A supply chain vulnerability/risk assessment should be an integral part of an overall supply chain strategy analysis. Unfortunately, this is rarely the case. We continually hear, “Yes, yes, we understand the importance. We’ll get to it next week…next month…next year….some time.” None of these excuses are acceptable. Failure to adequately address supply chain vulnerability may place the enterprise at risk.

So, how does one go about assessing supply chain risk?

A proper vulnerability analysis is a 3-step holistic process that encompasses the entire supply chain, starting with a company’s customers and the products they purchase, then working back to the upper-most tier of raw material suppliers.

Phase I: Preliminary discussion

This very important phase focuses on (1) education—nature and importance of supply chain vulnerability/risk assessment, types of risk, mitigation strategies and case examples; (2) informal company assessment of risk (where and why); and (3) supply chain description and fundamental strategic drivers. A truly rigorous study would involve formal supply chain mapping to include commodities, facility, inventory, transportation, customer locations and information flow details.

Phase II: Audit

This step delivers a complete clean-sheet, detailed view of a global supply chain not available from a single macro business system, such as ERP or a micro execution system such as a TMS or a WMS.

Typically the most time-consuming phase, the audit consists of detailed information gathering. For example, databases should be prepared for raw materials, intermediate products (work in process) and finished products that contain annual volume in units, sales and profits, number of sources and location and contribution of each source. For raw materials and intermediate products items, annual sales and profits are the corresponding values summed across all of the finished products for which they are a part of the bill of materials.

In order to evaluate the viability of vendors, one should gather a variety of financial, performance and business environment data (host country financial stability, political stability and so on), including information about their vendors, much of which will involve a measure of subjective judgment. One can then apply various predictive analytics statistical methods, such as a factor analysis and regression analysis to develop models of vendor success or failure. This step requires time, patience, persistence, expertise and a management commitment to an ongoing program of vendor evaluations.

Let’s return to supply chain mapping with a summary of desired information:

• Descriptive data
• Commodities (raw material, intermediate product, finished product)
• Locations (supplier, manufacturing, port, distribution center, cross-dock, pool point, customer)
• Major channels (especially critical in omni-channel environments)
• Customer demand data (preferably at a disaggregated, line-item level of transaction detail)
• Facility costs and capacities (procurement, manufacturing, distribution center, port handling, inventory, etc.)
• Transportation costs and historical utilization (preferably by lane/mode/shipment size)
• Duties and taxes, if applicable
• Detailed historical flows by link, location and commodity

Phase III: Create a model using advanced network analytics

Use this opportunity to redesign your supply chain and ask a myriad of questions about location (where, number, type, size, mission), capacities (procurement, manufacturing, storage), customer service, sustainability goals and constraints. But, the purpose is to assess vulnerability. Here are three examples:

1. Elimination of facility locations one at a time (“one bump” analysis), two at a time (“two bump” analysis) and so on.

2. Forcing service to critical customers from secondary locations.

3. Follow the prescriptive optimization-based analysis with a detailed, day-by-day descriptive simulation of a proposed network.

 Don’t wait until next week, next month or next year to address your company’s supply chain vulnerability. Failure to put in place an effective supply chain security method presents opportunities for your supply chain to be at risk.