John O'Connor doesn't mind surprises — as long as he knows about them before everybody else. Whether it's a power outage in Wichita or an earthquake in Chengdu, "if I hear about it for the first time on the news, something has gone wrong," says O'Connor, director of supply-chain risk management at Cisco Systems, the computer-networking giant. He relies on a subscription-based incident-monitoring service to instantly send out an E-mail alert about any event that could impede the flow of goods from, to, and between Cisco's roughly 1,000 suppliers. By the time the rest of us are first hearing about a crisis, O'Connor has already consulted Cisco's crisis-management dashboard, onto which he has mapped nodes for all of Cisco's manufacturing partners, component suppliers, and logistics providers.
Right away he can see how much revenue is at stake and whether one of Cisco's top 100 products — which account for 50 percent of its revenue — could be delayed. If production has slowed or stopped, when will it return to normal? He can find that out. Does the supplier have another site, or does Cisco have to switch to a secondary source? No guesswork needed. In short order, the pipeline to O'Connor's brain is stocked with the right information so that a Cisco manufacturing crisis-management team can set up an alternative source or route.
Like Cisco, other companies have learned how to respond swiftly to external disruptions of their supply chains, whether natural or man-made. Now they must address a growing threat on the horizon: the prospect that a supplier, strangled by tightening credit, will cease functioning. That risk has grown as companies have increasingly partnered with single-source suppliers, signing long-term agreements in exchange for better pricing.
Cisco is getting on top of this risk, too. Late last year, the company began to screen the financial health of its publicly traded suppliers via Moody's KMV's financial monitoring service. Based on three drivers — the market value of a supplier's assets, the supplier's asset volatility, and its capital structure — Moody's calculates the probability of supplier default, or "expected default frequency." Cisco also keeps a watch list of companies that may be approaching trouble, and uses a heat-map visualization tool to see, literally, what impact various scenarios may have.
By accentuating the negative, Cisco hopes to avoid falling victim to it. The term for this particular form of disaster-preparedness is "resilience," and it forces supply-chain managers to confront a delicate balancing act: how to implement risk buffers while staying true to lean supply-chain principles. "There is a real tension between resilience and the need for savings," says Mauritz Plenby, director of corporate and global trade compliance and risk management at Eastman Kodak Co., the imaging technology giant.
"If you want to have a lean environment, but also one that is focused on resiliency, you have to acknowledge the trade-off," adds O'Connor. "Sometimes what you do will run counter to your lean metrics, such as slowing down inventory turns or reducing purchase commitments."
Slack Is Back
As supply chains have grown leaner and more complex, they have also become more vulnerable. In a recent survey of 169 finance executives by CFO Research Services, the sponsored-research arm of CFO magazine, more than half said their companies' performance has been adversely affected by logistics disruptions and underperforming supply-chain partners. About 40 percent of finance executives agreed that there was "room for improvement" in how their companies formally assess supply-chain risks.
How much room? Lots, apparently. In a 2008 survey of 110 risk managers by Marsh, not one characterized his or her company as "highly effective" at supply-chain risk management (see "Weak Links" at the end of this article).
Getting it wrong can be costly. In one study, PricewaterhouseCoopers analyzed 600 firms whose supply chains experienced disruptions and found that their financial performance suffered for about two years afterwards. Within one day of reporting supply-chain problems, a company's share price dropped an average of 9 percent. A 2005 study of 800 companies came to similar conclusions.
And it doesn't take a major earthquake or a hurricane to shut down a supply chain — far from it, says Rob Handfield, professor of supply-chain management at North Carolina State University. "It could be something [small-scale] that happens in a village somewhere in China." In fact, Kevin O'Marah, chief strategy officer at AMR Research, goes so far as to say that "protecting against natural disasters is too expensive to be worth it. The more mundane stuff is the bigger issue."
Such prosaic pitfalls include rising input costs (think of the recent volatility in commodity prices) and tightening credit and working-capital requirements. Any of these can nudge a supplier over the edge. Preventing that from happening means knowing in advance that, say, a critical supplier in Eastern Europe carries hefty debt that is soon to mature, or that another is approaching bankruptcy. Companies that outsource manufacturing (as Cisco does 95 percent of the time) likely want similar information about their contractors' suppliers and the companies that serve them.
"Smaller factories are now going out of business much more quickly," says Sherwin Krug, chief operating officer of MFG.com, an online marketplace that connects buyers and suppliers worldwide. Indeed, in China alone more than 70,000 companies went bankrupt last year. "Performing due diligence is now more important than ever, especially when dealing with suppliers in locations like China," Krug says.
But a company with a thousand geographically diverse suppliers can't keep tabs on each one by dropping in like Sam Walton helicoptering to the local Wal-Mart for a quick look-see. "Managing the risk throughout the supply chain now means taking a systemic view," says Gary Lynch, global leader of Marsh's supply-chain risk-management practice. The goal is to build a system that can detect and work around any major supply-chain weaknesses.
Planning for the Worst
The challenge is to determine what constitutes a "major" weakness. (For a list of top supply-chain risks, see "Weak Links" at the end of this article.) Cisco carefully chooses where it reinforces its supply chain, deploying whatever solutions are deemed appropriate. "We choose the level of intensity we want to apply," says Kevin Harrington, Cisco's vice president of global business operations.
