Complicated?

A very interesting figure from the article shows the individual steps and impacts leading up to increased resilience in supply chains:

The basic idea reflects the steps mentioned in the supply chain resilience report that I reviewed last week:

• Re-engineer your supply chain to address supply chain risk
• Engage in supply chain collaboration
• Ensure your supply chain agility
• Nurture a supply chain risk management culture

Re-engineer your supply chain

Conventionally supply chains have often been designed to optimise for cost and/or customer service, rarely was resilience the ‘objective function’ for the optimisation process, but supply chains can be re-engineered to address risk and resilience:

• Supply chain understanding
  • Map and analyze critical paths
  • Establish a supply chain risk register
• Supply chain design principles
  • Real options
  • Efficiency versus redundancy
• Supply base strategy
  • Supplier development
  • Sourcing decisions and criteria

Engage in supply chain collaboration

It will be apparent that since supply chain vulnerability is by definition a networkwide concept, the management of risk has to be network-wide too. A high level of collaborative working across supply chains can significantly help mitigate risk.

• Supply chain collaboration
  • Share information on operations and limitations
• Supply chain intelligence
  • Exchange of information on trends and strategies

Ensure your supply chain agility

Supply chain agility can be defined as the ability to respond rapidly to unpredictable changes in demand or supply. Two key ingredients are visibility and velocity.

• Supply chain visibility
  • End-to-end collaborative planning in the supply chain
• Supply chain velocity
  • Streamlining and acceleration of processes and reduction of lead time

Create and nurture a supply chain risk management culture

In the same way that many organizations recognized that the only way to make Total Quality Management (TQM) a reality was to engender a culture that made quality the concern of everyone, so too today is there a requirement to create a risk management culture within the business.

• Supply chain continuity team
  • Make it cross-functional
• Board level responsibility
  • Regular reports to the board
• Decision-making
  • Always evaluate risk first, then decide

Conclusion

This is an excellent article that highlights the importance of integrating supply chain risk thinking into supply chains. In particular, the various types of supply chain risk,  how supply chains should be re-engineered, why supply chain collaboration is important and how supply chain agility can be achieved are well covered. What is perhaps a bit cursory treated is the section on supply chain risk management culture. The paper also introduces a new term, “supply chain velocity”. although I haven’t seen much of it in later papers. Have you?

Reference

Christopher, M., & Peck, H. (2004). Building the Resilient Supply Chain The International Journal of Logistics Management, 15 (2), 1-14 DOI: 10.1108/09574090410700275

Author links

• martin-christopher.info: Martin Christopher
• cranfield.ac.uk: Helen Peck

Download/read online

• cranfield.ac.uk: Building the resilient supply chain (link may be slow)

Related posts

• husdal.com: Supply Chain Resilience Report

What is risk?

There are many many many definitions of risk in the literature, and will not attempt to list them all. Suffice it to say that I define risk as follows:

Risk is the exposure to circumstances with potentially damaging effects arising from an event that is not handled appropriately.

Risk management needs to address both sides of an accidental event, the sources leading up to it and the consequences arising from it. In figurative terms, “barriers” are put in place on both sides aimed at stopping a circumstance from evolving into an event, or aimed at stopping an event from developing disastrous consequences. Example: In  a production facility running machinery that can overheat, a fire would be the accidental event, a heat detector would be a source barrier, while a fire sprinkler would be a consequence barrier.

The missing link

The idea for this post came while looking at Jütner, U., Peck, H., & Christopher, M. (2003) Supply Chain Risk Management: Outlining an Agenda for Future Research, where the authors look at risk sources, risk drivers and risk consequences. Here, risk mitigation is backward looking at sources and drivers, that is correct, but the contingent actions addressing the consequences are not fully embedded into their model. In the figure below I have attempted to illustrate how this can be done in a better way.

Risk sources need risk drivers to create risk impacts. Risk impacts are addressed by using mitigative strategies aimed towards eliminating the source or the driver, or contingent strategies, aimed towards eliminating the impacts. A similar notion, separating the cause and effect of risks, can be seen in the figures Holger Köhler uses in his PhD on Supply Chain Risks in Low Cost Country Sourcing.

Money matters

In On the value of Mitigation and Contingency Strategies for Managing Supply Chain Disruption Risks (Tomlin, 2006) there is a distinct difference between contingent and mitigative actions. Contingency action are actions taken in the event of a disruption, mitigation actions are actions taken in advance of a disruption. While the latter will incur a cost regardless of disruption, contingent actions will incur costs mainly in their preparation stage, and the again of course, if, but only if, they need to be taken.

