Manage Your Supply Chain Risk
Unforeseen problems originating deep in the supply chain can disrupt production plans and impose unacceptable costs on an enterprise
By Ray VanderBok
Supply Chain Engineering
John A. Sauter
Practice Area Leader
New Vectors LLC
Ann Arbor, MI
Raytheon Missile Systems
Last year, shipments of several weapon systems, including aircraft, were delayed because sub-tier component suppliers failed to meet rules of the Berry Amendment (USC Title 10, Section 2533A), which require specialty metals used on Department of Defense (DoD) products to be smelted in the US or a qualifying country. A ruling by the Defense Contract Management Agency in February, 2006 caused the government to withhold payment on parts made from non-US specialty metals.
This problem affected about a dozen large aerospace contractors suddenly, and involved at least 50 sub-tier suppliers. The contractors and suppliers received numerous stop-ship notices. A speedy solution was not available, because there is no provision to issue retroactive waivers to the Berry Amendment rules. Although not often fully enforced, the Berry Amendment has been on the books for decades. The new ruling was a surprise to the entire defense supply chain. While DoD and industry are working toward an eventual solution, this new ruling caused a profound crisis for aerospace primes and their suppliers.
Manufacturers are quite vulnerable to events in their supply chain that affect both their sub-tier suppliers and their customers. Two important issues are involved: first, changes in the market environment (the defense market in this case) can significantly affect supply chain performance; second, changes in the marketplace, especially those that constrain lower-tier suppliers, are especially problematic because the OEM cannot, with assurance, make adjustments that are needed to quickly react to the market change.
Today, defense systems, like complex commercial systems, are produced by interwoven networks of global suppliers, who serve multiple customers. Analysis shows that 60–85% of weapon-system cost is embedded in the supply chain. But DoD programs typically comprise only a small fraction of the second and third-tier suppliers' business. The result is a defense industry that is highly dependent on its supply chain, but has little leverage to drive its behavior. Lean practices popular in the defense industry reduce lead time and waste, but potentially increase brittleness to surge in demand or disruption. Reduced inventory levels save cost, but can also increase the impact of supply disruptions.
There are many kinds of supply chain risks common to defense supply chains:
- Loss of production capacity or quality and Diminishing Manufacturing Sources and Material Shortages (DMSMS),
- Unstable and/or uncertain customer demand,
- Funding and contract issues, and
- Regulatory requirements.
The root cause of a problem can occur anywhere in the supply chain, but the impact spreads quickly across the extended enterprise.
In addition to raising the cost of a program, supply chain issues are the most common cause of production delivery performance issues. A problem in any sub-tier supplier has the potential to impact a manufacturer's ability to deliver a quality part on time.
Companies concerned about the potential impact of supply chain issues on their business and their customers need to understand their risk exposure. Leading companies are now adopting the best practice of Supply Chain Risk Management (SCRM) to assure that warfighter demands are met should a supply chain problem occur. SCRM applies the techniques of risk management to supply chains. It develops an enterprise view into the risks deep within a supply chain, and gives companies a tool that they can use to identify and manage risks to reduce their potential impact. Effective risk management includes activities for risk identification, risk analysis, risk handling, and risk monitoring.
The unique nature of SCRM lies in the fact that stakeholders and risks are distributed across multiple, highly independent organizations. Consequently, the risk management process should also be distributed across the supply chain.
Proactive discovery and visibility of risks is the key to effective risk management. While it's human nature to avoid exposing potential problems to trading partners, fact-based information-collection tools can make risks visible and facilitate effective mitigation efforts. Project managers will often observe that common risks were effectively managed; it was the unexpected risks that caused the biggest problems.
In practical terms, the most effective approach for addressing supply chain risk is for stakeholders throughout the supply chain to work together to identify potential risks and propose creative solutions. The most effective mitigation strategy for a risk deep within a supply chain might not even involve that particular supplier. These mitigation alternatives are then evaluated through trade studies to select approaches that offer the best value to the organization.
The risk-management process has been adapted from standard DoD risk management practice. Our experience has shown that risk management in supply chains is more difficult and places additional demands on the process. Critical success factors for SCRM require:
- A Multi-tier Approach—SCRM activities should occur at all levels of the supply chain, and the process should support integration with supplier and customer risk-management activities.
- A Continuous Process—The risk-management process should be active in all stages of the acquisition life cycle, starting with technology development and continuing through acquisition, production, sustainment (maintenance and repair operations), and disposal.
- All Types of Risk—The scope of the risk-management process should include all types of risks appropriate for a global supply network. In addition to the common causes of disruption, risk identification should consider economic, political, environmental, regulatory, manufacturing readiness, DMSMS, and technology obsolescence issues.
- Multilevel Management—All levels of management should be actively engaged in risk management, including strategic, business, program, technical, and tactical levels.
- Common Tools—Organizations should leverage common tools for assessing risk, developing mitigation solutions, and tracking risks.
Risk Planning — Risk Planning develops an overall plan for assessing, handling, and communicating supply chain risks for an entire program. It identifies how risk priorities are established, how risks are communicated, the training resource required, and the stakeholders responsible for each of the risk-management activities.
Here's an example of risk management: Raytheon Missile Systems (RMS) in partnership with NewVectors LLC and the Defense Sustainment Consortium, recently completed a pilot test of a Supply Chain Risk Management process for their operations.
