How do you put a value on avoiding a problem that seemingly no longer exists because you’ve already spent money on eliminating it?
This is the classic Catch-22 dilemma faced by many corporate security managers when trying to justify further investments in steeling the supply chain against disruptions.
It’s a vexing problem, but there are ways around it.
The obvious conundrum is that hardening the corporation, its processes, and its supply chain requires investment. If nothing happens and no crises materialize, this effort is, in hindsight, deemed to be a waste of money by senior executives. There is some justification if an actual disruption was sidestepped or its impact mitigated. But even then, it is difficult to quantify the benefits of dodging the bullet.
As the saying goes: “One does not get promoted based on cost avoidance.”
One of the reasons is that costs avoided do not show up on financial statements. On the other hand, costs incurred—including security outlays—are visible, and often become prime targets for the CFO’s cost-cutting knife.
In my 2005 book The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage (MIT Press, 2005) I wrote that continuous security, resilience, and risk mitigation efforts can be hampered by their own success. I gave the example of Sun Microsystems, which suffered a spate of freight thefts in Europe. To fight the phenomenon, Sun hired escorts for trailers carrying high-value Sun gear and monitored logistics personnel to reduce inside-job leaks of information about these shipments. As a result of the measures Sun cut its losses to zero.
Later, when managers asked why the company was spending so much money for escorts in the absence of hijackings, security managers faced the classic Catch-22 dilemma mentioned earlier.
Insurance companies face this issue when selling disruption insurance, or when trying to convince manufacturers to reduce both the likelihood and impact of business interruptions through measures such as increasing inventory levels and developing alternative suppliers.
How can security professionals present a convincing case for investments in supply chain resilience in the face of such skepticism? Here are three possible approaches.
1. ID situations where resilience is a by-product
Some actions taken by businesses are bound to increase resilience even though the objective is entirely different.
Consider, for example, Amazon’s drive to build more warehouses throughout the U.S. The main business goal is better service, leading to same-day delivery (a goal it has already reached in Beijing, China, where any a.m. order is fulfilled on the same day within a three-hour window.) The strategy incurs higher costs in terms of capital expenditures, labor, and inventory, but the payoff is superior service. Another benefit, albeit unintended, is increased resilience because Amazon’s beefed up warehouse network enables the retailer to recover quickly if one facility suffers a disruption.
Another example is the postponement strategy used by computer maker Dell in its heyday. This supported an extremely lean build-to-order operation with minimal inventory. The strategy also made Dell more resilient by, for example, by enabling the company to rapidly switch product configurations and shape demand when external disruptions occurred. When an earthquake hit Taiwan in 1999 and knocked out a large number of the world’s chip supplies, Dell steered customers to products that could be built with available components. It increased third quarter earnings that year by 41% compared to the previous year.
Being part of industry groups is another strategy that can build resilience. For example, many automotive manufacturers and suppliers are members of the standards-setting automotive industry action group (AIAG). In March 2012, an accident at an Evonik Industries plant in Germany knocked out 40% of the global supply of CDT, a tough plastic used in fuel lines, brake lines, and plastic housings. AIAG launched an initiative to find other options, and within a week developed a harmonized validation process for alternative materials. Replacement sources were soon found. This quick action was made possible by the collective knowledge of the AIAG members and their familiarity with each other.
2. Highlight other benefits
It is possible to make a convincing case for investments in resilience by showing that these efforts yield other business benefits.
The largest retailer in the world, Walmart, operates a 24×7 emergency operations center (EOC) that, among other things, manages the flow of supplies in crisis situations. Many days before Hurricane Katrina hit the Gulf Coast in 2005, Walmart had prepared 45 trucks full of critical supplies at its distribution center in Brookhaven, Mississippi. By deploying these trucks Walmart reopened 66% of its stores in the affected area within 48 hours, and within one week 93% of stores were reopened. These actions earned high praise for the retailer, and burnished its image in a way that no advertisement or brand consultant could. Walmart now ships certain merchandise and groceries to stores that are in the path of hurricanes. Such anticipation increases both sales and customer satisfaction.
In this example, Walmart emergency response actions yield business benefits which can justify the entire EOC operation.
Supply chain mapping is another resilience activity that can yield business benefits. One of the first steps companies take when building supply chain resilience is to map the locations of their Tier I suppliers’ corporate headquarters and, more importantly, plants. Where possible they also map these locations for sub-tier suppliers, or at least ensure that relevant Tier 1 players have this information. These maps promote quicker responses to crises, and support social responsibility and sustainability audits. In effect, mapping activities increase resilience and improve supply chain performance.
3. Hitch resilience to other goals
When it is difficult to snag funding for resilience projects, another tack is to present them under the guise of other business objectives.
Following 9/11, the risk management group at a leading Wall Street financial services company concluded that they needed to have the ability for the entire staff to work from home. Management balked at the cost of supporting tens of thousands of telecommuters. The risk management group partnered with HR and presented the project as a diversity and inclusion initiative that would allow mothers to stay with their babies and empower disabled employees to stay active. The funding was approved.
Other business activities that can be leveraged to attract funding for resilience include the nurturing of collaborative relationships with trading partners, improving customer relations, and creating operational flexibility. But the internal risk management group must have solid links with other business functions in the organization.
Toyota’s relationships with its suppliers allowed it to recover quickly from the fire in its sole P-valve supplier, Aisin, in 1997. Similarly, strong customer relationships allowed Cantor Fitzgerald, the Wall Street bond trader, to recover from the devastation of the 9/11 attack when hundreds of its traders died and its trading floor laid in ruins.
Resilience-building projects can be a tough sell within corporations—even when enterprises endure serious disruptions to their businesses. Corporate memories tend to be short, and there are many other demands on a company’s resources. Rather than abandoning or restricting these efforts, risk managers can find other routes to the funding and managerial support they need to fortify their supply chains.
Supply chain resilience is not the only imperative which can be a tough sell internally because it is not directly in line with the Wall Street-driven business goal of short term profit maximization. Other initiatives, such as sustainability, diversity, social justice, and similar corporate social responsibility initiatives have similar characteristics. CSR initiatives can be sustained only if they align with other corporate goals and mainly, if they contribute, directly or indirectly to the bottom line.