Bulletin / Supply Chain and...

Supply Chain and Risk

Author: Charlie Maclean-Bristol

This week I have been teaching the BCI Supply Chain Continuity Management course, so I thought I would share some insights and observations from the students on the course.

  1. About 3-4 years ago supply chain was the “buzz” topic for business continuity and there were lots of seminars and conferences. Although to me it is still as important and the threat has not gone away, it is less popular. The big “buzz” at the moment is cyber security. Although I suspect that cyber security will go the same way as supply chain, so it will remain a threat but the next new popular threat will supersede it in a year or two. So my point is that just because supply chain it is not the topic of chat around the business continuity water cooler or the number one topic of discussion in the forums, it doesn’t mean that it is any less of a risk and that the threat has gone away.
  2. The BCI and Zurich Insurance produce an excellent annual supply chain survey. If you are doing any work on supply chain, looking to understand the different threats or wanting to give some figures to senior management on the financial impact of supply chain loss, then the survey has all the information you need. You can download it for free from the BCI at http://bit.ly/1nn4EZ
  3. Speaking to the students from various different companies on the course, it was evident that there was a very wide variety of different impacts of supply loss. There was a security company who basically had no critical suppliers, to a company involved in the build of a nuclear power station which had a huge number of suppliers and a very complex supply chain. As part of their regulatory regime they are required to understand their complete supply chain up to their tier 7 suppliers. Suffice to say the course made it very clear to me, if I didn’t know before, that the impact of loss of supply chain effects different companies in different ways! You need to understand your organisations supply chain risk exposure.
  4. One of the key learning points from the course is you have to understand the nature of the industry you are working in. Certain industries have different reputations and risks. The clothing manufacturing industry is known for having issues with poor health and safety and child labour. In Scotland many taxi companies and tanning salons are often alleged to be owned by organised crime groups and used to launder money. Another of the key points of the course is that “you can outsource the activity but not the risk” so your supplier can have an incident which has a major impact on your organisation. In BPs Gulf of Mexico oil spill, they didn’t actually operate the rig which caused the spill but they were held responsible. We were discussing the subject of reputation with one of the students from a cleaning company. She felt that she had very few suppliers and therefore no supplier reputation risks. In the discussion she said that her company outsourced the destruction of the waste produced by her client, which her company was responsible for disposing of. As the waste industry, especially in the past, has had a reputation for cutting corners and not disposing of the waste to the relevant regulations, her company has a risk that if waste found not to be disposed of correctly it would be her company not the waste company which would be held responsible by her clients and cause the loss of the contract
  5. One of the resources I suggested students use was a book called “The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage”by Yossi Sheffi. Although it is a little old now it has some excellent case studies and is very readable. One of the students managed to purchase it on Amazon for 1p plus post and packaging. The other book I recommend which is more risk focused is Supply Chain Risk Management by Donald Water (Second Edition).
  6. Although Supply chain is not top of the agenda for most organisations at the moment, it is still a threat that has not gone away and loss of a supplier can have a massive impact on the organisation. So we, as business continuity people, should revisit our list of suppliers, for goods and services, and ensure that suitable risk mitigation measures are in place for their loss. We also need to understand that our organisations may be held responsible for incidents that we have been exposed to but have been caused by our suppliers.

You might be interested in the following stories

When Cloud Computing goes wrong

You may be interested in the following course

BCI Supply Chain Resilience course

Sign-up to our weekly bulletin

Twitter feed

Bulletin
What lessons can we learn from Marriott’s response to their Cyber Breach?

This week Charlie discusses the Marriott hotel hack and how you can prepare your organisation for a potential data breach.

7 December 2018

“The course went really well. It was very well presented by James McAlister with lots of interesting stories to support the learning which means I have come away feeling like I learnt a lot in a week. ”

Jamie Stevens
Horizon Nuclear Power
View further testimonials