Global Supply Chain Risk

Global Supply Chain Risk M A R C H 2 0 1 0 www.et21symposium.org

P R O G R A M O N G L O B A L S E C U R I T Y

et21.rutgers.edu

Caitlin Scuderi is a doctoral student in the Division of Global Affairs. Her interests include global security, Economic development, and social movements in the Middle East. She is a member of the Georgia Political Science Association and the New York State Political Science Association. She will next be presenting research on global security threats at the annual NYSPSA conference in Saratoga Springs, New York. She completed her MA at Dartmouth College and her BA at Michigan State University.

SYMPOSIUM BRIEF

Introduction

Supply chain risk management (SCRM) is not a new phenomenon. As the global mar-ket began to fully open in the 1980s, an extensive network of global chains began tak-ing root. Outsourcing, lean manufacturing, specialization, and heavy reliance on con-tractors has helped international corporations minimize costs and allowed for more time and effort to be spent on core competencies. This complexity of cross-border ex-changes, however, has created new vulnerabilities for these companies. Disturbances to international supply chains can cause disruptions including, but not limited to: re-ductions in revenue, decrease of market share, inflation of costs, and failure to stay within budget. Although each disruption can severely hinder the progress of a global corporation, perhaps the most threatening disruption is the damage to a corporation’s credibility in the eyes of both its shareholders and its potential customers and partners. To avoid these disruptions, supply chain risks need to be identified and assessed so that their negative impacts can be lessened or avoided all together. In order to do this, corporations are focusing more on managing these risks. As a result, supply chain risk management (SCRM) is emerging as an essential part of corporate management. With thirty plus years of this type of highly-connected intermarket exchange experience, the advancement of SCRM has become neatly separated into two streams of thought: one espousing the criticality of continuous information gathering as it re-lates to preventing risks of the future – a proactive approach – and another focusing more on fortifying these global chains to prepare for inevitable ‘uncertainties’ – a re-active approach. Eckert and Hughes (2010) discuss a proactive model for avoiding risks by gathering information on an already running supply chain and the external environment. The practice of continuous information gathering, compared to the prac-tice of managing risks as they present themselves, the authors argue, separates corpo-rate survivors from rulers.

On the other hand, Ratick et al. (2008) argue that the greater problem pre-sented to supply chain managers is responding to varying uncertainties. Reactivity be-comes the indicator of corporate supply chain success. Considering both streams of thought concerning SCRM, this brief will assess analytics, data needs and structures of both processes and provide a broad reaching methodology for threat assessment as it relates to SCRM.

190 University Ave, Suite 219 Newark, New Jersey 07102

Tel (973) 353-5416 Fax (973) 353-5074

2 ET21 PROGRAM ON GLOBAL SECURITY March 2010

Analytics Generally speaking, it is the suppliers that serve as a conduit through which risks flow to global corporations. Without SCRM, disruptions at the supply level flow through the chain causing disruptions at the corporate level. Importantly, the longer the supply chain, the higher the potential for risks. SCRM was created to manage these supplier-related risks through miti-gation and avoidance. Before designing and implementing either a proactive or reactive SCRM model, global corporations need to assess their relationships with their suppliers. There are four key areas of interest to consider during this evaluation:

Do any active suppliers showcase a “parent-child” relationship? Is the supplier in the chain a subsidiary of another larger company? If the answer to this question is yes, the parent company’s volatility needs to be measured.

Where does the suppliers’ balance of trade lie? Is a supplier unevenly dependent upon one customer for a majority of its revenue? If this is the case, how likely is the supplier to survive if that relationship were damaged?

Are any suppliers “component critical”? In this situation, a supplier’s output de-pends heavily or solely on one component. What would that supplier do if the sup-ply of that component were limited?

Are the suppliers financially healthy? Are they in the black and do they have a his-tory of making well-informed financial decisions?

