Description
In recent years, the Air Force and, particularly, its suppliers have pursued various means to improve performance, reduce costs, and otherwise adopt best industry practices. Such practices include outsourcing, global sourcing, supply-base rationalization, single sourcing, justin- time deliveries, and lean inventories.
For More Information
Visit RAND at www.rand.org
Explore RAND Project AIR FORCE
View document details
Support RAND
Purchase this document
Browse Reports & Bookstore
Make a charitable contribution
Limited Electronic Distribution Rights
Tis document and trademark(s) contained herein are protected by law as indicated in a notice appearing
later in this work. Tis electronic representation of RAND intellectual property is provided for non-
commercial use only. Unauthorized posting of RAND electronic documents to a non-RAND website is
prohibited. RAND electronic documents are protected under copyright law. Permission is required from
RAND to reproduce, or reuse in another form, any of our research documents for commercial use. For
information on reprint and linking permissions, please see RAND Permissions.
Skip all front matter: Jump to Page 16
Te RAND Corporation is a nonproft institution that helps improve policy and
decisionmaking through research and analysis.
Tis electronic document was made available from www.rand.org as a public service
of the RAND Corporation.
CHILDREN AND FAMILIES
EDUCATION AND THE ARTS
ENERGY AND ENVIRONMENT
HEALTH AND HEALTH CARE
INFRASTRUCTURE AND
TRANSPORTATION
INTERNATIONAL AFFAIRS
LAW AND BUSINESS
NATIONAL SECURITY
POPULATION AND AGING
PUBLIC SAFETY
SCIENCE AND TECHNOLOGY
TERRORISM AND
HOMELAND SECURITY
Tis product is part of the RAND Corporation documented briefng series. RAND
documented briefngs are based on research briefed to a client, sponsor, or targeted au-
dience and provide additional information on a specifc topic. Although documented
briefngs have been peer reviewed, they are not expected to be comprehensive and may
present preliminary fndings.
PROJ ECT AI R FORCE
DOCUMENTED BRI EFI NG
Identifying and Managing Air Force
Sustainment Supply Chain Risks
Nancy Y. Moore • Elvira N. Loredo
PROJ ECT AI R FORCE
DOCUMENTED BRI EFI NG
Identifying and Managing Air Force
Sustainment Supply Chain Risks
Nancy Y. Moore • Elvira N. Loredo
Prepared for the United States Air Force
Approved for public release; distribution unlimited
The RAND Corporation is a nonprofit institution that helps improve policy and
decisionmaking through research and analysis. RAND’s publications do not necessarily
reflect the opinions of its research clients and sponsors.
R
®
is a registered trademark.
© Copyright 2013 RAND Corporation
Permission is given to duplicate this document for personal use only, as long as it
is unaltered and complete. Copies may not be duplicated for commercial purposes.
Unauthorized posting of RAND documents to a non-RAND website is prohibited. RAND
documents are protected under copyright law. For information on reprint and linking
permissions, please visit the RAND permissions page (http://www.rand.org/publications/
permissions.html).
Published 2013 by the RAND Corporation
1776 Main Street, P.O. Box 2138, Santa Monica, CA 90407-2138
1200 South Hayes Street, Arlington, VA 22202-5050
4570 Fifth Avenue, Suite 600, Pittsburgh, PA 15213-2665
RAND URL:http://www.rand.org
To order RAND documents or to obtain additional information, contact
Distribution Services: Telephone: (310) 451-7002;
Fax: (310) 451-6915; Email: [email protected]
Library of Congress Control Number: 2013941129
ISBN: 978-0-8330-7655-7
The research described in this report was sponsored by the United States Air Force under
Contract FA7014-06-C-0001. Further information may be obtained from the Strategic
Planning Division, Directorate of Plans, Hq USAF.
iii
Preface
In recent years, the Air Force and, particularly, its suppliers have pursued various means to
improve performance, reduce costs, and otherwise adopt best industry practices. Such prac-
tices include outsourcing, global sourcing, supply-base rationalization, single sourcing, just-
in-time deliveries, and lean inventories. While these practices ofer many benefts in efciency
and efectiveness, they can also make supply chains more brittle and increase risks of supply
disruptions.
Tis work examines supply chain risk management, including evolving commercial and
Air Force practices. It was part of a project on “Identifying and Managing Risks Associated
with Agile Supply Chains,” conducted in RAND Project AIR FORCE’s Resource Management
Program and sponsored by the Air Force Deputy Chief of Staf for Logistics, Installations, and
Mission Support. Since this research was completed, the Air Force proposed a re organization
of Air Force Materiel Command. Te new structure took efect in October 2012 and estab-
lished an Air Force Life Cycle Management Center (AFLCMC) and an Air Force Sustainment
Center (AFSC). Te AFLCMC consolidates product development and support system design.
Te AFSC integrates depot maintenance and Air Force supply chain activities. Te fndings
and recommendations presented in this report are relevant to how the Air Force will identify
and manage supply chain risk under the new organizational structure.
Tis report should be of interest to those purchasing and providing goods and services to
the Air Force.
RAND Project AIR FORCE
RAND Project AIR FORCE (PAF), a division of the RAND Corporation, is the U.S. Air
Force’s federally funded research and development center for studies and analyses. PAF pro-
vides the Air Force with independent analyses of policy alternatives afecting the development,
employment, combat readiness, and support of current and future air, space, and cyber forces.
Research is conducted in four programs: Force Modernization and Employment; Manpower,
Personnel, and Training; Resource Management; and Strategy and Doctrine.
Additional information about PAF is available on our website:http://www.rand.org/paf/
v
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
SECTION 1
Motivation and Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
SECTION 2
Introduction and Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
SECTION 3
Evolving Commercial Practices in Supply Chain Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
SECTION 4
Department of Defense and Air Force Guidance for Supply Chain Risk Management . . . . . . . . . . 49
SECTION 5
Summary of Air Force Supply Chain Risk Management Case Studies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
SECTION 6
Summary and Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
APPENDIXES
A. Interview Protocol for F-16 and C-17 Interviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
B. Interview Protocol for Company Interviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
C. Description of Department of Defense and Air Force Guidance on Acquisition and
Supply Chain Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
D. Commodity Council Eight-Step Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
E. Categories of Supply Chain Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
vii
Summary
In recent years, the Air Force and, particularly, its suppliers have pursued various means to
improve performance, reduce costs, and otherwise adopt best industry practices. Such prac-
tices include outsourcing, global sourcing, supply-base rationalization, single sourcing, just-in-
time deliveries, and lean inventories.
While these practices ofer many benefts in efciency and efectiveness, they can also
make supply chains more brittle and increase risks of supply disruption. For example, having
fewer sources of supply means a disruption at any one of them is more likely to afect overall
performance. Similarly, just-in-time deliveries and lean inventories mean fewer days of operat-
ing capacity should a supply disruption halt deliveries of raw materials or components.
To help the Air Force better identify and manage supply chain risks, the Deputy Chief
of Staf for Logistics, Installations, and Mission Support asked RAND Project AIR FORCE
to develop a strategy for managing supply chain risks during sustainment. Te Air Force also
requested a follow-on project focused on the manufacturing supply chain. Tis documented
briefng focuses on the supply chain risks during sustainment. To do this, RAND research-
ers reviewed literature on supply chain risk management (SCRM) and interviewed Air Force
personnel in the sustainment and acquisition communities and supply chain managers from
commercial frms responsible for managing supply chain risks. Te RAND team identifed
risks that are and are not being managed and developed recommendations for future risk man-
agement. We summarize below our key fndings on prevailing practices, current Air Force and
Department of Defense (DoD) guidance, and risks the Air Force may wish to address.
Supply Chain Risks Vary by Industry
Tere are many events that, if realized, could lead to a disruption of a company’s supply chain,
such as earthquakes and foods; see Appendix E for a comprehensive list of supply chain risks.
Te signifcance of the risk varies by industry. For example, “supplier failure” and “strategic
risk” were among the greatest reported concerns of “high-tech” and “aerospace and defense”
frms.
1
Natural disasters and other singular events were of lesser concern. Nevertheless, recent
events—such as the March 2011 earthquake, tsunami, and radiation leaks in Japan, which
afected automotive and electronics supply chains throughout the globe, and Hurricanes
Katrina and Rita in 2005, which disrupted petroleum production—have raised awareness of
how disruptive and costly such events can be. In light of the unpredictability of such events,
1
Examples of strategic risk include loss of manufacturing capacity or overreliance on one supplier.
viii Identifying and Managing Air Force Sustainment Supply Chain Risks
some leading frms are recognizing the importance of responding quickly; while many events
cannot be foreseen or avoided, their efect on the bottom line can be mitigated.
Prevailing Practices in Supply Chain Risk Management
We defne supply chain risk as the efect of uncertainty at any point in the end-to-end supply
chain on its objectives. Te magnitude of supply chain risk may be measured along three
dimensions: likelihood of occurrence, expected consequences, and duration. Risks of the high-
est likelihood, greatest consequence, and greatest duration would require frst attention.
