a sustainable supply chain: 4 things to tell management

A Sustainable Supply Chain: Four Things to Explain to Management

Omar Keith Helferich, PhD & John E Griggs, PhD

Supply Chain Sustainability LLC

Being Succinct Can Help When Explaining Complex Concepts

Succinctly stated, “A sustainable supply chain reflects the firm’s ability to plan for, mitigate, detect, respond

to, and recover from likely risks.”i

One way to gain the support needed to maintain a sustainable supply chain is to ensure that corporate

management understands four important supply chain concepts:

1. The linking of compliance to performance standards to supply chain collaboration is a critical

operational goal.

2. Risk management and continual improvement lie at the heart of effective supply chain monitoring and

mitigation.

3. Monitoring compliance is a complex operational issue but one with proven methodologies for

implementation.

4. Compliance to standards of performance and supply chain collaboration can save more than it costs.

Each of these four concepts is briefly presented below: Compliance to Standards of Performance; Concepts of

Process Improvement; Monitoring Performance; and Benefits of Continual Improvement.

Compliance to Standards of Performance - A Goal

Supply chain professionals embrace a policy of compliance to standards because to do so is consistent with

their goal of improving performance though best practice strategies and the improved operational efficiency

and effectiveness of their supply chains.

Our four-year focus on supply chain security-brand

protectionii- has led us to three simple conclusions: 1) the

concepts of risk analysis and continual improvement will lie

at the core of any meaningful supply chain performance

improvement; 2) the concepts of “compliance” and

“collaboration” merge when we define and attempt to

adhere to standards of supply chain performance; and, 3) it is

proven fact that process improvements lead to increased

profit and corporate resiliency. The connecting of

“compliance to standards” and “supply chain collaboration”

as we envision it is shown in Figure 1, The Connecting of Compliance and Collaboration.

Figure 1: The Connecting of Compliance and Collaboration


2 © Supply Chain Sustainability LLC www.supplychainsustainability.com

The Underlying Concepts of Processes Improvement Standards

Risk Analysis and Continual Improvement are the two core concepts which underpin all internationally-

recognized standards… whether called performance standards or compliance standards. Understanding these

two concepts is critical in addressing the issues of supply chain risk.

Risk Analysis

There are various models used to represent the “Risk Management Process”. All include the two fundamental

attributes of the probability (likelihood) of an event occurrence and the impact (consequence) potential of the

occurrence.

With roots dating back to the late-50s and used primarily within the food and pharmaceutical industries, one

such risk model is Hazard Analysis of Critical Control Points (HACCP)iii.

The basic principles of HACCP are:

Principle 1: Conduct Hazard Analysis

Principle 2: Identify Critical Control Points (CCP)

Principle 3: Establish Critical Limits for Each CCP

Principle 4: Establish CCP Monitoring Requirements

Principle 5: Establish Corrective Actions

Principle 6: Establish Record Keeping Procedures

Principle 7: Monitor HACCP System Performance

ISO 31000, Risk Management – Principles and Guidelines (ISO 31000)iv and ISO 28000, Security

Management Systems for the Supply Chain (ISO-28000)v defines a risk management framework as a set of

components that provide the foundations and organizational arrangements for designing, implementing,

monitoring, reviewing and continually improving risk management throughout the organization.

ISO 31000 uses the following definitions of risk, definitions which are consistent with definitions used in

numerous other risk analysis approaches:

Risk: Effect of uncertainty on objectives

Level of Risk: Magnitude of a risk, or combination of risks, expressed in terms of the

combination of consequences and their likelihood

Consequence: Outcome of an event affecting objectives

Likelihood: Chance of something happening

In practice, there are tools that can be useful in assessing and managing supply chain risks including;

failure modes and effects analysis, CARVER-Shock, scenario analysis, simulation, economic models, and

stochastic analytical models.vi

What is relevant is not which risk analysis approach is best suited for a particular industry or supply chain

focus; what is relevant is that all international standards and all emerging industry or aspect standards will



have “risk analysis” as a core and underlying concept.