A broad assessment like this will allow supply chain managers and other decision mak-ers to decide which model, either proactive or reactive, will be best suited for their company. A chain showcasing a relatively unstable supply base, for instance, is a candidate for a proactive risk management model; in an environment where there is a relatively high probability of risk, firms are more likely to survive if they can identify and monitor risks as early as possible. Con-versely, a relatively stable supplier base implies that a reactive risk management model may be more appropriate. With a lower probability for risk exposure, global corporations can nearly quantify how they must respond in the case of a chain disruption. Beyond the overall health of the supplier base, however, both the physical and monetary size of the corporation needs to be assessed before prescribing a risk management plan. As mentioned earlier, the length of a supply chain is directly related to the amount of risk that chain is exposed to. Based on this, larger global corporations naturally become better candidates for proactive SCRM models. Because proactive SCRM models are comprehensive in terms of data collection and analysis, the implementation of these models tends to be costlier than that of others. This generally implies that larger firms in terms of size and capital are better suited for proactive SCRM models. Reactive SCRM models, subsequently, are better suited for smaller corporations. This type of model does not require such extensive data collection and analysis and so can be run at a lower cost threshold. This does not mean that this type of model is ineffective, though. Smaller corporations with shorter supply chains are inherently exposed to fewer risks than their

Global Supply Chain Risk


larger counterparts. An efficient SCRM model, then, would only need to account for those risks.

Data Needs and Structures The majority of the data a global corporation needs in relation to SCRM is directly related to the health of its supplier base. Because SCRM models are largely determined by supplier-related information, these data must be comprehensive and complete in order to properly cus-tomize the model to the company’s profile. Based on the results yielded by the four key areas mentioned above, supplier stability can be quantified during this assessment by categorizing suppliers into groups defined as: “okay,” “monitor,” or “act.” The process of supplier categori-zation is directly related to a chain’s overall probability of risk. Because of this, the categoriza-tion of suppliers must be deliberate and based on the four key areas mentioned above. Global corporations more suited for a proactive SCRM model must create a comprehen-sive database for continuous information gathering and performance analysis. In addition to in-formation related to supplier health, these models require data concerning and in relation to the micro- and macroeconomic environments in which suppliers are located. A nation’s stock mar-ket, for example, should be monitored. Although it may not be directly related to a certain global supply chain, fluctuations in economic markets tend to have effects on localized labor and employment trends. Additionally, proactive SCRM models collect data on comparative global corporations. Taking stock of other firms’ behaviors can prove beneficial to a corpora-tion offering an example of what to, or what not to do. Such extensive and comprehensive in-formation gathering is necessary as proactive models are designed not only to mitigate and avoid risks, but also to present possible alternatives in the event of a chain disruption. Data collection is more internally focused for global corporations using the reactive SCRM model. Because these corporations deal with a relatively stable supplier base, the major-ity of gathered information is focused on recovery measures. In these cases, supply chain man-agers need to identify vulnerable sections of the chain and where and how potential substitutes can be acquired. Relatively accurate forecasts can be made here. Well-customized models can dictate how much of a specific component a corporation would need if certain risks were real-ized. For instance, if a shipment of components were delayed, a reactive SCRM model would provide quantitative details concerning amounts of alternate components to use and where and how those components could be acquired. This is where data collection in reactive SCRM mod-els is most concentrated – in relation to emergency stocks and substitutes.

Methodology

Regardless of the variation across global corporations and commodity sectors in relation to SCRM models, a basic methodology can be derived from the data needs and structures men-tioned above. In a proactive SCRM model, the focus is on comprehensive external information creating a sense of foresight for the corporation.



On the other hand, reactive SCRM models are centered on acquiring generally internal informa-tion to generate recovery and resiliency plans. Both models, however, are built upon first identi-fying, assessing, and managing the risks that present:

Identification: Define Risks. The risks a corporation faces are unique and must be defined in order to understand them and plan for the future. Risks are qualified based on their probability of occurring, and their potential impact on the corporation.

