Be prepared to bounce back: Building a resilient supply chain

Supply chain risk has steadily grown as companies have increased their reliance on outsourcing and sole sourcing while simultaneously failing to shockproof their supplier networks. This perspective details four steps that companies need to take to develop a resilience framework that will help them to mitigate supply chain risk.

Show transcript

Be prepared to bounce back Building a resilient supply chain


Cleveland Harry Hawkes Partner +1-216-696-1574 harry.hawkes

New York Richard Kauffeld Partner +1-212-551-6582 richard.kauffeld Martha D. Turner Partner +1-212-551-6731 martha.turner



About the author

Martha D. Turner is a Strategy& partner based in New York. During her tenure with the firm, she has worked across a variety of industries to deliver cost reductions, increase operational efficiency, and improve supply chain performance, with specific focus on consumer and media clients.

This report was originally published by Booz & Company in 2011.



Executive summary

Supply chain risk has steadily grown as companies have increased their reliance on outsourcing and sole sourcing while simultaneously failing to shockproof their supplier networks. Catastrophic supply chain disruptions can have a devastating effect on company performance. To mitigate supply chain risk, companies need to take four steps to develop a resilience framework: (1) anticipate risks, (2) assess risks, (3) act against the risks, and (4) designate a business continuity coordinator. Additionally, our research has found that companies with successful risk-conscious supply chains make risk management ongoing, develop a partnership approach with key suppliers, and understand the role the corporate culture plays in propagating success of a resiliency plan.



A tale of two producers

Back in October 1998, Hurricane Mitch blew through Central America, destroying roads, bridges, railroad tracks, factories, and fields upon fields of crops. Two major banana producers lost much of their Central American capacity, but the two fared quite differently. Dole Food Company suffered devastation to 70 percent of its 40,000 acres in Honduras, Guatemala, and Nicaragua, or roughly one-quarter of its worldwide production. Because the company had no strategy for alternative sources of bananas in the region, its Central American inventories were interrupted for more than a year. By contrast, Chiquita Brands International Inc. was able to maintain a steady supply of bananas from the hurricane-ravaged region, despite significant damage to its plantations, by tapping those among its network of partners whose land was undamaged and by improving productivity at other locations, such as Panama. In the fourth quarter of 1998, Dole’s revenue declined some 4 percent, while Chiquita’s grew by the same amount. The tale of two companies aptly captures the challenges procurement chiefs face in managing supply chains that have become increasingly fragmented and brittle, thanks to the combination of rapid growth in outsourcing to geographically distant partners and suppliers, a developing focus on sole sourcing to better capitalize on price advantages, and the hesitancy of company executives to set up shockproof supplier networks. Indeed, the notion of supply chain resilience has been raised and dropped repeatedly at most companies in recent years as disastrous events elevated the visibility of the issue and relatively calm periods relegated it to the back burner again, usually with few fail-safe mechanisms implemented. A recent situation in China reiterates the substantial risk that companies still face from disruptions to their supply chains. China is an important part of most industry supply chains, yet its reliability as a supplier was called into question in 2010 when it engaged in an on-again, off-again
Strategy& 5

embargo of rare earth exports, withholding materials that are critical for sophisticated electronics and electrical equipment. Supply chains can be disrupted by bad weather, political considerations that sometimes trump economic or financial concerns, supplier incompetence, environmental disasters, terrorism, or any number of other uncontrollable circumstances. As a result, companies need to work harder to balance their supply chain dependencies and recognize the value of sourcing diversification. A recent Strategy& survey asked leading supply chain executives in various industries about their understanding of supply chain risks (see Exhibit 1, next page, and Exhibit 2, page 8). The survey revealed that most companies, regardless of industry, perceive the greatest risk to their supply chain to be interruptions in deliveries from key suppliers, a risk exacerbated by the tendency to sole source. Survey results also revealed that the majority of respondents did not have detailed mitigation plans for such an event. In recent years, most companies have sought to maximize the efficiency of their supply chain, emphasizing speed, agility, and especially cost. In fact, cost justification is the biggest impediment to truly dedicating the time and resources needed to build in resilience. Whereas designing for efficiency emphasizes flexible supply chains that minimize costs, supply chain resilience planning balances this view by ensuring that these supply networks are not so flimsy that they crack under the pressure of unforeseen circumstances. The trouble is that activities that make the supply chain more resilient — buffer inventory, redundant sourcing, multimodal logistics contingencies, and continuity planning — are often labeled unnecessary expenses and equated to over-insuring business operations. This emphasis on efficiency is also borne out in most organizations’ metrics. While many companies have explicit objectives and initiatives related to efficiency, such as cost and inventory reduction or the implementation of just-in-time production, resilience often remains an implicit concern. Such a discrepancy is hardly surprising, as it is difficult to define a set of metrics that measure protection against supply chain risk. Ultimately, the absence of disruption is the most important measure of success. However, there are metrics that can indicate a supply chain’s overall resilience, such as safety stock levels, supplier lead times, and the number of relationships with sole sourcers. And if companies work at it diligently enough, they can achieve a high level of both efficiency and resilience.



