risk, resiliency and supply chain modeling · the most common definition of a resilient supply...
TRANSCRIPT
INDUSTRY PERSPECTIVE SUPPLY CHAIN MANAGEMEENT
JUNE 2020
Risk, Resiliency and Supply Chain ModelingAuthor: Evrim Övünç
Executive Summary01
Humankind is undergoing an extraordinary experience. At the time of writing of this essay, a global pandemic
(the SARS-CoV-2 coronavirus), threatening the health of us all, has struck the globalized, interconnected world
and spread over the planet in a matter of a few weeks. To flatten the epidemic curve, many governments
imposed restrictions, now in force for more than two months in many countries, which have resulted in a
significant reduction in economic and social activity. They have also had significant impact on supply chain
operations from various aspects and will lead to one of the most significant recessions in history. The duration
of the pandemic, and thereby the duration of restrictions and their impact, remains unknown.
The outbreak of the Coronavirus inspired the writing of this essay, but it is not its core topic. The author sees a
rising trend of disruptions, especially of natural origin, since the late 1990s, with cybercrime being an
exception. IT outages, adverse weather and cybercrime are currently the first three ranking causes of supply
chain disruptions.1 This trend is likely to accelerate, due to the continued adverse human footprint on the
planet and growing resource scarcity and the increasing interdependence of our processes and our reliance
on digitization.
The increasing frequency and force of such disruptions, given the interdependent and complex nature of
supply chain operations today, result in a disproportionate increase of the monetary costs of these events.2
Going forward, the topic of supply chain risk management (SCRM) and, as a measure for preparedness, supply
chain resiliency (SCRes) will require more attention from practitioners. Further, for high-impact, low-probability
(HILP) incidents that are topics of this essay, practitioners will, if temporarily, have to adopt some of the
methods used in disaster relief operations (DRO), which in part are significantly different from commercial
supply chain practices.3 Both recent surveys4 and observations5 during the enduring Coronavirus pandemic
prove that most companies are not adequately prepared.
This paper first examines why existing supply chain management (SCM) practices do not naturally develop
resilient supply chains and why some of the existing SCM processes are not suitable for addressing such risks
and required responses. It outlines the general concepts of SCRM and SCRes, then focuses on the usage of
supply chain modeling to improve the effectiveness of risk analysis and response planning. It concludes with a
summary of the benefits of SCRM supported by modeling.
1. Business Continuity Institute, “Supply Chain Resilience Report 2019.”2. Mizgier, Kocsis, and Wagner: “Data Analytics to Leverage the BI Insurance Proposition,” INFORMS Articles in Advance (2018).3. Ergun, Keskinocak and Swann: “Humanitarian Relief Logistics,” INFORMS News (2007).4. Business Continuity Institute, “Supply Chain Resilience Report 2019”; The Economist Webinar “Coronavirus Outbreak – Economic and
Business Implications” (03 Feb 2020).
5. EY article, “COVID-19: How to Build Supply Chains Resilient to Disruption” (18 Mar 2020).
Conditions and Paradigms, Past and Future
The most desirable condition within which to run a business and its supply chain operations is stability – stability both of the legal
framework and the economic environment. Large parts of the world have experienced stability for an extraordinarily long time.
With such stability, in the last 80 years companies and supply chain management have focused on catering for the two
paradigms that continue to define success today: growth and profitability.
Consequentially, supply chain organizations, processes and tools have been tailored to handle the “normal” situation of stability.
Widely accepted principles in operations (such as the Toyota Production System, Lean, Six Sigma), planning (such as
standardizing processes, minimizing lead times and inventory, maximizing capacity utilization, predicting the future from the
past) and strategy (such as outsourcing non-value-added activities, centralizing activities for economies of scale) perform well – as
long as “normal” circumstances continue to persist. Additionally, operating a supply chain has increasingly become dependent on
the digitization and collaboration of its various elements.
These trends, however, have increased the vulnerability of supply chains to high-impact, low-probability incidents.
Major incidents did repeatedly interrupt the “normal” in the past 100 years – among others, the 1918 Spanish Flu, two world
wars, the 1929 Wall Street crash, the 1973 oil crisis, 1987’s Black Monday, the 2001 burst of the dot-com bubble, the 2004 Indian
Ocean earthquake and tsunami, the 2008 financial crisis, and the 2011 Great East Japan Earthquake and subsequent nuclear
power plant disaster in Fukushima.
