It's okay if your Supply Chain broke because of COVID-19. But it's not okay if you were surprised. Even with vast amounts of resources there is no way to completely safe guard against supply chain interruptions. It is going to take strategy, collaboration, and likely investment to create a resilient supply chain. It takes active management to identify and weigh the risks.
- Each organization has their own level of risk tolerance, know what yours is
- Collaborate with key stakeholders outside of the Supply Chain
- Turn risk management from event management to process management
It was just six months ago when our supply chains were rocked by the COVID pandemic. Before that time, people didn’t even know what supply chain was. Now, they understand it to be what stands in the way of them and the things they want and need. In the corporate world, we’re getting a lot more attention and a lot more understanding, too. Executives and Board of Directors had never been more interested in our jobs—how we do it, the risk we assume, and how we can mitigate it.
I’m Elizabeth Brady, a recent retiree of Dexcom as the Vice President of Supply Chain. I’m an independent board director at a Arima Genomics, and I’m a faculty member at MiraCosta College where I teach the Supply Chain and ERP classes for the Biotech Manufacturing Bachelor’s Degree program. Thank you for joining me today as we talk through some of the implications and the aftershocks we’ve been feeling from COVID-19.
The idea for this conversation with you came out of a summer session I had at Harvard. It was for corporate boards of director members, and we’re talking about what’s happened in our businesses since COVID. It almost immediately turned into a wine fest about how bad supply chains broke, and whose broke the worst. I thought, “Wow, all these brilliant people in this room, and they’re talking my language.” So I raised my little virtual hand and I said, “Hey, it’s okay if your supply chain broke, but it’s not okay if you were surprised by it.” It was a reminder to me that those of us who live and breathe supply chain don’t always appreciate that other folks are not aware of the challenges and the risks associated with it. I want you to take this pandemic and the aftershocks to help build a more visible and more robust supply chain.
Here’s the fact—supply chains break. They’ve always broken, they’re always going to break—that is the nature of our business. We like to play with fire. But it is a little different than it was before. Frankly, supply chains are way more complicated than they were even just 10 years ago. There was more links in the supply chain, and that makes it more complicated. They’re also more integrated with other companies’ supply chains. We may not even be aware that another organization is pulling on the same legs we are, and they could cause our supply chain to break.
Supply chain links are not static. Companies frequently change manufacturing process, raw materials, manufacturing locations. They may have once been solvent, but now be having financial difficulties. We really have to stay active and engaged and stay on top of all the risks associated with the supply chain.
But you say,” No, with the pandemic, it was a once in a lifetime event. Nobody could have seen it coming. It was not predictable. It was a black swan event.” Well, I have to thank Nassim Nicholas Taleb, an author who popularized the expression the Black Swan. He used it to talk about the impact of something that was highly improbable. So was the pandemic highly improbable? Bill Gates will say it wasn’t, he predicted it. The researchers at John Hopkins had a ton of research that said this could happen and how bad it could be. Even the psychic Sylvia Browne predicted it was going to happen.
Let me propose to you instead, just as Taleb said to folks in the New Yorker magazine, “This pandemic isn’t a black swan, but it’s more an arbitrary of what’s to come.” It’s not a one off event, there’s a whole flock of black swans out there. We, as supply chain people, need to be prepared.
But we can eliminate all the risk—I know, I opened by saying supply chains break—so what are we going to do about it? Well, first, we have to decide how much risk we’re going to try to eliminate. Are we going to belt and suspenders it, or are we just going to go woohoo the wind? If we do decide to eliminate risk, which risks are we going to go after? The supply chain is complicated, we’re going to get them all. And finally, and to me, maybe most importantly, how do we stop the surprises within the supply chain? How do we keep the organization from being surprised at what’s happened?
Let’s lock down on a couple of terms. First of all is the risk tolerance. I’m going to ask you about the risk tolerance of your organization. That means, what’s their capacity to endure pain? How many times can the supply chain break? How long can it be broken? What are they willing to endure?
The second definition I want to share with you is awareness. That’s the knowledge of the situation. So it doesn’t say you’ve mitigated against something, it just says you’re aware that it could happen. Two very important dynamics going on there within an organization. Your supply chain is going to fall somewhere across this quadrant. You might be high risk, you might be low risk, you might have low awareness, you might have high awareness. Regardless of your risk tolerance, I want you to move your organization to higher awareness.
Not sure how you fall on the risk tolerance piece, I got a couple of hints that may help. First of all, during the pandemic, what things did you hear your organization saying, over the hallway comments? What did the executives say when they came over to check and see how things were going? Did you hear comments, like we have to carry more inventory, I want you to reassure everything, I want more redundant manufacturing? While those comments are pretty good indicators that they are low risk. If you heard other comments, like oops, we didn’t see that common but that’s okay, or well, we knew it was risky to go with a sole source, but it sure saved us a lot of money. Those are the comments of a high risk tolerant organization.
