Article Review: Integrating Business Continuity Criteria into Your Supply Chain

[Repost. Going through old archives.]
“Integrating Business Continuity Criteria into Your Supply Chain” by Geary W. Sikich is an excellent, excellent article. Clearly the author knows what he wants to say, and has thought for a long time about how exactly he is going to say it. He clearly outlines steps he believes are necessary for integrating business continuity into the procurement product and vendor selection and management. Indeed, the summary of the article is presented as:

Developing business continuity strategies and embedding business continuity processes into an organization’s procurement process can enhance the organization’s ability to actively assess and monitor vendor capabilities

Going farther, Mr. Sikich also talks about possible implementation strategies and approaches, proposing a phased implementation of 5 phases:

* Phase 1: Assessment & Vendor Continuity Questionnaire –— deliverable: letter report with executive summary that will include discussion and recommendations based on the results of the review of essential elements of analysis (report)

* Phase 2: Procurement Integration (vertical/horizontal) –— deliverables: procurement management system, vendor business continuity management program and plan integration criteria guide (tools); and procurement management system, vendor business continuity management program and plan integration criteria guide training program materials (knowledge transfer)

* Phase 3: Monitoring & Enforcement — deliverable: procurement management system, vendor business continuity management program and continuity plan integration criteria guide maintenance criteria (sustainability)

* Phase 4: Sustainability — deliverable: periodic metrics, event response reports

* Phase 5: Maturity Model Evaluation — deliverable: metrics for maintaining the process, change management procedures

In conclustion, the author exhorts senior management to:

“Using their status as “leaders,” senior management and board members can and must deliver the message that survivability depends on being able to find the opportunity within the crisis.”

and makes a claim, quite credible in my opinion, that:

Market research indicates that only a small portion (5 percent) of businesses today have a viable plan, but virtually 100 percent now realize they are at risk. Seizing the initiative and getting involved in all the phases of crisis management can mitigate or prevent major losses. Just being able to identify the legal pitfalls for the organization by conducting a crisis management audit can have positive results.

The forum for the article, published in Supply & Demand Chain Executive magazine, is also one of the primary targets for business continuity efforts. It would seem; however, that it is also a more narrowly focused audience than the subject of overall risk management and business resilience. Clearly lessons and thoughts expressed here can be applied over the whole enterprise, not just the procurement process.

One interesting point that I have not seen made much is the tiered structure of tactic, grand tactic, and strategy, that applies to all the business level components (logictics, finance, etc.) of a supply chain:

At the tactical level the focus is generally on event response and mitigation. The focus at the tactical level should be on response and mitigation while the need at the tactical level is for support from the next level (grand tactical). At the grand tactical level, the focus should be on support for the tactical response.

Additionally, at the grand tactical level the focus should be on the prevention of cascade and containment of cascade effects on the organization. At the strategic level the focus should be on management oversight, coordination and facilitation of restoration of services. It is important to note that a key element in this vertical and horizontal process of detection, classification, response, management, recovery and restoration is seamless communications. Seamless communication is based on the adoption of common terminology and in the functions represented at each level.

A good diagram is also presented. It would interesting to see organizations model the interactions between tiers not just on a formal level – similar to ones in the article, but also on business process, product, or supplier-specific level. The charts could look something like this for vendor X:

One could continue by developing baselines and profiles for different types of vendors and processes. Let’s say an ideal situation would result in values of 100 for each components across all tiers. Given limited resources, one could set existing values based on resources and processes in the present, but also set appropriate risk profiles. We could then easily overlay the two charts to see where the organization is underperforming – or over-budgeting. Once applied consistently to all vendors, the approach could also allow an easy model of the impact adding a new vendor would have in terms of improving operational resilience, or decreasing it. The 3D chart presented here can certainly be modeled using a pivot-table in 2D. I feel that in this example is does help to show whether for a particular component on each tier the organization is well-prepared — and how that preparedness changes from tier to tier.