Securing Global Supply Chains: Seven Reasons Why "Getting It Done" Is So Hard
We all know that a company's global supply chain is a potent strategic weapon, economically speaking. Unfortunately, it can also be a potentially fatal area of vulnerability. Consider the hundreds of millions of shipping containers that move among the world's seaports-about 80 percent of the world's cargo, which adds up to 5.8 billion tons per year-and you can see that there is a lot of room for error. Cargo could be lost, stolen, or most alarmingly, compromised by terrorists. Two incidents from 2004 underscore this frightening reality.
In early 2004 Italian authorities found a suspected al-Qaeda member inside a sealed container headed for Canada. And in March of 2004, following a double suicide attack in which 10 port workers lost their lives, an Israeli security official at the Ashdod Port discovered a secret compartment in an incoming shipping container that had already passed inspection. Israeli security experts suspected the container was used to smuggle the two suicide bombers into the heavily secured Ashdod Port.
The bottom line, say business advisors Ralph Welborn and Vince Kasten, is that companies must aggressively address this issue. If your company's supply chain is breached and used for a terrorist act, the resulting aftermath could be devastating.
"Securing the global trade lanes is an enormously complex business problem that doesn't admit simple answers," they
write in their book, Get It Done! A Blueprint for Business Execution (Wiley, 2006). "The ports of the United States can't possibly inspect every one of the seven million containers they handle each year, and with 200 million containers shipped globally each year, the ports of the world won't be inspecting 100 percent of their shipments either."
Why companies must secure their supply chains is obvious: as one senior executive of a Fortune 50 company said,
"... if an act of terrorism were committed using one of our containers, we believe it would be a company-ending event." How they should do so is much trickier.
Companies have two often-conflicting objectives: first, to get stuff through their supply chain faster and faster, and second, to do so in a way that is ever more secure. They're faced with a tough question: How do you secure what you can't see?
"One answer to the question of securing what you can't see came via Operation Safe Commerce," says Kasten. "The goal is to make it so hard to put the wrong things into the supply chain that the likelihood of being able to introduce a weapon of mass destruction, a terrorist, or, for that matter, counterfeit consumer goods into a shipping container becomes very small."
While the government is doing its part to protect supply chains, businesses are getting in on the game as well. They are finding that securing a supply chain is a complex, time-consuming task. In the course of their work, Welborn and Kasten have unearthed a wealth of reasons why so many companies have trouble managing the ever increasing tension between agility and security in their supply chains. Here are some of them:
1. What happens at sea, stays at sea. This is the "75 Days, 25 Hands" issue. Companies often find it difficult to monitor their cargo on every leg of the trip. Consider the following real example of a typical inbound supply chain to the U.S., in which men's shirts manufactured in Karachi, Pakistan, take around 75 days to get to a retail store in Ohio. The shirts pass through a number of warehouses, ports, and modes of shipping along the way, on average passing through 25 sets of hands in 75 days. The ship container with these shirts in it was, according to corporate executives, "at sea" from days 40 through 59 with "not much" happening. Makes sense, right? After all, it takes a long time to get from one ocean to another.
In reality, the ship actually docked in the Maldives-not for long, but long enough to pick up some additional cargo from smaller ships passing through. It's common enough for a ship to make a quick stop like this, reflecting the "you scratch my back and I'll scratch yours" attitude of the sea-faring fraternity. But common enough does not equate to secure enough. And it certainly does not meet the requirements of a Fortune 50 company attempting to optimize and secure its supply chain.
"Too many companies simply assume that their supply chains are staying secure throughout the whole journey," says Welborn. "Unfortunately, when making assumptions about your supply chain security, you endanger your employees, port employees, your customers, and the security of your country in the process. And that is unacceptable."
2. The Supply Chain Juggling Act: coordinating people, tracking assets, securing information, and
keeping up with changing regulations. The juggling act was once a lot less complex. A company had stuff to get somewhere and everyone involved had a motivation to get the stuff there as quickly as possible. Today, increased regulations bring new people to the table, people with other objectives than "getting stuff somewhere fast." Their main focus is security, and making all of the necessary security checks can slow down the process. The extra requirement of end-to-end security means more people are paying attention to the process by which the container gets delivered, validated (along with its driver), stuffed, verified, sealed, and documented. That's a lot of coordination-and a lot of friction added to the supply chain.
