Securing Global Supply Chains: Seven Reasons Why “Getting It Done” Is So Hard

The following is an excerpt from “Get It Done! A Blueprint for Business Execution

We all know that a company’s global supply chain is a potent strategic weapon, economically speaking. Unfortunately, it can also be a potentially fatal area of vulnerability. Consider the hundreds of millions of shipping containers that move among the world’s seaports–about 80% of the world’s cargo, which adds up to 5.8 billion tons per year–and you can see that there is a lot of room for error. Cargo could be lost, stolen, or most alarmingly, compromised by terrorists. Two incidents from 2004 underscore this frightening reality.

In early 2004 Italian authorities found a suspected al-Qaeda member inside a sealed container headed for Canada. And in March of 2004, following a double suicide attack in which 10 port workers lost their lives, an Israeli security official at the Ashdod Port discovered a secret compartment in an incoming shipping container that had already passed inspection. Israeli security experts suspected the container was used to smuggle the two suicide bombers into the heavily secured Ashdod Port.

Why companies must secure their supply chains is obvious; how they should do so is much trickier. Companies have two often-conflicting objectives: first, to get stuff through their supply chain faster and faster, and second, to do so in a way that is ever more secure. They’re faced with a tough question: How do you secure what you can’t see?

One answer to the question of securing what you can’t see came via Operation Safe Commerce. The goal is to make it so hard to put the wrong things into the supply chain that the likelihood of being able to introduce a weapon of mass destruction, a terrorist, or, for that matter, counterfeit consumer goods into a shipping container becomes very small.

While the government is doing its part to protect supply chains, businesses are getting in on the game as well. They are finding that securing a supply chain is a complex, time-consuming task. Why are so many companies having trouble managing the ever increasing tension between agility and security in their supply chains? Here are some of them:

1. What happens at sea, stays at sea.
Companies often find it difficult to monitor their cargo on every leg of the trip. Consider the following real example of a typical inbound supply chain to the U.S., in which men’s shirts manufactured in Karachi, Pakistan, take about 75 days to get to a retail store in Ohio. The shirts pass through a number of warehouses, ports, and modes of shipping along the way, on average passing through 25 sets of hands in 75 days. The ship container with these shirts in it was, according to corporate executives, “at sea” from days 40 through 59 with “not much” happening. Makes sense, right? After all, it takes a long time to get from one ocean to another.

In reality, the ship actually docked in the Maldives–not for long, but long enough to pick up some additional cargo from smaller ships passing through. It’s common enough for a ship to make a quick stop like this, reflecting the “you scratch my back and I’ll scratch yours” attitude of the sea-faring fraternity. But common enough does not equate to secure enough. And it certainly does not meet the requirements of a Fortune 50 company attempting to optimize and secure its supply chain.

Too many companies simply assume that their supply chains are staying secure throughout the whole journey. “Unfortunately, when making assumptions about your supply chain security, you endanger your employees, port employees, your customers, and the security of your country in the process.

2. The supply chain juggling act–coordinating people, tracking assets, securing information, AND keeping up with changing regulations. The juggling act was once a lot less complex. A company had stuff to get somewhere and everyone involved had a motivation to get the stuff there as quickly as possible. Today, increased regulations bring new people to the table, people with objectives other than “getting stuff somewhere fast.” Their main focus is security, and making all of the necessary security checks can slow down the process. The extra requirement of end-to-end security means more people are paying attention to the process by which the container gets delivered, validated (along with its driver), stuffed, verified, sealed, and documented. That’s a lot of coordination–and a lot of friction added to the supply chain.

3. The “what-connects-with-where-when-how-and-how-much” challenge. Inevitably, questions of who is responsible for what, where, when, how, and how much will come up. But often, these questions are impossible to answer even within a firm, much less across firms. This lack of visibility into what really happens–who really does what, where, when, and how they do it–leads to surprises and risks. The point here is simple: The goods, the containers the goods are in, and the trucks, trains, airplanes, and ships that may be used to move the containers are open to disruption at every step along the way. Understanding the interlocking dependencies that your company’s future rests on, and making sure that you understand the risk factors and how to mitigate them, is not just a cost issue, it is a survival issue. Vulnerabilities often include:

  • Multiple participants and breakpoints: The securing of physical assets and information flow typically involves 25 different entities. At each point, there are many opportunities for security breaches, not only within each entity, but also during the exchange of both physical assets and information.
  • Isolated security solutions: Today’s infrastructure and solutions have potentially fatal gaps because they are focused on the isolated “nodes” (specific in-transit places) rather than on integrated “in-process places and processes”–which robust and effective security demands.
  • Fragmented supply chains: Fatal gaps result from fragmented views of problems and their solutions. Supply chain views are fragmented because they are created one company at a time, with little or no common approach to codifying and sharing between those companies. The days of loosely coupled processes held together by ad hoc information flows are over, as commercial needs and regulatory requirements force more intimate integration of information.