Barriers, barrier, barriers

In Assessing the vulnerability of your production system (Asbjørnslett,1997), and later in Assessing the Vulnerability of Supply Chains (Asbjørnslett, 2008) there is a figure that excellently illustrates the difference between mitigation and contingency.

The figure above is my extension of the figure used in A.bjørnslett (1997) and Asbjørnslett (2008), capturing both contingent strategies and mitigative strategies. Here it is clearly seen that risk management needs to address both sides of the risk: what lies behind the risk (source) and what lies in front of it (consequences).

Conclusion

Hopefully this little discourse has clarified the difference between mitigative and contingent strategies. To understand concepts I find it most helpful to draw what I read, as I have with the two papers cited today. Well, actually, I did not draw everything entirely, I just expanded already existing figures. This (above) is how I view risk management, as an effort not just to reduce risk sources, but also as an effort to reduce risk impacts.

Reference

Bjørn Egil Asbjørnslett (2008). Assessing the Vulnerability of Supply Chains In G. A. Zsidisin & B. Ritchie (Eds.), Supply Chain Risk: A Handbook of Assessment, Management and Performance. New York, NY: Springer. DOI: 10.1007/978-0-387-79934-6_2

Asbjørnslett, B. E., & Rausand, M. (1997). Assess the vulnerability of your production system (Report No. 97018): Norwegian University of Science and Technology, Trondheim, Norway.

Jüttner, U., Peck, H., & Christopher, M. (2003). Supply chain risk management: outlining an agenda for future research International Journal of Logistics, 6 (4), 197-210 DOI: 10.1080/13675560310001627016

Tomlin, B. (2006). On the Value of Mitigation and Contingency Strategies for Managing Supply Chain Disruption Risks Management Science, 52 (5), 639-657 DOI: 10.1287/mnsc.1060.0515

Author links

• hslu.ch: Uta Jüttner
• martin-christopher.info: Martin Christopher
• cranfield.ac.uk: Helen Peck
• ntnu.no: Bjørn Egil Asbjørnslett
• ntnu.no: Marvin Rausand
• dartmouth.edu: Brian Tomlin

Related

• Assess the vulnerability of your production system
• A Future research Agenda for Supply Chain Risk Management
• Ericsson versus Nokia – the now classic case of supply chain disruption

Where did leagile come from?

Christopher, Peck and Towill are not the first to use the term “leagile” . In fact, “leagile” has has been around for quite some time. Already in 1999, Naylor et al. published Leagility: Interfacing the Lean and Agile Manufacturing Paradigm in the Total Supply Chain, and since then, several authors have picked up on the subject. Legile comes from a synthesis of  Lean manufacturing, which has a long history, and Agile manufacturing, which is considerably younger.

What does leagile mean?

Copyright note: The figure above is taken from the article.

Leagile has emerged as an answer to the problem of reconciling long lead times with unpredictable demand. In a certain (predictable) world, going lean is fine, it is  a cost-saver. However, when demand is uncertain, a company must retain its responsiveness vis-a-vis its customers. This is only possible if the supply chain is agile. But what if demand is unpredictable, while lead times are long, as they typically are in today’s global outsourcing? That is were leagile has a mission.

What does leagile have to do with supply chain risk?

Lean is often seen as one of the reasons why supply chains have become increasingly vulnerable, but that is only part of the story. Agility, on the other hand, is seen as a way to deal with, or rather, prepare for, supply chain disruptions. Agility is often mistaken for flexibility, but it is not. As I wrote in my post on robustness, resilience, flexibility and agility, using the definition in Goranson (1992) The Agile Virtual Enterprise:

flexibility is

scheduled or planned adaption to unforeseen yet expected external circumstances. 

agility is

unplanned or unscheduled adaption to unforeseen and unexpected external circumstances.

So, is a lean supply chain more exposed to supply chain risk than an agile supply chain? I don’t think so, as I explained in my post Lean logistics = risky logistics?

Reference

Christopher, M., Peck, H., & Towill, D. (2006). A taxonomy for selecting global supply chain strategies The International Journal of Logistics Management, 17 (2), 277-287 DOI: 10.1108/09574090610689998

Christopher, M., & R.Towill, D. (2002). Developing Market Specific Supply Chain Strategies The International Journal of Logistics Management, 13 (1), 1-14 DOI: 10.1108/09574090210806324

Mason-Jones, R., Naylor, B., & Towill, D. (2000). Engineering the leagile supply chain International Journal of Agile Management Systems, 2 (1), 54-61 DOI: 10.1108/14654650010312606

Ben Naylor, J. (1999). Leagility: Integrating the lean and agile manufacturing paradigms in the total supply chain International Journal of Production Economics, 62 (1-2), 107-118 DOI: 10.1016/S0925-5273(98)00223-0

Author links

• cardiff.ac.uk: Professor Dennis Towill
• cranfield.ac.uk: Dr Helen Peck
• cranfield.ac.uk: Professor Emeritus Martin Christopher
• glam.ac.uk: Dr Rachel Mason-Jones

Related

• husdal.com: The Definition of Agility
• husdal.com: Book Review: Dynamic Supply Chain Management
• husdal.com: Lean logistics = Risky logistics?