3. The "what-connects-with-where-when-how-and-how-much" challenge. Inevitably, questions of who is responsible for what, where, when, how, and how much will come up. But often, these questions are impossible to answer even within a firm, much less across firms. This lack of visibility into what really happens-who really does what, where, when, and how they do it-leads to surprises and risks. The point here is simple: The goods, the containers the goods are in, and the trucks, trains, airplanes, and ships that may be used to move the containers are open to disruption at every step along the way. Understanding the interlocking dependencies that your company's future rests on, and making sure that you understand the risk factors and how to mitigate them, is not just a cost issue, it is a survival issue. Vulnerabilities often include:
- Multiple participants and breakpoints: The securing of physical assets and information flow typically involves 25 different entities. At each point, there are many opportunities for security breaches, not only within each entity, but also during the exchange of both physical assets and information.
- Isolated security solutions: Today's infrastructure and solutions have potentially fatal gaps because they are focused on the isolated "nodes" (specific in-transit places) rather than on integrated "in-process places and processes"-which robust and effective security demands.
- Fragmented supply chains: Fatal gaps result from fragmented views of problems and their solutions. Supply chain views are fragmented because they are created one company at a time, with little or no common approach to codifying and sharing between those companies. The days of loosely coupled processes held together by ad hoc information flows are over, as commercial needs and regulatory requirements force more intimate integration of information.
4. Getting to the Green Lane. A one-day delay in border controls generates costs of 0.5 percent of the value of the goods. This increase in transaction costs has a particular impact on agricultural products, textiles, nonmetal minerals, and machinery. Why? Because for these goods, the relative value to weight is particularly low, making them especially vulnerable to any increase in transaction costs. Many security initiatives have been implemented (and are in the process of being implemented in the U.S. and around the world). Green Lane status allows organizations to pass their goods through U.S. customs quickly because they have demonstrable compliance with Customs and Border Patrol (CBP) regulatory requirements.
Crucially, Green Lane status will be a competitive advantage for companies that understand how to proactively work with CBP at all steps along the supply chain to forestall problems early in the 75 Days, 25 Hands process. "It's not easy," says Kasten. "The requirements keep changing-not only in the U.S. but elsewhere as well. This reality necessitates a constant scanning capability and understanding of shifting requirements-and the implications of adhering or not adhering to the changes."
5. Understanding the cost of compliance-and who pays for it. The cost of compliance is difficult to
calculate. Specific security initiatives and their costs change frequently and will continue to change as the nature
of threats evolves and as new technologies become available. The question, Who will bear the cost?, is an obstacle to
global implementation of supply chain security measures. According to Gerald Woolever, a former 35-year veteran of
the U.S. Coast Guard, "The question is creating significant tension between the people in the ports, the carriers and transporters, who don't necessarily want to bear the expense of buying the technology and putting these procedures in place, and the government, which is trying to pass the cost down to the people in the supply chain."
6. The "invisibles," or what you don't know will bite you. It's easy to say: let's redesign our supply chain to make it more cost effective and more responsive to customer, supplier and regulatory needs. But it's not so easy to do. There are many invisible factors and activities that management doesn't know about-and often don't know they don't know-when they kick off these "improvement" initiatives. After all, what are supply chains but sets of activities, workarounds, and exceptions that, over time, have evolved into the ways things get done, including technology "patches," "features," and "modifications" added to support those processes? And many of these things are undocumented, existing only in the heads of your employees-or embedded in the code of the added-to applications. For instance:
- The "exceptions" that have to be handled by, let's say "Betty" and "Michael," because the computer application can't understand them: a signature is illegible, or the customs regulation has changed in Hong Kong and Betty is aware of this and usually handles manually, or the readings of a particular set of RFID tags from a particular vendor requires additional work and only Betty and Michael have dealt with it before.
- The "workarounds," added or new features that were never documented but are now part of the computer application.
- The "we've-always-done-it-this-way-because-it-works-better" activities that only Betty and Michael know about because they've been here for 20 years.
