From the September 2008 issue of Treasury & Risk magazine

Forging Stronger Supply Chains

Speed to market is important in most industries, but in the semiconductor business it is absolutely critical, given that consumer devices like cell phones and laptops go in and out of style faster than yesterday's designer blue jeans. A shipment of wafers, pads, circuits or slurries to make semiconductor chips that shows up late, or not at all, can cause severe customer repercussions that reverberate at the bottom line.

To keep its supply chain from disconnecting, Sun Microsystems Inc., a $14 billion semiconductor, storage and server maker, follows enterprise risk management (ERM) principles. With thousands of suppliers all over the world shipping to its internal plants and contracted external manufacturers, coordinating the logistics to ensure just-in-time manufacturing lies with the company's dozen supply chain managers.

Managing the financial risks of system failure, on the other hand, is the responsibility of Kevin Hoskinson, director of global risk and stock services. "We've broken the seal here to get people to look at the supply chain from a true financial impact versus just a traditional spend approach," Hoskinson says.

ERM has assisted this change, which Hoskinson says hasn't been easy. "Traditional supply chain and procurement folks tend not to see things in terms of risk," he explains. "Yet, we needed to develop a holistic approach to identify the risks and then apply scenario-based modeling, asking questions like 'What if this supplier goes out of business?' or `What if this port shuts down?' Then you're in a position to quantify the potential outcome against revenue, which allows you to compare and prioritize the risks, and establish action plans to mitigate them."

Sun Microsystems isn't alone in leveraging ERM to keep the links in its supply chain in place. Key Sun supplier ON Semiconductor Corp., based in Phoenix, employs a similar methodology. With risks constantly evolving, enlarging and becoming ever more strategic, insurance products that transfer those risks, such as business continuity coverage, product recall insurance, political risk coverage and credit insurance should be recourses only when the best laid ERM plans go awry. "ERM is the caption under which everyone, from supply chain managers to business recovery personnel to financial risk managers, can come together to discuss supply chain risks," says Yogesh Bahl, a partner and Northeast leader of anti-fraud programs and controls at consultancy Deloitte Financial Advisory Services in New York. "It's the best way to figure out what can happen, examine the effectiveness of current mitigation strategies in case it happens, and then discover the gaps."

Given the recent spate of supply chain mishaps, Bahl's advice is timely. Global supply chain disruptions caused by product quality concerns emanating from China and the severing of undersea cables connecting India to the rest of the world were wake-up calls for many. Low-cost Chinese manufacturing--a typical factory worker earns about $1 an hour, compared to 15 to 30 times that in the United States and Western Europe--suddenly was questioned because of the more severe cost of potentially losing key customers or distancing consumers from your brand. But those were just the blaring headlines. Smaller disruptions also take a toll, such as a labor management dispute that closed ports along the U.S. West Coast for 10 days and cost the U.S. economy an estimated $19.4 billion.

"The range of risks that can impair a functioning supply chain is just so daunting, from natural and man-made disasters like a terrorist attack to political instability to product contamination to a strike by workers," says Bahl. "When you extend the supply chain ever more globally, these risks increase markedly, yet you are now more geographically removed from the actual details of the operation. Everyone is looking to save costs by becoming leaner in production and using single-source suppliers, but they might be risking their long-term prosperity and competitive advantage in this quest."

With more suppliers around the globe furnishing their goods to manufacturers to satisfy just-in-time production targets, a key supplier failing to make the grade can slow down the process, giving the competition a leg up. Small wonder why an in-depth field survey of 89 U.S. manufacturing and retail organizations by AMR Research names "supplier failure and continuity of supply" as the No. 1 risk factor of those surveyed. Yet, another survey by Aon Corp. indicates that only 43 percent of companies have systems in which risk management and supply chain managers work "partially together" to manage risks.

At CSL Behring, partnership between risk and supply chain management gets the highest priority. "We have a fairly robust enterprise risk management program that gets visibility at the board level," says John Marren, director of global risk and insurance management at the King of Prussia, Pa.-based maker of bio-pharmaceutical products derived from human plasma proteins, with $2.5 billion in annual revenue. "In recent months, we've been going through a process of focused risk identification, scrutinizing each of our manufacturing sites for potential logjams from a supply chain and logistics perspective, in addition to examining the downstream side of our business, such as sales, marketing and regulatory affairs. Given the business we're in, getting products to market is vital since these are life-saving therapies. Even the slightest interruption in our supply chain can have devastating consequences." The company sources plasma, which requires refrigeration at minus-30 degrees C, and other raw materials like chemical reagents from hundreds of suppliers, including blood banks in the U.S. and Europe.