Cisco's central assumption is that some suppliers — 600, actually — are more rigorously examined than others. They are critical contributors to its 100 highest-revenue products and account for a chunk of its supply-chain spending. The financial implications of any disruption within that group could, of course, be costly. A delay could be "unacceptable to our customers and to Cisco," says O'Connor. "The last thing we want is some unforeseen thing happening to a critical supplier."
Given that the company has more than 8,000 products in total, that universe of 600 suppliers is, in fact, extremely select. For suppliers dubbed mission-critical, Cisco evaluates their resiliency in a worst-case scenario — how long it would take to restore the site to 100 percent operational output should the facility be wiped out — on a semiannual basis. Members of the company's supply-chain crisis-management teams, which are organized by geography and function, take many factors into account, including the specialized material or equipment that needs the longest set-up time; the lead time associated with receiving any raw material or component; and the time it would take to qualify anything on the supplier's end, from a new facility to new equipment. The options for acting on such risk include switching to a different site owned by the same supplier, identifying and qualifying a second supply source, and implementing a risk-inventory buffer.
And then there is the financial assessment. "We drive them through the same resiliency and mitigation program, except we don't consider alternate sites," says O'Connor. "If it's a bankruptcy, that option is not going to help us." And he has good reason to expect that Cisco will have more opportunities than ever this year to get over suppliers that go under. Standard and Poor's recently predicted that the corporate bond default rate (an indicator of corporate bankruptcies), which started the year at under 5 percent, will reach at least 14 percent by December.
That's a startling increase, but it doesn't surprise O'Connor. Very little does. Other companies may want to act now to reduce their own capacity for surprise. If they don't, they may be living in a state of perpetual shock.
Josh Hyatt is a contributing editor of CFO.
More Red Tape
A rising tide of regulation threatens to clog supply chains.
Global supply chains have long had to contend with vast amounts of red tape. There are more than 600 laws and trading regulations to adhere to, overseen by at least 35 regulatory entities. Newer regulations may catch many companies by surprise. Here are three to watch out for:
10+2. Effective January 2009, this rule compels importers to transmit 10 specific pieces of information to U.S. Customs and Border Protection before a U.S.-bound ocean vessel can be loaded for departure from a foreign port. The vessel itself must contribute two data points at least 24 hours before departure. Intended to help Customs identify high-risk shipments, the rule is an extension of the 24-hour advance manifest regulation that took effect in 2003.
"It's part of a trend we've seen since 9/11 to prevent the wrong goods from falling into the wrong hands," says Andrew Siciliano, a partner in KPMG's Trade and Customs Services practice. To comply with 10+2, companies must notify their supply-chain partners and ensure that needed contract stipulations and IT resources are in place.
The Lacey Act (amended). A wildlife protection law that dates back to the McKinley Administration, the Lacey Act was amended in 2008 to include imported plants and timber. The intent is "to make sure that a shipment has been legally harvested," says Siciliano. That adds a significant new layer of work for importers.
Consumer Product Safety Improvement Act. Previously slated to take effect in February 2009, this act has been delayed until February 2010. It requires importers to ensure that products intended for children under age 12 are tested for lead content before being shipped to the United States. — J.H.
With every link you add to your supply chain, the chance of a disruption rises. But you can take steps to reduce your vulnerability.
Identify Critical Suppliers. A company can't begin to mitigate against risk until it knows where it is most vulnerable. Which disruptions have the potential to do the most financial damage?
Cultivate Multiple Suppliers. Depending on the country, one backup might not be enough. "You don't want both of them to be in the same country," advises Kevin O'Marah, chief strategy officer at AMR Research. "A war or a trade embargo will affect them the same way."
Form Cross-Functional Teams. Various departments need to be involved in planning for contingencies, including purchasing and logistics.
Check Out Your Supplier's Address. You can't afford to guard against every natural disaster. But if a supplier is situated in a precarious spot — four feet above sea level, say — you'd better be prepared. Or choose a different supplier.
Collaborate More. If a supplier makes anything other than a commodity, try to strengthen your ties with a joint venture of some type. "You need to make sure you know what they are doing," says Don Rosenfield, senior lecturer at MIT's Sloan School of Management.
Rethink Logistics. Given what happened with fuel costs last year, it may be worth re-analyzing the total flow of goods in the chain. Price volatility (in food, for example) can also spark labor unrest and slowdowns. And "remember to look below the first tier of suppliers," advises Gary Lynch, global leader of Marsh's supply-chain risk-management practice.
Incorporate Technology. Managing information in a supply chain may be more critical than managing goods. Knowing where your goods are makes it easier to act strategically to avoid delays — switching ports, if necessary.
Keep Financial Tabs. As hard as it may be — especially for your suppliers based in China — it's important to find out as much as you can. For instance, is a supplier paying its bills on time? Are its customers ordering less? Tightening credit lines and rising operational costs will drag some suppliers down. Others may run short on cash, leading them to skimp on quality or materials. — J.H.
73% — Respondents whose supply-chain risk level has risen since 2005
71% — Respondents who said the financial impact of a supply-chain disruption has grown
65% — Respondents who characterized their supply-chain risk-management practices as having "low" or "unknown" effectiveness
0% — Respondents who say they are "highly effective" at supply-chain risk management