When the Pacific tectonic plate slipped under the Okhotsk plate off the northeast coast of Japan, it unleashed a massive 8.6-magnitude earthquake. Yet nobody outside the affected area knew about it. Buildings, warehouses, and walls collapsed under the shaking. But the rest of the world was oblivious. Then came the terrible tsunami spawned by the quake; it surged 4 kilometers inland, obliterating towns and farms across the Sendai plain and throughout the Fukushima prefecture. And still people in Europe, the Americas, the Middle East, China, and even the Japanese outside of the directly affected were utterly unaware that this tragic disaster even occurred.
That massive earthquake took place in 869 AD. In those early days, industrial power came from local sources such as horses, oxen, water wheels, and windmills; production was local. Consequently, supply chain disruptions were local, too. Earthquakes, tsunamis, famines, plagues, and floods struck around the world, but the effects did not travel far because most goods did not travel far. Since 869, the world has become much more reliant on long-distance supply chains—and “Made in Japan” products—to provide the necessities of life. Modern technology has added new capabilities, but it has also added new vulnerabilities.
When those same tectonic plates off the northeast coast of Japan ruptured again in 2011, producing a similar quake and tsunami, the results were felt worldwide. The world of 869 had no nuclear reactors, electrical power grids, or digital communications—those infrastructure elements that underpin the modern world—but that could be broken, disrupting enterprises and lives on a large scale. Those new vulnerabilities, however, are offset by new tools for supply chain resilience. This book explores the encroaching threats that face today’s corporate supply chains and the new processes and tools used to prepare for, manage, and learn from disruptions.
My 2005 book, The Resilient Enterprise (MIT Press, 2005), was motivated by the 9/11 attacks. While on sabbatical at Cambridge University in 2002, I participated in a meeting at the UK Home Office during which the issue of vulnerability of critical infrastructure and systems came up. The group realized that the private sector—at least in the Western world—owns and operates most of these systems. A high-level civil servant asked if anybody knew of companies’ readiness to prevent and overcome disruptions. Neither the academics, nor the security services, nor the companies around the table had an answer. As a result, I embarked on a three-year research project, involving more than 30 students and researchers at the MIT Center for Transportation and Logistics (CTL), which culminated in the publication of The Resilient Enterprise.
In 2011, several of the executives I had interviewed for that book suggested that it was time for a new one. New threats had emerged and, at the same time, companies had increased their investments in business continuity, risk management, and resilience. Again, I brought together a group of students and researchers at the MIT CTL and embarked on the efforts that produced this book.
In the decade since the publication of The Resilient Enterprise, the landscape of supply chain risks and companies’ implementations of resilience has changed. The world’s GDP grew 30 percent from 2003 to 2013, and global trade outpaced economic growth—growing 55 percent during that time.1 The number of middle-class consumers almost doubled to two billion, and companies’ supply chains expanded upstream and downstream to serve them. Disasters such as Hurricane Katrina, a tsunami in Japan, floods in Thailand, and a worldwide financial crisis, as well as rising concerns about global warming, social exploitation, aging populations, cyber vulnerabilities, and many other events and trends tested the resourcefulness and resilience of companies. Many companies have learned from these and have created much more effective resources for prevention, detection, and response. The risks have ramified, but resilience management has matured.
The Power of Resilience: How the Best Companies Manage the Unexpected is neither a sequel to nor a second edition of The Resilient Enterprise. Each book stands on its own. Although the two books do overlap on some central messages about redundancy and flexibility, each book has a different focus and uses different examples. The two books differ in the types of risks and in the mitigation tactics discussed. The Power of Resilience focuses on deep-tier risks, corporate social responsibility (CSR) risks, cybersecurity risks, global raw material risks, long-term disruptions, business continuity planning, emergency operations centers, risk and disruption detection, and the potential for systemic disruptions. Readers of this book may find The Resilient Enterprise useful for its deeper treatment of freight security, flexibility, culture, and postponement.