Exhibit 1 Greatest supply chain risks to organizations

Interruption in supplies from key suppliers Physical damage to owned facility IT breakdown/information security breach Large-scale natural catastrophe in area of operations Loss of key people Nonphysical disruptions to owned facility

68% 35% 31% 30% 17% 13%

Source: Strategy& survey



Exhibit 2 Survey respondents’ level of preparedness for various risks


46% 43% 38% 33% 30% 26% 18% 13% 7% 1% 2% 2% 1% 9% 5% 6% 3% 3% 3% 2% 2% 21% 17% 19% 15% 36% 34% 34%

Interruption in supplies from key suppliers

Physical damage to owned facility

IT breakdown/ information security breach

Large-scale natural catastrophe in area of operations

Loss of key people

Nonphysical disruptions to owned facility
Detailed, well-thought-out plans High-level plans No speci c plans Not prepared at all Don’t know

Source: Strategy& survey



Moving toward resilience

A successful supply chain resilience framework begins with a robust identification of risks. This process involves taking a holistic view of the supply chain operating units and functions to uncover shared risks in the supply chain and also to ensure that risk management strategies are consistent throughout. Along the way, risks are accurately prioritized and measured to provide the basis for effective risk management strategies. The process culminates in a program that will inject supply chain resilience into the corporation. Step 1: Anticipate risks Disruptions in today’s supply chain can be caused by events as diverse as the failure of sole source suppliers, labor disputes, and earthquakes. To establish a comprehensive risk inventory, stakeholders from every point along the supply chain — procurement, manufacturing, distribution, marketing — need to be engaged and brought together to understand the risks inherent in their functions and in the links between their functions. Their varied perspectives help to ensure that each of the critical risk areas is uncovered. An effective approach to this step includes the use of wargames to identify supply chain risks. More advanced than typical interviews, wargames allow stakeholders to interact and uncover deeper risks within the supply chain (see Exhibit 3, next page). Participants’ reactions to certain scenarios help to uncover hidden risks and also identify especially challenging risks, such as those that require complex responses with little warning and those that require collaboration among functions or business units. In a recent wargame, an automotive manufacturer discovered that the recovery from certain supply chain disruptions would require the collaboration of multiple functions. The company’s ignorance of the number of stakeholders involved and the level of collaboration across organizational boundaries necessary to manage such a disruption was a major blind spot, indicating significant risk exposure.



Exhibit 3 A sample wargame
A Action reactions

Corporate manufacturing distribution procurement competitors


Modern trade regulators



A Teams communicate to make alliances and learn what is happening Business impact


Competitor and stakeholder teams - Identify objectives and priorities - Develop strategy - Take action to achieve strategy and find common ground - Brief decisions and rationale to all other teams after each move May represent competitors’ internal or external stakeholders

Customer/market teams - Agree on criteria for success - Assess stakeholder action against criteria - Provide feedback from customer point of view

Control teams - Oversee wargame play - Reaction from all others (e.g., regulators, suppliers) - Update scenario, introduce external shocks

Market impact C

Stakeholder wargames sometimes include a customer team, but not always

A nancial model may be used to capture the implications of team actions

Source: Strategy&



Step 2: Assess risks Once identified, risks should be analyzed or modeled so that companies can understand their potential impact on the supply chain and business in terms of both the likelihood of the event and the magnitude of the disruption. Mathematical models drive much supply chain planning, but physical topology models and dynamic supply chain simulations can provide fresh insights into the potential impact of important risks. For example, a physical topology model depicts the links between critical supply chain systems, processes, and infrastructure to illuminate interdependencies that may not be obvious. An understanding of how this complex web of systems and processes supports the supply chain can provide a more robust analysis and is often a critical element in a broad-based review. Recently, a Fortune 50 global pharmaceutical company set out to develop an enterprise-wide risk management and business continuity program that could reveal the interdependencies among people, processes, and technologies across the organization. The company began by developing a model to depict the relationships in its business and operating environments. The model highlights shared resources, such as key personnel, infrastructure, and suppliers, showing these concentration points across the enterprise, including those in the logistics and supply chain. By understanding these relationships, the company could evaluate the complete impact of any potential disruption. After developing an accurate depiction of the supply chain, companies should prioritize potential supply chain disruptions by characterizing the likelihood and magnitude of the outcomes they would cause. In comparing risks, it is important to distinguish between events and their outcomes. For example, a shipping facility can become inoperable in many ways: hurricanes, chemical spills, and strikes, to name a few. But for analytical tractability, it is better to focus on the outcome — in this case, the inoperability of the facility — regardless of the cause. The likelihood of a given outcome is driven by both the nature of the threat itself and the vulnerabilities of the supply chain being affected. Both qualitative and quantitative assessments can be used to estimate the likelihood of different outcomes, employing relative rather than absolute metrics. The magnitude of a particular outcome is the (potentially) negative effect, or effects, that a company can expect if some aspect of the supply chain is damaged, destroyed, or disrupted. These effects can include stakeholder concerns such as lost revenue, increased costs, compromised ethics, or diminished brands. Exhibit 4, next page, shows a representative mapping of risks to a supply chain, using both likelihood and relative consequence as metrics. Risks
Strategy& 11

