Risk Management via Supply Chain Visibility

Supply chain visibility is often included in the risk management toolkit. By coupling process changes, the improved intelligence from supply chain visibility, and fast decision cycles, organizations hope to out-maneuver interruptions in the flow of material, capital, or information. In this article we’ll address visibility for risk management at three levels: what makes risk worth watching for (the business problem), how supply chain visibility can reduce risk (the mechanics), and finally how all this is often leading to more risky behavior on the part of the organization (the unwanted outcome).

Before going much further let me also say that we’re entering a space that is well covered in alternate supply chain blogs. For years Norwegian researcher Jan Husdal provided the single best web resource for supply chain risk research, especially for academic coverage. Since late 2012 he slowed down, but maintains the site and adds occasional materials. What is especially vital about his site is that it is (a) a bridge between academic, governmental, and commercial supply chain views, and (b) not trying to support a for-profit agenda related to software or consulting services. His site is an example of what our field needs more of: an active and public discussion by individuals rather than organizations.


The Business Problem:

Let me draw you a picture: A renewed credit-squeeze is causing organizations to scramble for cash flow or short-term credit lines in order to keep operating. Let’s assume you work for a major apparel brand, and they are well capitalized with cash reserves. But a month later you discover that two key suppliers, representing 60% of next season’s product line, have not been able to buy enough raw materials due to their own limited credit. As typically happens, they neither called attention to their own risky situation nor did they necessarily cover it up either. In other words, your company could have known about this risk before it became a catastrophe, but no one was tasked with ensuring this risk was being monitored. And even if someone was tasked with monitoring the supplier risk, there were no supply chain visibility tools in place to empower them.

Not all supply chain risks or bad events fit will be considered manageable by supply chain visibility. If the event is so rare or unpredictable that no one would have thought to create sensors in the business environment to detect it, its unlikely supply chain visibility is a viable tool to mitigate it. If the event is annoying but has no financial impact, or the impact is so ambiguous it’s un-measurable, it also won’t be addressed using visibility initiatives. If the event was totally unstoppable and no advance warning would enable mitigation, it’s unlikely to be worthwhile adding to visibility solutions.

In short, supply chain visibility projects to manage risk are more likely to get funded or enacted in the presence of three things:

  1. A recent example of a risk which was not caught, but could have been
  2. A financially measurable impact from the event, using the KPIs already accepted by the executive tier of the company
  3. A politically powerful champion who connects the event, the fact it was not inevitable, and the ways in which requested visibility solution would have mitigated its impact

If you have all three, we can be safe in assuming there will be a budget of some size approved. Now, what do companies spend that budget on?

The Mechanics of Risk Mitigation through Supply Chain Visibility

In my experience, supply chain visibility is used for risk mitigation in three distinct ways:

  1. Identify risks as quickly as possible via logical checks on real-time data
  2. Quantify risks as quickly as possible via probabilistic mining of real-time and historical data
  3. Support the re-allocation of resources as risks appear, grow in likelihood, and occur.

While these three mechanisms for using supply chain visibility to manage risk could be deployed together, I suspect that most supply chain visibility initiatives are geared to only one approach. I’ll now discuss each mechanism in depth.

Mechanism #1: Using Logical Checks on Real-Time Data

Supply chain mangers are usually monitoring for issues by executing a limited number of logical checks as new information becomes available. In many instances, these are about the comparison of event sequences or event planned vs. actual outcomes. As an example, I worked previously in a company where a full time staff member collected data by email and fax, solely for the purpose of comparing the actual date and time of shipping events against their previously planned or re-forecasted date. What this staff person was doing was a supply chain visibility process targeted at managing risk. By collecting data and applying a logical comparison, the organization could identify impacts to its flow of materials earlier than usual, allowing the company to take corrective action. If a logical check failed, the staff person raised this as a risk and that warning initiated a process to identify the severity and probability of the risk, along with mitigation options. In order for this kind of visibility to work, the organization needs to be able to decide in advance what constitutes a risk and how it will be logically confirmed from the data. Although the logical sequence could be quite large, there is a pre-defined state which the supply chain should achieve and which is known in advance.

When supply chain visibility solutions are built on logical checks, the most important components are (a) the metric, (b) the target value, and (c) the actual value. As an illustration, a company may have a metric which is “percent of future retail value on order with a single supplier”. The target value might be 20% or less, and actual value may be 15% or less. It should make intuitive sense when we say that these kinds of logical checks are best when focused on real-time data flows. In the example I just gave, the actual value was “15% or less”. That actual value will never change until new data arrives. And when new data arrives, and we conclude that the actual value has moved to 17% and is therefore still acceptable, the logical check is over. It remains dormant, without change, until new data appears. In this way the visibility process is data driven and will be more valuable and active as the frequency and latency improves. Another way to describe this is as a finite state machine, i.e. at any given moment the supply chain is in a specific state, and the visibility solution assesses that state compared to its expected or desired state.


