The Corporate Supply Chain: BCM’s Ticking Time Bomb

corporate supply chain

The coronavirus pandemic has made one thing abundantly clear: the corporate supply chain is business continuity management’s ticking time bomb. In today’s post, we’ll look at the secret vulnerabilities hidden throughout the supply chain, assess the damage they could cause, and lay out some steps to disarm the bomb or at least reduce its impact.


The Pandemic’s One Benefit

If the COVID-19 pandemic has had one benefit for business continuity management (BCM), it is that it has caused BC professionals and responsible executives everywhere to look more closely at the security of their organizations’ supply chains.

This is happening not a moment too soon.

As regular readers of the blog know, I have been beating the drum on the importance of companies’ making their supply chains more resilient for a very long time

My colleague Richard Long has accurately called supply chains the Achilles’ heel of business continuity.

Some people wrongly assume that only manufacturing companies have a supply chain. Every organization has such a chain. The supply chain consists of third-party vendors that provide the products, services, and technology an organization needs to carry out its functions.


A Ticking Time Bomb

The big danger with such chains is, if a vendor that provides your organization with a critical product or service goes down, then your organization is in trouble, unless you have a way of quickly obtaining a replacement for that product or service.

In most cases, your company has limited visibility into its vendors’ continuity plans—and even less control over them. As a result, you have no idea how reliable each supplier is.

Your organization is a hostage to fortune.

If I had to guess, I would estimate that 7 out of 10 of the suppliers my clients rely on are highly vulnerable to being disrupted.

In our increasingly complex—and increasingly unstable—world, supply chain security is becoming the big issue in business continuity.

That’s why I call the corporate supply chain the ticking time bomb of BCM.


Product Delays and Service Outages

In some respects, business has dodged a bullet with the COVID-19 pandemic. We are not hearing from our clients about suppliers they depend on permanently shutting down. However, we are hearing quite a few reports about products being delayed.

In addition, the pandemic has led to increased use of collaboration services and those have experienced periodic slowdowns and outages. (Witness the recent problems with Zoom, Google services, and Office 365.)

These problems have driven the rise in concern with supply chain security that I mentioned in the beginning.


The Supply Chain is NOT SECURE

The corporate supply chain today is not secure. Let’s take a closer look at some of the main shortcomings in how organizations manage their supply chains and the problems these might cause. Here they are, in no particular order:

  • Too many companies take a superficial, lackadaisical approach to vetting their suppliers.
  • A few companies subject their suppliers to the equivalent of a colonoscopy in assessing how resilient they are. A far greater number goes with the approach, “Are you breathing? That’s good enough for us!”
  • Industry overall lacks a standardized approach for evaluating suppliers’ resiliency.
  • Business today is a highly complex web. If two or three key companies grind to a halt due to supply chain problems, the ripple effect could be tremendous.
  • Most of the people tasked with performing vendor BC assessments need more education to look for in continuity capabilities.
  • Organizations are reluctant to press their suppliers about their continuity plans for fear of antagonizing them.
  • Many organizations are over-reliant on China as a supplier. This is a massive liability. We’ve come to depend on Chinese vendors because doing so has been easy and cheap, but it’s not secure, as recent events have shown. The dangers of relying on China include everything from trade and geopolitics issues to the suppliers’ lack of resilience to the length and vulnerability of the shipping routes. This is an especially big issue with pharmaceutical companies.
  • Most companies do not regularly look at their entire supply chain and assess the threats and risks to it (what are geopolitical concerns, natural disaster threats, cyber threats, etc.).

Those are some of the biggest problems I see with the security of our clients’ supply chains, and I am confident they hold true for business generally.


Strengthening the Corporate Supply Chain

Let’s move on and look at some tips and other information that relate to making companies’ supply chains stronger and more secure.

  • To strengthen its supply chain, a company must clearly understand its third party providers for goods, services, and technology. The company needs to understand which suppliers are critical to its operations and which are not. It needs to look into the resilience of its critical suppliers and verify that they are sufficiently robust.
  • Every BC professional and executive should get in the habit of looking at the threats to their organization’s supply chain.
  • As a result of the pandemic, the good news is that more companies are taking a closer look at their supply chains. We’ve been getting lots of calls about this in recent months, and more of our clients are requesting mock disaster exercises based on a loss-of-supplier scenario.
  • Moving forward, business needs to take the old saying “Trust but verify” to a new level when it comes to the resiliency of its supply chains.
  • Properly scrutinizing suppliers will bring a greater workload and require more staff and resources.
  • “Don’t put all your eggs in one basket” is good advice when it comes to supply chains. Companies should seek to diversify their sourcing for critical goods and services.
  • Regarding China, a positive development we’ve seen is companies diversifying into suppliers in places such as Vietnam and South America. Sourcing from the U.S. would enhance resiliency, though at greater expense.
  • If your company is heavily reliant on China, I suggest you consider looking for alternate providers in other countries. Countries that have friendlier, more stable relationships with the U.S.
  • The next wave in vendor assessment is likely to be looking at fourth-party suppliers, the companies that supply your suppliers.
  • In the future, vendor assessment is likely to grow more standardized. I wouldn’t be surprised to see the development of a system for evaluating suppliers similar to the FICO system used to score consumers’ creditworthiness.
  • By the same token, I think we’ll see the emergence of a stronger legal and contractual framework establishing requirements for vendors’ continuity planning.
  • If you are a supplier, you need to get a solid business continuity plan in place. Such a plan can give you a competitive edge now. In the future, it will amount to a requirement.
  • Making an effort to strengthen your supply chain will lead to your organization’s new level of resiliency overall.
  • There can be great value in having a third party expert conduct an independent assessment of your supply chain’s security. MHA Consulting provides such assessments.

These are a few of the things companies can do to increase their supply chains’ resiliency. Here are a few glimpses from my crystal ball regarding what the future holds in this area.


A Stronger Supply Chain for a Safer Company

If the coronavirus pandemic has had one good result for business continuity, it has been to increase the attention paid to the issue of supply chain security. This is a positive development since hidden weaknesses in this area have long amounted to BCM’s ticking time bomb.

To increase their resiliency overall, organizations can and should assess and improve their supply chains’ reliability, particularly concerning the goods, services, and technology they depend on most—the stronger the supply chain, the safer the company.


Further Reading

For more information on supply chain resiliency and other hot topics in BC and IT/disaster recovery, check out these recent posts from BCMMETRICS and MHA Consulting:

Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.

Business continuity consulting for today’s leading companies.

Follow Us

© 2024 · MHA Consulting. All Rights Reserved.

Learn from the Best

Get insights from almost 30 years of BCM experience straight to your inbox.

We won’t spam or give your email away.

  • Who We Are
  • What We Do
  • Blog