Excerpt

Introduction

WHETHER YOUR BUSINESS is large or small,

whether your company manufactures printed circuit

boards or plastic molding machines or sells

handbags or lawn furniture, it is not unreasonable

to expect that there is a crisis looming some time in its future.

The reality is that no business or industry is immune from

crisis. While our tendency is to think about major disasters that

create havoc and impact whole communities—such as earthquakes,

hurricanes, fl oods, or severe winter storms—for most

businesses, the disaster is more likely to be on a smaller scale.

For most businesses, disaster can come from an event that may

not generate headlines, such as a water main break in the immediate

area, a fi re confi ned to a small section of their business,

or the failure of their IT systems.

And though we tend to think in terms of environmental

disruptions, such as natural catastrophes or pandemics, we

must also consider social disruptions (strikes, sabotage), technical

disruptions (a breakdown of equipment, loss of a key skilled

staff member), political disruptions (terrorist attacks, civil unrest,

nationalization), legal disruptions (legal shutdowns, injunctions),

and economic disruptions (supplier failure, exchange

rate fl uctuations, takeovers).

Just as it is not possible to totally prevent most disasters

and disruptions, it is not realistic to assume that they will

happen to other organizations but not to yours. Being prepared

when the things that “can never happen here” do happen is just

plain good business. Failure to plan for such events can lead

to supply chain disruptions that can devastate company performance,

damage profi tability and stock prices, and result in irreparable

harm to the organization. The consequences can also

result in cascading damage to every business and organization

relying on the timely receipt of your goods or services that enable

them to continue meeting their customers’ needs in order

to generate revenue and protect their bottom line. Who wants

to stand in front of a board of directors, senior executives, or a

major customer in the wake of unsuccessful attempts to restore

critical operations following a disaster? Who wants to respond

to their queries about why the threat went undetected, why an

identifi ed risk was not eliminated or mitigated, or why strategies

were not in place to enable the organization to get back on its

feet quickly?

The Effects of a Disaster

In today’s global economy, the effects of a disaster can be

more than just local; its impact can reach across country borders

and oceans. In 1995, a magnitude 7.2 earthquake struck

Kobe, Japan, resulting in 5,100 deaths and devastating physical

destruction. Following the earthquake, all area steel mills were

shut down and many other businesses became nonoperational

as a result of water and gas outages. Secondary business and

supply chain interruptions were extensive. Kobe was Japan’s

biggest international trade hub and a major production and logistics

center, with approximately 30 percent of Japan’s shipping

passing through it. Even businesses with no direct physical impact

suffered because of damage to the utilities, port, railroads,

and roads. Production was impossible, and shipments in or out

were diffi cult to unachievable. When Sumitomo’s Metal Industries

Ltd.—the sole source of brake shoes for Toyota—closed

its plant in nearby Osaka, most of Toyota’s plants in other parts

of Japan closed as well. For companies like Toyota that used a

just- in- time (JIT) inventory management system and relied on

frequent shipments of parts and materials, there was little available

inventory on hand, leading to an interruption of production.

According to published estimates, Toyota lost $200 million

in revenue. Moreover, the disaster cascaded and caused supply

chain interruptions for businesses in other parts of the world,

including U.S. companies IBM and Apple, which relied on displays

produced in Kobe.

Even a seemingly relatively small emergency can result in

a large business disruption. In 2000, a Phillips microchip manufacturing

plant in New Mexico was struck by lightning, creating

a small fi re. Though quickly extinguished, the fi re caused contamination

in the sterile manufacturing facility, contaminated

millions of chips, and halted the chip- making process. The

company’s two primary customers were the two largest mobile

phone companies in Europe, which used chips manufactured at

the plant in cellular telephones. One of the companies, Nokia,

became immediately aware of the disruption in chip deliveries

and acted quickly, working closely with the chip manufacturer.

Nokia arranged to purchase chips from another of its primary

supplier’s plants as well as other alternative sources, quickly tying

up the spare capacity. Some phone models were even reengineered

to allow the use of chips from yet other suppliers.

