This article is a result of the efforts of the Supply Chain and Business Continuity Working Group of Club de la Continuité d’Activité (www.clubpca.eu), an association of risk management and business continuity professionals established in 2007.
In 2015, 500 risk managers and experts from 40 countries participated in the Top Ten survey of business risks in the EMEA zone. The survey results indicated that the risk of supply chain interruption is at the top of the list, with a 44% score.
The Supply Chain is an economic value-based management system that aims to integrate customer satisfaction throughout every part of the creation process of a product or service, from the original supplier to the end customer. France Terme recommends that supply chain be translated into French by chaîne logistique (supply and customer requirements satisfaction chain).
A recent business interruption example illustrates the serious consequences: TOYOTA Japan (February 2016): Shutdown of all the production lines of its Japanese units from February 8 to 13, 2016, resulting in 84,000 vehicles lost due to a disruption of the supply of chassis parts and transmission systems provided by the steelmaker AICHI STEEL.
The general principles of business continuity applicable to the Supply Chain include identifying the critical functions and thus the resources and flows indispensable to assure them; assessing the risks; deploying and maintaining prevention and protection measures; defining the mechanisms to mitigate the absence or shortage of critical resources or flows; and preparing crisis management.
Relationship with business partners
The general strategy requires a good knowledge of the risks of the entire Supply Chain and the ability to take actions to limit them and ensure the continuity of essential activities. However, the Supply Chain stands out for its specificities, first by the presence of uncontrolled critical partners, and then by high vulnerability due to their multiplicity and the complexity of the distribution of their responsibilities.
How to control risks in the supply chain? Four business continuity strategies:
Strategy 1: Control the critical functions
Critical functions can be controlled by limiting the occurrence of unknown risks deriving from business partnerships and the impact severity of these risks by internalization of the critical functions using methods such as risk assessment and risk treatment.
This strategy can be conducted on a limited basis in certain fields (for example, internalization and repatriation to France of an activity in a country at risk), but has the major inconvenience of being very costly and mobilizing a lot of resources (delay in implementation, change management, process homogenization, alignment of information systems). This solution thus is adapted as a response to a very high risk that is not otherwise controllable.
Strategy 2: Distribute the risks
This is the most common approach because it is the simplest to implement: multiplication of suppliers, multiplication of data processing centres, multiplication of storage points, etc., associated with mutual aid mechanisms to limit the costs of the business continuity plan. This strategy seeks mainly to limit the consequences of the risks while facilitating business continuity. It also allows a response to the “country” risk by having a presence in several countries
This strategy thus is perfectly legitimate for certain risks such as natural risks, flood, fire, political crisis, supply disruption, and malicious action.
However, this strategy does not respond to the risks that may be common to different partners (health or social crisis, use by different suppliers of the same software or the same premises, disruption of the supply of strategic raw materials, etc.). It also does not respond to a case of strong dependencies between partners. In addition, by increasing the number of partners, this strategy increases the cost and the organizational complexities, creating thus other types of vulnerabilities.
Strategy 3: Integrate the partner risks
The optimum approach (when there is a strong will to conduct this strategy, when the financial and operational means are available, and when the psychological obstacles can be overcome) consists of developing a logic of partnership with its partners, in a spirit of transparency and with an extremely precise definition of the roles and responsibilities of each player. This can be established between the partners (ideal case) or through a trusted third party (in case of competition between the partners making transparency between them difficult).
This approach makes it necessary to define, make and apply Service Level Agreements (SLAs), strictly governing the operating modes and the terms of the partnership, particularly during the occurrence of risks and degraded operations.
Strategy 4: Transfer the risks to an insurer
It is necessary to frequently check if the insured risks are properly covered. However, the assumption of financial responsibility does not always provide the quick means of assistance required for business continuity. Note the development over the past five years of specific coverage for Supply Chain risks, and particularly for supply disruptions.
Today, a growing number of players (customers, insurers, rating agencies, Governments, shareholders, etc.) are becoming aware of the impacts in case of supply chain failure and are pushing for the deployment of Business Continuity Plans and the related management system.
Learn more about Supply Chain and Business Continuity courses here.