During the Continuity Insights 2011 Management Conference, CI asked industry experts about how the recent events in Japan would affect the way organizations approach business continuity and supply chain resilience.
Dan Newton, Senior Program Manager Lead,
STB Business Continuity Office, Microsoft
I think that the events in Japan are something that we will be referencing for a very long time. They will give us a reason to look deeper into our supply chain, and ensure that the suppliers we rely on actually have solutions and are able to validate what they have in place—not just say “We have you covered.”
We need to start working with our suppliers if we aren’t already, third party or internal, and doing some level of validation. We need to see what type of documentation is in place and what type of rigor is necessary to support the business, and determine if there are single points of failure. Not necessarily so you can kick that supplier to the curb, but so you can ask “What are you doing to mitigate that weakness?”
Also, we need to have some bite in our contracts to get suppliers to work through their continuity program and make sure it becomes more resilient than it is today. Every organization’s continuity program evolves, from its inception to the point of being a robust system that can support an entire organization.
From the supplier side, if you are working with a customer, you can say “I have these things in place … this is why you should work with me.” It is a selling point.
A lot of groups don’t get a chance to validate plans until an actual event occurs, and that causes additional hours and days to get the business up and running again. I think it’s imperative that customers and suppliers are going at it from both sides.
Mike Janko, Manager,
Global Business Continuity, Goodyear
The events in Japan highlight the importance of having a complex supply chain, knowing who your second- and third-tier vendors are, and engaging your critical suppliers in an evaluation and maturity model that is perhaps similar to what your organization does.
That’s a process that most companies should undertake, where you make sure you speak the same language both internally and externally, find out who can have the biggest impact in your organization, and then start to offer assistance and information about how you develop your process.
There are some things that are not intellectual property that you can share: The basic components of identifying incidents and risks, having an incident plan, focusing on crisis communications, awareness, training and planning with external partners. These are all core components of a solid business continuity process, and to share them with your critical vendors and build them into contracts would be a positive thing to do.
Alan Berman, Executive Director,
Japan is already starting to diversify locations. One of Japan’s biggest chip makers used to have eight percent of the chips made outside of Japan. It’s now having 25 percent [made outside Japan].
So I don’t think it’s a question of how we [in the U.S.] are going to affect supply chain, it’s how the Japanese are going to diversify locations so that one location will not have as big an impact as this one [around Fukushima] is having on us, and will continue to have on us for the next two years.
Brian Zawada, Director of Consulting Services,
First off, I think it really paints the picture that this is a global economy. When I think of the people issues, I hear over and over again that U.S. companies need to treat their foreign employees exactly the same as the local domestic employee population. Otherwise they run the risk of huge reputational impairment and human resource issues.
We saw this in the Middle East with a lot of the unrest. Companies were evacuating their citizens but left their domestic employees behind. It’s a big issue and will have long term ramifications.
The more common issue is probably the supply chain piece and we’re only starting to feel the effects. Most organizations have some safety and security stock in place and they are quickly using it up. It is well publicized that the auto industry is suffering significant disruption.
Going forward, I think this will be the watershed moment in taking supply chain risk management seriously as part of business continuity.
Scot Phelps, Professor of Emergency Management,
Emergency Management Academy
Most organizations that have a critical supply chain usually have some depth in their suppliers. There are two bigger problems that come with what is happening in Japan.
One of them is the transportation logistics chain, which is completely disrupted in Japan, and may be disrupted for a while due to petroleum shortages. Even if stuff can be made and you have a depth of suppliers, there may be a problem with transportation infrastructure that completely disrupts your ability to get the goods after they are made.
The other issue, which is more acute and longer term, is interruptions to power supply. People don’t typically think that a 30 percent reduction in power supply is going to have a huge impact. But most manufacturing runs within a reasonably limited variance of tolerance, so although it is technically possible to make something, the variations in power make it practically impossible.
It becomes like ripples in the pond: You need to start thinking beyond what you make and what you supply, and beyond what your suppliers are supplying, and start thinking about what happens if the power supply is wiped out, what happens if the workforce is taken away, and what happens if power is reduced by 30 percent over the long term.
That’s the interesting thing about business continuity and at the same time the most maddening: That you can go down Alice’s rabbit hole forever. But at the same time it’s the most fulfilling, because you can work through complex problems in interesting ways.
Michael Keating, Managing Director,
Doulos Business Consulting
I think that two things will happen. The first is a bad thing. In the wake of every other major event, there is a counterproductive, immediate overreaction that builds ineffectiveness. The period after 9/11 brought us the transportation security administration, which is a less efficient way of doing things that were done in the private sector, without any better results. It was a rush to change something.
Now we can’t carry bottles of liquid over three ounces through security. But that rule didn’t come into place until five years after the TSA took control. They were either unaware of the risk or willing to let us be at risk for five years. Even today the promise of consistency is a dream, with different TSA officers in different airports requiring travelers to do different things. How is that any better than what we had before?
The same is true about Enron. The Enron debacle brought us the Sarbanes-Oxley Act. I don’t know anyone that thinks Sarbanes-Oxley leads to an improved financial reporting system. It is just one more compliance thing that people need to do. It drains billions out of the global economy, just to say that we checked the box.
On the positive side, we could end up paying more attention to these black swan scenarios — things that are beyond our ability to imagine. The 9/11 commission report said that our biggest failure was a failure of imagination. When we are constantly fighting the last battle, we are taking our eyes off of the future and what could happen.
There was a session here at the conference on non-nuclear electromagnetic pulse risk. It’s easy for an executive to look at that at say “Yeah, right—like that’s going to happen.”
But if you had asked people in February, “Do you think that there could be a nuclear reactor in Japan that has a problem and ends up creating mass devastation as a result of a tsunami?” people would have been rolling their eyes at that.
So, I think that could be a positive outcome: When we start to think a little bit more creatively about what is the risk that we actually face and what are trying to protect.