Developing and Implementing Strategy for Managing Risks in the Supply Chain
An interview with John Brown, Director, Risk Management, Supply Chain & Technical at Coca-Cola
The past three years have seen a number of man-made and natural disasters bring risk management demands to the forefront of executives and board directors. Fat-tail risks that have a low probability, but a very high impact to the organisation, such as the Japanese tsunami, the Gulf of Mexico oil spill or the Eurozone liquidity crisis, have been front and centre, creating a renewed interest in enterprise risk management (ERM) practices.
John Brown, Director, Risk Management, Supply Chain & Technical at Coca-Cola answered a series of questions from marcus evans before the forthcoming 6th Annual Enterprise Risk Management Conference, March 19-20, 2013 in Chicago, IL.
All responses represent the view of Mr Brown and not necessarily those of Coca-Cola.
When it comes to quantifying risks within the supply chain, are there sure-fire approaches or methods to apply? Why or why not?
John Brown: The sure-fire approach is to map your supply (value) chains, delineating the flow of value contribution from each node (value-adding operation) and through each link. As is normally the case, however, the sure-fire approach is not easy to implement, especially since the ‘map’ must extend to tier 2, 3 and beyond suppliers, and downstream through customers to end consumers. The effort and resources it takes to complete this mapping is insurmountable for most companies. Some excellent work is taking place to visualise value chains by mining data in enterprise applications, such as SAP. But there are challenges even in this approach, which at best captures tier 1 suppliers. I am hopeful that elegant (and affordable) solutions will be developed in the next few years.
What are some of the vital steps an organisation must take to mitigate risks in the supply chain associated with fat-tail risks like Hurricane Sandy?
JB: Interesting question, and no easy answer. Risk management is essentially prevention, and few company reward structures are geared to prevention activities (as compared to reaction, such as crisis management). Part of the difficulty is that it is next to impossible to demonstrate that risk management activities prevented an uncertain event from occurring. The steps most companies can take today include understanding where they have critical dependencies, such as single-sourced materials or services, suppliers who are susceptible to external events, or vulnerable transportation/logistics links. And then establish arrangements to avoid a major disruption in the value creation chain. The challenge with this approach is that it ultimately increases your cost-of-goods, relative to a steady-state environment. Where it pays off is if you experience a disruption and are able to flex with it. A more fundamental approach is to design products and services with a view of minimising exposure to disruptions.