All-in-one

Coming straight to the point, the figure below, taken from the article, is one of the best attempts I have seen at synthesizing all fields that relate to supply chain risk management.

Copyright note: The figure above is taken from the article.

This view is very much reminiscent of my own view on risk and vulnerability, which should come as no surprise, having a background as adviser in vulnerability assessment, safe community planning and crisis management with several Norwegian government authorities for more than 15 years. Let’s take a closer look at Peck’s article, which in essence is a critique and literature review of past and current research in supply chain risk and its related fields. This critique starts from the concept of supply chains, and ends with a societal perspective, cleverly making the case for “the extendend supply chain”.

The literature review

The literature review leading up to the figure, which is on the second-last page of the article, is amazingly succinct, despite spanning a wide variety of fields, not immediately related to supply chain vulnerability, but in a wider sense all necessary to understand the full implications of supply chain vulnerability.

Supply chains

Peck sees supply chains are seen as more than just supply chains, but as a complex and multi-tiered networks, namely:

a network of connected and interdependent organisations, mutually and co-operatively working together to control, manage and improve the flow of material and information from suppliers to end users.

Peck contends, and I am inclined yo agree,  that the word chain in supply chain has been a barrier to fully understanding supply chains.

Supply chain management

The literature differs considerably as to a common definition of what supply chain management (SCM) really is, since SCM works at several levels, both operational, tactical and strategical. The operational side is often made up of logistics activities, while the strategic level takes a wider view, with the long or short-term co-operation and alignment among firms as the main objective.

Risk and risk management

Classical risk discussion often start with decision theory, making risk the possible upside or downside result of a rational and quantifiable decision, the (in)famous “objective” risk, while the “perceived” risk is what most people think of, and perhaps, what most organizations should be concerned with. Indeed, as Peck notes,

where supply chain concepts are at best ambivalent, “risk” is hotly contentious

Furthermore, risk management often fails to recognize that systems interact, and thus, makes it impossible to separate risk in one system (or company unit or business unit or supply network unit) from risk in other systems.

Supply chain risk and vunerability

When it comes to supply chain vulnerability, Peck starts with Göran Svensson, the first and most widely cited author, who defined vulnerability as

an exposure to serious disturbance, arising from risks within the supply chain, as well as risks outside of the supply chain.

Supply chain risk and vulnerability, so Peck says, should be regarded as a multi-dimensional construct, in an end-to-end supply chain context, thereby including

anything that presents a risk, a hazard or any form of impediment  to information, material and product flows from original suppliers to the delivery of the final product to the ultimate end-user,

much akin to the definition in her own 2002 article on Drivers of supply chain vulnerability.

SCM as risk mangement

As I and many other researchers have noticed, and Peck is absolutely right in this, the SCM literature has a vast number of articles promoting  risk management (RM), recognizing that proper SCM cannot exist without proper RM, and indeed, vice versa. This underscores that RM should be and must be an integral part of SCM. However, let alone sadly, more often than not, this link is overlooked by many SCM professionals.

Corporate risk management and business strategy

Corporate risk management is rooted in strategic risk management, and is a way of creating corporate resilience towards external circumstances. Unfortunately, corporate risk management focuses maybe too much on financial risk and avoiding bankruptcy, and interestingly, outsourcing “risky” activities or transferring risk is here seen as a way to reduce risk, whereas much of the recent SCM literature, e.g. Martin Christopher, views outsorcing as a way to introduce risk because of loss of control over the supply chain. In essence, as Husdal puts it, globalization, offshoring and outsourcing leads to

“no” control of
causes to events in the supply chain
“only” control of
consequences of events in the supply chain.

This means that business strategies are a major factor in determining a company’s exposure to supply chain disruptions, an thus, cannot be separated from supply chain vulnerability.

