reviewed in an earlier post, do not work very well in relation to ethical risk.

Retaining ethical risk is definitely not in line with sound management theory, although yes, some unethical behaviour may not be that unethical internally, but when brought to light for the public at large, it can cause catastrophic damage to reputation, something that is very well covered in the Short Guide to Reputation Risk.

Transfer of ethical risk to third parties does not seem very sensible. Even if core business processes are outsourced, e.g. financial services or IT management, the ethical risk with these operations remains with the company and not with the services provider, regardless of their negligent behaviour, since due diligence should have led the company to seek other providers.

Mitigate or refers to reducing the impacts of ethical risks, and is perhaps a viable option, but is more often than not a kind of “damage control” of already committed actions and internal persecution of those responsible. It does not remove the risk, but it may make it possible to detect small irregularities before they can develop into full-blown public scandals.

Avoid here means eliminating ethical risk, and implies a strategy of active prevention and is a question of ensuring that an individual faced with a moral dilemma voluntarily chooses the most desirable solution from an ethical point of view.

Corporate Social Responsibility

What I like about this book in particular are the first two chapters where Patta argues that in business, ethics and corporate social responsibility go hand in hand.

Ethicality is not a luxury that can be afforded during those periods when the economic climate is positive and financial results are satisfactory, and then, during lean periods, is put aside and far less orthodox business practices are not even sniffed at.

This is a direct reflection of what Archie B. Carroll wrote decades ago about companies having both an institutional and a social responsibility. Ethicality, so Patetta is not an obstacle, but a (if not the) tool to achieve company objectives.

The verdict

This is perhaps an overly short review compared to my reviews of the other books in the series, but that shouldn’t be taken as a sign that this book is less inspiring or less worth reading. It isn’t, and I highly recommend to download the sample chapter, see download link below. There are many books that cover ethics issues and many books that cover business issues, but Patetta manages to merge both. Admittedly, it’s a short and succinct book, but ethics shouldn’t need to be elaborated upon, and paraphrasing a more famous slogan I would like to say that Patetta’s book is about  this: “Ethics: Just do it.”

Reference

Rotta, C. (2010) A Short Guide to Ethical Risk. Farnham: Gower Publishing

Author link

• carlopatetta.com: Carlo Patetta Rotta

Publisher link

• gowerpublishing.com: A Short guide to Fraud Risk
• gowerpublishing.com: A Short Guide to Fraud Risk (Chapter Five)

Buy this book

• amazon.com: A Short Guide to Ethical Risk

Related posts

• husdal.com: Book review – Fraud Risk
• husdal.com: Book review – Political Risk
• husdal.com: Book review – Customs Risk
• husdal.com: Book review – Reputation Risk
• husdal.com: Book review – Procurement Risk

Gower Short Guides to Business Risk

The series covers topics such as reputation risk, political risk, fraud risk, ethical risk, procurement risk and customs risk, and with more topics on the bedding: operational risk, compliance risk, kidnap and ransom risk, corruption risk, equality risk and how to facilitate risk management. So far I have completed 5 out of 13 on the list of books in the series, and I must say that these are indeed fine guides to the world of business risks. Speaking of which, Gower plans to publish even more books on fraud risk and security in 2011.

Detecting and handling fraud

While I could have cited page after page from this book, to me, the most interesting chapter from this book is the one that deals with how to detect and handle fraud. According to the authors, the two most efficient ways of detecting fraud are:

1. Training employees to recognize and respond to the signals or “red flags” of possible fraud.
2. Pro-actively seeking out the red flags as a “pre-emptive health check”.

While one’s own employees are the best detectives in spotting signs of fraud, they may also be the worst, as it is human nature that most honest people simply cannot believe that a colleague, manager or third party is intentionally dishonest. However, perhaps Paul Cousins was right when he wrote that all firms are snakes? Does that apply to one’s own employees as well?