It's these "invisible" things that keep the processes and applications running, yet they're hard to identify when you're making a change-say, when Betty and Michael are no longer with you. "Companies discover these unseen factors after it's too late," says Welborn. "After customers complain, after frustration has exploded, and the gap between what management wants to get done and what actually gets done gets wider and wider."
7. Underestimating the Bull's Eye Effect. In any supply chain, a lot of "stuff" has to get done. Execution involves making sense, then taking action. Making sense of this sprawling, pervasive thing requires understanding (1) processes that can stretch from a factory in Karachi, Pakistan, to a rack of shirts at a retailer in Peoria, Illinois, (2) data making these processes work that passes through, on average, 25 different organizations along the way, and (3) the physical goods that are packed, unpacked, repacked, shipped, stored, inspected, and used multiple times by multiple companies. It also means understanding what parts of the processes and technology support the strategic goals of supply chain efficiency, the goals of security, and the regulations guiding behavior-which are always changing.
Thus, creating a supply chain that works efficiently and securely can be a tall order for many organizations. The challenge, as Trevor Davis, the chief implementation officer of an effort to put a large company back on profitable footing, puts it, "It's like hitting the bull's eye with parallel darts thrown with both hands." And if that's not troublesome enough, if one thing goes wrong, it has a "cascading effect" on other things. If you don't have the right data for a manifest, you don't get the goods loaded on the ship; if you don't get the goods loaded, you don't meet your time deadlines; if you don't meet your time deadlines, you miss the market opportunity. And so on, and so on, and so on. It's like the children's book If You Give a Mouse a Cookie...-but with far less charming results.
With enhanced security come additional responsibilities adding costs and time-precisely those things that supply chains are designed to eliminate. The result? Increasing tension between the need for speed and the requirements for security. How a company balances these tensions will impact its competitive relevance and capability to take advantage of global commerce.
"Blueprint your business processes to get visibility into what's really going on," advises Kasten. "You need to know what connects with what, where, when, how, and how much. There are far too many potential pitfalls and risks as well as real jewels and opportunities for you to not have this type of visibility in your supply chains."
Welborn adds, "Working to bridge the 'execution gap' is no longer optional. It has become a competitive necessity to make sense of the tensions between an agile yet secured supply chain and then to take action to ensure these tensions don't cause problems for your company."
Enhance the Security of Your Supply Chain: Five Ways to Secure What You Can't See
1. Blueprint the processes, technology, and information flows that occur in your supply chains. Like any strategic corporate asset, your supply chains are constant candidates for improvement. They are increasingly under scrutiny by government agencies, and are thus subject to regulatory oversight and, more disruptively, changes as new regulations are introduced. Here's what Blueprinting can do for you:
- Demonstrate regulatory compliance easily, as there are no hidden processes or rules that require explanation.
- More easily mobilize specific expertise-e.g., experts in container security or information security, or optimization of a particular software package-into improving the supply chain, as they can apply their expertise to easily digestible models rather than having to wade through the discovery process.
- Make changes to process technology much more quickly and at lower costs, as interrelationships are completely visible.
Blueprinting provides leverage in rapid execution of change, and helps by bringing many complex supply chains into compliance with regulatory requirements. Remember, changes to optimize a supply chain may impact its security. Those changes may create inefficiencies. A Blueprint makes it possible to model proposed changes and to assess the impact on those changes before investing substantial resources in implementation. Blueprinting, with simulation, ensures that these implications are understood, and that outcomes happen by design, not as an unpleasant surprise.
2. Create visibility in the supply chain. You can't expect everyone in your supply chains to adopt Blueprinting and apply it to their role. What you can do is use your understanding of how your supply chains work to expose gaps and dependencies in business processes, technology, and infrastructure and to demonstrate the places where improvements will benefit all members of the supply chain. Exposing the actual operations at each step of the supply chain shows each party how their individual business creates value in the different chains each is involved with. A freight forwarder in Maldives, after all, handles containers for supply chains that terminate at many different companies in different countries. A requirement for secure commerce from its U.S. customers may look at first like extra cost and headache, but evaluated in a Business Blueprint that captures the relationships between business goals, processes, and technology, it may well turn out to be a value-added service that the Maldives forwarder can offer to other clients at a premium, and use as a differentiator in his own market. At the very least, the Blueprint exposes the actual process and technology that belongs specifically to that part of the supply chain, and gives a tangible, objective model for understanding and dividing up cost of compliance.
3. Understand the cost of compliance, where it comes from, and who pays for it. The cost of compliance is difficult to calculate, and the question Who will bear the cost? is an obstacle to global implementation of supply chain security measures. The specific security initiatives and their costs of compliance change frequently. As the nature of threats evolves, they will continue to change. As new technologies become available, they create significant tension between people who don't necessarily want to bear the expense of buying new technology and modifying their procedures, the government, and companies whose very existence hangs on the security of their supply chains. Shared visibility in the components of the supply chain with Blueprints expose the business objectives of each member of the supply chain, show processes that are common to multiple members of the chain, and critically show where and how regulatory compliance impacts the chain. While this visibility won't determine who pays for compliance, the shared understanding created by the Blueprint can help guide negotiations between parties who have shared goals.
4. Make visible what is invisible through "experiential workshops." It's the unseen little things (the things you don't know about your supply chains) that create the biggest problems-the exceptions, the workarounds, the embedded business logic in applications that were added in over time in response to customer changes and supply chain partner behaviors. These are the tiny grains of sand that make the shellfish inedible. You must identify these little things, so critical to your big things, to be able to bridge the gap between what management wants to do and what happens operationally. "Experiential workshops" dig quickly but deeply into 1) your objectives, 2) your requirements, 3) your understanding of what happens in specific areas, and 4) your near-invisible workaround, exceptions and "embedded activities, tools, and applications" that are the real muscles and sinews, which determine what really happens, and how effectively. These workshops help you identify and understand the "experience" of all parts of the supply chain involved: people, processes, assets, and technology. Not only will they help you avert disaster, they may help you turn the "invisible sand" in your processes into a pearl.
5. Understand implications and opportunities for getting to Green Lane status. Green Lane status will be given to supply chains that can demonstrate their compliance with Customs & Border Patrol (CBP) regulatory requirements. Crucially, Green Lane status will be a competitive advantage for companies that understand how to proactively work with CBP at all steps along the supply chain to forestall problems in the supply chain early in the 75 Days, 25 Hands process. Visibility through Blueprinting gives companies the information they need to clearly and safely describe how they are safeguarding the supply chain, and therefore why they deserve to maintain Green Lane status. As the requirements of Green Lane change-and they will for a number of reasons, such as an evolving understanding of what's needed, new technologies, and the ever-changing nature of risks in different parts of the globe-visibility puts companies in the position to evaluate the impact of change and respond quickly and predictably. Finally, by codifying supply chain processes and technology in a Business Blueprint, companies can identify unambiguously those places where their processes must work with (or in some cases can supplant) corresponding CBP processes. This knowledge will put Green Lane status more firmly in their own hands.
About the Authors
Ralph Welborn, Ph.D., and Vince Kasten have nearly 40 years of combined experience focused on business transformation,
performance analysis, collaborative strategies, business and IT partnership, systems integration and management, and
solution deployment. Welborn and Kasten also co-authored The Jericho Principle: How Companies Use Strategic
Collaboration to Find New Sources of Value and Get It Done! A Blueprint for Business Execution, as well as a number of articles on different business and technology topics.
Ralph is managing partner of the Unisys Business Transformation team and is responsible for thought leadership, business transformation, and the roll-out of Unisys 3D-Visible Enterprise and 3D Blueprinting capabilities with key clients. He is formerly Senior Vice President of Global Solutions and Strategy at BearingPoint, among other places. He has published many papers and articles as well as led or participated in numerous workshops, seminars, and talks around the world with business and technology leaders.
Vince is managing partner of the North America Business Transformation team that oversees global development and deployment of business transformation capabilities enabled by Unisys 3D Blueprinting. He is formerly Managing Director of Systems Integration and Strategy at BearingPoint, among other places. He has published more than 50 papers and articles on numerous business management subjects.
© Copyright ©2006 Rocks-DeHart Public Relations. All rights reserved.