The GlobalEthicist – Supply chain risk: what companies need to know
There are all too many examples of the devastating consequences of overlooking supply chain risks. Get it right, and a company and its stakeholders can reap the benefits
What does an outbreak of fungal meningitis in the US in 2012 have in common with the explosion of Nasa’s Challenger shuttle in 1986? What does the recall of toxic toys have in common with a spate of suicides at a manufacturing facility? What does tainted baby formula have in common with the deadly collapse of a garment factory building?
There is a common thread that runs through these mostly tragic stories: the breakdown of supply chain risk management. In each case one or more components of the supply chain were not properly risk managed, resulting in terrible consequences.
The buzz phrase for many a global businessperson today is supply chain risk. Everyone is concerned, everyone is worried, the topic is both immense and multifaceted and constantly changing. What does it really mean? How does it vary for different businesses? Does it apply to all types of business, and to non-profits, academia, and even the government?
In the case of the close to 50 fungal meningitis deaths (and many more serious sicknesses) in the US in 2012-13, a pharmacy (New England Compounding Center) sold spinal injection medication created in unsupervised, unsterile and unsafe conditions. In the case of the explosion of the Nasa shuttle, a small defective part (a rubber O-ring designed to prevent gases from leaking) was found to be the root cause in a chain of contributing factors.
In the case of the massive recall of toxic lead-painted Sesame Street character toys manufactured by Mattel third party suppliers in China, the toys were at least as dangerous to factory workers at the start of the supply chain as they were to children playing with them at the other end of the supply chain. In the case of the suicides at the Chinese FoxConn plants in 2012, serious labour and human rights violations appear to have led young workers living in slave-like conditions to take their own lives.
A better approach
When New Zealand-based Fonterra discovered the presence of botulism in some of its milk products headed for China this summer, the company moved quickly to advise consumers and rein in its supply chain. Fonterra clearly learned lessons from the awful 2008 case of a local Chinese company’s melamine-contaminated baby formula that killed six children (and sickened thousands) in China.
The Rana building collapse in Bangladesh earlier in 2013, resulting in more than 1,100 workers dying, is one of the most dramatic and tragic stories of supply chain risk gone wrong. Everyone along the supply chain (including the workers who perished at the factory and had protested about the unsafe conditions right before the collapse) seemed to know that something was really wrong with the structural safety of the building.
In the Rana case, those most responsible for ensuring the safety of the workers – from the building owners, local government authorities and auditors on the ground to the ultimate buyers of the factories’ output (several major western retail chains) seemed either uninterested or worse. The retailers apparently did not verify whether their third parties lived up to their supply chain standards.
Also often directly complicit in these supply chain fiascos are the local, provincial, state and federal governments that do not provide proper regulatory or licensing requirements, or do not bother to enforce existing laws and regulations, or, at worst, accept or demand bribes to look the other way.
Supply chain risk management is a microcosm of doing business generally. A typical supply chain is long, complex, convoluted, multi-faceted and unpredictable. It exhibits a breadth of dangers, risks and opportunities that are extant in the broader business context. Here’s a list of possible factors that relate to the overall supply chain risk:
- Third party risks (supplier, vendor, distributor, agent, consultant, venture partner or partner).
- Labour and human rights risks (including child labour, slave labour).
- Health and safety risks.
- Ingredient/component and product quality/safety risks.
- Private or public procurement risks.
- Regulatory risks (specific to the industry in question).
- Corruption, fraud or money laundering.
- Misrepresentation/false advertising.
- Environmental impact.
- Climate change/sustainability impact (water, energy, other resource use).
- Business continuity and crisis management.
As all the high-profile cases make clear, a weak link in the supply chain (that may not even appear to be material at first or in isolation), can lead to increased risk, which may compound negative consequences further along the chain.
What these examples also tell us is that each type of business experiences a variation on the theme – what supply chain means to a global garment retailer is clearly different from what it means to a mining company.
However, the differences are mainly in scale or connected to specific industry, regulatory, jurisdictional and contractual requirements.
There are several overarching themes that all businesses should consider when it comes to effective supply chain risk management and compliance. Supply chain risk will never be completely eliminated and the cost/benefit of this type of risk management is always changing. No company can become the ultimate “cop” of its entire supply chain, but it is possible to strike a balance that is cost effective, ensures safe products and services and respects the needs and interests of relevant stakeholders.
Here are six critical components of an effective supply chain risk management strategy:
1. One corporate owner for overall supply chain risk. Company procurement, operations or another central department should own overall supply chain risk management, with the right budget, resources and IT infrastructure to ensure logistics and regulatory compliance.
2. Cross-functional supply chain risk management. While one function “owns” supply chain risk, other functions (legal, compliance, finance, ethics, corporate social responsibility, operations, business units) should be part of a proactive cross-functional approach to supply chain risk management, crisis management and post-crisis learning.
3. Supply chain third party screening. Third parties – such as agents, vendors, suppliers or distributors – should be background checked before entering into contracts. Binding compliance provisions should be included in contracts. Ongoing obligations should include covenants around quality, labour, anti-corruption and anti-fraud.
4. Supply chain third party checking, testing and auditing. Internal and external auditing and checking of third party facilities, ingredients, components, quality, safety and labour rights needs to be part of the deal. Companies with extensive supply chains and supply chain risk should consider having an internal supply chain risk audit team or developing part of their internal audit function to accomplish such ongoing and periodic tasks.
5. Speak-up culture about supply chain risks. The C-suite needs to set the tone from the top, encouraging a speak-up culture from the shop floor to the executive suite on risks generally, including supply chain risks.
6. Board oversight and reporting. Supply chain risk management should be on the board agenda – whether at a committee level quarterly or in an annual report to the full board. Boards, in turn, should demand accountability and reporting from senior management on this critical and complex risk.
While arguments can be made that ultimate buyers (retailers or consumers) in a long supply chain, who are usually many steps removed from the source, should not have supply chain responsibility, in today’s highly interconnected and interdependent world, responsibility is ultimately shared. If nothing else, responsibility for supply chain vigilance will end up being shared because stakeholders – including shareholders – are watching more carefully and expect better performance by those on the top of the supply chain.
Effective supply chain risk management can also be very rewarding to companies. Not only will they avoid the worst consequences of supply chain failure – deaths, accidents, product recalls, fines, incarceration, reputation loss – but they will also reap great rewards, including process improvements, cost effectiveness and savings, brand and reputation enhancement and, in some cases, even product innovation.
Dr Andrea Bonime-Blanc is chief executive of GEC Risk Advisory, a global governance, risk and reputation consultancy to boards and the C-suite. She is chair emeritus of the Ethics and Compliance Officer Association, a member of Ethical Corporation’s editorial advisory board, a programme director at the Conference Board and a life member of the Council on Foreign Relations. @GlobalEthicist