Traditional approaches to SCRM have included such strategies as multiple sources of
supply, extensive competition, expediting, increased order quantities, development of inven-
tory safety stocks, and well-stocked supply pipelines. Each of these strategies has its own risks.
For instance, expediting orders, developing inventory safety stocks, and having a well-stocked
supply pipeline can increase total costs. Qualifying and managing multiple sources of supply
increases complexity. Tere are often limits on the number of capable suppliers, and the ben-
efts of multiple supply sources can be outweighed by limited price leverage and increased vari-
ance in quality and delivery for the same good or service.
Even with the growing realization of supply chain vulnerability, few managers report they
are well prepared for supply chain disruptions; SCRM is an emerging discipline.
Emerging Best Practices in Supply Chain Risk Management
We concluded from our company interviews and review of the literature that proactive SCRM
requires the development of guidance and policies for identifying and managing supply chain
risks. Some frms place less emphasis on calculating the probability of an event and more on
reducing the response time to the realization of an event. Tat is, while one particular event
may have a low probability of occurrence, if all the potential risks are examined as a whole,
there is a good likelihood that one will occur; which one is not as important as having a strat-
egy in place to detect and react. For example, Cisco Corporation lists four key elements in its
SCRM program:
1. Business Continuity Planning, which works closely with internal and external partners
“to document recovery plans and times and drive resiliency standards.”
2. Crisis Management, which is responsible for continuous global monitoring of and
response to disruptions.
3. Product Resiliency, which helps Cisco’s business units address supply chain vulner-
abilities during product design and to prioritize and reduce the costs of risk mitigation
strategies.
4. Supply Chain Resiliency, which identifes points in the supply chain where time to
recovery would be unacceptably high and develops resiliency plans for them.
Proactive SCRM also requires that an enterprise have a supply chain risk assessment and
management process. Often supporting the process are tools for supply chain risk identifca-
Summary ix
tion, assessment, and monitoring. From a review of the relevant literature, we compiled a list of
processes commonly involved in SCRM. We combine these into a proposed nine-step process:
Step 1: Recognize the existence of a potential risk.
Step 2: Identify the exposure of the supply base to the risk.
Step 3: Estimate the likelihood.
Step 4: Estimate the severity of realization of the risk.
Step 5: Prioritize risks by potential costs to allocate scarce resources appropriately.
Step 6: Develop, assess, and execute a risk management strategy for the prioritized list.
Step 7: Develop contingency plans.
Step 8: Monitor the risk environment to respond to changes and re-prioritize responses
to risk.
Step 9: Continuously integrate lessons learned and improve risk and supplier management
policies.
Current Department of Defense and Air Force Guidance
Several DoD and Air Force documents, including the Defense Acquisition Handbook, cite the
need to deal with risk. However, risk identifcation and mitigation strategies in these docu-
ments primarily focus on the acquisition phase and risks in reference to cost, technical per-
formance, or schedule of a weapon-system acquisition program. Altogether, DoD guidance
identifes some, but not all, of the risks identifed in the business literature.
Te Air Force commodity councils have a process for managing risk, but it is geared
toward managing contract risk, not supply chain risk.
One prominent category of supply chain risks identifed in the business literature but
not DoD guidance is natural disasters. Te Federal Acquisition Regulation, through a force
majeure clause, absolves suppliers of risks associated with natural disasters or with “acts of God
or the public enemy.” Tis clause transfers these risks from many suppliers, especially those
located in high-risk areas, to the Air Force. Force majeure clauses are also prevalent in commer-
cial contracts and are necessary to ensure that suppliers are not unduly penalized for acts they
cannot control. Awareness of the force majeure assignment of certain risks to the Air Force is
critical to managing those risks.
Interviews of Air Force Supply Management Personnel Reveal Gaps in
Supply Chain Risk Management
We interviewed a cross-section of representatives from organizations involved with managing
suppliers or who are afected by supply chain disruptions during sustainment.
A questionnaire listing supply chain risks and asking how often they were considered
was administered to each group. Commodity council members that we interviewed reported
considering many of the same supply chain risks identifed in DoD guidance. Tey often or
always consider a relatively small number of risks, such as those related to supplier certifca-
tion or qualifcation, demand uncertainty, overall quality, and technical competency. Tey
consider about half the time such risks as long cycle times, poor training of supplier personnel,
x Identifying and Managing Air Force Sustainment Supply Chain Risks
and insufcient equipment and personnel at supplier facilities; risks resulting from uncertain
demand and poor communications; and internal risks, such as poor forecasting and inad-
equate availability of resources. Tey rarely or never consider risks whose investigation would
require investment in a supply chain risk assessment program or force majeure events for which
the Federal Acquisition Regulation absolves suppliers. It may be logical for Air Force personnel
not to consider these risks if they believe that the Federal Acquisition Regulation leaves them
little leverage over suppliers regarding them. Nevertheless, the efects of such events could be
catastrophic. Consequently, even if the Air Force cannot change the likelihood of a risk, it
should take steps to minimize its consequence and duration.
We examined sustainment approaches for two Air Force weapon systems to determine
when and how supply chain risks were managed. We found that the F-16 sustainment approach
lacks a comprehensive process for SCRM, raising the question of whether organic weapon sup-
port more generally may lack an SCRM process. Boeing management of C-17 aircraft sustain-
ment has some elements of SCRM based on corporate policies, but it is not clear whether these
policies are meant to identify risks beyond those relating to fnancial, quality, or timeliness
issues.
Implications
Te results of this research suggest that many supply chain risks are not considered directly
within the Air Force sustainment community and that, while others are acknowledged, there is
little or no strategy in place to mitigate them. Te primary recommendation from this research
is that the Air Force establish an enterprise-level SCRM organization. Tis organization should
oversee supply chain risk as part of supplier relationship management and should set policy
on how to manage supply chain risk for both organic and contractor-managed sustainment,
develop standard processes and metrics for risk management, expand the types of risk man-
aged, develop tools for risk assessment, and establish metrics and incentives for mitigating
risk. Commercial practices ofer some guidance on this, but the Air Force will need to develop
practices that refect the Air Force’s unique requirements and organization. For example, one
challenge for the Air Force is managing risk over the entire life cycle of the weapon system. Te
Air Force Materiel Command’s recent reorganization created an Air Force Life Cycle Manage-
ment Center (AFLCMC) and an Air Force Sustainment Center (AFSC). Tis new structure
consolidates product development and support system design under AFLCMC and integrates
depot maintenance and Air Force supply chain activities under AFSC. Supply chain risk cuts
across these areas. In this document, we do not explicitly address SCRM during acquisition,
but we contend that many supply chain risks are common to acquisition and sustainment and
are often shaped by decisions made during acquisition. At the time of this writing, the new
structure is taking shape, but it is too early to determine how the Air Force intends to conduct
SCRM or supplier relationship management. We recommend that the new organizational
structure provide a mechanism to integrate supplier relationship management and SCRM
across AFLCMC and AFSC.
xi
Acknowledgments
We particularly thank Mr. Grover Dunn, then Director of Transformation, Deputy Chief of
Staf for Logistics, Installations and Mission Support (AF/A4I), for supporting this project.
We also wish to thank F-16 supply chain management personnel, Boeing personnel, Defense
Logistics Agency personnel, and personnel at several leading companies for taking time from
their busy schedules to answer our interview questions. We are grateful to the reviewers, Ellen
Pint, Sarah Nowak, and Stanley Grifs, for their thoughtful comments. Lastly, we wish to
thank Cliford Grammich for helping us revise this draft and Donna Mead and Jane Siegel for
formatting it.
xiii
Abbreviations
AFGLSC Air Force Global Logistics Support Center
AFLCMC Air Force Life Cycle Management Center
AFSC Air Force Sustainment Center
ALC air logistics center
CAMP commodity acquisition management plan
CEO chief executive ofcer
CFO chief fnancial ofcer
CMP commodity management plan
CVCM customer value chain management
DCMA Defense Contract Management Agency
DFARS Defense Federal Acquisition Regulation Supplement
DLA Defense Logistics Agency
DMS Diminished Manufacturing Source
DMSMS diminishing manufacturing sources and material shortages
DoD Department of Defense
DoDI Department of Defense Instruction
DSCR Defense Supply Center, Richmond
FAR Federal Acquisition Regulation
FY fscal year
GIG Global Information Grid
GSM Global Supplier Management
HSI human systems integration
IPT Integrated Process Team
ISO International Organization for Standardization
xiv Identifying and Managing Air Force Sustainment Supply Chain Risks
LCL life-cycle logistics
LGCC Landing Gear Commodity Council
N/A not applicable
OEM original equipment manufacturer
OMB Ofce of Management and Budget
OSS&E operational safety, suitability, or efectiveness
PAF RAND Project AIR FORCE
PBL performance-based logistics
SAF/AQ Assistant Secretary of the Air Force (Acquisition)
SBU strategic business unit
SCRM supply chain risk management
T&E test and evaluation
1
SECTION 1
Motivation and Methodology
In recent years, the Air Force and, particularly, its suppliers have pursued various means to
improve performance, reduce costs, and otherwise adopt best industry practices. Such prac-
tices include outsourcing, global sourcing, supply-base rationalization, single sourcing, just-in-
time deliveries, and lean inventories.