Red flags

How to detect fraud or attempts at fraud? Well, there are some typical behavioral patterns or red flags that might signal that something could be wrong, and these red flags are divided into behavioral, transactional, system and corporate red flags

The behavioral red flags:

• obvious excessive wealth or gross over-spending
• increasing debts and lack of wealth
• long absences or failure to take leave
• long hours after normal business hours
• repeated override of controls and procedures
• problems with gambling, drug or alcohol abuse
• excessive mood swings and sudden aggression
• resistance to audit by aggressive answering and deflection of attention
• misleading or ambiguous answers to questions

The transactional red flags:

• unusual supplier relationships
• unusual business intermediaries, e.g. companies with no employees or offices, based in tax havens and with PO Box addressees only
• non-transparent counterparts with indications of criminal associations
• payments for goods or services that are only vaguely described
• preferential supplier treatment and/or lack of competitive tendering
• payments to offshore accounts and companies not in the usual customer base
• kickbacks paid to management using a tax haven vehicle
• slush fund payments to and from offshore accounts
• money ostensibly for bribes paid into management or employee accounts
• hiding conflicts of interest using a cascade of offshore companies to disguise ownership
• unusual delivery of “urgent” payment instructions, by mail or courier
• photocopied documents rather than originals
• unnecessary and/or non-standard words or explanations to make it appear more legitimate
• appearance or style not consistent with normal business of the customer
• beneficiary spelt incorrectly or mismatching with account number

The system red flags:

• controls or audit logs being deliberately turned off
• logins by personnel verifiable on leave
• a higher number than average of failed login attempts
• logins at unusual times

The corporate red flags:

• over-zealous acquisition strategies with little screening and lack of due diligence
• autocratic management decisions concerning business relationships and supplier selection
• losses and declining margins on sales
• artificial barriers put up by directors refusing to answer questions
• overriding of budgetary controls
• incomplete records
• unusual manual transactions, adjustments and amendments to records

That is an impressive list of red flags, and while there obviously could be many legitimate reasons for seemingly illegitimate behavior, these behaviors should indeed raise some red flags within the firm. It is perhaps better to investigate one time too many than one time too little.

Pre-emptive health checks

Pre-emptive health checks can identify many of the read flags early on in a potential fraud, or at least stopping it before major costs are incurred or expensive investigations need to be carried out. Most importantly though, if these health checks are routinely performed, they create a strong deterrent to anyone thinking of committing fraud.

Types of fraud detection tests

• analysis of computer transactions and data
• analysis of indicators related to individuals
• analysis of documents
• analysis of third parties – such as customers, suppliers, existing and potential new business partners

Pre-emptive detection – sales

• Analysis of sales transactions shows consistent net under pricing to particular customers
• Analysis of customer addresses shows several customers operating from the same address or sharing phone numbers or even bank accounts
• Employee travel expense patterns indicates excessive visits to certain customers
• A visit to the customer’s address shows that this is not an office, but a “drop address” only
• Documentation of sales orders is scant at best, appears thouseo have been faxed and could have been prepared in-house

Pre-emptive detection – purchasing

• Totals of supplier invoice amounts greatly exceeds what is registered in the purchasing system of the supplier
• Supplier invoice numbers are sequential over an extended period of time
• An employee is director or owner of a company that could be used or is already used as a supplier
• The supplier’s head address is a residential address
• The invoices only show scant or inconsistent details of the supplier

Pre-emptive detection – consultants

• Check whether the consultant holds top positions in other companies, has court judgements or a history of bankrupt companies
• Check whether the consultant has relationship with other suppliers
• Map the network of consultants and determine how many of them are in key positions with the supplier and what real decision that are taken by them
• Analyse suppliers and consultant records to indicate hidden relationships between them (phone numbers, addresses etc.)