With pre- disaster plans in place, Nokia was able to continue to

assemble and distribute its products and gain a greater market

share. On the other hand, Ericsson—the other mobile phone

company affected—purchased all its microchips parts from the

single source to simplify its supply chain. Ericsson did not respond

quickly enough, had no supply chain continuity plan in

place to obtain the chips, already in short supply, from another

source; and suffered a lengthy and costly disruption in its assembly

and distribution processes. The resulting inability to

launch new products, loss of market share, and fi nancial losses

in the hundreds of millions of dollars made it necessary for

Erics son to merge with another company just to survive. The

overall outcome was a permanent shift in the balance of power

between the two electronics giants.

Mishaps such as technological failures—even those that

occur outside the organization—can become an inherited disaster.

When a major power outage started shortly after 4:00 P.M.

EDT on Thursday, August 14, 2003, within three minutes, twentyone

power plants shut down, impacting eight states—including

New York, New Jersey, Ohio, Michigan, Connecticut, and Pennsylvania—

and parts of Canada, including Ontario. Estimates of

the total cost of the blackout have ranged from $4 billion to $10

billion in lost income to workers and investors, extra costs to

government agencies, repair costs to the impacted utilities, and

costs for lost or spoiled food and other commodities.

Consider what a similar power outage would mean for

your organization. Approximately one- fourth of the businesses

hit by the outage reported that their resulting losses were more

than $40,000 per hour of resulting downtime, and some indicated

they lost more than $1 million each hour there was no

power. Some companies reported that the outage disrupted deliveries

from suppliers and deliveries to customers. In Michigan,

cascading consequences were reported even outside the blackedout

area as a result of delayed and extended delivery times for

parts and materials, particularly disrupting for manufacturing

operations with JIT scheduling.

Taking the Necessary Steps

In managing risk, there are three fundamental truths:

1. Only a working crystal ball would enable us to predict all

the risks that our organization might face in the future.

2. We cannot fully control risks.

3. By developing and maintaining an enterprise- wide business

continuity program that includes all internal and external

components of the supply chain, we can prepare to manage

risks in order to continue meeting stakeholder expectations

when disasters occur.

If we can agree that disasters are inevitable, it would

seem logical that we must also agree that it is wise to take the

necessary steps to manage our risks to the extent possible and

to reduce the effects of disruptions through planning and preparedness.

In my work with clients, I have undertaken the mission of

integrating the internal and external supply chain links in continuity

planning, and it has often been a hard sell. Fortunately,

that is changing as there has been a realization that the supply

chain from procurement through delivery is the revenue source

for most companies and is directly tied to cash fl ow, profi tability,

growth, and the related intangibles such as protection of the

brand, customer trust, and stakeholder confi dence.

There is a growing awareness that a disaster that impacts

the supply chain is a disaster for the entire company. Incidents

affecting the supply chain were often overlooked in earlier business

continuity planning, but this is changing. One indication of

the increasing realization of the vulnerability of today’s supply

chains and the importance of fully including the supply chain

in all aspects of risk management, including business continuity,

came at the Institute for Supply Management (ISM)’s 95th

Annual International Supply Management Conference and Educational

Exhibit, held in April 2010. The conference included a

risk management track with daily workshops focused on connecting

risk management to supply chain management. In addition,

the four- day event offered two half- day sessions dedicated

to business continuity and the supply chain.

I have specialized in business continuity, disaster recovery,

and emergency management consulting for twenty years.

I have been a Certifi ed Business Continuity Professional with

the Disaster Continuity Institute since 1998 and a fellow of the

Business Continuity Institute since 2002. I’ve worked with utility

companies, luxury fashion goods companies, a hot sauce

manufacturer, a PVC pipe manufacturer, a division of a car

manufacturer, and government agencies, among other organizations.

I’ve watched as business continuity has matured to become

what it is today, and I have witnessed what works—and

what doesn’t—when developing and maintaining a successful

continuity program. In A Supply Chain Management Guide to

Business Continuity, I want to pass along my lessons learned by

providing a resource for all those who want to better manage

supply chain risks. I would also like to raise awareness of the importance

of business continuity planning as an enterprise- wide

issue that must include the supply chain to fulfi ll its purpose.

My goal is to provide an easy-to-read, easy-to-understand

book that focuses on supply chain business continuity within the

framework of an overall business continuity program. While the

terminology used is corporate- centric, the principles and planning

methods can be applied in all types of organizations, large

and small, including not- for- profi ts and government agencies.