Newsletter
Publication Date
Abstract

 Supply Chain Frontiers issue #4. Read all articles in this issue.

Despite making substantial investments to improve supply chain security, companies are not getting the most from their investments. Jim Rice, CTL Director, Integrated Supply Chain Management Program, presented CTL study findings on the value of security at the Council of Logistics Management annual conference, Philadelphia, this October.

There are two ways to make an organization less vulnerable to disruptions such as a supplier failure, natural disasters or terrorist attacks, explained Rice. Reducing the probability of disruption through preventative measures such as improved security and early detection systems is one way. The other is to diminish the consequences of disruptive actions by making supply chains more robust and reactive--in effect, more resilient.

The problem is that "security" is an amorphous concept that is not easy to define in business terms. Consequently, there is too much reliance on qualitative risk assessment and a lack of quantitative analysis. "Firms are making investments to make sure that something does not happen," Rice said. "It's hard to prove ROI - no one gets credit for preventing problems that do not occur."

Organizations often reach for more obvious remedies that may not be seen as investments in resiliency. These include bigger fences and elaborate visitor ID systems, which although worthwhile, are narrowly focused and do not address the security of the entire supply network. Also, these more tangible safeguards may not bridge the most serious gaps in an organization's defenses. "A more holistic business case is required," Rice said.

A holistic view sometimes develops not out of a specific security strategy, but out of an existing corporate culture. In January 1994 a snowstorm crippled the city of Louisville, where UPS has its operational hub. City streets were closed for a week and the company's employees could not drive to work, so UPS quickly flew in workers to keep the lines rolling. It was able to do this because the organization's processes are standardized enabling it to respond speedily to market changes.

This approach is an integral part of a culture "where workers have a deep understanding of what is important to the firm," Rice pointed out, and consider disruptive stoppages as intolerable. But a culture of resilience does not need to be modeled on the UPS approach. Dell, a very different type of organization with an almost obsessive focus on short-term execution, also has employees with a deeply rooted sense of what is important to the company. Agility and responsiveness are key company characteristics that make Dell highly resilient. "These are two paths to the same end point," noted Rice.

Another path to resilience is developing a well-defined case for a security strategy based on quantitative data that managers can relate to - in other words an ROI. Rice believes that it will get easier to attach an ROI to security programs as the collateral benefits of more secure supply chains become clearer. CTL's supply chain resilience research project has identified numerous possible benefits. For instance, investing in supply chain flexibility makes an enterprise more responsive to disruptions, and the collateral plus is greater responsiveness to daily demand variations.

Still, determining the value of security is not easy, and although a number of enterprises point to collateral benefits as a valuable by-product of such measures, few can back up their claims with hard data or examples. "Collateral benefits will become more evident, but first they have to be more widely recognized," Rice said.