Building Supply Chain ResilienceThe disruptive and violent Jat protests have demonstrated the power of masses to disrupt businesses, and peoples' lives in towns and cities; as well as threaten the safety and security of those nearby. As quoted by the Industry chamber Assocham, Haryana alone has reportedly suffered Rs 20,000 crore loss to public and private property, suspending trade, industry, small business and transport. India's biggest car manufacturer Maruti Suzuki had to suspend production at its Manesar and Gurgaon facilities (which produced 5000 vehicles daily) in Haryana after the protests disrupted the supply of some components. The carmaker is likely to have incurred a loss of 10,000 cars over a period of 2 days.
Retailers are at the end of a complex network of supply chains, exposing them to a wide variety of risks. Further, the retailers' suppliers are themselves dependent on their supply chains. A business disruption in a secondary supply chain can have an appalling effect for a retailer. It is therefore, imperative for businesses to understand all the dependencies of their key supply chain, and the effect that the inability of a supplier's supplier to meet its obligations would have.
Traditionally, organizations have majorly focused on the likelihood of major disasters, such as terrorism, localized fire, floods, earthquakes, workplace violence etc. while developing a business continuity plan. The latest civil unrest in Haryana should drive businesses to redefine what they consider as risk. The destructive and disgraceful actions of the protestors have taught us that that we should not only assess the convention major incidents impacting business operations, but also more customary issues that can often be overlooked but may have a significant disruptive, operational and financial impact.
The conventional BCP approach focuses on identification of business processes and activities that contribute significantly in achieving the organization's business objectives; a concept which must be revamped to also reflect relationships with other processes which if impacted, would have a direct impact on the organization's ability to meet its legal, financial, customer and stakeholder obligations. Once this concept is integrated into the existing management system, the end result should be a significant improvement in the ability of the organization to respond to disruptive events.
For the purpose of a business's BCP, all key suppliers and the business's dependencies and requirements must be identified. It is noteworthy to mention here that the business's supplier's BCP would be aligned to its own objectives, and not to those of the business in question; which implies that a business should have the assurance that the BCP plans of its suppliers would be good enough to minimise disruption to the business's operations as well. For this, it is integral to include BCM discussions in the procurement process, where supplier's BCPs should also be evaluated as part of the qualifying questionnaire; because in principal, a business cannot outsource the responsibility of its own BCP.
"Force Majeure" events (sometimes referred to as "Acts of God" or "unforeseeable events") are often the conventional clauses included in contracts with suppliers which excuse them from fulfilling their obligations in the event such incidents do occur. However, it should be noted that the "unforeseen" events covered in these clauses are often the ones having a low probability and a high impact. Being more specific in the contract, in terms of the excluded events and recovery from them could imply that your business gets prioritised while others remain with the regular standard approach.
Expecting BCM from suppliers should not be seen as a project extension or add-on. It is integral to the business's and its supplier's operational capability to deliver products to the customers; a rational expectation to garner the confidence of stakeholders, staff and customers; and prepare to perform in a manner that justifies that confidence, should the worst materialise.
With inputs from Sachnoor who is a Senior Consultant-Advisory Services at Ernst & Young.
Guest Author
A practice leader who owns the P&L of Cyber Security, North India which includes leading the teams in both selling and then executing engagements in the areas on risk management, information technology governance and value with clients across industry verticals. Key areas of responsibilities include top line and bottom line growth, engagement and project management, team building, and practice management.