Assessment: Quantify Risk and Impact. Based on the information gathered during

the identification phase, a corporation can begin to quantify the risks it faces based on the priority level. This step is noticeably laborious as it is where the most rigor-ous and critical information is gathered and assessed. In four broad steps, a company must define data sources, collect data, normalize data, and calculate the risk and im-pact. In terms of locating and accessing data sources, a company can use publicly available information (a supplier’s financial history and trade reviews) and internal data. Data collection will tend to be more intensive for proactive SCRM models compared to reactive SCRM models, but will necessarily be an important process for companies employing either model. Once data are collected, they must be normal-ized. Attributes can be ranked at the interval level here given that they are observed in isolation. For example, a component coming from one supplier will be ranked higher (riskier) than a component coming from more than one supplier, regardless of any extraneous information such as supplier environment or financial history. Ne-glecting this outside information is necessary to accurately and consistently catego-rize singular attributes. Finally, a company can quantify the risk based on its attrib-ute scores. This process allows for relatively accurate and consistent risk prioritiza-tion.

Management: Design Risk Mitigation Initiatives. This last step is the most important

for corporations employing SCRM models. Based on the prioritized list of risks de-veloped during the earlier steps, a corporation can outline specialized mitigation and avoidance plans.

Conclusion

Risk management procedures are gaining increasing importance in global corporations. Supply chains are lengthening to reach suppliers operating at lower costs and those offering commodi-ties not available elsewhere. Despite the incentives and potential gains presented by the length-ening of a supply chain, exposure to risk needs to be heeded. Smart global corporations focus on SCRM as it relates to their product and credibility in the eyes of their shareholders. To main-tain a proper level of security, these corporations have utilized one of two SCRM models – a proactive or reactive one. Regardless which model a corporation chooses, it will be more suc-cessful if that model is acutely specialized and customized. Although risks are inherent in the global corporate environment, they can be handled relatively well if a corporation takes the time to identify, assess, and manage them.


5

Division of Global Affairs

ruglobalaffairs

Website et21.rutgers.edu

About ET21 The Rutgers Center for the Study of Emergent Threats in the 21st Century (ET21) is an interdis-ciplinary center of excellence designed to research a variety of emergent threats to civilians and offer policy prescriptions that generate suitable responses to these threats through three compo-nent programs focused on: Global Security, Civil Resistance, and Immigration

ET21 was created in order generate better linkages between the research activity of faculty and those of students, creating a better prepared and educated cohort of graduates able to compete in the global marketplace for jobs. By developing a long-term partnership with the programs, funds and specialized agencies of the United Nations, several national governments, as well as partner institutions across the globe, ET21 enlarges DGA’s global network of linkages. Current initiatives involving partner institutions that have recently been initiated but would be housed under the new Center’s rubric, for example, include Kassel (Germany), Koeceli (Turkey), Sci-ences Po (France), Viadrina am Oder (Germany) and the University of Warwick (UK).

ET21 is housed under the Division of Global Affairs (DGA) at Rutgers University, Newark. The growing prominence and prestige of the DGA as a premier interdisciplinary research-oriented policy program have allowed it to establish itself as a center of excellence in the field of global affairs, worldwide.

Large scale threats such as the September 11 terrorist attacks, the emergence of new diseases, and the militariza-tion of cyberspace in the past few years have raised the awareness of both government decision makers and the private sector that the vital systems and infrastructures upon which our societies and economies depend on are at great risk from the complex threats emerging in the 21st Century. ET21 is an initiative begun by the Division of Global Affairs in an effort to contribute to a better understanding of the structural sources of these threats, and to identify the kind of policy actions that will need to be adopted to mitigate their consequences. The ET21 center brings together practitioners, policymakers and scholars to find solutions to the challenges many organizations face in developing early warning systems, crisis awareness, and response. Initial partnerships are being developed with the UN Office of the Secretary General and the EU Joint Research Center. The focus of the centers work is divided into four themes related to the study of emergent threats as fol-lows: Data needs and structures, Threat assessment methodology, Analytics, Visualization An important aspect of the center’s work is the involvement of students in research and policy develop-ment. In addition, the center is developing its outreach which includes an initial symposium on the development of common methodology employed in threat assessment.

About the Program on Global Security

ET21

http://dga.rutgers.edu

Documents

Global Supply Chain Risk