The model reflects:
- Security. Supply chains should be protected from loss, deterioration, contamination, theft, and other vulnerability issues.
- Accountability. This goes beyond sales agreements and Incoterms. It is the responsibility for the safe flow through the supply chain and encompasses many stakeholders.
- Visibility. Knowing where items are throughout the entire movement is critical. Technology plays a vital role to facilitate traceability, trackability, and chain of custody. It is also important if there is a recall or safety issue, and the cause must be traced back.
- Product / Logistics Specifics. Products may require special handling for logistics infrastructure and service providers. The necessary temperature, humidity, cleanliness/sanitation, weight, heavy lift and other factors must be properly utilized.
- Sourcing This is more than buying or many suppliers in a region. It includes multiple sources and risk diversification.
- Supply Chain Best Practices. Supply chains involve more than managing freight and logistics components. Best practices manage flows for protection, including integrated process, supplier performance, segmentation, and time compression.
- Chain of Custody. This is one that is often overlooked. There are many parties involved in an international order and shipment. How the product moves with and through all these players is challenging. It is especially important for products such as pharmaceuticals and for food stuffs, ingredients, and food-grade items.
Methodology: Risk detection has three steps—analysis, validation and assessment. Deliverables are mapping, macro and granular determinations, and priorities. This approach combines data analytics, supply chain expertise, and confirmation. It elevates results from conceptual to actionable.
Step 1) Analysis
Analysis has two parts:
A) Data analytics. Internal data is not enough. With the geographical scope, complexity, and stakeholders of supply chains, data from multiple sources and in different formats is needed. No other part of a company has as many stakeholders, both internal and external as the supply chain.
Analytics should investigate supply chains and risks by –
- product / commodity
- logistics infrastructure
- logistics service provider
B) Logistics / supply chain domain expertise. Real-world supply chain, logistics, and international trade experience are required to complement analytics.
The examinations should aggregate and segregate across trade lanes and products. Doing these provide important insights into exposure scope.
Step 2) Validation
Analytics presents macro views that can have gaps. It does not provide needed granular information. Validating actual supply chains– sources, logistics infrastructure, and logistics providers– is needed. This provides acumen that analytics alone does not.
The best way to attest to key supply chains and possible disruption issues is to verify them. This involves walking through select purchase orders as to the actual locations and steps of each order. Inspect origin facilities. Verify how well orders transit the product and information supply chains. Evaluate how the logistics infrastructure meets requirements. Confirm how logistics service providers perform. Determine if there are hidden issues. These are beyond business intelligence questions and require on-site reviews.
Step 3) Assessment
With analysis and validation, potential risks are recognized. More must be done as to the various risks. It should be determined what each one means. This is what assessment does.
Assessments alone can be too subjective. Thanks to the two prior two steps, both quantitative and qualitative information is available to appraise vulnerabilities.
Each risk is evaluated as to probability of occurrence and impact. A Risk Index is developed with axes of impact and likelihood. The impact of a disruption is the financial effect and the time to recover. Likelihood reflects the probability of an event happening.
Plot each risk on the index. This prioritizes and focuses on high impact and high probability risks for mitigation.
What Next: Hazards have been analyzed, including inherent ones, along with interdependencies of components, critical paths along supply chains, and more. Practicable items are found, and there is now a solid foundation for mitigation. Root causes should be determined. This may necessitate going deeper into certain supply chains for threat reduction.
The risk project is not a one-time effort and should be done every two or three years.