1
Many new practices to improve the ef ciency and efec-
tiveness of supply chains are increasing their “brittleness” and, consequently, an enterprise’s
exposure to supply disruptions (Grif n, 2008).
Such challenges increase the importance of securing supply; indeed, in the view of some
analysts (e.g., Steele and Court, 1996), securing supply regardless of broader forces in the pur-
chasing environment is the prime task for an efective purchasing organization. Risk manage-
ment for such organizations consists of examining the entire supply chain for a good or service.
1
Many of these practices came into being in response to the theories of management experts, such as W. Edwards
Deming, Joseph M. Juran, and Philip B. Crosby, and the success of Japanese manufacturers, such as Toyota, which put
these theories into practice. For example, just-in-time manufacturing had great success in reducing the amount of work in
progress on manufacturing lines and thereby reducing costs. However, this method depends on reliable supply and short
lead times. Likewise, outsourcing and global sourcing were largely a reaction to comparatively lower costs of labor and
materials available from outside the United States. Tese methods, while reducing some costs, extend transportation time
and increase vulnerability to supply chain disruptions.
Identifying and Managing Supply Chain Risks
Sponsors:
• Deputy Chief of Staff for Logistics, Installations and
Mission Support (AF/A4/7)
• Director of Transformation, Deputy Chief of Staff for Logistics,
Installations and Mission Support (AF/A4I)
Authors:
Nancy Young Moore and Elvira Loredo
2 Identifying and Managing Air Force Sustainment Supply Chain Risks
Tis should include both upstream to identify future supply problems and downstream to
identify future distribution and customer problems.
Developing additional sources of supply can help reduce risks, but having them does not
necessarily reduce supply chain vulnerabilities. Better options to reduce vulnerabilities may be
available by working with existing suppliers, e.g., using dual sites to assure supply at one site
should a disaster strike the other, or making sure suppliers have plans to address a wide variety
of contingencies.
2
2
For example, to reduce single-source risk to its just-in-time processes, Honda of America requires dual capability (i.e.,
more than one production site) among its suppliers (Nelson, Mayo, and Moody, 1998). In addition, after temporarily shut-
ting down all 12 of its Japanese plants because a key supplier’s plant (Riken Corp.), which produces $1.50 piston rings, was
damaged by a 6.8-magnitude earthquake on July 16, 2007, Toyota president Katsuaki Watanabe said, “the company will
examine its risk management and risk control and look for ways to become less dependent on single suppliers. [But it] won’t
change its kanban, or just-in-time, strategy of keeping as little inventory as possible on hand, which reduces warehouse costs
and ensures quality” (Chozick, 2007). For more on supply vulnerability and competitive advantage, see Shef, 2005; and
Shef and Rice, 2005.
Motivation and Methodology 3
Te supply chain challenges the Air Force faces are complicated by its changing missions, oper-
ations, and requirements for support. With the rise of smaller, regional conficts and antiter-
rorist operations has come much more uncertainty regarding Air Force deployments, includ-
ing their timing, location, and intensity. In response, the Air Force has developed plans and
policies that require a very responsive, fexible, and resilient sustainment supply chain for its
forces. Furthermore, the rising costs of sophisticated new technologies to counter new threats
have driven up the real costs of weapons over time, reducing the numbers that the Air Force
can acquire and increasing the consequences of supply chain disruptions.
3
Fewer weapons and more deployments often lead to much lower densities of weapons at
home stations and deployed. Tese lower densities, in turn, make cannibalization more costly
and supply chains for weapon parts more important.
4
3
For example, the Air Force initially sought to purchase nearly 650 F-22 aircraft to replace the F-15 and other aircraft. By
2009, however, Secretary of Defense Robert Gates, citing the need to shift from “big-ticket” items to programs for waging
campaigns against terrorists and extremists in multiple regions, sought to cap the number of F-22 aircraft at 187 (“Gates
Announces Major Pentagon Priority Shifts,” 2009). As he wrote in Foreign Afairs, weapons “have grown ever more baroque,
have become costly, are taking longer to build, and are being felded in ever dwindling quantities” (as quoted in Tompson,
2009).
4
Cannibalization is the removal of a currently functioning serviceable part from a weapon system that cannot currently
perform its mission (because it is awaiting one or more parts or repair) and using it in an aircraft that needs the part to make
it fully mission capable. Te costs of cannibalization are twofold. First, cannibalization carries costs in lost aircraft owing
to the possibility of collateral damage during the part removal and replacement process. Second, cannibalization requires
additional maintenance man-hours to remove and then eventually replace the serviceable part.
Increasingly Varied Operations Require a More
Flexible and Resilient Supply Chain
• Uncertainty in deployment timing and destination
• Lower density of total and deployed aircraft
– Cannibalization more costly
• Higher technology, more integrated weapons
• Pressures to reduce organic support infrastructure
– Physical
– Budget
Increased customer expectations for
responsiveness, resiliency, and cost effectiveness
4 Identifying and Managing Air Force Sustainment Supply Chain Risks
Te increasingly sophisticated technology and integration of Air Force weapon systems,
coupled with outsourcing by original equipment manufacturers, further underscores the impor-
tance of the supply chain and reducing risks to it.
5
Integrated weapon systems can complicate
support because they require more sophisticated testing to ensure that all systems interfaces are
properly functioning. For example, Deputy Secretary of Defense for Acquisition, Technology,
and Logistics John Young said of the F-22, “Te airplane is proving very expensive to operate,
not seeing the mission-capable rates we expected,
6
and it’s complex to maintain . . .” (as quoted
in Tompson, 2009). In response to the estimated $1.5 trillion 55-year life cycle operating and
support costs (Pocock, 2012), Vice Admiral David Venlet, the F-35 Program Executive Of-
cer, is working with Lockheed Martin to reduce projected sustainment costs. Among other
strategies, the Air Force is trying to balance performance-based logistics support provided by
the original equipment manufacturer (OEM) with organic maintenance (Trimble, 2011); this
underscores the complexity of the challenges and potential risks involved in the acquisition and
sustainment of advanced weapon systems.
Projected reductions in defense spending, coupled with increasing costs of new weapons
and personnel, are increasing pressure to reduce the physical size of and budgets for support
infrastructure.
7
Tis has included Ofce of Secretary of Defense policies for outsourcing the
support of some old and many new weapons in so-called performance-based logistics (PBL)
contracts “that optimize total system availability while minimizing cost and logistics foot-
print” (Defense Acquisition University, undated).
8
Reducing the budget for support infrastruc-
ture is likely to lead to consolidation of suppliers and organic facilities as well as possibly more
outsourcing. Consolidation reduces redundancies and means; if a disaster were to strike a con-
solidated site, the consequences would be greater.
5
Boeing’s experience with its “Dreamliner” 787 aircraft underscores the importance of some supply chain issues and risks
in aircraft manufacturing. Its initial test voyage of the aircraft and subsequent delivery to customers were delayed by supply
chain problems, specifcally those in a shortage of fasteners (Holmes, 2007). Later, to gain greater control over its global
supply chain, Boeing purchased a fuselage subassembly plant (“Boeing Acquires Stake in Plant,” 2009).
6
Te F-22s currently in the inventory “are ready to fy only 62% of the time and haven’t met most of their perfor-
mance goals” (Tompson, 2009). According to information from the Reliability and Maintainability Information System
(REMIS) from fscal year 2006 to 2010, F-22 mission capable rates have ranged between 61 and 63 percent.
7
Defense Secretary Gates, as quoted in Tompson, 2009, warned that “Te spigot of defense spending that opened on
9/11 is closing.” Tompson further observes that “the military’s annual budget has fnished growing, and the billions it once
imagined it might spend on future weapons have evaporated. So cuts—and big ones—are coming.” In addition, the “aver-
age military service member is about 45 percent more expensive, after adjusting for infation, in fscal year [FY] 2009 than
in FY98 . . .” (Daggert as quoted in Waterman, 2009). In January 2011, Secretary Gates announced $78 billion in budget
cuts over fve years. President Obama has proposed cuts of more than $400 billion by 2023 (Shanker and Drew, 2011).