6. https://en.wikipedia.org/wiki/Emergency_management#Response
However, in the view of the author, few really qualified as HILP events. First, all of the
recent global incidents were financial in nature, and hence shrunk industrial activity,
but did not have an immediate and disruptive impact on operations. Second, there
were indicators that should have made it possible for these global financial incidents
to be predicted (or some could have been predicted had information been
transparently shared). This is not the nature of HILP disruptions – they are typically
“black swans.”
The condition of stability can no longer just be assumed. With the continuing
impairment of Earth’s ecological balance and depletion of her natural resources, HILP
events will likely occur more frequently in the future – natural disruptions especially,
but also social and IT-related ones. The practice of SCM will have to adapt to
repeatedly accommodate such disruptions while keeping operations running.
Also, the severity of such incidents should be expected to increase. Therefore, supply
chain management will have to consider adopting methods already common to DRO6
– such as the assembly of temporary task forces to manage response efforts, the
creation of “war rooms” for the coordination of such task forces, the overriding of
standard processes, collaboration inbound and outbound to the supply chain with
unusual partners (such as NGOs, government bodies, even competitors), and the
usage of substitutes (in products, transport modes, suppliers, etc.).
Finally, at least one of the two paradigms for success – growth – will continuously lose
its importance, as it conflicts with the fact that Earth’s resources are limited.
02
Supply Chain Risk Management and Resiliency03
3.1 Definitions
Supply chain risk management, as a subsection of SCM, focuses on the identification of risks and the planning of steps to handle
such risks. Supply chain resiliency defines to what extent a supply chain can withstand disruptions.
The most common definition of a resilient supply chain is its ability to quickly recover from disruptive events, ideally emerging
stronger than before.7 With disruptions piling up and impacting supply chains more frequently, however, the definition of the
resilient supply chain will have to change – it likely will impossible to recover to an ante-disruption state. Rather, resilient supply
chains of the future should have the capacity to continuously morph into new states that enable them to operate under the new
(but also temporary) conditions prevailing post-disruption – and do so repeatedly. While the former description of supply chain
resiliency is closer to its definition in engineering, the latter description resembles its definition in ecology.8
The definition of resiliency as continuously morphing
the supply chain may sound like plain vanilla SCM,
where fluctuations in demand, supply, costs and
quality are the order of the day. The difference is the
new definition’s assumption of frequently occurring
events that are foreign to SCM under “normal”
conditions, including but not limited to:
• Extreme and very-short-term imbalances,
fluctuations and unpredictability in demand,
supply, costs and quality
• Complete (if temporary) shutdowns of entire
nodes or even clusters of nodes
• Breakdown of infrastructural elements (such as
the capability to transport)
• Unusually short-term changes to the legal
framework
What SCM and SCRM do share is the necessity to balance
diametrically opposed forces in the supply chain:
• Efficiency (hence profitability), competing against both
prerequisites of resiliency (which are flexibility and
responsiveness)
• Further digitization for more, faster and more accurate
information, competing against cybersecurity
These forces are further elaborated in Section 3.3. Implications of
Risk on the Supply Chain.
Striking the right balance between those forces, amidst many
unknowns, is the art of risk analysis and planning for resiliency.
7. S.T. Ponis and E. Koronis, “Supply Chain Resilience: Definition of Concept and Its Formative Elements,” Journal of Applied Business Research (Sep 2012).
8. Ibid.
Supply Chain Risk Management and Resiliency03
3.2 Determining Risk and Appropriate Responses
9. Damon. P. Coppola, Introduction to International Disaster Management (2006).10. Y. Sheffi, The Resilient Enterprise, the MIT Press (2007).
Most conceptual frameworks, including the ISO 31000:2018 standard, define risk management as the repeated conduct of the
steps below. With regard to SCRM, these steps should cover all material elements of the supply chain and connect the analysis
upstream to suppliers and downstream to customers.
