Re-emergence of Resilience
On March 11th, 2011 – just 10 years ago – a 9.1 magnitude earthquake struck just 231 miles northeast of Tokyo. The resulting tsunami triggered a sequence of events causing significant loss of life, damage to a nuclear reactor in Fukushima, and months of disruption to the automotive and other industries that had high concentrations in Japan.
This followed disruption in 2010 where large parts of European air space was closed for a week following the eruption of the Eyjafjallajökull volcano in Iceland. In July of 2011, the electronics and other industries in Thailand were disrupted by severe flooding following the monsoon season.
Three major disruptive events occurring within 16 months outlined the truly global nature of supply chains. Companies discovered a vulnerability to tier three and tier four suppliers that were previously invisible to corporate supply chain teams.
Supply chain risk management shot to the top of the priority list for companies around the world. Nine years later, as we dealt with the early impacts of a global pandemic, many companies found that their approach to managing and responding to risks within their supply chains fell short of where they needed it to be.
As companies emerge from the immediate impacts of the pandemic, many are now re-examining resilience frameworks in their supply chains. The shift to resilience reflects the need not just to manage risks, but to build the ability to respond and recover within the supply chain. We set out below some elements to consider in your risk management framework.
- Document and maintain the physical and digital scope of the supply chain
- Define a portfolio of potential risk events or event types to be considered
- Maintain and refine the scope as part of the governance process
Not all risks are the same so determine a measure of vulnerability that is appropriate to the business – e.g. revenue at risk.
- Key risk indicators – impact of a potential risk event and likelihood of occurrence
- Risk event planning – categorising risks and development of risk response templates. Defining processes, roles, information requirements within each template. Testing the templates.
- Define risk event triggers – the conditions that exist that will trigger a risk response
- Monitor Risks
Establish a process and mechanism to monitor and report on key risk types;
- Geographic risks
- Supplier risks
- Cybersecurity risks
- Regulatory and trade risks
- Manage, Act, and Learn
- Risk management governance – this must be a living process, with scheduled reviews, reporting, testing, and documented improvements
- Active risk engagement – from triggering of risk conditions, activation of risk templates, modifying the plan for actual conditions, and the management of reporting and visibility through the risk management process
- Post-event learning – review of risk event actions and responses to identify learnings for future planning
There is not an expectation that companies will have considered all risk scenarios. Certainly, none would have envisioned the level of disruption caused by the pandemic.
Those with existing plans and templates, however, were better able to modify them to deal with the uncertainty over the last 12 months.