Pre-emptive detection – bribes and commissions

• Review suppliers in the supplier register and compare to recipients of one-off payments to detect whether the bank account or company is registered in a tax haven or at a known front company
• Review payments to check for unusual large round sums, one-offs or payments made in a hurry

Pre-emptive detection – inventory and transport

• Analyse cost pattern in major expenditure projects to highlight costs that have been added in at a later stage
• Examine material and stock certificates to reveal falsified documents for substandard goods sold at premium price
• Analyse stock to reveal non-standard stock and suspicious stock movements, e.g. goods bought for private purposes and written off
• Analyse warehouse records to identify suppression of theft of stock using write-offs or unusual adjustments

Pre-emptive detection – senior management fraud

• Open source research into directorships and positions in external companies to reveal potentially conflicting business interests
• Detailed analysis of recent high value expense claims to identify possible non-company or personal expenses
• Analysis of accounts controlled by senior management, along with their account descriptions to identify spurious accounts and cost codes, followed by an analysis of unusual transfers and transactions to or from these accounts
• Analysis of original expectations proposed by senior management and the actual outcomes of major decisions such as major acquisitions, joint ventures and disposals to identify any adverse information that was kept hidden

A well-designed health check will quite likely uncover an ongoing fraud, or perhaps even multiple fraud, and this can often come as a great shock to managers and employees alike, which is why it is important to present the results sensitively, but firmly, and – most importantly – backed up by clear evidence.

Building a corporate culture

Fraud detection must start with building a corporate culture where fraud is not accepted. That is something that takes time, and it is not easily established, particularly in large, multinational corporations, especially if there are offices or subsidiaries in countries and places where fraud is perhaps the order of the day. Nonetheless, I believe that using this book as guideline can be a small yet significant step in the right direction. It is all about finding out who are your friends and who are your foes, as John Gattorna writes.

The verdict

I must admit that I could have covered a lot more ground from this book than I did in the above review, but I think that’ll have to suffice as a teaser. It’s a well-written book, clear, concise and well-structured and it should be on every manager’s shelf (and for that matter, every employee’s shelf, too).

Reference

Samociuk, M., Iyer, N., and Doody, H. (2010) A Short Guide to Fraud Risk. Farnham: Gower Publishing

Author link

• the-chiefexecutive.com: Martin Samociuk
• linkedin.com: Nigel Iyer
• linkedin.com: Helenne Doody

Publisher link

• gowerpublishing.com: A Short guide to Fraud Risk
• gowerpublishing.com: A Short Guide to Fraud Risk (Introduction)

Buy this book

• amazon.com: A Short Guide to Fraud Risk

Related posts

• husdal.com: Book review – Political Risk
• husdal.com: Book review – Customs Risk
• husdal.com: Book review – Reputation Risk
• husdal.com: Book review – Procurement Risk

Political risk and supply chains

Political risk,  although not absent, is not particularly well covered in the supply chain risk literature. Among others, it is mentioned in Goshal’s Global Supply Chain Risk Management, as well as in AON’s political risk map, and naturally in the Global Risk Reports by the World Economic Forum. That said, as a subject for supply chain risk research it is very rarely found, perhaps because there are so many more imminent dangers to supply chains than the political risk that more often than not lurks in the background, and not in plain sight.

Considering the potential impact that the political environment has on how the firm can, may or should conducts  on business operations, political risk management should be an integral part of any firm’s risk assessment process, particularly if much of its revenue stems from international business. For example, according to cio,com, the European Outsourcing Association named Egypt its 2010 outsourcing destination of the year, but recent events are likely to take their toll if the situation continues, and Internet access remains blocked. This is only one of many risk faced by companies with international ties, and this book is an essential introductory guide for firms and risk managers in how to navigate the treacherous waters that surround political risks.

Key objectives

Chapter 1 introduces the key objectives that the book addresses:

• the key political risk that companies have faced in the recent past, and current and future trends
• the concept of political risk and its constituent elements
• models and approached for assessing political risk in a specific context
• the principal options for managing political risk and suggestions for developing organizational structures
• some of the wider issues that a company needs to consider in developing its own attitude and philosophy on political risk

Political risk is a complex issue, and this book is only an introduction that illustrates the broad outlines, but nonetheless, it is  an important book that focuses on operational and strategic issues that are not widely covered by other literature.

Political risk: continuity and change

Chapter 2 introduces and describes many of the risks that shape the political risk landscape and states that political risk has always been part of international business.