At the heart of this form of visibility is certainty:

  1. Logical checks on visibility data are backwards-looking; they are a kind of instrumentation of the supply chain.
  2. Every logical check passes or fails.
  3. There is also certainty about what is “risky”, since the threshold which demarks passing and failing is set in advance by the organization.

These certainties are what make it different from the next mechanism to be discussed…

Mechanism #2: Quantify Risks via Data Mining or Machine Learning

In logical-checking visibility processes, the organization sets a threshold for its logical calculations and then alerts itself when the threshold is breached. But an inversion of this idea is to explore relationships in the data for probabilistic outcomes in the future. These can be convergent, meaning the process makes a single prediction, or divergent in which “what if” type scenarios are allowed. To provide an illustration, let me go back to my past experience where a full time staff was conducting logical checks on shipping event dates. Instead of waiting for the actual event data to come in, we could have opted to use past data correlations between shipping agent and timeliness to predict future events. If we had done so, we might have tracked a rolling 90 day “late delivery days” metric for each carrier. Suppose one carrier had a value of “2”, meaning on average they had delivered two days later than committed. This value could be applied a current shipment to predict its future outcome:


  1. We could predict it will be 2 days late (a convergent approach, based on the average)
  2. We could predict four scenarios with four different outcomes, each representing a quartile point in the probability distribution (a divergent approach).
    1. 25% chance for on-time delivery
    2. 25% chance for 1 day delay
    3. 25% chance for 3 day delay
    4. 25% chance for 4 day delay

Obviously the divergent approach is more nuanced. We could expand upon it by adding other predictors beyond just the carrier. For example, we could include the supplier, the country of origin, the weather, the day of the week it was shipped, etc. By increasing the allowed predicting variables the final prediction can become very responsive to data and also able to find relationships which human analysts would miss. Among the most important applications of this process are the risk-based selection of cargo to be screened at customs in the USA, the detection of fraud in credit card transactions, and commodity pricing and contract term negotiations.

Like the first mechanism discussed, this use of supply chain visibility to manage risk is data driven. But unlike the first scenario, the output is not binary in nature. Instead of saying “yes or no” to a predefined logical check, the role of visibility processes or systems is now to predict possible future values of key metrics. To put it another way, when a logical check fails it is because something measurable has occurred. If quality drops below a certain level, we call the production manager and hold them responsible. Can you do the same thing when there is only a high probability, based on past correlations, that future quality will be unacceptable? Maybe not…

This usage of supply chain visibility allows organizations to prepare for uncertain, but probable, future events. This can be very powerful because it enables the organization to constantly shift its resources to be deployed along the riskiest outcomes. As a real example, if an organization has very low probability of being hit with an insolvent supplier, but a high probability of being hit with high raw material prices, it can spend its time and money in securing options or future contracts on raw materials. In this way an organization is using its resources more effectively because of an improved prediction of the probability that risk will come from one area and not another. And how some organizations make that resource deployment decision is covered in the next and last mechanism for visibility in risk management…

Mechanism #3: Support the re-allocation of resources as risks appear, grow in likelihood, and occur

Let’s go back to the example where a firm sees a growing risk that the cost of raw materials will increase substantially. This occurs to blue jeans brands often, since the cotton market has such steep cyclical ups and downs. As data about weather and acreage planted, and the cost of future or option contracts changes, companies like GAP can estimate the likelihood of adverse price moves. But when it’s time to take a response to this information, most organization find themselves almost blind to their own resources or needs. Let’s back up for a moment and look at this phenomenon.

As incongruous as this sounds to most students or non-supply-chain professionals, most organizations simply do not know what inventories, capabilities, commitments, or capital exists in their supply chains. For years, ERP consultants would challenge CEOs and other executives by asking if these kinds of attributes were known within just one organization. For example, how sophisticated of an ERP or other IT system does one have to use to know with good precision the inventory, capacity, and capital level at a retailer like GAP? As many ERP sales people know, it’s likely that even the CEO can’t be certain of his or her own company’s real-time resources. Now, consider that GAP it is not the only company in its supply chains. For any given product (let’s stick with blue-jeans) there will be a logistics provider, a brand owner (GAP), several suppliers, and many raw goods suppliers. Can we say that GAP would know the inventory, capital, or capacity levels of all these partners?