8
PBL is the DoD-preferred approach for implementing product support. PBL is a strategy for weapon system product
support that employs the purchase of support as an integrated performance package designed to bring higher levels of
system readiness. PBL delineates outcome performance goals of weapon systems; ensures that responsibilities are assigned;
and provides incentives for attaining those goals for the overall life-cycle management of system reliability, supportabil-
ity, and total ownership cost. DoD Directive 5000.01, Te Defense Acquisition System, provides policies that apply to all
acquisition programs. According to the directive, program managers are required to develop and implement PBL strategies
that optimize total system availability while minimizing cost and logistics footprint. Te directive also requires that pro-
gram managers become the single point of accountability for accomplishing program objectives for total life-cycle systems
management, including sustainment. Te Fiscal Year 2003–07 Defense Planning Guidance requires that each military
department submit a plan that identifes its implementation schedule for applying PBL to all new weapon systems and all
Acquisition Category I and II felded systems (Ofce of the Inspector General, 2004).
Motivation and Methodology 5
Furthermore, Air Force customer expectations for responsiveness, resiliency, and cost
efectiveness, based on their needs and experience in the commercial sector, are rising. Indeed,
customer frustration with expensive, slow, and unreliable support had, in part, been driving
policy to outsource more weapon system support to the private sector, particularly to OEMs
through PBL contracts.
9
More recently, the Air Force has retreated somewhat from outsourcing
due to higher-than-expected costs of outsourced maintenance and repair as well as breaching
of the “50/50 rule,” requiring that at least half of maintenance be performed at a public depot.
As we discuss, the total magnitude, or measure, of risk is a function of likelihood, conse-
quence, and duration of an event. Uncertain deployment timing and destination, lower density
of aircraft, and higher technological requirements, combined with pressures to make the sup-
port system more efcient and efective, can increase the likelihood, consequence, or duration
of supply chain risks if they are not concurrently addressed. Such increased sustainment risks
adversely impact the Air Force’s ability to respond quickly and to sustain agile operations.
9
“PBL strategies may be applied at the system, subsystem, or major assembly level depending upon program unique cir-
cumstances and appropriate business case analysis” (Wynne, 2004).
6 Identifying and Managing Air Force Sustainment Supply Chain Risks
Over time, the Air Force has increasingly relied on contract rather than solely organic sup-
port for its weapon systems; an important implication is that the Air Force must work with
external partners to make its supply chains resilient and responsive and to mitigate risk in
them. Te above table shows the evolution of Air Force weapon system maintenance support
in recent and coming years. Te top row lists major weapon systems by year of introduction.
Each subsequent row in the table lists major support components (e.g., airframe, engines, land-
ing gear) and support functions (i.e., engineering, supply chain management, distribution) for
each system. Te colors in each cell note the status of support.
Tis table shows the Air Force’s shift over time from organic-provided (i.e., internal)
to contractor-provided (i.e., external) maintenance services. A signifcant amount of product
support and depot maintenance is being performed through contracts on existing weapon
systems, with more planned for future systems (Mulligan, 2007). While some elements of
this strategy are being reviewed—for example, maintenance strategies for the C-17 and F-22
aircraft will use more organic support in coming years—it is unlikely that the Air Force will
return, or even want to return, to 100 percent organic maintenance. Regardless of the contract
strategy, both contractor and organic support have supply chain risks. What can vary are the
types and dimensions of the risks as well as the access Air Force managers have to the informa-
tion needed to adequately identify, assess, and manage them.
The Air Force Is Outsourcing More Product Support and
Performing Depot Maintenance Through Contracts
SOURCE: Mulligan, 2007.
NOTES: GTEs/APUs = gas turbine engines/auxiliary power units; CLS = contractor logistics support. “Retiring” means the aircraft are being
removed from Air Force operations and support for them will no longer be funded. “Organic” means the support for the aircraft was provided by
Air Force personnel and facilities. “Contract” means the support was provided by a contractor. Federal law requires that 50 percent of aircraft
maintenance be organic.
Motivation and Methodology 7
Te Air Force asked RAND to help it develop an enterprise-wide strategy for proactively man-
aging supply chain risks. Because supply chain risks span the life of a weapon system, we con-
ducted the study in two phases: Phase one examined Air Force management of supply chain
risks associated with sustainment of legacy or near-legacy systems (that is, those systems whose
production has ended or will soon end), and phase two focused on managing supply chain
risks during acquisition.
Tis document describes our fndings for phase one on sustainment. Our goal for this
phase was to identify those risks the Air Force is currently managing, those it is not currently
managing, and those it should manage.
Our Research Can Help the Air Force Develop a
Strategy for Managing Supply Chain Risks
• Initial focus: sustainment supply chain—identifying
risks Air Force is, is not, or should be managing,
particular for legacy systems
• Subsequent focus: acquisition supply chain risks
8 Identifying and Managing Air Force Sustainment Supply Chain Risks
We began by reviewing the academic and business literature on supply chain risk management
(SCRM). Because this is an emerging feld, the literature is fairly recent and much less devel-
oped than literature on other risks or supply chain management generally. We also reviewed
Air Force and Department of Defense (DoD) guidance regarding sustainment supply chain
risk identifcation and management.
We developed, based on our reviews of the literature and policy guidance, interview pro-
tocols for Air Force and DoD personnel involved in supply chain, contracting, and commodity
management (Appendix A) as well as for industry personnel involved in SCRM (Appendix B).
We selected two weapon systems for case studies: the F-16, a legacy weapon system,
which primarily has organic support and has transitioned from acquisition to sustainment,
and the C-17, a newer system that is contractor-supported and is currently transitioning from
acquisition to sustainment.
Because commodity councils are responsible for writing many sustainment contracts we
also interviewed commodity council representatives at each air logistics center (ALC) regard-
ing their management of supply chain risks. Tese included the Landing Gear Commodity
Council at the Ogden Air Logistics Center, the Communications and Electronics Commod-
ity Council at the Warner Robins Air Logistics Center, and the Propulsion, Instruments, and
Accessories Commodity Council at the Oklahoma City Air Logistics Center. During these
interviews, we learned of the importance of the Defense Logistics Agency (DLA) in managing
Air Force supply chain risk; consequently, we also interviewed DLA personnel at the Defense
Supply Center, Richmond, and DLA Headquarters.
Methodology
• Review supply chain risk management (SCRM)
literature
– Academic and business journals
– Air Force and DoD guidance
• Conduct interviews
– Weapon system mangers (C-17 and F-16)
– Defense Logistics Agency (DLA)
– Commodity councils
– High-tech companies
• Identify risks managed and not managed
• Develop recommendations
Motivation and Methodology 9
We also interviewed representatives of high-technology companies known for their inno-
vative supply chain risk practices to learn more about their SCRM organizations, practices,
and resources.
Troughout this research, we identifed a comprehensive list of supply chain risks and
examined which are managed. We later summarize these fndings and develop recommenda-
tions based on them for the Air Force.
11
Outline
• Introduction/background
• Evolving commercial practices in SCRM
• DoD and Air Force guidance on SCRM
• Summary of Air Force SCRM case studies
– Commodity councils
– Weapon systems
• F-16
• C-17
– DLAs role in Air Force SCRM
• Summary and recommendations
SECTION 2
Introduction and Background
We present our research in the fve sections listed above. We begin this section with an intro-
duction to risk and its three dimensions as well as background on recent trends that afect
supply chain risks. In the next section, we summarize our review of the literature and inter-
views with selected high-technology frms on current SCRM practices and outline a process
for SCRM. In the third section, we summarize our review of DoD and Air Force guidance
regarding sustainment SCRM. In the fourth section, we present our fndings from our inter-
views with Air Force and contractor personnel involved in sustainment contracting and supply
chain management, as well as fndings from interviews with DLA personnel. Lastly, we sum-
marize our fndings and present recommendations for the Air Force to improve its SCRM.
12 Identifying and Managing Air Force Sustainment Supply Chain Risks
• Supply Chain Risk: effect of uncertainty at any
point in the end-to-end supply chain on its
objectives
• Supply Chain Risk Management (SCRM): the
coordination of activities to direct and control an
enterprises end-to-end supply chain with regard to
supply chain risks
SOURCE: Adapted from: International Organization for Standards, 2009b.
We begin with defnitions of supply chain risk and SCRM.
1
Te International Organization
for Standardization (ISO) defnes risk as the “efect of uncertainty on objectives” (2009b,
p. 1).
2
While there is no current ISO defnition for supply chain risk, applying the ISO defni-
tion of risk to supply chain would yield the following: Supply chain risk is the efect of uncer-
tainty at any point in the end-to-end supply chain on its objectives.
3
Uncertainties, in turn, can
lead to disruptions in the supply chain.
Similarly, there is no current ISO defnition of SCRM. Applying the ISO (2009b, p. 2)
defnition of risk management—“coordinated activities to direct and control an organization
1
Enslow (2008, p. 3) describes the supply chain as including “all processes involved in making, moving, storing, or
servicing physical goods . . . from raw material producers through to the end customer. . . . Supply chain activities [may
include] manufacturing, purchasing, warehousing, transportation, and inventory management as well as external activities
performed on [an enterprise’s] behalf by suppliers, logistics partners, transportation carriers, distributors, co-packers, ser-
vice and repair organizations. . . .”