Some of the constantly recurring risks that have always been part of the picture are

• International tensions
• Domestic unrest
• Terrorism
• Politically connected criminality
• War
• Expropriation and contract cancellations
• Bureaucratic morass
• Ethical criticism

The last two decades have seen some significant shifts in risks:

• The rise of political Islam
• The collapse of the USSR
• Global multi-polarity after the bi-polarity of the Cold War
• Failed and failing states due to weak governance and social fragmentation
• Global asymmetric warfare where minor (terrorist) groups can significantly harm major and more powerful opponents

Finally, future trends are likely to see

• Increased ethical criticism and focus on corporate social responsibility
• Increased confusion in inter-state tensions with a wide range of potential global disputes and power centers
• Increased exposure to civil violence, unpredictable regimes, localized conflicts and civil unrest in new “hot spots”
• Increased exposure to terrorism, accelerated by the rise of Islamist extremism, failed/failing states and new capabilities in assymetric warfare

While perhaps a snapshot only, the above does serve as an excellent starting point for manoeuvring the inherently complex landscape of political risks.

Political risk: analytical variables

Chapter 3 breaks political risk into manageable subjects or factors.

Starting with the bottom-line question, “What are our political risks?” is seldom feasible, and can yield some pretty fantastic and incoherent results. Initially asking broader questions about each sub-element of political risk is more manageable, and ensures that key questions are addressed along the way without leaping to conclusions based on suppositions or a general reading of what kinds of political risk exist.

Firstly, the risks faced by a company depend to an extent on the business sector a firm competes in. Secondly, when considering political risk, it is important to look at how much risk a company is willing to bear. Thirdly, it is necessary to evaluate what assets that is at risk. Fourthly, in order to manage risk, the three main sources of political risk must be analyzed: political instability, weak governance and conflict. The fifth and final consideration for analysis is the level where the political risk resides: global, local or simply operational.

Assessing political risk

Chapter 4 describes the details and steps of how to assess political risk. This -in my opinion – is the best part of the book.

There are three stages of analysis at both the corporate and operational levels: contextual analysis, which defines the factors by which we derive the initial risk hypotheses and and interpret risk; risk analysis, which derives priority near-term issues; and scenario analysis, which examines how the risk environment might change in the future.

The contextual analysis is divided into a) a company’s risk tolerance, or how willing the firm is to subject itself to the risk incurred by exposure to unstable market environments, and b) a company’s global risk portfolio, a map that correlates the global exposure to risk across its operating environments, showing how each business operation or location is exposed to a different level of risk while possessing different strategic values.

The risk analysis has three stages: a) hypothesis generation, b) risk factor identification and c) risk assessment. Hypothesis generation examines how a company’s activities may affect political interests, by identifying stakeholders directly, and more generally, the political terrain surrounding a company’s activities. Risk factor identification identifies the potential effect of risk factors on key exposed assets; where an asset could suffer harm, a risk exists. Risk assessment involves estimating the potential impact of an identified risk, should it occur, and the probability of its occurrence, and establishes a traditional risk matrix.

The scenario analysis is a six-step process that allows the company to see what could happen and to identify possible future states and how they may or may not be relevant to the company’s interest. Mind you, so McKellar says, the more detailed or technical the approach, the more precise the results, but not necessarily the more accurate. It is perhaps better to be accurately right than precisely wrong.

Political risk management

Political risk management is more than just knowing that “bad things can happen in developing countries” and preparing for damage limitation. Political risk management, the topic of chapter 5, means enabling the fulfilment of business objectives in even high-risk political environments. In essence, being able to operate in high-risk environments means to be able to show extreme flexibility to accommodate shifting political currents. This ability is what McKellar calls resilience. Political risk management is also a strategic enabler, allowing the company to plant roots in new territories as beachheads for growth and access to lower cost inputs, perhaps  even temporarily barring competitors from entering the same environment.

Political risk management needs to employ both a) near-term risk management plans focussing on avoidance, prevention and damage limitation through preparation for effective responses to a manifested risk, and b) long-term contingency plans, aligning the company posture with the emergence of a  given scenario.

