SCRM: The Need for More Research

SCRM: The Need for More Research

A recent report by McKinsey states that “Today’s complex and long supply chains are almost inevitably subject to disruption. …high costs, in combination with long recovery times, have triggered many companies to reassess their supply-chain strategies and footprints to make them more resilient to any kind of disruption.”

COVID-19 has triggered significant challenges to supply chain risk management. IBM writes that “COVID-19 has driven home the need to reduce global supply chain vulnerabilities through intelligent workflows.” Deloitte reports that “COVID-19 [could] be the black swan event that finally forces many companies, and entire industries, to rethink and transform their global supply chain model. One fact is beyond doubt: it has already exposed the vulnerabilities of many organizations, especially those who have a high dependence on China to fulfill their need for raw materials or finished products.”

At the same time, researchers at Sonatype found a massive 430 percent surge in next generation cyberattacks aimed at actively infiltrating open source software supply chains with 929 next generation software supply chain attacks recorded between July 2019 and May 2020 compared to 216 between February 2015 and June 2019.

The combination of increased costs, increased risks, and escalating attacks suggests a strong need to address how supply chain risk is managed. The long-time emphasis on minimizing costs, reducing inventories in favor of “just in time” delivery, and increasing asset utilization removed buffers and the ability to absorb disruptions. Now, new advanced technologies such as the Internet of Things, artificial intelligence, robotics, 5G, and digital supply networks (DSNs) are emerging that have the potential to be able to monitor across the supply chain and support the ability of enterprises to resist shocks. The traditional linear supply chain model transformation into DSNs, where functional silos are broken down and organizations become connected to their complete supply network, enables end-to-end visibility, collaboration, agility, and optimization designed to anticipate and meet future challenges. Organizations that deploy DSNs will be ready to deal with the unexpected shocks, whether from a global "black swan" event like COVID-19, a trade war, an act of war or terrorism, regulatory change, labor dispute, sudden spikes in demand, or supplier bankruptcy.

Technology alone is not a panacea. A large part of the problem in reacting to COVID-19 stems from a history of being reactive. In some ways, government leaders and scientists are far more prepared and smarter about pandemic risks that they were 20 years ago. Billions of dollars have been spent on technologies to make drugs and vaccines more quickly and to prevent and train for pandemics. “Government funding for pandemics has become largely an emergency one-time package to stop an ongoing outbreak,” says Julie Gerberding, former Director of the CDC and now Chief Patient Officer for Merck & Co. “We have a cycle of crisis, and then we become complacent, and [then] the tendency is for the focus and the investment to be repurposed for other issues,” she adds. Dr. Rajeev Venkaya, former Special Assistant for Biodefense to President George W. Bush, says simply “The reality is that for any leader it’s really hard to maintain a focus on low-probability high-consequence events.”

The availability of technology does not guarantee its use. High costs, in combination with long recovery times, have triggered many enterprises to review their supply-chain strategies and footprints to make them more resilient to any kind of disruption. While the degree of professionalization of supply-chain risk management varies widely, many companies still follow a reactive approach in responding to supply-chain disruptions. Many companies do diversify operations and implement multi-sourcing strategies wherever feasible and economically justifiable by working with their suppliers and performing regular audits as part of their general business practice. They monitor the most relevant risks such as regulatory changes or changing customer demand on an ongoing basis. But relatively few invest much time and money in automating any of these activities. When hit by sudden supply-chain disruptions, they build temporary task forces to manage the issue on an ad-hoc basis. Precious time is lost due to insufficient preparedness.

In contrast, some enterprises have permanent supply-chain risk-management teams and processes in place. Information sharing between the supply-chain risk-management team and other functional areas or departments such as marketing, IT, and legal is well-established, with clearly defined interfaces: in case of disruptions, these teams are able to exchange information on the fly and react quickly. These enterprises continuously monitor trends and events that could cause disruptions in the global supply chain, work to increase transparency throughout multitier supply chains, set up databases of suppliers across tiers, and use external software and data sources to receive push notifications about the latest incidents, together with the possible implications for them.

Understanding supply chain risks requires gaining visibility into tier 2 and tier 3 suppliers that, despite their relatively small size, can quickly and significantly disrupt production. Recent reports show that over 90 percent of the Fortune 1000 companies have tier 2 suppliers in the regions of China most affected in the initial phase of the global COVID-19 pandemic. There has been a heightened focus on achieving greater agility into supply chains to better manage rapidly evolving situations. Supply chain managers are working through immediate challenges, but, moving forward, the question arises of how organizations can better manage, foresee, and limit the severity of disruptions. The answer, according to IBM, involves building the capabilities necessary to respond to future events with both pace and certainty.

In the Katrina aftermath, a number of large corporations that had the capabilities and characteristics described above were able to respond relatively quickly to local shortages. But the resources of the federal government were eventually marshalled only after there were initial coordination issues. Supply chain issues related to obtaining and distributing essentials ultimately required the formation of a military task force with the necessary organization skills and capability. Specific recommendations about logistics in the report that followed. Most salient, the Report called for “Federal, State, and local logistical planners should use the best practices from successful large private sector companies as well as from DOD as the standard to develop improved operational capabilities and coordination procedures in the new logistics system.”

Traditionally, researchers have looked at supply chain risk sources, risk consequences, risk drivers, and risk mitigating strategies. To address these elements, others identified research issues to be addressed as “first, understanding risk assessment along the chain and developing more practicable approaches to guide the process and second, investigating risk implications of different network structures and developing effective tools for identifying network-related risks.”

The complexity forces of a supply chain can also drive ‘chaos effects’ in supply chains as a result of over-reactions, unnecessary interventions, second-guessing, mistrust, distorted information throughout a supply chain or simply from a lack of supply chain understanding within the organisation. The well-known bullwhip effect, which describes increasing fluctuations of order patterns from downstream to upstream supply chains, is an example of such chaos (Lee et al., 1997).

An older article states that “quantitative models in the field are relatively lacking and information flow risk has received less attention. It is also interesting to observe the evolutions and advancements of SCRM discipline. One finding is that the intellectual structure of the field made statistically significant increase during 2000–2005 and evolved from passively reacting to vague general issues of disruptions towards more proactively managing supply chain risk from system perspectives.”

A more recent study provides empirical justification for a framework that identifies 13 key enablers of resilient supply chain practices and describes the relationship among them using interpretive structural modelling (ISM).

All of these approaches are inherently data intensive and require substantial research to develop more sophisticated and nuanced approaches to supply chain risk management. The availability of new technologies and methods and the severity of impacts in recent events suggest it is time to refocus, reassess, and develop better solutions to address these old and timeless questions. Finding more quantifiable solutions and more data-informed decision making should reduce risk and provide more and better tools. Reinventing the wheel each time there is an event is not a viable answer.