A four pronged approach to supply chain risk management can improve resilience and the value of the insurance programme says Jim Carruthers

Companies will increasingly seek out new solutions to fill the gap between the issues they are facing, and the solutions that are being provided. What is the true level of knowledge global companies’ senior managers have of their own supply chain resilience?

Threats to supply chain integrity are evolving, and organisations are becoming increasingly aware of the potential impact they can have on both short and long term earnings. New insurance products and risk assessment tools are emerging to help risk managers enhance their current strategies.

The rapid development of the global economy in the last 10 years, with outsourced business models, has prompted manufacturing bases to shift from traditional locations, as China and India have become the workshops of the world. In this time, most companies have spent heavily on risk management processes to mitigate traditional risks, including fire or flood in their own premises. Insurances are available to indemnify manufacturers should loss result from such exposures. Insurance can also respond to these traditional exposures within the supply chain, although there are still many difficulties associated with the accumulated risks threatening supply chain integrity.

The natural tension created between the conflicting goals of companies’ marketing, finance and risk departments mean there is always a danger of firms flying too close to the wind when attempting to keep the supply chain lean but operational.

Research by McKinsey & Co in its latest quarterly survey revealed that 57% of those who were asked said that reducing costs was the biggest strategic goal for supply chain. This will result in a problem for risk managers, because companies may remove inventory, people and infrastructure in order to achieve that reduction, creating dependencies and single points of failure. For example, buffer stock is unhelpful to an accountant, but it is essential for the production department’s resilience. For sectors such as pharmaceuticals, it is easy to see how any interruption could be catastrophic.

Knight & Pretty’s 1998 research on shareholder value remains relevant. While the research highlighted the consequences of product recall cases, it is equally relevant to some of the exposures faced as a consequence of the development of the supply chain. It explained how the ability to recover lost shareholder value over the long-term varies considerably between firms, with management’s ability to demonstrate their talent in dealing with difficult circumstances a key differentiator. That responsibility today often stems from financial reporting regulations like Sarbanes-Oxley.

However, it remains to be seen what the true level of knowledge global companies’ senior managers have of their own supply chain resilience, despite the fact it is so influential in providing an accurate picture of their company’s exposures. Interestingly, McKinsey’s quarterly report found that only 9% of respondents said identification and implementation of risk management strategies was one of the challenges currently facing organisations.

Evolving risks

Managing supply chain integrity is about acknowledging the connections from threat through to interruption. In order to properly do this, companies have to develop an integrated approach, covering identification, quantification, mitigation, financing and acceptance of supply chain risk. Traditional supply chain management approaches have become outdated, and new models and tools are being developed that can better assist in the management of these exposures. Traditional risks, such as property damage and natural catastrophe, can test a supply chain’s resilience but emerging non-damage risks born from companies’ increasingly complex supplier networks require a great deal more attention than they currently receive.

Industries with complex supply chains that manufacture products for human consumption are arguably at greater risk of significant impact to their bottom line if problems are encountered. Public health concerns mean that interventions by governments and regulators happen with increasing frequency, as they take manufacturers to task either over product quality issues or higher safety standards.

A recent example of regulatory intervention over product quality concerns is Baxter Healthcare Corporation’s recall of the widely used blood thinning drug heparin.

Earlier this year it was revealed that the active ingredient used to make Baxter’s heparin was supplied by Scientific Protein Laboratories of Waunakee, Wisconsin. That company has facilities in China and Wisconsin, but at this point the contaminated heparin was linked only to China. Both SPL and Baxter said they believed the contamination occurred at the crude level before it reached SPL's Chinese facility, which processes the crude material into the active ingredient.