The Power of Resilience benefits from interviews with dozens of companies and draws on research at the MIT Center for Transportation and Logistics to document the wide range of strategies that organizations can use to detect, prevent, and mitigate a wide range of risks. In some cases, the book explains how different companies handled the same disruption; in other instances, the book describes how one company handled different disruptions over time. The aim is to offer cross-sectional and longitudinal insights, respectively, on risk management and resilience; to show how firms can build assets and processes to manage events that have not yet happened, at once adding optionality and flexibility, often at low relative cost.
From a pure supply chain perspective, the 2011 earthquake, tsunami, and nuclear disaster in Japan was the single largest and broadest natural disaster in recent times. The event affected companies around the world that depend on semiconductors, electronics, specialty chemicals, and other manufactured goods coming from Japan’s prodigious industrial network. Chapter 1 describes the event and Intel’s response to it in depth, to illustrate many of the issues faced and tactics used by companies in big disruptions. The chapter ends with a short primer on supply chains to help frame the what, who, and where of supply chain risks and risk management.
Chapter 2 offers a quick tour of the many kinds of disruptions confronting today’s companies. The chapter introduces the two-dimensional impact-and-likelihood framework that is often used to categorize and prioritize risks. The chapter introduces a third dimension—detection—to frame the differences between disruptions that can be forecast to happen in the future (e.g., a hurricane) and disruptions that may not be detected until long after the fact (e.g., a serious product defect). The chapter offers ways to think about what is known and what is not known about disruptions, and what kinds of knowledge might be important.
The 2011 Japanese quake affected many companies and illustrates the growing problem with deep-tier supply chain disruptions in which the suppliers of suppliers are affected. Chapter 3 examines GM’s handling of the Japan crisis and the management of what GM calls “white-space”—the gap in parts’ supply left between predisruption inventories in the supply chain and the postrecovery refilling of the chain. The white-space conceptual framework allows companies to estimate a value-at-risk from various types of disruptions and to prioritize prevention and preparation initiatives.
Whereas chapter 3 focuses on GM’s response to a single disruption, chapter 4 uses a different lens. It looks at a wide range of short examples of different disruptions and different companies to illustrate many other elements of disaster response. These examples highlight the differences between normal operations and operations during a crisis. Crises often disrupt or degrade the basic human, physical, and informational infrastructure on which companies operate.
In 2008, the global financial system came to the brink of collapse. Chapter 5 shows how a disruption in the money supply chain became a disruption in physical supply chains on both the supply and demand sides. The crisis created a global bullwhip that amplified the drop in consumer spending further up the supply chain. Yet as brutal as the near-depression might have been, it spurred many companies toward more systematic programs for assessing supplier risk. The financial crisis also illustrated the difference between managing a localized, short-term, event-focused disruption (e.g., a storm or quake) and a global step-change that lasts for months or years.
Whereas the first five chapters talk primarily of companies’ reactions to disruptions, chapter 6 begins the discussions of more proactive preparations. These preparations include the fundamental steps of creating redundancy and building flexibility. Yet the maturation of risk management has also led companies to prepare other kinds of specialized risk-management assets in the form of business continuity plans, emergency operations centers, and formalized processes for managing disruptions.
Globalization implies that suppliers play a growing role in the companies’ risks, disruptions, and response options. Chapter 7 delves into companies’ proactive approaches toward supplier risk management, using a segmentation of the procurement conditions. It is based, on the one hand, on the complexity and risk associated with the input purchased from the supplier and, on the other hand, on the company’s annual expenditure with that supplier. The chapter also discusses the growing problem of counterfeit materials that arise as supply chains grow longer and more opaque.
Companies’ increasing awareness of supply chain risks, coupled with the growing use of technology, has led to a greater emphasis on detection, which is the subject of chapter 8. The sooner a company knows about a general risk or a specific event, the sooner it can address it; the first company to lock in alternative supplies has an advantage. New technologies and new services help companies detect risks and events sooner than ever before.
