Resilient Supply Chains start with the Risk Evaluation

Roger OakdenLogistics Management, Operations Planning, Procurement, Supply Chains & Supply NetworksLeave a Comment

S&OP logo

Resilient supply chains

Becoming a Resilient business is a popular topic in articles about supply chains. But, to become more Resilient requires a process to be followed, which also provides supporting evidence for the actions taken.

Resilience is the ability of core supply chains to reduce the impact of disruptions and recover operational capability after disruptions occur.

The Supply Chains model above shows the two inputs for Resilience in supply chains to be Sustainability and Supply Chains Network Design, which incorporates the:

  • Supply Chains Network Map
  • Supply Chains Disaster Recovery Plan
  • Supply Chains Continuity Plan

The Supply Chains Network Map is the bedrock of information concerning how the organisation’s supply chains operate. It has three main inputs:

  1. The Flow Analysis of items, money, data and information through the Core supply chains. Initially, the data will be between the organisation and its Tier 1 suppliers, but the same is required between the organisation and its Tier 1 customers
  2. Supply Markets Intelligence (SMI) provides the data and information concerning supply markets and flows between the Tier 1 suppliers and lower Tiers – the Extended supply chains
  3. The Risk and Scenario Analysis uses the insights from Flows and SMI to identify the potential level of risks through the supply chains

Uncertainty in Complex systems

The many Uncertainties in and surrounding the enterprise make an organisation’s Supply Chains Network a complex adaptable system (CAS), with features of:

  • Uncertainty grows with increasing and more diverse pressures and influences on the Flows of items, money, data and information through supply chains. Concurrently, Uncertainty increases as instances of Complexity, Variability and Constraints in supply chains interact dependently, independently and inter-dependently, which affect outcomes, but if and when and to what extent is not known
  • Non-linear in operation – many ‘ifs’ and ‘thens’, as in a Decision Tree diagram
  • Responses: Independent entities at the Nodes and Links of each supply chain respond to changing situations based on their own interests. The responses cannot be predicted with any certainty, as they are influenced from within the system or the external environment
  • A supply chain Adapts to a new situation over time
  • Emergent and Cumulative outcomes, over which management of an organisation has little control

Risk Evaluation process

Establishing, then managing risks must be a core capability of the Supply Chains group; but approaching the task is guided by how the senior management group view risk in relation to the business. This is summarised as:

  • Risk appetite: the amount and type of risk the organisation is prepared to pursue and accept and
  • Risk tolerance: the capability of the organisation to withstand the effects of the risks undertaken

The Risk Evaluation diagram provides a model for an Uncertainty to become calculated risk:

Risk Evaluation commences with assigning each Uncertainty to one of four Risk Classifications and identifying the associated risks, as noted in the Table below:

  • Supply Chain Network Design risks within the Core and Extended inbound and outbound supply chains
  • External risks to the supply chains from interactions between a location (inventory Node or transport Link in the network) and its environment. These can be summarised under the PESTEL acronym: (Geo)-Political; Economic; Social; Technological; Environmental (i.e. ESG); Legal
  • Internal enterprise risks to the supply chains
  • Internal Supply Chain group risks – Procurement, Operations Planning, Logistics

When considering the Supply Chains Network Design risks, questions typically focus on risks aligned to Availability and Vulnerability. However, complexity and interrelationships within supply chains require additional considerations:

  • The Risk Evaluation team must question where among the Nodes and Links of the Network are risks associated with Dependency between businesses and where Power (through ownership, control or influence) is exercised. These may affect the response to a disruption (such as allocation of scarce materials).
  • Contingent risks: are events within a supplier that could affect a supply chain e.g. fire at a material supplier or cargo theft from a 3PL. The concentration of assets along supply chains, such as Hub Ports and Logistics Hubs must be identified and analysed. Also any licences to operate a commercial business that are issued (and can be withdrawn) by a national government
  • Interdependent risks: review how events (such as the shortage of a raw material) in one industry or company may affect demand and supply factors in other industry sectors that are ‘arms length’ suppliers to your business, operating at Tiers 2, 3 or 4
  • Emergent risks: developments in an industry or company that may change demand and supply in another industry sector, which supplies items into your organisation’s supply chains

The next step is to undertake an Assessment of each identified Risk and place it into a Risk Category. The question asked through this step is “What is the likelihood of X happening and if it does happen, what are the possible consequences?”. Between the Categories of Certainty and Ignorance are three additional categories of risk:

  1. Known risks: such as late deliveries and changes in material costs. Known risks can be an event that moves outside the limit lines of Variability control charts. A Known risk is also an event with a low probability of occurring and a high impact if it does occur
  2. Known – unknown risks: while the probability of an event is known from past experience; the consequences are not known. An example is the risk of an ocean shipment delayed due to inbound customs intervention. The probability of this occurring by country and port can be identified from records of previous shipments and custom broker knowledge. However, the consequences (delays, additional payments, rejection) are unknown
  3. Unknown – unknown risks: The probability of occurrence and the possible consequences of an event cannot be foreseen. To better allocate Unknown-unknown risks, they are viewed within two sub-categories:
    1. Unknown but knowable unknown risks (also called ‘knowable unknowns’): the likelihood and consequences of events can be known if sufficient time and resources are provided
    2. Unknown and unknowable unknowns: events with a very low probability and very high consequences that are not discovered until they happen. These have been named Black Swan events and cannot be addressed using risk management techniques

The final step in the process is to gain attention of the senior management group, by selling the opportunities available from implementing the Resilience Plan. The Plan is the end point of a process that turns uncertainties into calculated risks, which update the Supply Chains Network Design. This information is then used to define the mitigation and adaptation actions required that can help to build the business.

Share This Page

About the Author

Roger Oakden

LinkedIn X Facebook

With my background as a practitioner, consultant and educator, I am uniquely qualified to provide practical learning in supply chains and logistics. I have co-authored a book on these subjects, published by McGraw-Hill. As the program Manager at RMIT University in Melbourne, Australia, I developed and presented the largest supply chain post-graduate program in the Asia Pacific region, with centres in Melbourne, Singapore and Hong Kong. Read More...

Leave a Reply

Your email address will not be published. Required fields are marked *