2
“Uncertainty is the state, even partial, of defciency of information related to, understanding or knowledge of, an event,
its consequences, or likelihood” (ISO, 2009b, p. 2). “An efect is a deviation from the expected—positive and/or negative”
and “Objectives can have diferent aspects (such as fnancial, health and safety, and environmental goals) and can apply at
diferent levels (such as strategic, organization-wide, project, product and process)” (ISO, 2009b, p. 1).
3
Te Council of Supply Chain Management Professionals (2009) developed the following defnition of supply chain
management: “Supply chain management encompasses the planning and management of all activities involved in sourcing
and procurement, conversion, and all logistics management activities. Importantly, it also includes coordination and col-
laboration with channel partners, which can be suppliers, intermediaries, third party service providers, and customers. In
essence, supply chain management integrates supply and demand management within and across companies.”
Introduction and Background 13
with regard to risk”—to supply chain would yield the following: SCRM is the coordination
of activities to direct and control an enterprise’s end-to-end supply chain with regard to supply
chain risks. ISO further defnes a risk management framework as the “set of components that
provide the foundations and organizational arrangements for designing, implementing, moni-
toring, reviewing, and continually improving risk management throughout the organization”
(ISO, 2009b, p. 2).
14 Identifying and Managing Air Force Sustainment Supply Chain Risks
Tere are three dimensions to measuring the total magnitude of risk. Te frst is the likelihood
or probability of an event that could cause adverse efects (i.e., produce harm or loss) occur-
ring.
4
Te likelihood of occurrence is much higher for some risks than others.
Te second risk dimension is the expected consequence, that is, what will happen to the
enterprise in the event that the risk occurs.
5
An example of a harm or loss of low consequence
resulting from a risk would be short delays in fulfllment of customer orders. An example of
a high consequence (indeed, one that could destroy the enterprise) would be the release of a
highly toxic substance harming or killing a large number of individuals.
Te third dimension of measuring the total magnitude of risk is duration—how long the
risk event causes loss or harm to the enterprise. Events can vary in their immediate and subse-
quent efects. A short event, such as a power outage lasting less than an hour, is likely to have
little lasting impact on an enterprise. A more signifcant event, requiring more than a year to
replace facilities, equipment, or personnel, would obviously have a longer-lasting impact. Te
longer the duration of the consequence, the greater the harm or loss is to an enterprise. If a risk
cannot be avoided, then enterprises will focus on reducing its duration and consequences so as
to reduce total harm or losses.
4
“Risk is often expressed in terms of the consequences of an event (including changes in circumstances) and the associ-
ated likelihood . . . of occurrence” (ISO, 2009b, p. 2).
5
“Risk is often characterized by reference to potential events . . . and consequences . . . or a combination of these” (ISO,
2009b, p. 2).
Risk Has Three Dimensions—Likelihood of
Occurrence, Expected Consequence, and Duration
Low Medium High
Expected consequence
Likelihood
of occurrence
High
Medium
Low
SOURCE: Adapted from Favre and McCreery, 2008.
Introduction and Background 15
Deputy Secretary of Defense John J. Hamre (1998) commented that “[R]adical new business
practices . . . have revolutionized American industry and have fueled American productivity in
the last ten years.” Seeking similar productivity improvements, DoD and the Air Force have
been implementing many of these new industry practices, which have changed some supply
chain risks.
Two major commercial trends that DoD and the Air Force have been adopting, inventory
reductions
6
and outsourcing,
7
can make supply chains more productive but also riskier. High
inventory levels can bufer an organization against internal and external supply disruptions.
Minimal inventory levels resulting from “lean” and other initiatives provide no such bufer.
6
“In May 1990 the Under Secretary of Defense for Acquisition established a 10-point inventory reduction plan” (GAO,
1994, p. 38).
7
Te Federal Activities Inventory Reform Act (FAIR) of 1998 (P.L. 105-270) directs federal executive agencies, including
DoD, to submit to the Ofce of Management and Budget inventories of activities that are “inherently governmental” and
commercial activities (i.e., activities that are not “inherently governmental”) performed by federal employees every year by
June 30. Activities identifed as commercial may be competed against private-sector bidders using Ofce of Management
and Budget (OMB) Circular A-76, Performance of Commercial Activities. If a private-sector bid is deemed cheaper, the
activity is outsourced. In August 2001, President Bush announced the President’s Management Agenda, which included
competitive sourcing as one of fve initiatives to enhance government’s efectiveness (OMB, 2001). More recently, the
Obama administration and Congress have introduced legislation to limit the “inherently governmental” functions that
can be outsourced. Te political pressure to limit outsourcing has been met with equally strong arguments to continue this
practice.
Major Trends Have Affected Supply Chain Risks
• Inventory reduction ! required reliable supply chain
• Outsourcing ! Lead system integrator model
• Supply base rationalization ! single/sole sourcing
• Industry consolidations ! Less competition/choices
• Globalization ! Increased complexity
– Longer supply chains
– Varying political, cultural, economic, and geographic
environments
• Virtual integration ! Increased vulnerability
• Growing concerns regarding environmental, fair labor,
financial, and health and safety issues
16 Identifying and Managing Air Force Sustainment Supply Chain Risks
Similarly, internal production gives an enterprise control over use and scheduling of its
production assets. Outsourced production often requires an enterprise to share production
assets with other customers of the supplier, giving the enterprise little or no control over use
and scheduling assets. Consequently, outsourcing assembly, manufacturing, or production
inputs can lead to more frequent disruptions, particularly when inventory bufers have also
been reduced.
Other commercial-sector trends being adopted in the DoD and Air Force afecting its
supply chain risks include supply-base rationalization,
8
industry consolidations,
9
globalization,
10
and virtual integration.
11
To reduce costs and improve supplier performance, many enterprises have analyzed their
spending and supplier performance and rationalized their supply base. Tis often leads to a
signifcant reduction in the number of suppliers. In response to a 2005 OMB memorandum
(Johnson, 2005) that calls for “leveraging spending to the maximum extent possible,” DoD
and the Air Force have been analyzing their contracts, spending, and supplier performance via
strategic sourcing initiatives, which have often led to the use of fewer suppliers. Using fewer
suppliers can increase supply risks because a larger percentage of inputs will be afected by a
single supplier’s performance.
Over time, as industries mature, they tend to consolidate as a result of mergers, acquisi-
tions, and bankruptcies (Deans, Kroeger, Zeisel, 2002). In the early 1990s, DoD leadership
became concerned that excess capacity in defense frms, resulting from a sharp decrease in
defense spending from its peak in 1985 (Ofce of the Under Secretary of Defense, Comp-
troller, Comptroller, 2009), would lead to higher weapon-system costs. Consequently, DoD
actively encouraged defense industry consolidation through mergers, acquisitions, and restruc-
turing (Perry, 1996). Tese eforts resulted in “a dramatic decline in prime contractors in 10
of the 12 markets DoD identifed as important to national security” (GAO, 1998, p. 2) and
raised concerns about preserving competition with fewer choices for defense aerospace prod-
ucts and suppliers. Such reductions in the number of suppliers could, as noted, increase supply
chain risks.
Another trend that afects supply chain risk is globalization. Seeking to lower total costs,
broaden their customer base, and diversify risks, many enterprises have actively sought suppli-
ers in low-cost countries, moved production there, and expanded marketing and sales beyond
their traditional markets. Tese actions have led to longer and more complex supply chains
as products are customized to local markets and move through varying political, cultural,
economic, and geographic environments as well as multiple distribution channels and trans-
portation modes. Te globalization of American business led the Deputy Secretary of Defense
to remark that “I am not sure what an American company is anymore. I am not sure what
8
Supply-base rationalization is based on “Te idea that an appropriate (often fewer) number of suppliers . . . will reap
lower prices through leveraged volume, standardized service, and lower costs to manage transactions and the supply base.
. . . t will also be easier to monitor supplier performance, and because these suppliers have been identifed as ‘key’ or the
‘best ft’ for the required goods and services, the relationship can grow, fostering integration, trust, value-added services,
and integration” (Dufy, 2005, p. 3).
9
See Deans, Kroeger, and Zeisel (2002) for trends in industry consolidations.
10
For more on trends in globalization see World Trade Organization (2008).
11
Virtual integration is the blurring of the traditional boundaries between supply chain partners through the use of tech-
nology and information (Magretta, 1998).
Introduction and Background 17
an American product is anymore” (Hamre, 1998). He noted further that DoD “want very
much to eliminate a defense industrial base and to adopt, in essence, just an industrial base.”
As a consequence, as DoD moves away from its traditional defense industrial base, it will be
tapping into the supply chains of enterprises that are often more global in nature.
Te traditional lines between supply chain partners have also been blurring through the
use of technology such as e-commerce to exchange information throughout the end-to-end
supply chain; this phenomenon has been called virtual integration (Margretta, 1998). Activi-
ties that enterprises used to do internally, such as ordering, confguring, and delivery, are now
being done by customers,
12
suppliers, or logistics providers. Enterprises are developing multiple
channels for serving customers. Tis makes tracking and managing supply chains, and risks to
them, more complex. Such complexity requires sophisticated information systems for opera-
tions, management, and information sharing, which adds new costs and introduces additional
risks to supply chains while managing others.
