Assessing Supply Chain Risk

By David Shillingford

Three significant events in recent history underscore the critical need for supply chain risk assessment. The terrorist attacks of September 11, 2001, instantly heightened the world's awareness of security risks, including threats to global supply chains that rely on containerized trade. The 2002 U.S. West Coast port stoppage delayed commerce for ten days, costing upward of $15 billion and revealing the risk of using a single gateway for importing goods into a national market. The Japanese earthquake and tsunami in 2011 cost global manufacturing and retail companies more than $100 billion in delayed products and lost business, exposing the risks inherent in certain geographic environments. The effects of such events are exacerbated by the complexity and interdependencies of modern supply chains.

Supply chain risk assessment should identify any risk that can interrupt the flow of goods from the location where materials are originally sourced all the way through to the end product on store shelves. Any interruption in production or delivery can cause sizable lost sales and decreased revenue.

A significant challenge in assessing supply chain risk becomes evident as goods are traced back from the factory to suppliers and to their suppliers and beyond. It's hard for a manufacturer to fully understand the risks, let alone influence them.

Risks at all locations may include labor issues, financial and political stability, physical capacity, environmental disasters, security, and corruption. The likelihood of an interruption will vary at each location, as will the degree of harm the interruption poses to the supply chain.

Risk managers need to determine the risk of interruption at each intermediate point along the supply chain, including warehouses, distribution centers, container terminals, port terminals, cross-dock operations, trans-load facilities, trucking terminals, rail terminals, and truck stops and rest areas. All these locations may be exposed to one of the most frequent risks — cargo theft.

Industry experts believe that cargo theft costs the U.S. economy billions of dollars per year. Although the true number is difficult to calculate because of poor reporting, fragmentation of data sources, and miscoding by law enforcement, there is no denying that cargo theft continues to be a significant problem.

By definition, the supply chain is a series of connected service providers; and every supply chain manager needs to determine the nature of these partnerships, who oversees the various partners, and whether partners are aware of risk assessment objectives. Risk managers must also recognize whether each partner will help identify risks, communicate openly about them, and participate in a mitigation plan.

Risk managers should know who maintains operational control at logistics touch points in the supply chain. Much of the time, it will be a third-party logistics service provider (LSP), trucking company, or rail carrier. Given the risk at logistics touch points, many enterprises may discover that their LSP relationships require a new level of interaction and collaboration. Companies should ask their LSPs for detailed information about what they're doing to mitigate risk.

Risk will vary widely from one logistics touch point to another depending on geography and function. For example, labor unrest may be growing at port terminals within the supply chain network. Congestion continues to pose a significant risk for shipment delays around major port complexes nationwide. Volume flexibility is often an issue for intermediary points, particularly distribution centers and cross-docks. Risk managers need to identify whether those situations could negatively affect their supply chain when volume increases. In addition, they should have redundancy plans in place to reroute shipments around bottlenecks.

Because the supply chain is inherently collaborative, the risk assessment process must be as well. The Customs-Trade Partnership Against Terrorism (C-TPAT) program led by U.S. Customs and Border Protection has helped companies in this area, particularly regarding supply chain security.

The supply chain risk assessment process requires close cooperation and begins by asking supply chain partners the right questions. Risk managers will likely need to improve collaboration in their supply chain well beyond current practices to complete the assessment effectively, create a risk mitigation plan, and install a networkwide contingency protocol. This is only the first step in a continual process and requires an organization to commit internal and external resources and attention. In a global economy in which sourcing, transport, and destination of goods can cross multiple oceans and continents, it's never been more critical to take the initiative to assess and manage supply chain risk.

David Shillingford is president of Verisk Crime Analytics, a division of Verisk Analytics. Verisk Crime Analytics encompasses Verisk business units that help insurers and their policyholders combat crime through data management, analytics, and theft prevention services.