Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Supply chain management and business continuity

A checklist of items to consider in order to effectively introduce business continuity management into a SCM system.

By R. Andrew Fernandes – P. Mgr, MBCI, CBCP

“All around the mulberry bush
The monkey chased the weasel;
The monkey thought 'twas all in fun,
Pop! Goes the weasel.”

I am certain that many of you can remember or can even hum this nursery rhyme. Its historical origin was Great Britain, where it has been played as a children’s game since at least the late 19th century.

The game is played to the first verse quoted above. Several rings of children are formed and they dance around as the verse is sung. One more players than the number of rings are designated as the ‘weasels’. When the ‘pop goes the weasel’ line is reached they have to rush to a new ring before anyone else can. The one that fails is eliminated and the number of circles is reduced by one until there is only one weasel left.

So you may be scratching your head right now and wondering, “What has this nursery rhyme got anything to do with business continuity?”

Well, let me introduce you to the second verse of the nursery rhyme:

A penny for a spool of thread,
A penny for a needle —
That's the way the money goes,
Pop! Goes the weasel.

In today’s 21st century, in order to achieve operational efficiency we have long been watching our pennies and moving our players all around the circle, leaving only those standing that can best manage and serve us: and then starts the game of “pop goes the weasel”!

Welcome to the world of supply chain and business continuity management! Let me explain to you how to identify your supply chain dependencies without having to pop all your weasels!

Almost a decade ago Y2K was, in my opinion, the starting point of a shift in attitudes to supply chain continuity.

The Y2K bug was a panic button for the whole finance industry. The bug not only existed in computer software but it also existed in the firmware being used in the computer hardware. In general this bug threatened all the major industries including utilities, banking, manufacturing, telecom, airlines.

So what was the fix? The computer and system application companies came out with year 2000 compliant operating systems and system software.

Companies around the world spent billions of dollars to go through their entire application source code to look for the Y2K bug and fix it.

However, the cost could have been billions more; if the sourcing work was not ‘outsourced’ to countries which have cheaper labor costs. This was the start of the awareness factor, where major industries realized: “Hmm, if we could do this with a one off requirement, can we do with our regular operational processes and activities?”

Which brings me to the definition of supply chain management. It is the management of a network of interconnected businesses involved in the ultimate provision of product and service packages required by end customers (Harland, 1996).

Supply chain management (SCM) spans all movement and storage of raw materials, work-in-process inventory, and finished goods from point of origin to point of consumption

Over the last decade, corporations in all industries have matured from operational cost cutting to truly mastering the art of supply chain management. But in the process, of doing so, it leaves a question unanswered: “Does supply chain management ensure operational resiliency which in turn can ensure continuity of operations, aka business continuity?”

As we enter the second decade of the new century, let me give you some pointers on how to work towards achieving continuity of operations as the game of pop goes the weasel carries on.

In order to drive my message home, I am going to inject a few six sigma acronyms along with some common business continuity acronyms in the mix below:

VOC – Voice of the Customer
One of the fundamental problems is that whilst we outsource, we tend to forget what the needs of the customer are. What does the customer really care about? Is it price point, delivery, or quality? Some of each? Or all of them? At the end of the day, it is key to remember that it is the VOC that drives your business needs, not the other way around!

DPO- Defects per Opportunity
In today’s outsourcing world many organizations have become almost immune to customer needs. The level of customer satisfaction varies from industry to industry. Take for example the aviation industry – does on time departure mean moving away from the gate, or does it mean when you are on the runaway or when you are actually in the air? Who defines it? Ask the airline- they will tell you one definition; ask the customer, they will tell you another!

The following statement needs to be tied in to the VOC: EVERY time you touch a customer you have the opportunity to satisfy or to create a ‘defect’.  In order to achieve Six Sigma it states that you must have only 0.00034 defects per 100 opportunities, (which equates to 99.99966% perfection). However sadly most organizations today are struggling to achieve even a 90 percent perfection rate.

BCM- Business Continuity Management
Sounds simple, right? Wrong! Remember you are looking to achieve operational efficiency, which in simple terms, means cutting costs! Your vendors, who are part of your supply chain management, have the same goal in mind – so the question that you have to ask yourself, after determining the VOC, is: if something does go wrong where would the broken link in your supply chain management be? Can you fix it? Or is it someone else’s management problem? But sssh, listen again to the tiny little voice... where is the final impact going to be, who is going to suffer if there is a downtime?  The answer will determine what steps you should take in the next few items outlined below:

Vendor management
Based on your organization’s interpretation of the VOC, your selection of vendors to support your supply chain management model is critical.
From a business continuity standpoint, you may not be able to influence the vendor selection process; however you can play a role to ensure that the vendors that are in the mix have a business continuity management program in place that meets your requirements.

The depth of BCM program will depend on the level of criticality of each vendor to your operations. Some will need to be more stringent that others, but the baseline must be in place: plans, redirection strategy, proof of testing, and annual validation.

It is critical to remember that whatever the level of operational efficiency you achieve, the bottom line is that when the supply chain link gets ‘broken’ it is your brand that will be the one that will be impacted, not the vendor’s.