Evaluation of identified risksThe identified risks are evaluated, ranked and prioritized using methodologies such as the SMAUG model9 (see bullets below) or vulnerability maps10:• Seriousness: the relative impact of the risk• Manageability: the relative ability to mitigate or reduce the risk• Acceptability: the degree to which the risk is acceptable in a variety of terms (political, environmental, social,
economic)• Urgency: the probability of the risk and, hence, the urgency to act• Growth: potential for the risk to expand in impact or increase in probability
Identification of risksAll the identified risks to the supply chain operation are captured in a “risk register.”The general approach to distinguishing risks is to cluster them by impact and probability.However, as mentioned earlier, quantifying the probability of HILP events is very difficult. To compensate for this ambiguity, and at least refine the correlation of the risk to its supply chain impact, the author suggests adding two more dimensions to the clustering schema, predictability and source, as follows:• Probability: likely (e.g., sea-level increase) vs. unlikely (e.g., a heavy earthquake in central Europe)• Impact: high (e.g., sea-level increase) vs. low (e.g., a local flood)• Source: external/event-driven (e.g., natural disasters, strikes, geopolitical risks) vs. internal (e.g., capacity constraints,
sourcing dependencies, currency vulnerability, demand concentration)• Predictability of
Definition of responsesAfter the risks are identified and evaluated, the appropriate responses are determined through the four T’s:• Terminate: the preferred option, whenever possible, is to terminate the root cause for the risk• Transfer: another option is to transfer (elements of) the risk to another party (e.g., transfer the financial risk to an
insurance company)• Treat: measures are taken to reduce the likelihood of the risk and/or alleviate its impact in the case of occurrence• Tolerate: the level of the risk and its potential implications are deemed such that no further action is required
Definition of trigger thresholdsFor each of the risks, quantifiable indicators are defined, which are continuously monitored. Once trigger thresholds for these indicators are reached, the identified responses are activated, to act against the risk.
Timing: high (e.g., the sea level increase)
vs. low (e.g., droughts)
Scope of impact: broad (e.g., pandemics) vs. narrow (e.g., forest fires)
Period of impact: long (e.g., pandemics) vs. short
(e.g., storms)
Frequency of recurrence: high (e.g., labor strikes) vs. low
(e.g., earthquakes)
Supply Chain Risk Management and Resiliency03
3.2 Determining Risk and Appropriate Responses (cont.)
PlanningThe concrete steps to be undertaken for each response, once the trigger sets off, are planned and communicated to all concerned parties (“business continuity plans”).
ReportingRelevant risk information is regularly reported to all concerned parties.
ReviewAll the above process steps are regularly repeated, and results are updated.
Section 4. Resiliency, Risk Analysis and Response Using Supply Chain Modeling elaborates on the necessity of using advanced
analytics, specifically supply chain modeling, for steps b and c above.
3.3 Implications of Risk on the Supply Chain
The requirements and feasibility of SCM responses to the risks
identified will potentially differ by the risk cluster, industry,
geography and each company.
However, the general direction of most responses is to make a
supply chain more agile in responding to a disruption. Two
antecedents to agility should be distinguished.
One is the flexibility to have multiple options, through
measures like:
• Cross-training of the workforce
• Standardization of processes
• Product design and manufacturing process-related measures
(e.g., generic/interchangeable parts, modularity, late
differentiation)
• Redundant capacity
• Buffer inventory
• Strategic management of critical suppliers and onboarding of
substitutes for non-critical suppliers
• Availability of information for every critical process at every
node of the supply chain (including suppliers and customers)
The other agility antecedent is responsiveness (or
velocity). For example:
• Setting up processes and a team (which can be
broadened with additional subject matter experts as
needed) for risk analysis and responses at a strategic
and tactical level
• Setting up processes and a team (which may have
overlaps with the above-mentioned team) for the
coordination of post-impact measures at operational
level through a “war room”
• Endorsing a culture of distributed power, especially to
empower local agents of the company to make very-
short-term decisions outside normal hierarchies in the
case of an incident
• Ensuring continuous and broad communication
• Reducing of lead times (e.g., through near-sourcing or
different transport modes)
• Increasing the speed and accuracy of information at
every node of the supply chain (including suppliers and
customers)
Supply Chain Risk Management and Resiliency03
It should be noted that the last requirement on information listed above,
for both flexibility and responsiveness, contains an inherent contradiction,
as it implies a broadly and deeply digitized supply chain, which can
increase the vulnerability to both cybercrime and infrastructural
disruptions.