In comparing risks, it is important to distinguish between events and their outcomes.

Exhibit 4 Weighing key risks to the supply chain

Supply chain risk list
Critical risks 5 Low-consequence/ high-likelihood risks High-consequence/ high-likelihood risks Loss of sole parts supplier Raw materials shipment delay Likelihood Material price fluctuations Labor shortage Low-consequence/ low-likelihood risks

Negative actions of supply partner (e.g., abuse of child labor laws) Prolonged loss of electrical power to manufacturing plant

0 0 Relative consequences

High-consequence/ low-likelihood risks 5

Note: The likelihood and relative consequence of each identified risk were rated on a scale of 1 to 5 and placed accordingly in the matrix. Source: Strategy&



mapped in the upper right quadrant are of a higher severity than the other risks and should be the highest management priority. This is not to say that risks in the other quadrants are unimportant. All of the risks should be considered, whether or not they rise to a level that warrants immediate action or senior management attention, because depending on a company’s circumstances or business environment, even risks that are a bit under the radar may require a response now or sometime in the future. Step 3: Act against the risks By offering a holistic view of the supply chain and a common understanding of the greatest risks for all stakeholders, risk identification and measurement provide a baseline for the development of mitigation strategies. Additionally, they provide a basis for informed decision making about risk management initiatives. Addressing supply chain risks will likely require several tactical risk management activities, such as holding more inventory stock. In our experience, though, effective long-term risk management is the result of a broad consideration of risk management goals rather than a narrow focus on specific risk management activities. As a pragmatic illustration of how a risk management plan can be established, consider the efforts of a leading consumer packaged goods firm examining the dangers it faced in sole sourcing of raw materials (see Exhibit 5, next page). To determine how best to address this risk, management explored the impact of its immediate and long-term actions on supply, price, quality, and corporate social responsibility. The company found it needed to rethink the structure of its existing contractual terms and conditions and to evaluate the purchase of a stake in the supplier for longer-term risk mitigation. Workshops and modeling exercises of the sort used to anticipate risks can also be valuable in providing insight into the best risk management goals and activities. For example, a wargame can facilitate a discussion among supply chain stakeholders to plan potential risk management activities. Similarly, risk management plans can be verified using simulation tools that can show the potential effects, in key metrics, of a change in supply chain strategy or activities. The output of a successful risk management exercise will produce both actionable risk management plans for curbing immediate threats and a game plan detailing the long-term changes needed to increase the supply chain’s resilience.



Exhibit 5 Sample actionable risk mitigation plan
Risk Raw material is sole sourced Mitigations Review current contractual arrangements to ensure contracts adequately protect company interests Determine if a 2- to 3-year contract is required Horizon Short-term mitigations Impact

In the absence of a reasonable substitute, work with the nance department to build a business case to seek an equity stake in supplier

Long-term resilience strategies





Major impact Some impact S: Supply P: Price Q: Quality CSR: Corporate social responsibility

Source: Strategy&



Step 4: Designate a business continuity coordinator The implementation of risk management activities and strategies requires rigorous adherence to processes, roles and responsibilities, and governance structure so that the risk management program doesn’t become stale and ineffective. Companies can create a new position, such as that of coordinator of business continuity management, to supervise the risk management plan or assign the responsibility to an existing role. The coordinator should be responsible for maintaining all documents and electronic files related to the program, conducting a periodic review to ensure accuracy (e.g., confirming that the right phone numbers are listed), scheduling and overseeing regular exercises, and alerting senior management when the plan needs to be updated because of significant changes in the supply chain or substantial new threats.

The implementation of risk management activities and strategies requires rigorous adherence to processes, roles and responsibilities, and governance structure.