McKellar defines four broad categories of political risk management measures: portfolio management, adjusting  individual operations such that an overall desired level of risk is achieved; security, to protect the company against physical threats and malignant relationships; relationship building, i.e. gaining politically influential supporters directly and personally or  generally and publicly through corporate social responsibility; and risk transfer, by reducing the firm’s risk by sharing it with other stakeholders.

It is important to not consider the above management measures as a list of stopgaps only. Political risk must be dealt with at a strategic level, and each company needs to shape its own unique approach in the context of its business aspirations and unique corporate culture. A familiar statement, when considering what Vivek Sehgal wrote his book Supply Chain as Strategic Asset.

Conclusion

It is obvious to me after reading this book that no company can escape political risk one way or the other, not even in a seemingly stable political environment. The stakes may be lower in some places, but conversely, much higher in other places. Political risk is a business risk that should be considered along with the wide range of other business risks that accompany a firm’s business endeavours. While this book looks exclusively at political risk, many of the approaches, methods and measures are equally applicable to risk management in general. As such, the book’s value is not as limited as the title may imply and it can very well serve as a guide for general risk management.

Reference

McKellar, R. (2010) A Short Guide to Political Risk. Farnham: Gower Publishing

Author link

• linkedin.com: Robert McKellar

Publisher link

• gowerpublishing.com: A Short Guide to Political Risk
• gowerpublishing.com: A Short Guide to Political Risk (Introduction)

Buy this book

• amazon.com: A Short Guide to Political Risk

Related posts

• husdal.com: Book review – Customs Risk
• husdal.com: Book review – Reputation Risk
• husdal.com: Book review – Procurement Risk

The sequel

In a sense, this book is the sequel to a previous book by Vivek Sehgal, Enterprise Supply Chain Management, a book that fully covers the complete setup of a supply chain from A to Z, with nothing left out, and while strategic considerations are not explicitly mentioned, implicitly they are taken care of. In the most recent book, the focus is explicitly on strategy.

Think before you act

Vivek Sehgal has a penchant for Porter’s Five Forces and Porter’s three generic strategies, which form the backbone of his theoretical underpinning. Everything new after Porter is just old wine in new bottles. Well, maybe not, but Sehgal spends a number of pages discussing how the “modern” supply chain strategies, such as lean and agile or speculation and postponement are nothing more than Porter’s cost leadership or segmentation/differentiation respectively. While I don’t agree 100%, the argument made by Sehgal is nonetheless very convincing. He may be right, because the more generic a strategy is the better it is for each firm to adapt a strategy to its own needs.  Each firm must to find its own unique and specific strategy and its own and unique supply chain. That is at the heart of Sehgal’s message. Instead of jumping on any fancy supply chain management bandwagon, companies need to develop  and deploy their own strategies, their own capabilities, their own competencies and their own business processes that are unique to them, not copy others, and Sehgal goes a long way in show exactly how this can be achieved.

Think, think, think

The book serves three purposes. Firstly it thoroughly explains the importance of having a clear business strategy. Secondly, it even more thoroughly explains how this business strategy must be translated into a functional strategy, which is then engraved into the supply chain using a deployment strategy. Well, not just the supply chain, in fact, the functional strategy needs a deployment strategy so that it can be injected into each and every business process to be successful. In short,

A strategy  – requires capabilities – that must be created through – functional competency – which is a set of – related business processes – that are unique to a corporation – enabled through technology and constrained by the scope of a defined – technology strategy.

Sehgal’s book provides a roadmap for the thorough analysis and thoughtful decision-making necessary for aligning these three strategies.

Understanding strategy

The first 100-or-so pages are spent discussing strategy, what strategy is, and in particular how Porter’s three strategies affect businesses and supply chains. A bit tedious at first, but important in understanding how to form and how to execute a strategy.

No strategy, however brilliant, produces results unless executed.