Continual Improvement

The second core concept is “Continual

Improvement”; a concept that is also common

across all major existing and emerging standards of

performance.

Not intended as a history lesson, but to establish its

relevance and staying power, Figure 2: The Continual

Improvement Timeline, traces currently used concepts

back to Frances Bacon. Bacon’s scientific method is

referred to as "hypothesis (Plan)", "experiment" (Do)–

"evaluation" (Check)”. Shewhart defined this as his

cycle of continual improvement, which was later

modified and used by Deming and, many say, used in

the development of Six Sigma

From a supply chain risk perspective, the importance of continual improvement is made very clear by the side-

by-side comparison of ISO 31000’s and Shewhart’s PDCAA view of the concept of continual improvement

shown in Figure 3, ISO 31000 and PDCAA. All relevant international standards and all emerging industry or

aspect standards will have “continual improvement” as a core and underlying concept.

Figure 2: The Continual Improvement Timeline

Do Act

Plan

Check & Analyze

Commitment

Implement Risk Management

Continually Improve the Risk Framework

vement

Plan the Risk Management Framework

Monitor & Review the

Risk Framework

Commitment

ISO 31000, Risk Management Shewert’s PDCAA

Figure 3: Continual Improvement - ISO 31000 and PDCAA



Define and Adhere to Performance Standards

Complexity

The International Organization for Standardization (ISO) has

developed over 18,500 International Standards on a variety of

subjects and some 1,100 new ISO standards are published

every year.

Figure 4, Key Word Search of ISO Standards, shows the count

of published and under development standards reported from

ISO’s website using terms of relevance to supply chain

professionals. Even allowing for overlap and standards that

are not relevant to various organizations it is a daunting list.

ISO publishes: non-certifiable standards (e.g. ISO 31000:2000,

Risk Management and ISO 26000, Social Responsibility);

certifiable standards by sector (e.g. ISO 22000, Food Safety);

and, certifiable standards by aspect (e.g. ISO 28000, Supply

Chain Security).

There are: guidelines (e.g. Asia-Pacific Economic Cooperation

(APEC) Private Sector Supply Chain Security Guidelines); self-assessment Programs (e.g. BIS Compliance

Criteria: Export Management and Compliance Program); benchmarking tools (Michigan State University and

University of Minnesota, Food supply Chain security); and, government compliance requirements (e.g. C-TPAT

Minimal Security Criteria).

What is important to keep in mind is that overtime and if the standards survive, they all take on the same

general approach and much of the same concepts and content. An example of interest is to compare the

content evolution of the 11 C-TPAT nodal minimum security criteria requirements and the content of the

recent C-TPAT best practice study; it is clear to us that C-TPAT will continue, by design or not, its evolution

toward an ISO-like standard.

If you must develop a corporate-specific standard of performance for, as an example, suppliers, then it makes

logical sense to pattern it after a formal standard.

The Monitoring Process

To balance the complexity, we need to focus on basic commonality.

To which we would add a fourth… the monitoring process.

No standard, guideline, check-list, self-assessment, or compliance criteria require that an independent 3rd-

party audit firm be retained to audit compliance to a standard. This is obviously the case when a standard is

defined as “non-certifiable”; it is the case in all published ISO standards and other industry standards as well.

Figure 4: Key Word Search of ISO Standards



We will not make a case for or against

certification to a standard by an

accredited certification body.

But, as an example, if an organization

wishes to internalize (or outsource)

the process for implementing and

monitoring a supplier compliance

process, there is no need to reinvent

the wheel. The model for such an

application can be taken directly from

that used by the auditors themselves,

which is illustrated in Figure 5, A Basic

Compliance Monitoring Process.

The relevance to us is that a working

model of what and how to do it exists

and implemented versions are

managing millions of “compliance audits” per year.

The Benefits of Continual Process Improvement

Requesting funding to plan a response to plan for an earthquake, followed by a tsunami, followed by nuclear

reactor failures would not have been successful. Nor, most likely, would funding be secured by the threat of

non-quantifiable consequence to unlikely events. Most organizations seem to have a high tolerance for risk.