Internet technologies are now indispensable communications tools within and between companies. Yet the openness of these networks and the high potential value of corporate and personal information make these systems a tempting target for criminals, terrorists, and state-sponsored espionage. Furthermore, the rise of the Internet-of-Things, with digital “smarts” being added to ever more consumer products and industrial systems, creates physical vulnerabilities rooted in digital vulnerabilities. Chapter 9 describes these threats and offers potential solutions.
The rising economies of China, India, Brazil, and others have contributed to the globalization of supply chains in terms of new markets and new sources of supply. Yet the growing global economy in the last decade has also created a new class of supply chain risks tied to price shocks and commodity shortages. Oil, grains, metals, rare earths and other materials have all seen extreme volatility in which prices for key commodities might double, triple, or plunge over a short time and disrupt the companies dependent on them. Chapter 10 discusses several strategies used by companies to handle input price volatility and material shortages.
With the rise of social media and 24 × 7 news cycles comes a growing brand risk based on public opinions of suppliers’ actions, especially for consumer-facing companies. Chapter 11 covers corporate social responsibility risks in which the perceived misdeeds of a company or any of its remotest suppliers can turn into a public relations challenge, disrupt demand, and can lead to impactful regulatory changes. These intentional disruptions, wrought in many cases by social activists, lead companies to tighten control over supply chain partners, including deep-tier suppliers, using several strategies.
Long-term changes in the world such as demographic trends, climate change, and disruptive innovation create permanent shifts in patterns of supply or demand. Chapter 12 explores the nature and effects of these kinds of disruptions, which create a “new normal” rather than a short-term shock that quickly reverts to the old normal. The chapter suggests methods for attending to and even benefiting from these long-term changes.
One of the major themes of the book, explored in chapter 13, is the growing dependency of companies on deep-tier suppliers as well as on concentrations of supply sources that create fragile chokepoints in the global economy. Although the world has yet to see a true systemic collapse of any supply chain for a major product category, these chokepoints and other trends signal potential near-misses that presage a more serious event. Supply chain risk management is in a race between the fragility of complex global supply chains and the resilience created by better risk management.
The final chapter of the book takes a step back from specific risk management and response tactics to the problem bedeviling every risk, resilience, and business continuity manager. How can one justify investments in these initiatives when they seem like a waste of resources when nothing happens? The chapter argues that unlike insurance, which pays off only in a crisis, resilience drives everyday improvements in costs, operations, revenues, reputation, and agility. A company’s ability to confidently manage its risks implies that it can take strategic risks to create growth. That, in turn, implies that a resilient company can avoid the most insidious risk of all: the risk of stagnation and irrelevance in the dynamic global economy of the future.
This book was based, in large part, on primary research, including interviews all over the world with many business executives. As a result I owe deep thanks to the people who gave their time generously, provided data, and pointed me in new directions. Without them this book would not have been possible.
The full list of individuals who helped with this research effort is given at the end of this book (my apologies if I omitted someone). In particular, however, I would like to mention Bill Hurles of GM, Jackie Sturm and Jim Holko of Intel, Tom Linton of Flextronics, and Chris Sultemeier of Walmart, who not only contributed their own time generously but also helped arrange interviews and meetings with many others.
Many people also helped directly with the research and the writing. First and foremost these include the talented and friendly Andrea and Dana Meyer of Working Knowledge, who were instrumental in helping develop the concepts, as well contributing to the research and ensuring that the results were presented in readable English; Jennifer Yip, my student at MIT who helped me think through some concepts; and Dan Dolgin, who edited and made numerous suggestions, enhancing the manuscript.
Finally, I would like to thank my wife of over 46 years, Anat. I cannot imagine a better mate to go through life with. This book is dedicated to her.