The RMS risk identification process begins with an assessment questionnaire that is designed to rapidly assess potential risk in a large number of suppliers. RMS has over 2000 first-tier suppliers and a complete risk assessment of all of them would be impossible. The output of this tool is a prioritized list of suppliers for a detailed assessment. This detailed assessment involves a more detailed questionnaire followed by a one-day on-site interview. Based on this information, the potential risks at each supplier are identified.
Next, each of the risks are analyzed for likelihood and severity. A Likelihood table was developed to help the assessor assign a likelihood score (on a scale of 0 to 1 for each risk. Risks were then analyzed for the potential impact on RMS operations. A Severity table was used to assign a severity score of 0 to 1 based on how much the schedule, cost, or performance, was impacted by the risk. NewVectors developed a simulation tool called SNAP for quickly analyzing disruption impacts within defense supply chains. This tool was used as a supply chain wargaming tool to determine the impact of various disruption events at any level in the RMS supply chain.
In the pilot project, detailed risk assessments were performed for seven suppliers down to the third tier. Across those seven suppliers, a total of 31 risks were identified, and 11 of those were considered medium-to-high risks. About 50% of the risks identified were in the third tier or below. The total potential cost avoidance for successful mitigation of the 11 moderate to high risks amounted to more than $55 million. Potential cost avoidance is the likelihood of the event over the next several years times the cost to RMS were the event to occur.
In one case, a likely material shortage risk was identified in the fourth tier of the supply chain. The cost impact of the material shortage was estimated to be $7 million for RMS based on the expected delivery delays that would have resulted from the shortage. A number of mitigation strategies were considered, such as identifying other sources for the material or using alternative materials. Eventually, additional material was found at another location to cover short-term needs. To avoid future problems, an advanced procurement for the long-lead time material (at a total cost of $10,000) was made, eliminating the risk over the next four years of the program. The cost-benefit risk analysis was used to justify the advanced procurement to RMS management.
It can be difficult to quantify the impact of supply-chain risks that occur deep within the supply chain. In this project, RMS utilized NewVectors' SNAP dynamic supply chain simulation software to model the supply chain, disruption events, and mitigation alternatives.
The simulation demonstrated that due to internal buffers and expediting capabilities in the supply chain, up to five months of disruption in the fourth-tier material distributor could be absorbed by the supply chain without causing a delay of final product to RMS. Risk tools gave RMS managers visibility into the root cause, even though it was masked by buffered inventory in the system, and allowed them to mitigate the shortage of a critical material before it became a crisis. Simulation can also be used to determine the best inventory strategies to accommodate delays of varying magnitude.
No company has the luxury of ignoring the risks within their supply chains. SCRM requires the cooperation of suppliers at all levels of the supply chain. It defines a proven method backed by tools to support each step in the process. Broad adoption of SCRM as a standard for best practice in the industry will ensure that the defense industry can meet its customer demands in the future.
Stages in Supply Chain Risk Management
Risk Identification — Risk Identification is about discovering and documenting supply chain risks. Effective supply chain risk identification is supported through the use of questionnaires and other tools that enable a thorough investigation of all possible sources of risks within a supply chain. To be effective, this process must be conducted throughout the critical nodes within the supply chain and throughout the life cycle of the program.
Risk Analysis — Risk analysis assesses each risk in terms of its likelihood of occurrence (normally over the expected life of the program), and the estimated impact should the risk occur. Impacts are measured in terms of their impact on time (delivery), cost (including all aspects), and quality or performance of the final product. Impact assessments can include both qualitative and quantitative estimates. Supply chain risks are often linked and can have cascading effects. The impact of a disruption deep within a supply chain on your operation may not be easily determined without the use of good modeling tools.
Risk Handling — In this step, stakeholders rank-order the risks and determine what options exist to mitigate the most likely or serious risks. Mitigation strategies can either lower the likelihood that the risk will occur (risk avoidance, or risk-likelihood control), or reduce or eliminate the impact should it occur (risk transference, business-disruption insurance, or risk-impact control). Mitigation plans must be assessed both in terms of their cost as well as their impact on the likelihood and severity of the risk. Based on this analysis, mitigation strategies are selected that provide the greatest return to the enterprise. Many risks are common across a large number of suppliers. The same mitigation strategy may be successful in addressing a broad range of supply chain risks. Tools to support this step include manufacturing best practices and whatif analysis tools that can model the impact of supply-chain improvement efforts. Often there are opportunities to leverage mitigation actions to address multiple risks. Portfolio management is then a valuable technique to identify the best investment strategy to lower risk, by allowing management to select mitigation efforts to invest in to achieve a desired level of risk.
Risk Monitoring — Risk monitoring systematically tracks the risks and the risk-handling plans against cost, schedule, and performance metrics, to ensure that risks are being managed as planned. Risk-handling plans are adapted as needed, and new risks are identified and subjected to the same analysis and handling steps as above. Supply Chain Event Management tools can be used to identify events before they occur, so that mitigation plans can be initiated in time to correct the fault before it occurs. Risk-management tools are helpful to capture and monitor all the risks and risk handling plans, to ensure that supply-chain risks are being effectively managed.
This article was first published in the March 2007 edition of Manufacturing Engineering magazine.