In order to accomplish this, a strategy needs a set of key attributes: It must establish the destination. It must establish the direction. It must drive cross-functional capabilities. It must drive a feasible plan. It must be articulated. It must be adaptable. Moreover, a strategy must work on several levels, in time, in function and in impact. A strategy must work as a guiding, driving force. Many firms however, loose sight of their strategy along the way or rather, fail to align it all the way through. If the goal is to be the cost leader in your industry, customer service is perhaps not what you should spend too much effort on. If customer service excellence is your goal, the costs (and hence prices) ought perhaps not be of much concern, if the customers are willing to pay. You cannot have it both ways, that will always fail, as David Simchi-Levi wrote in his book,  Operations Rules.

Concepts of business strategy

Sehgal reviews the current mainstream thinking on business strategy, in particular Porters three generic strategies cost, differentation and segmentation. Resource-based strategies and capabilities-based strategies are also reviewed, and examined using Porter’s model. Here, Sehgal shows how Porter’s way of thinking can help create competitive advantage regardless of which business strategy one subscribes to.

Functional strategy – the missing link

What a business strategy does for the business, a functional strategy does for the business function in question. Unfortunately however, the functional strategy is the missing link in most corporations’ strategic planning initaitives. While many firms may have  a sense of direction for their business strategy, they are unable to translate that to the required business capabilities required to reach the desired goal, so Sehgal says.

Supply chain strategy

Understanding how the functional strategy works is essential to developing, honing and leveraging the supply chain function of a business. Interestingly, Sehgal dismisses the current mainstream supply strategies as true supply chain strategies, because they tend  to drive the business strategy rather than being driven by it.

Is lean really a strategy for supply chains? The true answer is that lean is really a business model or a business strategy; in fact it is just another name for Porter’s cost strategy. Is agile a supply chain strategy? It sounds good as a concept, but it is hardly new thinking on supply chains. If a supply chain is not agile, it is simply not doing its most basic function of reacting to demand and supply changes in the environment.

Is speculation or postponement a supply chain strategy? Speculation is based on savings created through economies of scale through mass production and distribution.  Postponement allows the manufacturer to personalize and configure finished products to customer orders, or to suit changes in customer demands, but postponement or speculation is not a choice, it is an imperative formed by the type of industry, assortment and demand patterns.

According to Sehgal, a supply chain strategy can  only build on the supply chain sphere of influence, that is the four basic  components of  a a firm’s value chain: Demand, Supply, Inventory and Resources. These are the four components that actually drive the supply chain, and Sehgal details the Product, Industry, Business Strategy and Demand types that apply to each of these drivers.

Creating a Functional Supply Chain Strategy

A firm’s functional supply chain strategy depends on many factors: the industry segment, the business strategy and the supply chain design, each building on the former, with the latter being a result of the two first factors. Consequently the firm must consider the effect of its industry segment on supply chain design, the effect of its business strategy on supply chain design,  and the effect of its primary driver on supply chain design. Not understanding the intricate and complementary relationship between business and supply chain strategies can lead to missed opportunities and conflicting investment priorities.

Supply Chain Nirvana

Unfortunately, so Sehgal says, there are no generic supply chain strategies that are equivalent to Porter’s generic business strategies,  each firm must decide what is best for itself. Supply Chain Nirvana is only achieved when a firm defines a supply chain strategy that is right for it. There is no one “right” supply chain that fits all purposes. What is right for one corporation may be less or not at all desirable for another.

Supply chain nirvana is not a static state. It is a continuously evolving, but sustainable state of enhanced alignment of the supply chain capabilities with the objectives of the business strategy.

It sounds nice, but is it really achievable? After reading Sehgal’s book, I think it is.

Conclusion

I’ve always though of myself as strategist  material more than manager material. Perhaps that is why I enjoyed reading this book. It is not  a book that you can pick up at the airport and read on a long-haul flight and put into action on arrival. Nonetheless, it is a book that will make you think, and start wondering whether your business strategy is really in your supply chain or whether your supply chain is actually aligned with your business strategy at all. Are you driven by your strategy or by your supply chain? It is not a handbook in supply chain management, it is a book that using countless examples and anecdotes tells you that businesses are more than their strategies, businesses are more than their supply chains. Strategies and supply chains must come together for businesses to succeed. Martin Christopher said that supply chains compete, not companies. I’m inclined to add to that: Without the right strategy for support, supply chains cannot compete.