Lastly, buyer and societal concerns regarding environmental, fair labor, health and safety,
and fnancial issues throughout the end-to-end supply chain broaden requirements for risk
management beyond traditional categories. Such issues can cause dramatic changes in cus-
tomer demand or even boycotts in the commercial sector and changes in policies in govern-
ment as well as political pressures regarding supplier selection, particularly in response to nega-
tive announcements.
12
Deputy Defense Secretary John Hamre (1998) noted that “[d]uring the last 10 years, American businesses pioneered
some startling relationships that efectively blur the distinction between customer and provider.”
18 Identifying and Managing Air Force Sustainment Supply Chain Risks
Traditional approaches to supply chain risks were to bufer them with multiple suppliers,
extensive frequent competition, expediting, increased order quantities, inventory safety stocks,
and other stocks throughout the end-to-end supply chain (Giunipero and Eltantawy, 2004).
Nevertheless, these bufering strategies also have risks and costs associated with them, includ-
ing limited price leverage; increased variance in supply orders, quality, and delivery; limited
opportunities for collaboration and continuous improvement; and having too much, too little,
or the wrong inventory. All of these can lead to increased total costs.
13
Inventory bufer stocks
throughout the supply chain can also hide problems that enterprises should fx (Cordon, 1995).
Overall, the benefts realized in lower total costs and improved quality, delivery, and
reliability from new supply chain management practices, though carrying new and diferent
risks, increase the importance of shifting from reactive supply chain risk bufering to proac-
tively identifying, understanding, and efectively managing end-to-end supply chain risks and
vulnerabilities (Zsidisin, Ragatz, and Melnyk, 2003). Enterprises need to identify prospective
risks and vulnerabilities that could afect the end-to-end supply chain, determine their prob-
ability, and assess the likely consequence of such events. Once prospective risks are identifed,
enterprises need to prioritize them and develop ways to prevent harmful events from occurring
and mitigate and manage them should they occur (Steele and Court, 1996; LCP Consulting in
conjunction with the Centre for Logistics and Supply Chain Management, 2003; and Zsidisin,
Ragatz, and Melnyk, 2005).
13
Indeed, Zsidisin, Panelli, and Upton (2000) claim that “bufer strategies . . . are generally more expensive to maintain
and usually do not reduce the chance of detrimental events from occurring in the supply base,” though they sometimes can
help “‘buy time’ for the purchasing frm to come up with a solution to their incoming supply problem.”
Traditional Supply Risk Buffering Strategies
Also Have Risks
Strategy Risks
Multiple sources of supply Limits price leverage and
increases variance in
quality and delivery
Frequent and extensive
competition
Limits opportunities for
collaboration and
continuous improvement
Expediting Increases total costs
Increased order quantities Increases bullwhip effect
Inventory safety stocks Increases total costs
Well-stocked supply
pipeline
Increases total costs and
hides supply chain
problems
Introduction and Background 19
It is to be expected that the perception of what constitutes a risk and the severity of the risk will
vary by industry and business; there can be diferences in risk assessment within organizations
as well. Risk managers (i.e., persons responsible for assessing and managing supply chain risks)
and supply chain managers were recently surveyed regarding the types of risks that concern
them (Enslow, 2008;
14
Hillman and Keltz, 2007). Overlapping risks from the two separate
surveys included
15
• supplier delays/quality/disruptions
16
• logistics delays and disruptions
17
• natural disasters
18
14
Te survey results were for risks beyond the risk manager’s traditional concerns with property and casualty insurance.
15
Survey questions are tailored to represent the concerns of diferent segments of the organization. For example, supply
chain managers may have diferent perceptions of risk than do fnancial managers or insurance risk assessors.
16
Tese can be caused by supplier shortages/constraints of labor, equipment, facilities, and/or inputs (goods and services)
to their production processes, poor and/or variable inputs to production or production processes, or fres, explosions, struc-
tural failures, hazardous spills, fnancial problems, or labor strikes or slowdowns.
17
Tese include events that delay, disrupt, or afect the safety and security of road, rail, air, and ocean movements of inputs
to and outputs from production.
18
Tese include earthquakes, foods, hurricanes, tornados, tsunamis, and volcanic eruptions.
Risk Managers and Supply Chain Managers Have
Different Perspectives on Risk
0 10 20 30 40 50 60
Other
Regulatory risk
Geopolitical event
Strategic risk
IP theft, counterfeiting, gray market
Brand reputation (recalls, fair labor)
Customer-facing (e.g., demand volatility)
Natural disasters
Logistics delays/disruptions
Internal operations/infrastructure
Suppliers delays/quality/disruptions
Pricing
Risk Managers SC Managers
Percent respondents
SOURCES: Adapted from Enslow, 2008; Hillman and Keltz, 2007.
NOTES: IP = intellectual property; SC = supply chain.
.
20 Identifying and Managing Air Force Sustainment Supply Chain Risks
• intellectual property theft, counterfeiting, or “gray market” (e.g., distribution of products
through unauthorized, unintended, or unofcial channels) issues.
19
Tese are highlighted in the fgure.
Enterprise risk managers were also surveyed regarding
• price
20
• internal buying enterprise operations/infrastructure
21
• demand volatility
22
• brand reputation (i.e., recalls, fair labor). (Tis risk was not asked of supply chain
managers.)
Whereas supply chain managers were also surveyed regarding
• strategic risk
23
• geopolitical events
24
• regulatory risks
25
• other risks for which enterprise risk managers were not surveyed.
Te results of these surveys show the relative importance of diferent supply chain risks
from an enterprise and supply chain perspective. Tese diferences highlight the gap between
risk visibility within organizations and the need to manage risk specifc to each operation.
19
Tese include internal employee or supply chain partner intellectual property theft, substituting of deceitful imitation
of key inputs to production or deceitful imitation of fnal products, and the distribution of products through unofcial,
unauthorized, or unintended channels.
20
Price risk involves the variability of raw materials costs.
21
Tese risks can be facility, labor, or equipment shortage/unavailability, or mechanical breakdowns. Tey can also be
related to poor planning and management.
22
Demand variability/volatility can lead to surges or shortfalls in production, repair, or distribution.
23
Strategic risks represent a broader category of external risks than demand volatility (i.e., customer demand uncertainty),
to include market conditions, fnancial stability, and the ability to successfully launch a new product or sell the right prod-
uct in the right market. Tey are particularly challenging when demand and supply are highly variable and products have
short life cycles.
24
Tese can include currency fuctuations, political unrest, and changes in trade policies.
25
Tese include changes in taxes, customs, tarifs, and other restrictions on imports and exports.
Introduction and Background 21
Te above table is from Hillman and Keltz’s (2007) survey of supply chain managers and ranks
relative concern for seven risks in eight industries. Not surprisingly, concerns about supply
chain risks vary by industry. Of these industries, “high-tech” and “aero and defense” are per-
haps most relevant to the Air Force. In both industries, both “supplier failure” and “strategic
risk”
26
are among the greatest concerns. Other risks of great concern among aerospace and
defense supply chain managers but of less concern to those in “high-tech” industries include
geopolitical events, regulatory risks, and logistics failures. Supply chain managers in the aero-
space and defense industries reported that natural disaster risks are not applicable to them. We
will discuss later what may be driving this lack of concern.
When we compare the results of the survey of supply chain mangers by industry (shown
in the slide) to those of the survey of supply chain managers (Enslow, 2008), we see that there
are diferences even within the same functional area across industries. Terefore, if one com-
pany relies on another to perform risk mitigation, it is important to understand any diferences
in each company’s (or industry’s) perception of risk.
26
Examples of strategic risk include loss of manufacturing capacity or overreliance on one supplier.
Supply Chain Risk Concerns Vary by Industry
Factor Overall Chem. Retail High-
Tech
Auto Aero &
Defense
Pharma Con-
sumer
Goods
Ind./
Discrete
Supplier failure 1
Strategic risk 2
Natural disaster 3
?
Geopolitical event 4
Regulatory risk 5
Logistics failure 6
IP infringement 7
Other 8
SOURCE: Hillman and Keltz, 2007.
Most
concern
Less
concern
N/A
Representatives of 89 U.S. manufacturing and retail companies who participated in evaluations of SCRM technology and services purchases
23
Outline
• Introduction/background
• Evolving commercial practices in SCRM
• DoD and Air Force guidance on SCRM
• Summary of Air Force SCRM case studies
– Commodity councils
– Weapon systems
• F-16
• C-17
– DLAs role in Air Force SCRM
• Summary and recommendations
SECTION 3
Evolving Commercial Practices in Supply Chain Risk Management
SCRM is challenging for several reasons. Often, risk mitigation strategies are costly, may
involve procuring backup systems, or may involve establishing alternative sources of supply.