Supply chain risk in strategic networks

There are many reasons why companies come together in strategic networks, one is to form long-term relationships that foster trust and cooperation, see Child, Faulkner & Tallman for an in-depth discussion. Risk sharing or risk pooling is another reason. From one company’s perspective, passing on or transferring risk makes good sense, in line with outsourcing “risky” operations or activities, and vendor-managed inventory (e.g. Wilson) is a typical example of risk pooling in a supply chain. However, as Peck warns, there is a danger of transferring too much of the risk to a weaker party in the network, or that the principal party retains too much risk that is not or can not be transferred. In addition, often risk is transferred without ensuring that that the risk-carrying party has the appropriate risk management structures in place to handle possible externally induced supply chain events. Here too, a an extended view on supply chain vulnerability is needed to fully grasp how one vulnerability may affect the entire network.

Supply chain risk – beyond SCM

On a management level, supply chain are often conceptualized as strategic and commercial production networks, often overlooking or neglecting the mundane side of physical distribution and transportation, which more often than not, is outsourced. Transport and distribution is no longer seen as a core competence, as is IT. IT, luckily, has always had a strong focus on business continuity management (BCM), albeit not all companies recognize this to the full. Remember though, Peck states,

These activities, not core to the organizations they support, form the backbone of SCM.

Thus it should be clear that the sustainability of the transport system, both nationally and  internationally, is a vital component in SCM. The transport system, however, is not the responsibility of individual firms, it lays with the transport authorities. Consequently, SCM should be a core task not just for the industry, but also for the government.

Supply chain risk, security and civil contingencies

Coming from a government and emergency planning background, I too am well aware of the risks associated with transportation and infrastructure deficiencies. Peck describes it excellently when she says

This discipline has always dealt with threats to societal well-being, rather than risk simply as a measure of – or hazard to – corporate financial performance.

Peck refers to the UK Civil Contingencies Act of 2004 that requires the undertaking of business continuity planning and risk management from local government authorities, utilities providers and commercial organizations with responsibilities for essential public transport and critical infrastructure. The British Standard for BCM stresses that

All organisations depend upon others to enable the delivery of their products and services to customers and clients (the supply chain). As a result, BCM applies across industry sectors and cultural divides.

Supply chain risk and vulnerability are much more than just supply chain related.

Conclusion

This paper brilliantly explains how supply chain vulnerability sits on the intersection of several still evolving fields of academic research and management practice. Peck manages to draw a line from the ambiguous concept of risk  in one company, through the supply chain, through extended networks and all the way up to society as a whole. Why is this important? Because

supply chains serve a purpose that extends far beyond the functional concerns and stated aims of SCM.

Supply chains link industries and economies more than we may be aware of, and the research agenda for supply chain risk and vulnerability needs to recognize that there are many and varied interests and communities involved. Consequently, an that is my view, research in supply chain risk and vulnerability is inclusive, rather than exclusive ,of other fields.

Reference

Peck, H. (2006). Reconciling supply chain vulnerability, risk and supply chain management International Journal of Logistics, 9 (2), 127-142 DOI: 10.1080/13675560600673578

Links

• cranfield.ac.uk: Dr. Helen Peck

Related

• husdal.com: Drivers of Supply Chain Vulnerability

Supply Chain Risk Management – a basic construct

In defining supply chain risk management, Jüttner et al. use four basic contructs: 1) Sources of risk, which lead to 2) Adverse Consequences of risk, instigated by 3) Drivers of risk and possibly offset by 4) Mitigation strategies.

Supply Chain Risk Management - from Jüttner, Peck and Christopher (2003)

These four constructs are used throughout the article and seen as sequential steps in the managerial process of addressing supply chain risk. It is a simplification, yet, at the same time, it opens up many new avenues that all converge towards the starting point, rather than diverge from it. In addressing the risk, they identify four separate risk mitigating strategies: 1) Avoidance, 2) Control, 3) Co-Operation and 4) Flexibility.

Supply Chain Risk Management – risk sources

In a similarly simple manner like the above figure, in a second figure the sources of risk are broadly categorized along 3 different levels: 1) Organizational risk, 2) Network (or Supply Chain)-related risk, and 3) Environmental risk.

Supply Chain Risk Sources - from Jüttner, Peck and Christopher (2003)

In my opinion this figure perfectly manages to sum up the three different levels of supply chain risk. However, I haven’t yet seen any later paper that picks up along these lines.