The fundamentals of responsiveness are directionally the same as with
the ones for “normal time” SCM. Flexibility, on the other hand, is in most aspects diametrically opposed to efficiency and therefore comes at a cost.
Hence the measures to increase flexibility should be chosen carefully, as
they will vary both in their effectiveness of alleviating risks and in their
costs. For example, to address risks with lower predictability, broader
preemptive measures (such as the ones on standardization or product
design) may be more suitable, while for risks with higher predictability,
targeted responses (like buffering inventory) may be preferred.
Resiliency, Risk Analysis and Response Using Supply Chain Modeling
04
Supply chain modeling is essential to substantiated resiliency analysis and
to the planning of risk responses, as outlined in the following four
subsections.
A supply chain model is the digital representation of the structure,
product flows and policies of a physical supply chain. It is created by
transforming data into predetermined structures, so that such data
templates can be used in conjunction with mathematical algorithms, to
determine improved future state structures, product flows and policies.
Under the hood, modeling techniques can broadly be differentiated into
optimization-based and simulation-based algorithms.
As the name suggests, optimization algorithms select “optimal” solutions
(as defined through one or more optimization objectives) from a
narrowed subset of feasible solutions (for example, due to capacity
constraints) – and do so at once (as opposed to through an iterative
process), by fulfilling all the criteria in the end-to-end supply chain. Such
results are superior to heuristics-based approaches, the simplest of which
is to use Microsoft Excel, still the most used method for analysis.11
Heuristics typically either arrive at significantly suboptimal solutions (due
to the large universe of possible solutions) or are unable to define a
feasible solution altogether (due to the complexity of the problem).
The one limitation of optimization algorithms is that input parameters are
treated deterministically, hence uncertainty is addressed through the
creation of various scenarios and the comparison of their results.
Simulation algorithms do not select from multiple choices, but rather they
simulate the working of the modeled supply chain network, based on pre-
defined policies (e.g., replenishment policies for inventory). While
simulating each process, these algorithms allow for the inclusion of
uncertainty through probability distributions, so that the result of a
process in the simulation differs with each reiteration.
Therefore, supply chain modeling for risk and resiliency should
combine both techniques.
11.Business Continuity Institute, “Supply Chain Resilience Report 2019.”
Resiliency, Risk Analysis and Response Using Supply Chain Modeling
04
12.D. Simchi-Levy, W. Schmidt and Y. Wei, Harvard Business Review, Jan/Feb 2014 issue.13.Yossi Sheffi and James B. Rice Jr., MIT Sloan Management Review, 2005.
4.1 Resiliency Analysis
Typical resiliency analysis focuses on obvious indicators, such as suppliers with the highest spend, sites
with the highest volume, and customers or products with the highest profit contribution.12 However,
potential vulnerabilities of a supply chain are not always in those places.
A supply chain model can uncover hidden breaking points in unexpected places – in commodity
suppliers, for example, at small nodes in the network or in ostensibly minor components. Among other
insights, such a model can point at assets and processes that are being utilized at capacity, spot single-
sourced materials inbound and products outbound, show volume or value concentration at particular
nodes, identify bottlenecks in lead times, or quantify the impact of foreign exchange fluctuations on
revenue and cost.
Such analyses may lead to the discovery of measures to increase the resiliency of the supply chain that
are independent of risks and their identified implications. Hence, these may be implemented even if no
disruptions to the supply chain are assumed.
4.2 Risk Analysis
Analyzing risk in a supply chain network consists of the following steps:
• Understanding the implications of a disruption on the network
• Quantifying such implications, also considering the “disruption profile,”13 in terms of revenue and cost
• Prioritizing the results
• Scaling this process (for a comprehensive understanding of risks, typically many scenarios need to be
analyzed and continuously iterated)
Resiliency, Risk Analysis and Response Using Supply Chain Modeling
04
14. Mizgier, Kocsis, and Wagner: “Data Analytics to Leverage the BI Insurance Proposition,” INFORMS Articles in Advance (2018).15. https://en.wikipedia.org/wiki/Value_at_risk16. D. Simchi-Levy, W. Schmidt and Y. Wei, Harvard Business Review Jan/Feb 2014 issue.