Te return on investment from mitigation strategies may be difcult to quantify and justify to
management, and this may be especially true for investments to mitigate risks with high impact
but low likelihood. Business environments are very dynamic, and an inventory of the risks that
cause concern will change as the business environment evolves, new competitors and suppliers
enter or leave the market, governments and regulations change, etc. Tere may be limited vis-
ibility of upstream supply risks, making it difcult to assess and communicate the exposure to
risks to upper management. SCRM requires balancing and communicating the uncertainty
that an event will happen, the costs of preparing for the event, and the costs of paying for the
consequences. We turn next to some of the best commercial practices for SCRM.
24 Identifying and Managing Air Force Sustainment Supply Chain Risks
Te table above lists several risk categories, signifcant events within those categories that have
occurred in the past decade, and their consequences to the supply chain. Tese events also
reveal that low-probability, high-consequence events may be difcult to predict at the event
level, but, when grouped together, they happen more often than might be suspected.
Among these events were the September 11, 2001, terrorist attacks on the United States,
which led to a shutdown of U.S. borders for days and grounding of nearly all fights. Tey also
include natural disasters, such as hurricanes Katrina (August 2005), Rita (September 2005),
and Ike (September 2008), which devastated several regions of the United States, including oil
production facilities; the 2008 earthquake in Chengdu, China, which killed more than 80,000
people and disrupted manufacturing there
1
; and the 2011 earthquake and tsunami in Japan,
which also killed thousands and caused supply disruptions that reverberated throughout the
global supply chain. Even events such as the volcanic eruption in Iceland, which are peripher-
ally connected to the global supply network, can also create disruptions that require manage-
ment attention.
Other risk categories, such as strikes and changes in the law or regulations, have also
occurred within the past decade. A ten-day West Coast port lockout (September and October,
2002)
2
led to shipping backlogs of more than 100 days that took almost two months to clear
1
Because they have robust business continuity and SCRM plans, both Cisco and Intel, who had suppliers in Chengdu,
were able to smoothly transfer operations to other sources (Dornfeld, 2008; Solomon and McMorrow, 2008).
2
Te Pacifc Maritime Association, which represents major shipping lines and terminal operators at 29 West Coast ports,
“locked out 10,500 members of the International Longshore and Warehouse Union, charging the union was engaged in a
slowdown of work that amounted to a strike with pay.” (Isidore, 2002).
A Sample of Recent Upstream Supply Chain Disruptions
Illustrate the Importance of Proactive Risk Management
Risk Category Event Consequence to
Supply Chain
Terrorist Attack
Terrorist Attack: 9/11 Port and air traffic shutdown
Act of Nature
Hurricanes (Ike, Rita, Katrina) Oil production facilities
heavily damaged
Earthquakes/tsunamis (Chengdu,
China; Japan)
Capacity of high-tech
industries reduced
Volcanic eruptions, Iceland Flight cancellations
Strikes
West coast port strikes Distribution backlogs
Evolving Commercial Practices in Supply Chain Risk Management 25
and is estimated to have cost the U.S. economy $1 billion to $2 billion per day (Isidore, 2002;
McKenna, 2007; and Hannon, 2008). Such events caused many enterprises with lean supply
chains to realize they needed to improve their risk management practices.
Federal legislation has also prompted concerns with business disruption and continuity
planning. Te Sarbanes-Oxley Act of 2002 “mandates that organizations . . . understand the
risks that may impact their fnancial reporting processes and requires them to put in place the
proper controls” (Berman, 2004); that is, management processes and practices to manage risks
that may afect fnancial performance of the enterprise. While Sarbanes-Oxley does not specif-
ically address business continuity planning, complying with it requires companies to establish
controls, engage in risk assessment, implement control activities, create efective communica-
tion and information fows, and monitor their control processes. Tis has led many enterprises
to establish or strengthen business continuity plans and programs. Because outsourced pro-
cesses (i.e., the performance of external supply chain partners) can have a direct impact on an
enterprise’s fnancial statements, those that report to the U.S. Securities and Exchange Com-
mission are required to assess the efectiveness of their suppliers’ internal control structures
pertinent to their contractual agreements. Some enterprises are beginning to require their sup-
pliers to develop and share their business continuity plans. Tis has led to the establishment of
SCRM organizations and their placement within business continuity programs.
26 Identifying and Managing Air Force Sustainment Supply Chain Risks
According to two recent surveys, risk managers and supply chain managers do not appear
to be well prepared for events that impact their supply chains.
3
Virtually no risk managers
reported that their SCRM was highly efective, while just over one-third reported that theirs
was moderately efective. Among supply chain managers, only 11 percent reported that they
were actively managing supply chain risk. Tis is not surprising given the relatively recent
awareness of increasing supply chain risks and establishment of business continuity and SCRM
organizations.
3
Enslow, 2008, summarizes an online survey of 110 risk managers located predominantly in North America, which was
done in cooperation with Risk & Insurance magazine. Te author does not give a response rate. Fifty-one percent of survey
respondents were from large enterprises ($1 billion or more in annual revenue), 30 percent were from midsize enterprises
($50 million–$999 million), and 19 percent were from small enterprises (less than $50 million).
Hillman and Ketz, 2007, report results from a survey of 89 supply chain managers at U.S. manufacturing and retail
companies. Respondents were qualifed and only eligible to participate in the study if they were part of an evaluation for
SCRM technology and services purchases. 52 percent of respondents were from discrete manufacturing, 36 percent were
from process manufacturing, with the remainder from retail with 40 percent having 15,000 or more employees and 33 per-
cent having fewer than 5,000 employees. Te authors do not give a response rate.
Few Risk and Supply Chain Managers Report That Their
Enterprises Are Well Prepared for SCRM Risk-Related Events
Moderately
effective
35%
Low
effectiveness
28%
No formal
risk process
24%
Do not
Know
14%
Highly
effective
0%
Actively
managing
risk
11%
Actively
assessing
risk
24%
Concerned
but no formal
process
47%
Not
concerned
about risk
18%
SOURCES: Adapted from Enslow, 2008; Hillman and Keltz, 2007.
Risk Managers
Supply Chain Managers
Evolving Commercial Practices in Supply Chain Risk Management 27
Te fgure above, adapted from Verstrate (2008), illustrates how a lack of proactive SCRM
delays recovery and increases the magnitude of the consequences of an event. Te horizontal
axis denotes time, and the vertical axis represents a change in the business or environment. Te
black line tracks how the business environment is changing, while the enterprise’s reaction to
that change is shown by the red line. Enterprises that are adept at adapting to change reduce
latency, so the red line and black line are very close. When there are no plans for quickly iden-
tifying events that could impact an enterprise’s supply chain, there can be a delay in recogniz-
ing such events—decision latency. Once an event has been recognized, if there are no plans for
managing or mitigating the specifc type of event that has occurred, response delays—change
design latency—will increase while an enterprise determines the best response. Once a response
has been designed, it needs to be implemented, which further delays an enterprise’s response—
change implementation latency. Finally, after implementation, an enterprise needs to determine
whether its response to the supply chain disruption was efective—validation latency. If not
efective, the implementation may need to be modifed, further delaying the enterprise’s return
to normal operations.
A well-publicized example of the costs of delay in responding to a supply chain disrup-
tion was a brief fre caused by lightning at a Phillips Electronics semiconductor plant in Albu-
querque, New Mexico (Latour, 2001). Te fre adversely impacted the supply of critical com-
puter chips for both Nokia and Ericsson cell phones. Nokia noticed a problem with its chip
supply before Phillips notifed it of the fre. As soon as it realized chip production would not
be resumed quickly, Noika “redesigned chips on the fy, sped up a project to boost production,
Lack of Proactive Risk Management
Delays Recovery and Increases Impact
SOURCE: Adapted from Verstrate, 2008.
Business or
environment
change
Enterprise
reaction to
change
Latency
Quality of
response
Decision
Time
Change design
Change
implementation
Validation
+
+
+
28 Identifying and Managing Air Force Sustainment Supply Chain Risks
and fexed the company’s muscle to squeeze more out of other suppliers” (Latour, 2001). Erics-
son did not have other chip suppliers and was slow to react, failing to fnd alternative sources
of supply. As a result of its ability to detect the problem faster than Ericsson and execute a
response, Nokia gained market share at the expense of Ericsson, which soon exited cell phone
production.
4
4
Ericsson eventually developed a proactive SCRM approach (Norrman and Jansson, 2004) but too late to prevent the
large losses associated with the fre at the Phillips plant.
Evolving Commercial Practices in Supply Chain Risk Management 29
We conclude from our company interviews and review of the literature that proactive SCRM
requires an organization that develops guidance and policies for identifying and managing
supply chain risks. It must develop the capability to target critical risks and develop and exe-
cute risk management plans.