Reference

Jüttner, U., Peck, H., & Christopher, M. (2003). Supply chain risk management: outlining an agenda for future research International Journal of Logistics, 6 (4), 197-210 DOI: 10.1080/13675560310001627016

Author links

• hslu.ch: Prof Dr Uta Jüttner
• cranfield.ac.uk: Dr Uta Jüttner
• cranfield.ac.uk: Professor Emeritus Martin Christopher
• cranfield.ac.uk: Dr Helen Peck

Related

• husdal.com: Risk Management: Contingent versus Mitigative

A multi-level framework for analysis

The case study, which is minutely detailed in the paper referenced below, suggests that the sources and rivers of supply chain vulnerability, and conversely, supply chain resilience, are found at four different and interlinked levels within the supply chain:

Level 1 – Value stream, product or processes
Workflows and information flows

Level 2 – Assets and infrastructure dependencies
Fixed and mobile assets

Level 3 – Organizations and inter-organizational networks
Contractual and trading relationships

Level 4 – The Environment
Social and natural environment

Intertwined and connected

In assessing the vulnerability of a supply chain, all levels should be investigated in how their characteristics influence the supply chain.

At level 1, the supply chain is seen as a logistics pipeline, where the focus on lean and agile practices have made supply chain performance the overall goal but at the same time it also exposed the supply chain to many risks.

At level 2 the focus is on the supply chain as a carrier of goods and information, and supply chain vulnerability is determined by production sites, distribution centers and warehouses, as well as IT and other communication facilities, and also the whole transportation network from supplier to end customer.

At level 3 the view is further afield, looking at the supply chain from a strategic and management perspective, where organizational management, power-sharing, collaboration and competition become important factors in evaluating vulnerability.

At level 4 the view is a broad macroeconomic perspective, political, economic, social, legal and technological factors, and disruptions or sudden changes in these factors are more often than not beyond the control of the company, but must be dealt with accordingly.

Conclusion

The 4-level model employed by Peck is an excellent tool for explaining the scope and dynamic nature of supply chain risk. It emphasizes that a resilient network involves much more than the design and management of robust supply chain processes. It is important to recognize that by taking actions to reduce risk at one point within the four levels, at the same time the risk profile for the other levels is changed, including players and stakeholders not thought of in the initial risk assessment. Supply chains are dynamic and constantly evolving, and so is supply chain risk. Achieving supply chain resilience is a constant battle and a never-ending process.

References

Peck, H. (2005). Drivers of supply chain vulnerability: an integrated framework International Journal of Physical Distribution & Logistics Management, 35 (4), 210-232 DOI: 10.1108/09600030510599904

Links

• cranfield.ac.uk: Dr. Helen Peck

Related

• husdal.com: Supply Chain Risk Management – as seen from Space

Key findings

Supply chain vulnerability is an important business issue.
Little research has been undertaken into supply chain vulnerabilities.
Awareness of the subject is poor.
There is a need for a methodology for managing supply chain vulnerability.

What else does the report say?

The report illustrates that modern supply chains are very complex, with many parallel physical and information flows occurring in order to ensure that products are delivered in the right quantities, to the right place in a cost effective manner. In fact, supply networks may be a more accurate term than supply chains. The shift towards leaner supply networks during recent years has resulted in these networks becoming more vulnerable.

In particular, there often tends to be very little inventory in the system to “buffer” any interruptions in supply and, therefore, any disruptions can have a rapid impact on the supply network.

These disruptions can arise from a number of sources, for example:

• natural disasters
• terrorist incidents
• industrial or direct action
• accidents
• operational difficulties

Owing to the close interrelationships between many supply networks, the impact of such disruptions can be far reaching and companies have been aware of the need for disaster recovery and emergency planning for some considerable time, particularly in areas such as information technology and production plants. The robustness of supply networks is thus recognised as being critical both for individual organisations and for the economy as a whole.

Whilst risk has always been present in the process of reconciling supply with demand, there are a number of factors which have emerged in the last decade or so which might be considered to have increased the level of risk. These include:

• A focus on efficiency rather than effectiveness
• The globalisation of supply chains
• Focussed factories and centralised distribution
• The trend to outsourcing
• Reduction of the supplier base
• Volatility of demand
• Lack of visibility and control procedures

Consequently, the diverse range of effects triggered by even a modest incident can fail to lead to underlying weaknesses being diagnosed if they are considered in isolation and not as part of the wider, overarching system. In effect, current understanding is underdeveloped and only capable of looking at pieces of the supply chain vulnerability jigsaw, without the ability to connect those pieces and see the wider picture. Business continuity and risk management, particularly with regard to information systems, appears to be fairly well understood and applied within individual organisations. The same is not true in terms of risk management in supply chains. Where awareness exists, a major impediment to the application of supply chain continuity management is the lack of an integrated programme of action or access to an appropriate ‘tool kit’.

Downloads

• cranfield.ac.uk: Supply Chain Risk Research