Reference

Sehgal, V. (2010). Supply Chain as Strategic Asset. The key to reaching Business Goals. Hoboken: Wiley & Sons.

Author link

• linkedin.com: Vivek Sehgal
• supplychainmusings.com: Vivek Sehgal’s own blog post about his book

Publisher link

• wiley.com: Supply Chain as Strategic Asset

Buy this book

• amazon.com: Supply Chain as Strategic Asset

Not a dull moment

Amazingly, I did not have a dull moment where I felt like skipping a page or two when reading this book. The starting point is that every company has its unique customer value proposition, be it Zara’s high end fashion at a reasonably price or Wal-Mart’s everyday low pricing, but

No firm can compete successfully on all dimensions of customer value, such as innovation, choice, price and experience. Management needs to pick its goals, since operations and supply chain strategies, the market channel, or even the skill sets required to be successful depend on the specific value proposition.

That is perhaps where many firms fail, as no firm can be extremely efficient and compete on price and at the same time be extremely responsive and compete on a wide range of choices. It is simply not possible, as companies tend to be either highly efficient or highly responsive, but not both.  Simchi-Levi, however, shows how to match value propositions and strategies, and how to achieve the best possible tradeoff between efficiency and responsiveness.

33 rules of operations

The book takes on a very unique approach that I haven’t seen before: The book is built around 33 rules that cover all possible aspects of supply chain operations and management, and that are placed throughout the eleven chapters of the book, hence the title. Many of these rules stem from anecdotes and examples of companies that failed or succeeded in their efforts. These stories are at the heart of this book, a book that is about  the principles, frameworks and processes that enable the aligning of a company’s specific customer value proposition with its operations strategy.

In the first part, the book first looks at how customer value proposition translates into operations strategy, and then, how a firm can match products and markets with the appropriate strategies. Here, procurement and supply contracts, if used well, can turn into competitive weapons, and risk mitigation is highlighted as an important element of operations strategy.

In the second part, flexibility is presented as the key enabler for successful supply chain operations, that is flexibility in system design, flexibility in process design, and flexibility in product design. System design flexibility refers to manufacturing, distribution or capacity redundancy. Process design flexibility would include a flexible workforce, worker cross-training, lean manufacturing and different procurement strategies. Product design flexibility includes modular product architecture, standard components and interfaces, postponement and component substitution.

The final and third part of the book addresses two important emerging trends: oil price volatility and corporate social responsibility. Here, Simchi-Levi shows that the latter is much more than simply charity, philanthropy or compliance with environmental regulations, and making the supply chain greener. In fact, corporate social responsibility can be a considerable revenue opportunity that many companies tend to overlook.

Risk Sources

It is perhaps not fair to judge the importance of a chapter by its length, but fact is that the chapter on risk mitigation is 30 pages, while most other chapters are 15-17 pages, and it is not because this chapter is full of figures. It is, but so are the other chapters, too. To me this is a clear indication that Simchi-Levi sees risk mitigation as an integral part of operations and supply chain management.

Indeed, current industry trends correlate directly to the rising risk levels in the supply chin. As offshoring and globalization  of manufacturing operations continue to grow, supply chains are geographically more diverse and therefore exposed to various types of natural and man-made disasters.

These thoughts are very similar to what appears in Martin Christopher’s book on supply chain management, but where Christopher only scratches the surface, Simchi-Levi goes further. Interestingly, Simchi-Levi divides risk sources along two dimensions: Known-Unknown and Controllable-Uncontrollable.

Popularized by George Rumsfeld, the Unknown-Unkowns are risks that are difficult to predict, while the Known-Unknowns are more likely be forecasted based on statistical data, e.g. supplier lead time or time between equipment failures.