A resilient environment

The mechanics of implementing a resilience plan vary significantly and depend heavily on an individual organization’s circumstances. However, since the goal of business continuity is universal, there are undoubtedly common characteristics among all companies that offer good examples of resilience. Our research has led us to identify several elements of successful risk-conscious supply chains. Make risk management ongoing It’s important to note that identifying risk is not a one-off exercise. Building and maintaining supply chain resilience requires a company to be continually aware of the risks it faces. An organization should consider not only recent failures and mishaps, but also internal circumstances with the potential to cause disruption and impair its ability to operate. Often, companies fail to update their risk management documents when new supply chain initiatives or external threats (e.g., an avian flu pandemic) appear. As new risks crop up, they need to be worked into existing risk management strategies or added as new initiatives. The success of such a change initiative requires regular review and adequate resources. The General Motors Corporation has proactively increased its risk awareness through sophisticated tracking of its Tier One and sole source suppliers in close to real time, constantly monitoring the possible disruptions that could occur in their geographic locations. In moments of crisis, such as an impending hurricane or a labor threat, GM can ship parts to other supplier locations to avoid hiccups in its manufacturing operations. Similarly, one Fortune 50 consumer products company created such a comprehensive and constantly updated assessment program that it was able to produce a heat map demonstrating the relative position of each raw material it purchased on two dimensions: risk rating and brand
16 Strategy&

Identifying risk is not a oneoff exercise. Building and maintaining supply chain resilience requires a company to be continually aware of the risks it faces.

impact. In this way, the company learned that, for example, its orange drink unit was highly susceptible to disruption by crop failures and operational slowdowns at its blending operations. With this knowledge, more energetic surveillance efforts could be directed at the company’s orange drink line, which was a critical source of revenue. Develop a partnership approach For years, people have been boasting about the benefits of partnership with key suppliers. However, in most instances, the partnership ends with public formalities. For true resilience, a culture of information sharing with key suppliers is a must, incorporating joint teams, regular tests of the supply chain that include all relevant parties, and frequent conversations with suppliers to understand their concerns. Cisco offers a good example of how sharing information can minimize supply chain risks. The company mandates that its suppliers allow it to examine their processes for adequate business continuity plans and second-source suppliers that could fill in if a disruption occurs. It’s a sound policy, and it signals that Cisco, like any savvy company striving for resilience, realizes that supply chains are only as good as their weakest link. Understand the culture As management teams design and embrace a supply chain resilience plan, it is important to remain cognizant of the role corporate culture plays in the organization’s daily operations. For instance, while a plan may show the need for an inventory buffer, the simple suggestion of creating such a buffer would be counterintuitive to any organization using the Toyota production system, which touts the importance of just-in-time principles. In such cases, it’s important to find a balance between developing the right plan for the culture and convincing the culture that some changes are necessary. Companies that want to embrace a resiliency plan must have the culture in place to propagate success. Although the actual balance may differ by organization, the ingredients are often the same. First, there must be organizational acceptance, which starts at the top. Localized buy-in and subsequent activity then become catalysts to developing a workable structure that is inculcated into the daily operations. It is also important to ensure that previously established incentives are not at odds with any resilience initiatives; for instance, if teams are rewarded for running a lean operation, it may be difficult to build in the redundancies necessary for a resilient operation.
Strategy& 17


Companies can do little to eliminate, or even control, the myriad potential disruptions to their global supply chains. But most can do substantially more than they are doing today to mitigate the risks posed by disruptions when they do occur. Creating supply chain resilience requires more than utilizing the framework to identify, assess, and mitigate enterprise risks. The long-term success of a resilient supply chain also depends heavily on the organization’s ability to foster a culture of reliability that stretches across departmental borders. The constant drive to lower supply chain costs will continue to increase any company’s risk exposure, but with some forethought, risk need not threaten extinction.




Editor’s Note: This report has been adapted from “Prepare to Bounce Back,” published in Sourcing Reloaded: Targeting Procurement’s New Strategic Agenda (Strategy&, 2008).



Strategy& is a global team of practical strategists committed to helping you seize essential advantage. We do that by working alongside you to solve your toughest problems and helping you capture your greatest opportunities.

These are complex and high-stakes undertakings — often game-changing transformations. We bring 100 years of strategy consulting experience and the unrivaled industry and functional capabilities of the PwC network to the task. Whether you’re

charting your corporate strategy, transforming a function or business unit, or building critical capabilities, we’ll help you create the value you’re looking for with speed, confidence, and impact.

We are a member of the PwC network of firms in 157 countries with more than 184,000 people committed to delivering quality in assurance, tax, and advisory services. Tell us what matters to you and find out more by visiting us at

This report was originally published by Booz & Company in 2011.
© 2011 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see for further details. Disclaimer: This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.