5W – Ask the 5W questions!
is the driving force within your organization to ensure continuity of operations?

What is your vendor’s short term and long term objective? This is critical if you want to build a long term partnership in order to support the business continuity management program

Where does the vendor have additional untapped potential that your organization can leverage as part of your long term objectives?

When can the vendor trigger their plan, and how capable are they of executing it?

Why would the vendor support your organization in the event that they have a business interruption?

The validation of the 5Ws, along with the selection of the vendors is a critical component to kick-start your vendor business continuity management program.

Define-Measure-Analyze-Design–Verify your business continuity recovery plan.

The key to any successful business continuity program is the ability to be able to DMADV it:

Define – the requirements. This becomes especially critical when dealing with supply chain management. At the minimum the plan must be able to capture the following:
* Incident Assessment & Escalation Contacts – between vendors and your organization;
* Defined timelines for escalation if the incident cannot be contained;
* Defined ‘trigger levels’ for escalation’ – and associated steps based on timelines;
* Defined strategy for a short term and long term outage;
* Defined plan of action for the short term and long term outage;
* Any critical gaps identified which need to be worked on – short term and long term.

Measure – in scope/out of scope
* The documentation strategy will need to be practical;
* The trigger levels will need to be executable;
* Therefore, don’t be afraid to call out what is not feasible and what cannot happen.
* Remember that if a vendor tells you that it can redirect 100 percent of your current capability to another plant within seven days, that will probably not be true for the following reasons:
- The other plant will already be running at close to 100 percent capacity;
- The lines that are in there will probably be dedicated to customers who are probably your competitors, who will more than likely not give up capacity in order to accommodate your shortfall.

Analyze – test
* No documentation becomes a plan until it is tested in some shape or form;
* Testing can be done either by proof of concept testing or full blown end to end testing;
* The level of testing is typically driven by mutual consensus and based on impact to both vendors and your organization;
* Bottom line – never let your documentation strategy remain a documentation strategy: test, kick the tires and make sure your business continuity engine can run cleanly, not splutter along!

Design – for the future
* Don’t let your testing be a ‘once per product per lifetime’ testing;
* Remember, as you continually change your needs and your product lines, so do your vendors.
* You and your vendor will never know your vendor’s true capability until by mutual consensus you agree to at least a defined scope of repeated annual testing.

Verify – and plan for changes, variations
* Control frequent uncalled changed in your production environment;
* As the level of business continuity increases, reduce the level of planned testing.

MoT- Material/Output/Target
Material- Who has control over the same? If your vendor is manufacturing the whole product, do you really need to spend cycles on inventory management?

Output – output needs to be consistent in order for your SCM to work. If you keep changing your product spec, then how can your output be consistent?

Target – if the goods are being shipped directly from point of production to customer, then it is important that your customer receives the goods as they expect them.  Remember it is all about your brand reputation!

From a business continuity standpoint, your organization needs to ensure that your vendor’s BCM has identified their critical dependencies, has identified their business redirection strategy and has a ramp-up capability, in case the primary capability goes down.

The Pareto Rule
20 percent of the vendors cause 80 percent of the problem: the Pareto rule.

Invariably in your supply chain management, you will find that despite your best efforts there will always be an ‘Achilles heel’.  You have two choices – shift the problem or fix the source.

Shifting the problem will resulting in a band-aid fix, and is a reactive knee jerk measure that will only cause short term relief – almost like using cold water on an inflamed joint !

So what does your organization need to do as part of your business continuity management? Very early in the process, you will identify those vendors who will not comply or who give the impression of ‘lip service’ . At that stage you have a series of choices you can work through:

* Work with your operational team to leverage the orders as a bait to ‘encourage active cooperation in the business continuity process;
* Use active partnership modeling techniques, including the incentive that what vendors learn is what they can use for the future;
* If all fails, revisit potential orders when due and use that as the ‘carrot and stick’ alternative.

Contract Management
Sure you have contracts to manage SLA (Service Level Agreements) for operational agreements but do you have contract protection for business interruption and readiness?

* Remote suppliers, original design manufacturers and key vendors should have the same level of business continuity readiness that your company maintains internally.

* Incorporate stringent business continuity language in your supplier contracts or renegotiate existing agreements to include such language. 

* Key terms of a business continuity provision can include the vendor’s timeline for recovery, the ability to recover 100 percent of your production volumes within a reasonable timeframe and, most importantly, the ability for you to validate your vendor’s capabilities and capacity to execute the plan this as part of an established testing protocol.

If your organization works towards some or all of the above, then it will not be left rushing to find a new ring, if all goes wrong.

In closing, I will now leave you with the third verse of the rhyme:

Jimmy's got the whooping cough
And Timmy's got the measles
That's the way the story goes
Pop! Goes the weasel.

Andrew Fernandes is a certified business continuity practitioner with 10+ year’s hands-on experience in business continuity and process improvements. He leads the Dell Inc, Global BCRP Program Management Office. Andrew_Fernandes@Dell.com

•Date: 16th March 2011 • Region: US/World •Type: Article •Topic: BC general

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here