In April 2008, following a period during which the company’s share price fell by up to 14%, Baxter’s CEO Bob Parkinson spoke about the situation in a video to employees after a third recall had been ordered by the US Food and Drug Administration. ‘Each day around the world, there are more than six million injections or infusions of Baxter products,’ he said. ‘When we got into this heparin situation ... I am proud of how our systems responded and our people responded. It clearly raises questions about oversight of vendors; not just our direct vendors, but vendors to our vendors, and as you have read about this situation you realise how complex the supply chain is. This has clearly been damaging to our reputation – it’s easy to say it hasn’t damaged us financially and so on, all of those things are true, but what’s relevant is getting back to our mission; What is it we do every day and what are we committed to? The fact is that for whatever reason, whether we can control it or not, somehow that didn’t happen.’

More recently, complex supply chain failure has been highlighted with the Chinese baby milk scandal, which involved milk and infant formula which had been adulterated with melamine. According to Associated Press reports on 22 September, nearly 53 000 Chinese children had been made ill from the product and four children had died. In a highly charged situation, the Chinese dairy company Sanlu, which had been labelled as responsible for the contamination – despite its cause remaining unknown and a number of other producers affected – was driven close to bankruptcy. One of the other firms’ ultimate owners, Arla Foods, a large Danish/Swedish co-operative, stated that it was focusing on re-establishing the safety of, and confidence in, its locally produced milk powder.

The reactions of both Baxter and Arla are significant because product integrity can be damaged by a variety of means and will put a company’s supply chain resilience to the test as the firm battles to rebuild its market.

These incidents serve to highlight the need for a more co-ordinated approach to supply chain risk management.

Integrated approach

To bring some thought to this whole area and a new, fresh, wider and relevant approach for many businesses, the management of supply chain risk can be seen in a four-stage modular integrated model (see Fig 1).

Supply chain assessment of interruption risk maps critical supply points and produces loss estimates for failures in supply chains. In the past this function has been carried out by teams of consultants, but recent software developments have breathed new life into this formerly laborious process. One example is the software tool SCAIR™ (supply chain analysis of interruption risks), a windows-based desktop tool which facilitates the construction of flowcharts to highlight critical locations in a company’s physical supply chain. The tool allows the population of risk data for each location in order to estimate the accumulation of business interruption loss.

Contractual risk management is a movable feast, and it is incumbent on organisations to maintain a high level of knowledge of contract law among key personnel in areas such as standard terms and conditions, liability, warranty, damages and so on. For a global firm of course, this third module has to be maintained in a multitude of countries and jurisdictions. While avoidance of contract risk is an unrealistic goal, there is a role for the careful evaluation and allocation of business risk between the customer and supplier.

The third module to managing supply chain integrity is business continuity planning. It is an inescapable fact that when companies start to outsource, they are not in a position to influence risk management to the same extent that they can with their own operations. Even so, most companies must demonstrate supply chain integrity to investors or customers, so that potential failures in critical supply points cause the minimum of impact. This is no mean feat. It requires commitment from the top down, a deep understanding of the process – through training, rehearsals and knowledge of the plan – and an ability to spread that knowledge through the organisation.

While these first three modules concentrate on risk assessment and mitigation, the frustration in recent years has been that traditional insurance policies do not address the potential losses of margin, nor protect the earning volatility attributable to non-damage types of loss. These non damage exposures have risen up the risk agenda. Exposures like the insolvency of a supplier or a regulatory shut down will almost inevitably lead to a costly interruption loss, significantly increased costs of working or substantial future revenue loss.

Research conducted by Jardine Lloyd Thompson has shown that such losses have been more significant in both frequency and magnitude than traditional losses in terms of their effect on the pharmaceuticals industry. Similar considerations undoubtedly apply in other industries.

This type of research and increasing customer demands have been essential forces in the development of new non-damage business interruption insurance products, most notably by Zurich, AIG, Marsh and Jardine Lloyd Thompson. These show that non-traditional risks are insurable but insurers must be presented with the right quality of data, particularly robust supply chain risk assessment, supported by an integrated approach to risk management.

The whole issue of supply chain integrity is growing in importance as companies realise the magnitude of the risks facing them. As ways of identifying and presenting the group risk profile to boards grow, companies will increasingly seek out new solutions to fill the gap between the issues they are facing, and the solutions that are being provided.