Like Sun Microsystems, CSL Behring is pursuing an ERM strategy of identifying, assessing and quantifying supply chain risks to determine the efficacy of current risk mitigation. "We cornered the key people touching the supply chain and went through an interviewing process to identify risks in their areas of specialization," Marren says. "Then we assessed each risk as a group insofar as how we were managing them. Based on this, we developed specific action plans to improve the management of the risks, making sure each fell within our risk tolerance protocols from a financial perspective."

Gordon Naylor, Marren's counterpart in supply chain management, sat on the team that undertook the risk assessment. "We have a long history of risk management working with business continuity; what we decided to do was pull all the pieces together to take a more holistic view, ensuring that nothing falls through the cracks," says Naylor, executive vice president of plasma planning and supply chain. "The idea was to forge common ground with a common process and lexicon of risk management--so we're all reading off the same page. A lot of detail work was done at the site level, which is important because that is where the ownership of risk needs to be. This is something that cannot be driven out of the corporate office; clear accountabilities must be held at the operational level."

At Sun Microsystems, the thousands of suppliers it relies on to make its electronic products were evaluated in terms of their individual impact on revenue. "We examined each supplier insofar as how they feed into our top 25 revenue-producing products, and within that determined which of these suppliers were sole-source and single-site--our only supplier of a particular item that went into the top 25 and they made this item at just one manufacturing location," Hoskinson explains. "If you have a single supplier but they have 10 manufacturing sites, one plant going down because of a natural disaster like a hurricane isn't going to disrupt the supply chain much, but if the supplier has just one site and it goes down, that's a much starker story. We then examined the revenue impact if this supplier went down, tracing it through the next year based on our revenue projections by product category. That gave us a unique view."

The analysis was indeed eye-opening, pointing out, for example, that a lot of revenue was at risk from a sole-source, single-site supplier in Thailand, a country that has had its share of political instabilities that could interfere with the smooth flow of supplies. After conferring with Sun's worldwide operations team and internal audit, Hoskinson developed a political risk dashboard software system to "pull the levers to take action ahead of an event to get stuff out of Thailand so there is minimal disruption or none at all, " he says.

Other tactics to keep supply chains functionally intact include ongoing monitoring of suppliers' credit worthiness to make sure they don't end belly up, and a recent project examining risk distribution to make sure suppliers are geographically balanced. "We discovered, for instance, that we were overexposed from a supply standpoint in Indonesia, and that it might not make much sense to add another supplier there," Hoskinson says. "Sourcing elsewhere would lower the overall risk."

Sun supplier ON Semiconductor also applies ERM to its supply chain management. Just as Sun examines ON's credit, ON does likewise to its suppliers and applies a similar revenue-based impact analysis, but in its case it's performed externally by i2, a supply chain technology and consulting organization.

"Risk mitigation is pretty key here," says Ravi Vancheeswaran, director of the global supply chain organization at the $2.2 billion chip fabricator, which has 10,000 employees worldwide and shipped 32 billion units last year. "We're always applying scenario-based techniques to determine the impact of an earthquake in China, a fire at one of our factories or a government closing down an airport.

We prepare by virtually simulating a wide range of risks to the supply chain, and then develop strategies to mitigate them. We just completed an analysis of the impact of rising demand on our supply chain, in which i2 also assisted us. When you're producing 25,000 different products, this isn't something that can be accomplished on a spreadsheet."

Insurance plays an important role in transferring supply chain risks, but only by filling gaps, observers say. Last month, Marsh, a leading insurance broker, released a new product, Global Supply Secure, that transfers a wide range of risks. Considered the broadest coverage in the market, the insurance compensates for costs caused by a loss of a supplier, stoppage of the supply itself or a related service interruption.

Multiple perils, such as strikes, political risks and even the outbreak of a pandemic are listed as covered events. The question is: Do companies need all this insurance? "Insurance is important, but really only as a backstop," says Melissa Losasso, Sun senior risk analyst.

While Sun purchases contingent business interruption insurance to absorb the costs of a manufacturing slowdown, the company's captive insurance operation in Bermuda self-insures a portion of this risk. "The financial limits offered by insurers are very limited, hence our need to also absorb the risk ourselves," Losasso explains. "Our emphasis here is on risk mitigation more than risk transfer through insurance, though we purchase it and make sure our suppliers also have appropriate coverage for adverse events."

In short, there is no passing the buck. As Deloitte's Bahl says, "Companies need to get their houses in order first from a supply chain standpoint, and then look at insurance."


Here's a short list of events that caused supply change headaches in the last year:

o Explosions by terrorists in Mexico shut down crude oil, natural gas and propane pipelines, disrupting businesses;

o A 2007 earthquake shut down nearly 70% of Japan's auto production;

o Power shortages forced China's largest zinc plant to shutter and slashed aluminum production in
Shanxi province by a third;

o A pipeline explosion in Western Australia shut down production of a range of products, forcing 14%
of state businesses to close. --Russ Banham