Figure 1:
Disruption Profile
To understand the implications of a disruption, scenarios that describe what will happen are defined
(e.g., which suppliers, plants, warehouses, customers are affected and how, in what magnitude, for how
long, and to what extent do they recover). These serve as the input parameters to the next steps in the
analysis.
However, quantifying the effects of these scenarios on the entire supply chain is complex.
First, the effects typically cascade through a variety of nodes and processes. Therefore, simplistic
approaches, such as using Microsoft Excel, fall short in showing the full picture. They fail to capture and
quantify the effects on the end-to-end supply chain in its entirety. For example, especially in a
constrained environment, the breakdown of a production asset at a particular manufacturing site may
increase warehousing costs, create capacity shortages and ultimately cause lost sales in entirely different
parts of the network.
Second, these effects decrease revenue and increase operating costs over the recovery time period.
These additional costs typically outweigh replacement costs of inflicted assets in the supply chain,14
often determined with methods calculating a probability-weighted replacement cost, like value at risk
(VaR).15
Third, as mentioned earlier, the nature of HILP events makes forecasting probabilities for these
scenarios almost impossible. Therefore, the total cost of each scenario on the supply chain lends itself to
being a realistic and neutral measure for ranking and prioritizing them.16
Due to the above, such comprehensive and complete analysis of the implications of risks on the supply
chain requires the use of supply chain modeling.
Resiliency, Risk Analysis and Response Using Supply Chain Modeling
04
4.3 Response Selection
Once the supply chain risks have been determined and their effects quantified, the most adequate
responses for each scenario need to be selected from a list of options.
As with the scenarios, the biggest challenge is again one of ranking and prioritizing.
First, many qualitative criteria need to be incorporated into the selection (e.g., public perception of the
response), which typically are translated into scores that can be quantified and ranked.
Then, the totality of the cost of the disruption (e.g., a plant goes offline for a specific period and assets
need to be replaced) plus all costs operating with the best-suited response during the recovery period
(e.g., shipping from another plant and holding additional inventory due to increased lead time) plus the
(positive) effect of the response (e.g., the partial alleviation of the loss in sales) need to be quantified.
The complexity of the effects of each scenario on the supply chain and the (typically expansive) universe
of feasible responses from which to select again make the usage of a supply chain model a necessity.
4.4 Post-Disruption Recovery
A company that has implemented sound SCRM standards will likely be able to react quickly to a
disruption, with those measures that most effectively support the recovery process.
However, in most cases recovery will take time, and with time comes additional variability and
uncertainty. Hence, the recovery process needs to be monitored and adjusted, if parameters assumed in
the planning of the response deviate significantly. If, for example, a redundant production line (which
was switched on to respond to a manufacturing disruption) provides a lot less output than planned, an
adjustment of product-to-line/plant allocations in the network that deviates from the business continuity
plan may be required.
For reasons mentioned in previous subsections, such analyses for fine-tuning responses during the
recovery period should again be supported with supply chain modeling.
Conclusion05
Modern supply chain networks are
complex, and their components are
highly interdependent. Resiliency and risk
analyses – and the selection of effective
responses to identified risk scenarios –
must be supported with advanced
analytics.
Independent of which incidents are assumed to
happen, modeling facilitates the discovery of
potential breaking points, thereby supporting the
redesign of the supply chain for improved
resiliency.
Modeling allows for testing the performance of a
hypothetical redesigned supply chain setup before
any changes are made to the real thing.
Modeling enables the realistic and complete
identification and quantification of effects of risks on
the end-to-end supply chain network.
Modeling improves the selection of best-suited risk
responses, including the consideration of disruption
profiles and the recovery period.
Modeling allows for the analysis and comparison of
results from numerous scenarios, which are flexibly
defined by the creator of the analysis.
Modeling shows the most appropriate readjustments
of responses during the recovery period
Modeling reduces the cost of recovery, by minimizing
lost sales and additional CAPEX (for replacement of
lost assets) and OPEX (operating during the recovery
period), and it can reduce the cost of insurance for
supply chain operations by allowing for the selection
of more purposeful coverage,
Modeling simplifies the frequent repetition of the
analysis.
The usage of supply chain modeling for that purpose provides the following benefits, which cannot be achieved using commonly used, mostly heuristics-based, approaches: