Bob Trebilcock: Welcome to The Rebound where we'll explore the issues facing supply chain managers as our industry gets back up and running in a post-COVID world. This podcast is hosted by Abe Ashkenazi, CEO of the Association for Supply Chain Management and Bob Trebilcock, editorial director of Supply Chain Management Review. Remember that Abe and Bob welcome your comments. Now to today's episode. Welcome to today's episode of The Rebound: Resilient by Design. I'm Bob Trebilcock. 

Abe Eshkenazi: I'm Abe Eshkenazi. 

Bob: Joining us today is Joseph Fiksel. Joseph is a professor emeritus at the Ohio State University and among other things, an expert in enterprise risk management and supply chain sustainability and resilience. Joseph, welcome. 

Joseph Fiksel: Thank you. It's a pleasure to join you both. 

Bob: We're thrilled to have you here. If COVID has taught us anything, it's the wisdom of that old saying about the folly of best laid plans. Now, many companies discovered that their risk management playbooks or just as important, their suppliers' risk management playbooks had never contemplated the disruption that would hobble economies around the world. Then he also discovered something else, managing against risk is perhaps not as important as an organization's ability to recover from a disruption. Well, that's called resilience. 

Resilience is certainly top of mind at the Association for Supply Chain Management, Abe's organization, which has developed the resilience supply chain benchmark with The Economist. It's also a topic Joseph has been researching and writing about for years. In fact, the title of this podcast was adapted from a book he published in 2015, "Resilient by Design: Creating Businesses that Adapt and Flourish in a Changing World." That's what we're going to talk about today. Joseph, this is a big and weighty topic. Let's start with a really basic question. You developed something called the supply chain resilience, assessment and management, or SCRAM, as you think about it, what is resilience and how does it differ from traditional risk management? 

Joseph: Thanks, Bob. Before I joined Ohio State, I was in the consulting world working on risk, sustainability and life cycle management. I perceived there was a disconnect between the need for long-term thinking and the constant crises that companies were experiencing. That's why we started the Center for Resilience at Ohio State. Traditional risk management has been in the past a logical linear approach where companies identify risks, they try to estimate their likelihoods and so forth, how much damage they might do. Then they try to control those risks that seem out of line. All of which seems very practical, but it doesn't work well in a world of emerging risks, which are very hard to identify, let alone to quantify, especially the rare events, high impact events, like a Fukushima disaster or the pandemic, for example. We define resilience as the capacity to survive, adapt and flourish in a world that's full of turbulence and uncertainty. 

Abe: Joseph. Traditionally, this has been a responsibility for supply chain and senior leadership for decades. This is not new risk management or responding to disruptions. What's different today than back in 2015 when you first wrote your book about this, what are we facing today that's changing the face of risk management and resiliency? 

Joseph: Well, the face of risk management started to change even before 2020, even back in 2015 we were looking at a world where there were many unforeseen events. Some people use the term black swans, a black swan is something that you never thought could possibly happen until it does. For example, we had a volcano in Iceland that shut down all the air traffic in Europe. Risk management works for the commonplace risks that we understand well, where we have a body of data that allows us to estimate the likelihood of risks and so forth, but it doesn't work well for these remote low probability events. 

Those are usually the most damaging, the ones we worry about the most natural disasters, pandemics things like cyber attacks, even political shifts, or even sometimes human error could trigger a cascade of events that affects companies and supply chains all over the world. This is the new normal, it's a different business landscape than we had back in the late 20th century, which is when the risk management approach was first developed. I think Yogi Berra was the one who said the future ain't what it used to be, right? Today, supply chains have very little warning and very little control over these distant events that could influence them tremendously, the need for a single part or a single material input can disrupt a supply chain if it's not available. 

To us, resilience means, first of all, being able to bounce back quickly from an unforeseen disaster or disruption of this sort, that's the short-term meaning and then longer term, it means bouncing forward, trying to think about what did we learn from this experience? How do we need to re-change or to reconfigure our supply chain? What strategies should we use to manage the business and to adapt to this new normal? 

Bob: Joseph, one of the ideas you've written about and that we talked, I found pretty interesting when we talked about it the other day was that companies can cultivate resilience by understanding their vulnerabilities and then by developing capabilities to build resilience. Vulnerabilities, capabilities, walk us through what you mean by that. 

Joseph: I'd be glad to, this refers to the SCRAM approach, which I mentioned earlier, supply chain, resilience, assessment and management, Bob referred to that, the vulnerabilities and the capabilities are part of that scheme for resilience assessment. Vulnerabilities are basically forces in the business environment that generate risk. These include things like turbulence and prices, disruptions of supply, natural disasters et cetera, but there are also other pressures such as strikes, liability pressures, regulatory pressures, things like resource limits, lack of water or energy and so forth. There are a lot of forces that can create a risky environment, and that can result in disruptions. 

Those vulnerabilities are hard to change because unless you exit the business, you're faced with those. Now capabilities are things that you can control. A company has the ability to develop capabilities that counteract those vulnerabilities. One example is flexibility in supply chain management, including flexible sourcing, having different suppliers in different regions, things like dispersion of assets, having multiple plants that can produce the same product. If one plant goes down, you have an alternative things like collaboration with suppliers and customers to get better information and get early warnings if there are disruptions, now these capabilities all come at a cost. 

Some of them are not so costly. Like collaboration is probably not a huge cost. On the other hand, building new assets or reconfiguring the supply chain may involve significant costs. One has to look at resilience from the point of view of, are we balanced in our portfolio of capabilities? Do we have the right set of capabilities to match our vulnerabilities? If we invest too much in avoiding risks in building capabilities, we may erode our profits. On the other hand, if we invest too little, we may be exposing ourselves to undue risks. That's why these vulnerabilities and capabilities are kind of the key factors that help us to understand how to build that portfolio. 

Abe: Joseph, let me dig into an area that you brought up a couple of moments ago, and that was the impact of a part from a supplier or a tier three, tier four disruption causing major disruption for an organization. We did a study with Morgan Swink that identified one of the activities organizations undertook was to pay their suppliers, their tier one suppliers faster, to ensure that they had consistency of supply. From your research, have you identified three or four hallmarks for organizations that have demonstrated resiliency? 

Joseph: Absolutely. One of the first in fact is what you mentioned. It's thinking globally, taking a systems view of the supply chain, going beyond the tier one, the tier one suppliers are the ones that you communicate with on a daily basis, but they have their own set of suppliers. The network can get pretty complex, especially for assembly firms, such as aircraft firms. To adopt a mindset of agility and resilience, they need to think about these hidden factors beyond the immediate supply chain that they're in contact with all the way to the primary sources of the materials and parts that they're using. 

Another important hallmark is the ability of a company to rapidly deploy new concepts and analytic tools. This requires a motivated workforce. We don't want people who are wedded to doing things over and over the same way, willingness to change and willingness to learn and adopt new tools. That takes leadership. We can talk about that later. Another important hallmark is having strong collaborative relationships, which I mentioned earlier with supply chain partners and making sure that they also have the same understanding and awareness of how important it is to be resilient. 

I also want to mention that successful companies have found a way to align resilience with their other business imperatives. The best thing to do is to have resilience inherent in your supply chain, built in to the DNA and thus it will be aligned with shareholder value because you'll always be thinking about how do these investments influence my profitability, brand image, and other aspects of success. One example of that is circularity, the ability to essentially eliminate waste in the supply chain by recovering and reusing spent products. That often serves to reduce the risk of disruptions and brings the supply chain closer because you're intending to use a lot more local sources. 

Bob: Joseph, as a company begins this journey, how does it focus its time and energy in the right places so that it develops the right capabilities, or maybe another way to think of it is that it doesn't spend time developing the wrong capabilities? 

Joseph: That's a great question. Typically, what we suggest is that you start with the vulnerabilities. Think about, what are the greatest vulnerabilities of concern? This is different from risk identification because when you're talking about risks, you're talking about actual events, to try to identify events that could occur. The vulnerabilities are more fundamental, they basically represent areas where there's a potential for events to occur. You don't exactly know what those events will be, you just know that you have some exposure. 

We talked about this a little before, like regulatory exposure, competitive threats, such as new technologies, of course, all of the climate change issues, which are changing both the natural environment and the economic environment. Where some companies are finding they have new opportunities, and maybe the old markets are disappearing. The pandemic is a great example of that. I think it represents a step-change for a lot of supply chains, for example, moving more towards delivery product to homes rather than retail-based sales, and all changes that we can think about. 

After you look at the vulnerabilities, then you can start to think about capabilities. Part of our assessment method is to determine what are the strongest capabilities and what are the weakest, and where are the gaps between the key capabilities that are needed to address a vulnerability. We have a methodology for identifying those gaps. The gap might be in terms of visibility, maybe you don't have good information about where your products are at any one time. 

Visibility is a capability that can be built up using information technology, and collaborative relationships. Another example is anticipation, maybe company could do a better job in projecting possible scenarios of disruption instead of waiting for things to happen. Maybe they can learn from things that have happened to competitors, or to similar industries. It doesn't mean necessarily predicting, but at least anticipating possible scenarios and being prepared for those. 

Then once you've identified those gaps, you think about well, are there some key capabilities that will address multiple gaps? Ideally, we'd like to find the strategic changes that will reduce our risk of disruption from many different causes. I mentioned dispersion, that's a good example, because dispersion protects you from events that could occur locally, even though you don't know what those events are exactly. Whether it's a labor strike, or whether it's an industrial accident, having multiple plants with replication of capabilities can help to keep the supply chain moving. I mentioned before the final consideration here is, do you have a balanced portfolio? Are we over-investing in resilience, or are we exposed to risk? 

Abe: Joseph, really wonderful suggestions for organizations to think about what the things they can do to propel their organization forward, as organizations develop or adopt this resiliency mindset. You talked a little bit before about the staff or the competency issue for leadership, having the right individuals with the right competency to discern data and make the decisions. What are the hurdles that you've seen to adoption for organizations beyond, you know, obviously, the leadership and you need the competent staff? What other hurdles are there? 

Joseph: Absolutely, there are a number of hurdles. We've seen a handful of companies do well, and we can talk about some examples later, but there's a handful of companies that have really embraced this kind of mindset. I call it embracing change, basically, as opposed to resisting change. There are a lot of companies, I think, where there are barriers. 

Now, one example is just the NIH syndrome, not invented-here. "It's a new methodology, unfamiliar, and we've been doing pretty well with our old risk management methods so far. Why do we need to change? We've always done it this way." That's a dangerous mindset because it opens you to something new, that's never happened, but that could be extremely damaging. You have to overcome that cultural inertia. 

I think the way to do this is to have an executive champion that has a mandate to introduce resilience thinking into the company that they have a good rationale, they have support from top management, and they will work with the employees to legitimize this idea, to communicate the importance, and to help develop the tools and the business processes so they can implement. 

The companies I'm familiar with, like Dow Chemical, who we've worked with extensively. Dow had an executive champion, who was the vice president of shared services for supply chains all over the world. They were able to take our SCRAM methodology and apply it to 22 different business units around the world, with some significant improvements. This is all published, by the way. 

When you're talking about barriers, one thing to watch out for is that there's a tendency to repackage old ideas and call them resilience. We have to be cautious about just taking our risk management approach and old wine in new bottles, dressing it up and relabeling it as a resilience management approach, and that doesn't cut it. I'm not advocating throwing away the risk management toolkit, it's very useful for well known risks where you have good data, you have historical understanding of those risks, but it's not adequate for the risks we talked about. I think we need to extend and complement the traditional risk management practices with these new methods. 

Another barrier is just having the right tools, I think the tool that ASCM has developed is very useful. It has a lot of similarities to SCRAM, actually. The company needs to provide resources to staff not just tell them they need to get more resilient, but give them the means and the tools, the overall concepts, as well as the specific tools that they can use to make it happen. 

Bob: Joseph, last question, you just referenced the EIU benchmark, and I understand that you were an expert panelist on that project. How do you envision companies using that benchmark tool? 

Joseph: Yes, I enjoyed working with the Economist Intelligence Unit, the EIU, very smart people, and I think they did an excellent job. My role there was to advise, to help them sharpen some of the concepts. I think one of the important contributions I made was to clarify the distinction between operational resilience and strategic resilience. Let me touch on that for a second. 

Operational resilience means working with day-to-day issues where a disruption crops up, and you have to quickly find the reason, find the substitute, or some alternative path and move on. That's basically bouncing back so you can continue business as usual. This is similar to the idea of business continuity, and business continuity management is a well known practice. I think operational resilience is the easier part, and sometimes we know how to do that and it's contained. 

On the other hand, strategic resilience is a much broader question, because you're looking into the future and you're thinking about whether your company is correctly positioned to deal with these emerging forces of change and with the new types of disruptions that are cropping up. Whether it understands the idea of cascading risks, and the fact that it might have a totally unexpected disruption that has never occurred, but could be really problematic. 

Strategic resilience requires long-term thinking, perhaps scenario planning, moving away from the day-to-day hubbub and chaos of the business, to step back and think about, are we in the right business? Do we need new technologies? Do we need to change our geographic distribution of assets? One important driver for this is climate adaptation. I was glad to see that the EIU benchmark looked at climate issues. You may have noticed that the top issue on the minds of executives who were questioned in the survey was climate change. 

Now, most of the work today on climate change is about reducing carbon emissions, which is good, it's important to do that, but even more important, I think, for supply chain management is climate adaptation. That's really a part of resilience, it's understanding the changes that a changing climate will introduce into our supply chain performance, and how do we deal with those, how do we anticipate those, and adapt to them? 

I do think that the EIU benchmark is an excellent tool for companies to jumpstart their awareness of resilience and why it's important, it presents the message very clearly. I think that the survey of over 300 companies helps to educate employees about what are the resilience capabilities, what things our company is doing to make themselves more resilient? I think that's great. As you mentioned, Abe, I think you're developing a self-assessment tool, which will enable a company to compare its own position against its industry peers, and that will be extremely valuable. 

Abe: Joseph, thank you very much. That's all the time that we have for-- Truly, a special thanks to our guest, Joseph Fiksel, for sharing a lot of the insight on resiliency and sustainability for organizations. Thank you for joining us today. If you're interested in learning more about the Resilient Supply Chain Benchmark, you can find it on ascm.org. The link is also included in this episode's show notes. We hope you'll be back for our next episode, for The Rebound, I'm Abe Ashkenazi. 

Bob: I'm Bob Trebilcock. 

Abe: Thank you for joining. 

Bob: The Rebound, is a joint production of the Association for Supply Chain Management and Supply Chain Management Review. For more information, be sure to visit ascm.org and scmr.com. We hope you'll join us again.