Risk Assessment

While the traditional way of assessing risk is by evaluating predictability and expected impact, Simchi-Levi  discards the former in favor of controllability, since in the end the ability to control is more important than the ability to predict. Consequently, he suggests that management needs to develop risk mitigation strategies that depend on the expected impact on business performance.

This is very similar to what Stephan Gundel suggests in his typology of crises, albeit Gundel still uses predictability, but uses controllability as his second dimension, albeit prefers the term influenceable to controllable.

Risk Mitigation

According to Simchi-Levi, there are three strategies that a firm can employ to manage supply chain risk, particularly the Unknown-Unknowns:

1. creating capacity redundancy,
2. increasing velocity in sensing and responding, and
3. adding flexibility to the supply chain.

Together, these methods create a resilient supply chain, as each method focuses on a different supply chain dimension. Capacity redundancy needs to be built in at the design stage, speed in sensing and responding requires accurate and timely information, and a flexible supply chain community requires partners that embrace flexibility, work towards the same objectives, and are willing to share the costs and benefits.

Using Mexico based CEMEX as an example, Simchi-Levi illustrates the benefit of rule #1 integrate risks into operational and business decisions, showing how CEMEX regards risk management as core competence, as described by Lessard and Lucea (2009). Rule #2 supply chain cost is always flat around the optimal strategy points to capacity redundancy and the issue of tradeoff when looking at where to locate manufacturing plants, as seen in Snyder and Daskin (2005). Finally, rule #3 invest now or pay the price later, is the classic example of how Nokia and Ericsson and how  two different supply chain strategies lead to two very different impacts resulting from the same supply chain disruption.

Simchi-Levi also touches briefly on managing global supply chain risks, suggesting speculation, hedging and flexible manufacturing and sourcing as key ingredients here, and describes them in a clear and concise manner. While speculation takes a certain scenario for granted, which may or may not come true, hedging speculates both ways and may incur a loss in one place, while being a success in a different place. Flexible manufacturing and sourcing allows for moving products and processes to the location that is most cost-efficient, regardless of external circumstances, e.g. currency fluctuations.

The last part of the chapter on risk mitigation strategies deals with an important issue: counterfeit products. Globalization, for all its good, has also increased the chance that counterfeit products may enter the supply chain somewhere along the complicated and long way from the supplier to the end customer, Simchi-Levi discusses what can be done. He suggests four main strategies for supply chain security management: 1) Supplier selection (choosing only authorized dealers), 2) Marking (e.g. only visible in UV-light), 3) Barcodes, 4) RFID and 5) Taggants, which must be evaluated based on 1) their ability to protect public health and safety, 2) their cost and implementation time, 3) their track and trace capability, 4) their scalability, and 5) whether they can provide logistics efficiencies or not.

The advantages and disadvantages of the various technologies suggests that the appropriate approach to counterfeit products depends on product, industry and level of sophistication expected from an adversary.

Conclusion

Simchi-Levi is a true well of knowledge as far as supply chain management is concerned, and it shows. Not only are his rules based on a plethora of examples and anecdotes of firms that succeed or failed in their risk management, the examples themselves have a broad scope, in geography, in impact and in industry. Someone (i.e. Simchi-Levi) has done their homework with this one. There is hardly a point made that is not followed by an example, e.g. CEMEX or Nokia/Ericsson. I find that very impressive, and it also shows the universal  applicability of this book, and the risk chapter has made me rethink the structure of my 2011 lecture on supply chain risk, and perhaps I will use Simchi-Levi this year, and not Christopher Tang’s nine robust strategies for mitigating supply chain disruptions? This is a book I can wholeheartedly recommend, and this is not the last time it will be featured on this blog, because I have yet to present the chapters on flexibility and on corporate social responsibility, which along with risk mitigation are my favorite parts of this book.

Reference

Simchi-Levi, D. (2010) Operations Rules: Delivering Customer Value Through Flexible Operations. Cambridge: MIT Press.

Author link

• mit.edu: David Simchi-Levi

Buy this book

• amazon.com: Operations Rules

Official book website

• operationsrules.com: Operations Rules
• operationsrules.com: Download sample chapter

Related link