The following statistic should startle chief financial officers (CFOs) and procurement leaders: During the past 24 months, three out of four large United States-based companies experienced an unexpected supply chain disruption. These disruptions were serious enough to draw sustained focus or intervention by C-suite executives.
This data comes from a recent survey conducted by APQC [American Productivity and Quality Center], a non-profit business research firm based in Houston. The issue is an unanticipated negative event involving a physical asset owned by a unit of the enterprise itself or a third-party supplier. For example: a serious flood takes out a power plant at a critical assembly plant which, for months afterwards, can only deliver 30 percent capacity.
One might think the survey findings would catch senior finance and operating executives off-guard, but many are not surprised.
“Globalization is the new normal, and that’s what’s behind your data,” says Cynthia Dautrich, chief procurement officer of consumer-products giant Kimberly-Clark Corp. “As you globalize, you constantly need to build out assessments and contingency plans as part of this new normal.”
Consider Kimberly-Clark, says Dautrich. “We have products, services and manufacturing mills in over 175 countries. It’s very important for us to make sure we get our sources as close as possible to the consumer. But at the same time, we’re looking for leverage. We are constantly assessing the tradeoffs among costs associated with shorter lead times versus the risks and costs (manufacturing, inventories and transport) associated with long lead times,” she adds. For a Kimberly-Clark making product in Asia and shipping it to North America or Europe, obviously, those are longer lead times.
Supply chain risk conversations have traditionally been denominated by issues, such as the financial stability of a key vendor or the quality of materials coming from suppliers and their suppliers. However, the impact of extreme weather and political turmoil are now taking center stage. In the past two years alone, a steady stream of high-impact natural catastrophes has devastated populations, property and infrastructure, particularly in Asia where a big chunk of the world’s manufacturing activity now occurs.
Political instability in the Middle East and other volatile areas has also drawn intense attention. These developments have been alerting senior managers to the fact they are more broadly exposed than they thought. But many are still on the early side of the learning curve. Meanwhile, several companies are on the pioneering side.
Kimberly-Clark offers examples of “best practice” when it comes to modeling a wide range of risks in its global supply chain. The company also models carefully and regularly how logistics activity would need to be in ballet-like synchronization, should something very bad and unexpected happen.
Arrow Electronics Inc., a global provider of products, services and solutions to industrial and commercial users of electronic components and enterprise computing solutions, demonstrates the need for what Paul Reilly, its EVP of finance and operations and CFO, calls “both offense and defense.”
And ATMI Inc.’s CFO Tim Carlson shares his view of risks, their potential impact and how his company is prepared to respond. ATMI is a global provider of enabling process materials and process technology for the semiconductor, display and life science industries.
Finally, Jeff Burchill, CFO of FM Global, a global commercial and industrial property insurer, advises his counterparts at industrial companies to “be alert to your exposure to your major customers. If they get hit by a major supply chain disruption and they can’t operate, then your demand dries up.
“You could say the largest unknown risk companies have today hides in their customer bases. Until we see solid economic growth that allows companies to steadily grow revenues, then you are vulnerable to the disruption risks that your customers, knowingly or not knowingly, accept.”
The Risk of Maximizing Cost Leverage
When the recession became undeniable in early 2008, many companies moved quickly to slash costs. Indeed, nearly 75 percent of companies lengthened their lead times, according to the APQC survey. Two-thirds added suppliers physically distant from their facilities, with most acknowledging that their suppliers are located in areas of the world known for high-impact natural disasters, extreme-weather events or political turmoil.
A supplier is “distant” if it takes more than 24 hours to transport goods by air from the supplier’s shipping facility to the firm’s receiving facility. Time needed to clear customs is not included in the 24 hours. Also, 70 percent of the respondents said their organizations pruned their lists of suppliers over the past five years with the intent to reduce costs.
Survey results also suggest that the urge to source in low-cost regions clouded the cost-versus-risk calculus for many. Respondents said they feel confident about their tier-one suppliers, those that are extremely important business partners with whom they interact directly. But respondents’ confidence levels dropped precipitously when it comes to tier-two and tier-three.
There is a pronounced lack of visibility into the operations of these more remote supply chain partners and their commitment to effective management of hazard risk and business continuity. Part of the underlying problem is a lack of resources needed to assess risks at tier-two and tier-three supplier sites. Another is the lack of a single process owner for management of supply chain disruption risk.
On the bright side, large global organizations are now starting to make changes in the ways they manage the risks of supply chain disruption. According to the survey, most organizations are working to reach a better balance between sole-sourcing (which reduces costs) and multi-sourcing (which reduces risk). Moreover, 43 percent have reviewed the level of safety stock they keep on hand, and one out of five decided to increase that investment. But much work remains to be done.
Leaders Ask the Right Questions
“You have to find out what you don’t know,” says Burchill. “You must get down to the operations level and learn about the supply chain disruption risks that don’t get elevated up to the level of ERM [enterprise risk management] scrutiny. For instance, frequency may bear severity. So, you need to learn if there are multiple disruptions [that each, in and of itself, might not ring an alarm]. You want to learn whether any series of disruptions could evolve into something much more significant than your history would otherwise indicate.”
And, he adds, “You also need to quantify what type of event and what kind of suppliers could get a stranglehold on your ability to deliver value if they couldn’t perform.”
The smart companies, says Burchill, are starting to audit processes to examine not just tier-one suppliers, but also the tier-two and tier-three players.
ATMI’s Carlson explains his bold facts: “Sixty percent of our revenues come from our top 15 customers, large microelectronics and biopharmaceutical firms. We provide critical components for their products, and these customers are very capital intensive. They have to run high rates of capacity utilization to be efficient. We take this very seriously, and we now assess our own supply chain risks on a semi-annual basis.”