4. Getting to the Green Lane. A one-day delay in border controls generates costs of 0.5% of the value of the goods. This increase in transaction costs has a particular impact on agricultural products, textiles, nonmetal minerals, and machinery. Why? Because for these goods, the relative value to weight is particularly low, making them especially vulnerable to any increase in transaction costs. Many security initiatives have been implemented (and are in the process of being implemented in the U.S. and around the world). Green Lane status allows organizations to pass their goods through U.S. customs quickly because they have demonstrable compliance with Customs and Border Patrol (CBP) regulatory requirements.

Crucially, Green Lane status will be a competitive advantage for companies that understand how to proactively work with CBP at all steps along the supply chain to forestall problems early in the 75 Days, 25 Hands process. It’s not easy. As the requirements keep changing–not only in the U.S. but elsewhere as well. This reality necessitates a constant scanning capability and understanding of shifting requirements–and the implications of adhering or not adhering to the changes.

5. Understanding the cost of compliance–and who pays for it. The cost of compliance is difficult to calculate. Specific security initiatives and their costs change frequently and will continue to change as the nature of threats evolves and as new technologies become available. The question Who will bear the cost? is an obstacle to global implementation of supply chain security measures.

6. The “invisibles.” It’s easy to say; let’s redesign our supply chain to make it more cost effective and more responsive to customer, supplier and regulatory needs. But it’s not so easy to do. There are many invisible factors and activities that management doesn’t know about–and often don’t know they don’t know–when they kick off these “improvement” initiatives. After all, what are supply chains but sets of activities, workarounds, and exceptions that, over time, have evolved into the ways things get done, including technology “patches,” “features,” and “modifications” added to support those processes? And many of these things are undocumented, existing only in the heads of your employees–or embedded in the code of the added-to applications. For instance:

  • The “exceptions” that have to be handled by, let’s say “Betty” and “Michael,” because the computer application can’t understand them: a signature is illegible, or the customs regulation has changed in Hong Kong and Betty is aware of this and usually handles manually, or the readings of a particular set of RFID tags from a particular vendor requires additional work and only Betty and Michael have dealt with it before.
  • The “workarounds,” added or new features that were never documented but are now part of the computer application.
  • The “we’ve-always-done-it-this-way-because-it-works-better” activities that only Betty and Michael know about because they’ve been here for 20 years.

It’s these “invisible” things that keep the processes and applications running, yet they’re hard to identify when you’re making a change–say, when Betty and Michael are no longer with you. Companies discover these unseen factors after it’s too late. After customers complain, after frustration has exploded, and the gap between what management wants to get done and what actually gets done gets wider and wider.”

7. Underestimating the Bull’s Eye Effect. In any supply chain, a lot of “stuff” has to get done. Execution involves making sense, then taking action. Making sense of this sprawling, pervasive thing requires understanding processes that can stretch from a factory in Karachi, Pakistan, to a rack of shirts at a retailer in Peoria, IL, data making these processes work that passes through, on average, 25 different organizations along the way, and the physical goods that are packed, unpacked, repacked, shipped, stored, inspected, and used multiple times by multiple companies. It also means understanding what parts of the processes and technology support the strategic goals of supply chain efficiency, the goals of security, and the regulations guiding behavior–which are always changing.

Thus, creating a supply chain that works efficiently and securely can be a tall order for many organizations. And if that’s not troublesome enough, if one thing goes wrong, it has a “cascading effect” on other things. If you don’t have the right data for a manifest, you don’t get the goods loaded on the ship; if you don’t get the goods loaded, you don’t meet your time deadlines; if you don’t meet your time deadlines, you miss the market opportunity.

Ralph Welborn and Vince Kasten are the authors of Get It Done! A Blueprint for Business Execution