So, a suggestion is to embrace the policy

compliance to standards as your idea and

“sell” the concept on the basis of

increased profit, reduced risk, and

improved mitigation of the damage

caused by the occurrence of planned for

or unforeseen events

Examples of research results include: 1)

Improved product safety and a 38%

reduction in theft/loss/pilferage; 2)

Improved supply chain visibility and a 50%

increase in access to supply chain data as

well as a 30% increase in timeliness of

shipping information; 3) Resilience and a 30% reduction in problem identification time, response time to

problems, and in problem resolution time.

Figure 5: A Basic Compliance Monitoring Process

Figure 6: The Proven Benefits of Process Improvements



The outcomes presented in Figure 6: The Proven Benefits of Process Improvement are consistent with the

experience that supply chain reengineering initiatives can achieve.vii Process improvement lies at the heart of

building a more cost-effective and resilient supply chain. One can take the perspective that compliance to

standards imposed by external organizations is a waste of time and resources or one can take the perspective

that the organization will, for any number of reasons, seek compliance and it should be embraced and viewed

in the context we understand – continual improvement in the supply chain.

Summary

To repeat, we believe:

1. Linking of compliance to performance standards and supply chain collaboration is a critical operational

goal.

2. Risk management and continual improvement lie at the heart of effective supply chain monitoring and

mitigation.

3. Monitoring compliance is a complex operational issue but one with proven methodologies for implementation.

4. Compliance to standards of performance and supply chain collaboration can save more than it costs; a belief

shared with other supply chain professionals and proven by research.

Whether or not you agree with our basic beliefs, perhaps we can all agree that we need to gain management

understanding and support by a refocus on basic issues… starting from the perspective of brand protection

and increased profit… embracing - not downplaying - the complexity of a global supply chain… focusing on,

understanding, and leveraging the underlying elements of risk analysis and continual improvement…

understanding the overlaps and directions of “guidelines, checklists, best practices, and standards”… designing

compliance requirements that are corporately-relevant and externally-usable… conforming to a proven

process of monitoring compliance to standards.

A big challenge, but supply chain professionals are used to that.

i Bowersox, Donald J., David J. Closs, and M. Bixby Cooper, Supply Chain Logistics Management, McGraw-Hill Irwin, Third Edition, 2010. Chapter 17.

ii Michigan State University (MSU) and Griggs and Associates LLC conducted its Department of Homeland Security (DHS) sponsored research on

global food supply chain security from 2004 through 2007 under a grant awarded by the National Center for Food Protection and Defense (NCFPD).

NCFPD is a DHS Center of Excellence lead by the University of Minnesota. The MSU research study was supported by the U.S. Department of

Homeland Security (Grant number N-00014-04-1-0659), through a grant awarded to the National Center for Food Protection and Defense at the

University of Minnesota. Any opinions, findings, conclusions, or recommendations expressed in this publication are those of the author (s) and do

not represent the policy or position of the Department of Homeland Security. iii Hazard Analysis & Critical Control Points (HACCP). HACCP is a management system in which food safety is addressed through the analysis and

control of biological, chemical, and physical hazards from raw material production, procurement and handling, to manufacturing, distribution and

consumption of the finished product. US Food and Drug Administration. iv ISO 31000 Risk Management- Principles and Guidelines, www.ISO.org, International Organization for Standardization. v ISO 28000 Specifications for Security Management Systems for the Supply Chain. www.ISO.org, International Organization for Standardization.

vi Research by Authors for American Red Cross and DHS, and Zsidisin George A. and Bob Ritchie, Supply Chain Risk- A Handbook of Assessment,

Management, and Performance, Springer, 2008. vii Supply chain reengineering projects and research by the authors and supporting university research.; Helferich, Omar Keith and Robert Cook,

Securing the Supply Chain, Council of Logistics Management, 2002.

http://www.iso.org/

http://www.iso.org/

a sustainable supply chain: 4 things to tell management

Business