The 2011 tsunami that hit Japan prompted both ATMI and Arrow Electronics to elevate supply chain disruption risk so that it is tracked and managed within their ERM processes. That means the potential for serious supply chain disruption is no longer left to be identified, quantified and managed by operating managers who may not have a comprehensive view
of strategic pros and cons.
Carlson continues: “The good news is that we’ve had the opportunity recently to test in real-time the resiliency of our supply contingency plans.” He made reference to several longshoremen situations that briefly impacted seaports. Carlson also explains that he and his team tackled the question: How should we justify the incremental cost of adding investments in inventory to mitigate potential risks? “We are now willing to carry a bit more inventory than otherwise, because doing so allows us to operate with assurance that we can meet our customers’ requirements.”
Rob Torok, a partner with Performance Risk Consulting, observes, “The best-practice companies ask the right set of questions. They don’t stop at the likelihood of a negative event. They realize that extrapolation of the past — ‘oh, but that never happened to us before’ — is useful only if you are certain what the future holds. Instead, they ask the correct question: ‘What would we do if XYZ did happen?’ It’s a mindset that permeates the leadership teams of these smart companies,” he says.
The CEO and CFO, Torok adds, “are comfortable going to the board and saying: ‘This is the downside if we don’t prepare. However, if we do prepare properly, if we do think through contingency planning in the right way, these are the likely consequences of being unprepared. And here are alternatives and here are the costs of those alternatives.’
“The smart CEOs and CFOs are very articulate about the difference between the huge potential price of inaction and the relatively small costs of being prepared,” says Torok.
As a practical matter, this doesn’t mean you have to go overboard. At Kimberly-Clark, Dautrich says, “We depend on our finance people to do the modeling of sensitivity around what materials are most critical. We have to figure out the potential impact to the business given specific products, margins and customers. And, we aim to get very detailed regarding how much inventory we need to have in what parts of a given country, and how mobile that inventory needs to be in the event we have to cope with an unpredictable event such as a major hurricane.“
In all, Dautrich adds, “The more sophisticated you can be, you can get pretty good at figuring out your good options. And once you finally get all the numbers in front of you, you can make informed decisions around what side of the risk you want to lean.”
She emphasizes the need to have cross-functional eyeballs on the decision-making process. “As we prepare our contingency plans, procurement leads that effort, but we make a point to work with supply chain, logistics, finance, sales and marketing to make sure everyone understands where critical risk points are and what we are going to do if something happens.”
Arrow Electronics’ Reilly, who also serves as the firm’s chief risk officer, explains his current view: “We’ve gone away from thinking about the 100-year possible event. Supply chain disruption risk now resides as one of our top-10 enterprise risks. We aim to ensure that if we have a high enough risk, we can deal with it.
As part of our annual ERM risk assessment, we survey 100-to-200 senior managers to better understand the risks they believe we are taking. The Executive Committee then consolidates all that thinking, and as a result, today our CEO is very focused on ensuring we are able to meet the promises we make to our customers.”
The key, adds Reilly, “is you have to institutionalize this way of thinking into the fabric of the organization. In addition, we like to be opportunistic and ask, ‘Can we take advantage if a competitor cannot mitigate a supply chain risk that we know we must accept to play in this game?’ ”
So, what is the role of internal audit? The research reveals that some companies make the mistake of laying all this on the plate of the internal audit team. Not a good idea according to best-practice leaders. Reilly says, “Our corporate audit staff is part of our ERM process, and they are involved every six months when we review the supply chain disruption risk. But they are auditors. Yes, they are business partners, but they evaluate risk from a very specific audit-oriented point of view.
“We review the scope of work taken on by our corporate audit function. It’s valuable to us that our corporate audit team helps to cross-pollinate our enterprise-level sensitivity to supply chain risk.” But to make ERM work, he adds, “you have to be opportunistic, and the audit mindset is all about being preventative. We need to augment that point of view with thinking around, how can we take acceptable risks and make them work in our favor?”
Proactive Contingency Management
The best-practice companies have a mindset that goes beyond disaster recovery. They are proactive contingency planners, and they are keen to test how tight current response plans are. The leaders also put heavy emphasis on speed. “The first 48 hours are the most critical,” says Arrow Electronics’ Reilly. “We have leaders across the globe that can come together quickly so we can react in the first 48 hours.”
Kimberly-Clark’s Dautrich says, “We have leaders across the globe that can come together quickly so we can react in the first 48 hours.” In addition, she adds, “We have apps on the mobile devices of all key managers, and these apps allow us to respond quickly in a crisis and conduct communication drills.
“We also use third-party data sources that help us to monitor hot spots. We don’t want to be reading about an event in the news after it has taken place. We want to keep our fingers on the pulse of what could be emerging.”
Carlson explains that ATMI has a robust mapping system that tracks raw material moving through the supply chain, and not just the tier-one level, but also the tier-two and tier-three level suppliers. “When the tsunami hit Japan, we knew where we stood within hours,” he says. Moreover, ATMI’s risk mapping system is not subject to the budget axe in tight times. “We made a conscious decision about that,” adds Carlson.
In all, supply chain disruption risk is only going to grow. FM Global’s Burchill says that the newest frontier of low-cost sourcing is in Africa. And a key risk driver there is political turmoil. Financial executives now have the opportunity to be central in shaping plans that are cognizant of potential threats all over the world, and how they can be managed with eyes wide open.
Mary Driscoll is a senior research fellow for the American Productivity and Quality Center (APQC) in Houston
This article first appeared in the October 2013 issue of Financial Executive magazine.