And yet this kind of intelligence is what is needed to form the best response to a potential risk. If cotton prices are likely to go up quickly, and a retailer is critically tied to the performance of this product, it must coordinate a plan with the rest of the supply chain players. If some of those players have high inventories already, or if they have low capitalization and cannot make future purchase commitments, the risk-mitigation-plan necessarily changes. So the third and final mechanism I’ve seen in which supply chain visibility helps manage risk is when the visibility process renders the resources of the supply chain transparent in support of risk-mitigation.

To create this form of supply chain visibility, organizations focus on collecting data and crunching it into an aggregate resources view of their supply chains. They also need to know what the commitments are against the aggregate resources. All this intelligence is then available to key supply chain decision makers who try to best optimize the resource usage. They make plans for resource usage in a fair, open way for the balanced good of all the companies involved. Actually, they don’t do that at all, I was kidding. Gotcha.

Supply chains are usually anchored by one or two very strong players, who dictate the practices of the others and enforce compliance. In a situation where a large retailer puts up the money and talent and time to create visibility to supply chain resources, are they really going to weigh all the participant company’s interests the same? In reality they will maximize the retailer’s benefits while ensuring enough benefits to accrue to the other participants to avoid them from abandoning the arrangement. In some situations that can be a very small benefit indeed, so it’s no surprise that the small participants in the supply chain don’t usually see cooperation as beneficial. Even more damaging to the arrangement is the fact that there is a known threat that the intelligent collected for risk mitigation will become a negotiations tool against them later. This gives the participants an incentive to provide inaccurate or incomplete data. To give a real life example, even the US government promises that supply chain visibility data collected for risk-based inspections will not be shared with customs agents to check that all duties are paid. Even against a hugely powerful supply chain partner like the US government, organizations will drag their feet about providing data if they can see it may not be in their short term interests.

The Unwanted Consequence

So an organization has three different mechanisms it can use to make supply chain visibility help mitigate risks. The three mechanisms are quite different, but all have proven successes. Let’s suppose that with a budget, talented staff, and six months the organization is able to install a process supported by technology that delivers one of these three mechanisms. Everyone is happy with the results and in 18 months the risk-management changes have filtered through the organization and the supply chain. As rare as it is, this time everyone really did embrace change and revised how they make decisions. Is this the happy ending? Maybe not…

The success of changing decisions and processes is itself a risk. I’m going to hat-tip Malcom Gladwell’s book “What the Dog Saw” here and relate a story where the release of new antilock brakes among taxi drivers caused a temporary reduction in accidents which eventually reversed back up to the same rates they had been at previously. What occurred is that the new brakes made stopping faster and more certain. But the drivers then became aware of the new capability and began to compensate for it by how they drove. Measured in terms of speed to destination, the taxi drivers were able to improve their driving because of the brakes. But they did not reduce the number of accidents because the drivers wanted to consume the risk reduction by converting it to faster driving.

This same behavior takes place in organizations. If a crisis occurs because a key shipment was late and it seriously degrades a key product launch, a company may install a supply chain visibility mechanism to manage this risk in the future. As the visibility demonstrates that it can reliably catch risks before they are unstoppable, it is likely (even inevitable) that the decision makers in the company will alter their behavior. They will hold less safety stock, buy goods on tighter timelines, make more aggressive promises, etc. They will consume the risk mitigation in order to have gains in other metrics. And why shouldn’t they? Although such actions make the organization just as vulnerable as it was before the visibility solution was deployed, the company is getting better net business performance. The only reason this behavior is a problem is that the visibility solution is often tied to a promise that “this won’t happen again”. Therefore supply chain visibility for risk mitigation can earn a bad reputation where it is undeserved.


Monday Morning Wrap-Up

As always, this article is closing with the key points which make it useful in your immediate work as a supply chain professional. It was a longer article than usual, on a driver of many supply chain visibility projects.

  • Ironically, the supply chain visibility project which is targeted at reducing risk is itself a somewhat risky endeavor.
  • In order to have any real chance of getting started, the project will need a recent crisis which was preventable if visibility had been present
  • The project will also need a strong financial justification couched in the financial KPIs of relevance to the company’s executives
  • Supply chain visibility has three main mechanisms which it can use to help mitigate risk
    • The first mechanism is the execution of logical checks which ensure the actual state of the supply chain matches the planned state of the supply chain
    • The second mechanism is to quantify the probability of future outcomes by conducting data mining against selected predictor variables.
    • The third mechanism is to render the supply chain’s resources transparent, usually just to the most powerful organization in the supply chain, so that risk mitigation efforts can be best planned and executed.
  • Finally, most successful risk mitigation processes will eventually alter the organization’s decision making in a way that makes them reliant on the risk mitigation as “usual business”. This leads to better business performance, but eliminates the actual safety created by the visibility solution. Net risk is the same, but with better business performance as the eventual benefit.


Leave a Reply