That’s just one glimpse in time, there are other places we can check to sort of see the temperature of the company around tolerance. We can look at the company culture, and the company values for some direction as well. Low tolerance, value statements might be things like, we honor our customers above all else, we promise no stock outs. It may just be something dictated by your industry, like you’re in pharma, and you cannot afford to stock out and risk patient health. High tolerance comments, values are things like we innovate, we’re first to market. Those are statements saying that speed is worth more than safety in those cases, so you’re going to be in a more risk tolerant environment.
So how much risk are we going to eliminate? We’re going to work towards meeting the organization’s risk tolerance with the resources you have. I want to stress this because sometimes it’s a point of angst for supply chain people. Some supply chain folks are very conservative. They do not want to take on any risk, they do not want to launch a new product, unless their second and third source says. They do not want to manufacture in a country that has ever had bad weather. Those are all fine, but if your personal position on risk is different than the organization, you’re going to have a lot of internal conflict. In fact, it could make it more difficult for you to get promotions. You need to match your actions within the organization with what the company wants. So shift your own perspective to the company’s tolerance around risk.
With risk everywhere, which risk are we going to try to eliminate? We’re going to evaluate all risk on the likelihood of it happening, and the impact if it does happen. Likelihood—10% chance, 90% Chance. Impact—it’s going to shut down my business for a month, it’s going to delay my manufacturing for a week. Now, there are so many great tools out there to help you with this. I will spare you the 36 hour college lecture I have prepared on determining and evaluating risk. Many of those tool vendors are here at the SCOPES Conference, and I encourage you to really take a look at them. What I would say is, whatever tool you pick, whether it’s highly sophisticated, or back of the envelope, just pick one that you can maintain and stay on top of.
I also want to remind you at this point of don’t get caught up in looking just at parts or just at the availability of good parts. Remember, your supply chain is much broader than that. Think about storage. If you have temp controlled storage, is there enough of it in the universe? The transportation, what happens if a route goes down? Think about data management. Is your data clean? Is it current? Can you stay on top of it? What about a cyber threat? I also want you to think about intellectual property. You may think you have a supplier all locked up with intellectual property, but maybe there’s an external threat to that IP.
I also want you to think about and include your outsourced services and outsource partners when you evaluate your supply chain risk. What I’m talking about there is, for instance, if you have a medical device that needs to be sterilized, you really need to be including that supply chain of the sterilization link in your analysis. Maybe you’re a metal fabrication who use plating—the same thing—you want to understand the risks around the plating as well. Services are part of supply chain, don’t forget.
So you’re going to sit down, either with a highly sophisticated tool or with some just bright people in the room, and you’re going to decide, what’s the impact if I can’t get this part? Am I going to lose revenue? Maybe I can’t sell a sister part if I don’t have this part. So it may not generate a lot of revenue for me, but its sister part may? Does it impact customer service, customer health? You’re going to decide on the criteria that matter to you about where it impacts. Then, you’re going to go to the likelihood and you’re going to evaluate things like, is it manufactured in a risky geography? Is that supplier financially stable? A lot of that information, you’re going to be able to access through outside resources to help you along. But there’s still a level of subjectivity to it right? You’re going to want to do some weighting in those categories, particularly talk about what’s most important to the organization. Your opinion shouldn’t be the standalone opinion.
Here’s what’s really important. When you’re dealing with any kind of subjectivity, you’re going to engage the stakeholders because they’re going to be your safety net to help make sure you’re making good decisions for the whole organization. Just like I didn’t want you out there alone making an assessment of how risk tolerant your organization is, I don’t want you out there trying to answer all these subjective questions for the organization either. These are big important matters. You will be able to get mindshare from your stakeholders. Who am I talking about? Your internal customers. A clear one is engineering, finance, quality, manufacturing. If you’re in med devices or pharma, you probably have a Chief Medical Officer that you’re going to want to engage in this, and sales and marketing. All these folks have a vested interest in making the supply chain runs well, either because it will directly impact their workload if they have to qualify a new supplier or find a new part, or it may impact the service level of the organization.
What you’re going to do when you get those folks together is you’re going to align on the process for determining the impact and the likelihood. It may seem like some of the choices you make are a little ambiguous or unclear or subjective to a certain point of view. What I want you to do though, is get down in that room and lock down on it, so that at least you’re using the same criteria consistently. It’s important that the stakeholders buy into this, because they will help you communicate to the rest of the organization the risk, the consequences of the risk, and the expense of either solving it or not solving it to the organization.
So which risks should we try to eliminate? We should eliminate the risk based on the stakeholders’ criteria of the impact and the likelihood of it happening, not around on the stakeholders. You’re going to go through all the evaluation. You’re going to come up with the ones that hit the top of the list. Those are the ones you’re going to try to find a resource to go after first. It’s going to be a collaborative effort.
Bob Ross, the painting instructor on television used to say, “Oh, that’s a happy little accident.” He never worked in supply chain, because let me tell you, there are not very many happy little accidents in supply chains. What we’re going to do is we’re going to practice NSM, which means no surprises management. We are going to make sure folks know the risks ahead. While they may not like the risks, they at least will be aware of the potential consequences.
One of the biggest parts to moving into this awareness—into the no surprise management—is to move from being reactive to proactive. You may be part of an organization that caught a little flat footed in COVID, that’s okay, you’re going to use that as a burning platform to make changes. But you don’t want to wait for the next disaster to come before you start evaluating your supply chain again. You’re going to move this from an ad hoc event based scramble to a real proactive process that you do at regular intervals. You engage that super group of stakeholders earlier, so you’re going to keep them engaged. You’re not going to ask them to meet with you every week. But based on your business, you’re going to ask them to meet with you periodically, and either refresh the old risks and the old assumptions, or look at the new ones that are coming down the pipeline. Keep that stakeholder engagement with you.
One of the most clever things I saw done was to have a review twice a year. They picked unusual dates, April 1 April Fool’s Day, and October 31 Halloween. It was just a cute little trigger that people could get their minds around to say, “Oh, yeah, those are the times we’re going to sit down, and we’re going to review supply chain risk.” It’s also pretty funny, because once a really spooky day, and once a day full of surprises, so pretty good ones to use.
Now, because everyone’s bought into the process and tools, further on the additional meetings over time will become smoother and more effective. They’ll just become part of people’s route work. What I think is really important is that when you create the visibility around this and you discuss this, you’re going to talk about risk in different ways. Some of it you’re going to eliminate, some of it you’re going to mitigate, which means make it less worse, but some of it you’re actually just going to have to accept as part of doing business. Whichever choice you make, what you really want to do is make it transparent to the rest of the organization where that risk falls. It’s also a really good idea if that committee self evaluates, and you also might ask them to be the ones who are the steering committee for any projects that spool up to mitigate or eliminate risks.
For instance, if you have a project group trying to qualify a new supplier, they might report out to your risk committee as their executive sponsors. You’re going to create an awareness campaign—great another campaign, right? Well, it doesn’t have to be that difficult. It doesn’t have to be some really fancy rollout that inspires everyone in the organization. You know the company you work in. You’re going to pick the tactics that are going to be most responded to from your staff, from your executive team, and your board. You’re already going to have a win in your pocket, because you will be leveraging that stakeholder committee to take that information back to their own functional areas. They’re likely to tell their managers about it, so you’ve already now informed another tear up.
If you’re in a very sophisticated company, you already may have a risk management groups that you can just report this data into. Maybe your board of directors is already asking you for feedback on the risk—that’s great. Maybe there’s a quality control group or some other function that exists. If they don’t exist, come up with some creative alternatives for making sure there’s corporate visibility here. At the most basic level, put it in your monthly report to your manager. You could also leverage the sales and operations planning process. When you do those executive reviews once or twice a year, put in the topic of supply risk. Whatever you choose, be it simple or formal, just make sure you’re communicating.
Now, because you’ve already set this up, where you know the company’s risk tolerance, you know what you’re going to go after to mitigate, the message you deliver is one of facts, not fear. You’re not going to be Chicken Little saying, “The sky is falling,” you’re going to be saying, “Look, we are launching this new product. We have a key component on it that’s with a sole supplier. It is risky. Here’s a couple of things we’ve done to mitigate around it, but we just want you to be aware that some risk does exist.” So there, you’ve matched everything—the risk tolerance, the ability to mitigate what you can, and you’ve informed the important folks who need to know.
How do we stop surprises? Well, we’ve done it. We’ve kept our stakeholders active, and we’ve come up with a repetitive communication to the execs and the board. Honestly, no matter what your position for risk tolerance, no matter where you’re at on your progress towards eliminating and mitigating risks, you need to solve the awareness issue. If you’ve done that, you’ve taken care of one of the biggest responsibilities we have of supply chain managers. There’s been a lot of aftershocks from COVID. Capitalize on this new awareness of supply chain to make the changes you want to make now. You’ve got the executive teams mindshare, leverage it. You know their tolerance, you’ve defined the impact and likelihood, you know you have a proactive plan, and you’ve got a way to communicate it. There’s no surprises. Fantastic. Well done. All I can say to you is make it happen.
Thank you so much for your time today. It’s been a pleasure to be with you. I have so much more to say about this conversation. I would love to hear about what you’re thinking, how your company reacted to COVID, what challenges you’re having. Please ask those questions, share those comments with me, I really appreciate it.
Get full Q/N Access
Sign up to Q/N with a few details to watch this presentation.