Proactive SCRM also requires that an enterprise have a supply chain risk assessment and
management process. Often supporting the process are tools for supply chain risk identifca-
tion, assessment, and monitoring. Along with those tools are strategies for mitigating and
managing many supply chain disruptions. Strategies may include identifying or developing a
second source or site for manufacture, holding inventory to cover requirements for the duration
of the disruption, and, in the long term, designing future products and selecting suppliers to
reduce overall supply chain risks.
Proactive Management Requires Establishment of
SCRM Organizations, Processes, and Practices
• SCRM organization
– Guidance and policies
– Resources for people and training
• SCRM process
– Tools
– Strategies
• Emerging practices
• Business continuity/SCRM plans
• Incentives
• Metrics
30 Identifying and Managing Air Force Sustainment Supply Chain Risks
SCRM Organization
• Enterprise-wide SCRM organization
– Develop policy, processes, tools, and metrics
(e.g., suppliers with business continuity plans,
time to recovery)
– Institutionalize reporting requirements (e.g.,
board of directors level)
• Strategic business units
– Identify, assess, and prioritize risks
– Develop and implement specific plans
– Request and review supplier business
continuity plans
– Monitor and report risks
Te enterprises most successful at SCRM have a formal SCRM program (Enslow, 2008). Tey
create a partnership of corporate risk managers and supply chain operations. Te risk man-
ager mobilizes the enterprise against supply chain risks, while supply chain operations work to
ensure that risk processes are designed cross-functionally and end-to-end and embedded into
current activities. For example, cross-functional SCRM might include representatives from
procurement, manufacturing, and sales. An end-to-end perspective would identify supply
chain risk along all the points of the supply chain, including subtier suppliers.
We asked representatives from three companies how they were organized for SCRM.
All reported that they had an enterprise-wide SCRM organization that develops policies, pro-
cesses, tools, internal metrics (such as number of suppliers with business continuity plans), and
supplier time to recovery commitments. Tese centralized organizations also institutionalize
reporting requirements for SCRM, which can include regular reports to the enterprise’s board
of directors.
One company reported that strategic business units (SBUs) do the actual identifying,
assessing, and prioritization of supply chain risks for their products and services. Te SBUs
also develop and implement specifc risk management plans, request and review supplier busi-
ness continuity plans, and monitor and report supply chain risk up to SBU and enterprise
management.
Te Cisco SCRM team is part of its Customer Value Chain Management (CVCM) orga-
nization (Harrington and O’Connor, 2009). Within the CVCM organization, it partners with
Global Supplier Management (GSM), which is responsible for sourcing decisions and manag-
Evolving Commercial Practices in Supply Chain Risk Management 31
ing relationships; Product Operations, which is responsible for developing products from engi-
neering innovations, and Global Manufacturing Operations, which is responsible for global
manufacturing and logistics. CVCM also partners with Cisco engineers to assess the resiliency
of new products. Lastly, CVCM partners with Cisco’s suppliers, manufacturing partners, and
transportation and logistics providers to continuously manage supply chain risks.
Te four key elements of Cisco’s program are as follows:
1. Te Business Continuity Planning Program, which works closely with internal and
external partners “to document recovery plans and times and drive resiliency standards.”
2. Crisis Management, which is responsible for continuous global monitoring of and
response to disruptions.
3. Product Resiliency, which helps Cisco’s business units address supply chain vulnerabili-
ties during product design as well as to prioritize and reduce the costs of risk mitigation
strategies.
4. Supply Chain Resiliency, which identifes points in the supply chain where time to
recovery would be unacceptably high and develops resiliency plans for them.
32 Identifying and Managing Air Force Sustainment Supply Chain Risks
In developing SCRM organizations, enterprises may seek to develop or impart certain skills.
Survey responses of risk managers (Enslow, 2008) indicated that the following skills were very
important for success:
• strong networking and orchestration—79 percent
• basic understanding of end-to-end supply chain process—77 percent
• efective articulation to colleagues of how risk initiatives deliver short-term operational or
fnancial improvement—70 percent
• ability to “talk the language” of the chief executive ofcer (CEO)/chief fnancial ofcer
(CFO) and other enterprise-wide audiences to gain support for initiatives—66 percent
• ability to educate functional personnel on key risk areas and best practices—63 percent
• adeptness at aggregating risks across functional silos and business units to monitor total
enterprise risk—63 percent.
Strong networking and orchestration skills are particularly important because supply
chain risks cut across diferent functions within the enterprise as well as suppliers external to
the enterprise. While the goal of SCRM is to prevent adverse consequences (e.g., additional
costs, short- and long-term loss of business) to the enterprise, it is often hard to justify expend-
ing scarce resources for SCRM initiatives to prevent loss. Terefore, articulating how risk
initiatives deliver short-term operational or fnancial improvement is particularly important.
In addition, supply chain risk managers need to speak the language of the CEO and CFO in
Desired Skills for Supply Chain Risk Managers
• Strong networking and orchestration
• Basic understanding of end-to-end supply chain process
• Effectively articulate how risk initiatives deliver short-
term operational or financial improvement
• Talk the language of the CEO/CFO to gain support for
initiatives
• Effectively educate functional personnel on key risk
areas and best practices
• Adept at aggregating risks across functional silos and
business units to monitor total enterprise risk
SOURCE: Adapted from Enslow, 2008.
One enterprise we interviewed hires people
knowledgeable in supply chain management
and trains them in SCRM
Evolving Commercial Practices in Supply Chain Risk Management 33
terms of enterprise-wide benefts or loss avoidance of SCRM initiatives in order to obtain the
resources to develop and execute SCRM strategies.
Te companies we interviewed also reported that supply chain risk managers needed to
be able to efectively educate diferent functional personnel on key risk areas and best practices
for managing those risks. Further, they need to be adept at aggregating risks across functional
silos and enterprise business units to monitor total enterprise risk.
Representatives from one company we interviewed told us that they seek to hire persons
knowledgeable in supply chain management, which they say is harder to teach, and then train
them in SCRM.
34 Identifying and Managing Air Force Sustainment Supply Chain Risks
Te above fgure outlines a composite, multistep process for supply chain risk assessment and
management based on fve proposed methods for analyzing supply vulnerabilities described
in the literature.
5
Te nine-step process begins by recognizing the existence of a potential risk
5
Yates and Stone (1992) suggest four elements for risk appraisal: existence, including awareness of the potential for pos-
sible loss; identity, including identifcation of specifc losses that might occur; likelihood, including determination of the
likelihood of a possible loss; and signifcance, including assessment of the signifcance of a possible loss.
Zsidisin, Ragatz, and Melnyk (2003) propose a second model based on awareness, prevention, remediation, and knowl-
edge management. Awareness is both internal and external and may include fnancial reports, supply chain mapping, and
use of audit instruments. Prevention includes identifcation, assessment, treatment, and monitoring of risks, and may
include such actions as a risk register. Remediation includes planning how to minimize impact and duration of a risk
and the resources required to address it. Knowledge management includes tracking results and actions for continuous
improvement.
Zsidisin, Ragatz, and Melnyk (2003) also suggest a model adapted to the strategic sourcing process. Its frst step is ana-
lyzing internal requirements and understanding risk tolerance. Its second step is analyzing the supply market to understand
market risks. Its third step is to determine the approach to risk management and relationship types to reduce and bufer
risks. Its fourth step is to identify and evaluate suppliers, including assessing the risks of each. Its ffth step is to build and
manage relationships, including monitoring risks in them.
Ziegenbein and Nienhaus (2004) suggest a four-part continuous SCRM process. Its elements include identifcation of
risks, including a structured documentation of risks and their sources; assessment of risks, including measuring their prob-
ability and impact; controlling risks, including evaluating risks and deciding how to cope with them; and monitoring risks,
including a transparent overview of supply chain risks at all times.
LCP Consulting in conjunction with the Centre for Logistics and Supply Chain Management (2003) proposed an
SCRM fow beginning with a description of the supply chain. An enterprise may then use vulnerability self-assessment
templates to document risks in such areas as demand, supply, environment contingency, process, and control. Once the self-
assessment is complete, an enterprise may evaluate the implications of the risks they face, including their scale, duration,
SCRM Is a Multistep Continuous Process
1. Recognize
existence
2. Identify 5. Prioritize
4. Assess
probable
impact/
significance
3. Estimate
likelihood of
occurrence
6. Develop,
assess, and
execute
management
strategies
7. Develop
contingency
plans
9. Capture
lessons learned
and improve
8. Monitor
Evolving Commercial Practices in Supply Chain Risk Management 35
(step 1), identifying the exposure of the supply base to the risk (step 2), estimating the likeli-
hood and severity of realization of the risk (step 3 and 4), prioritizing risks by potential costs
to allocate scarce resources appropriately (step 5), developing, assessing, and executing a risk
management strategy for the prioritized list (step 6), developing contingency plans (step 7),
monitoring the risk environment to respond to changes and re-prioritize responses to risk (step
8), and, fnally, continuously integrating lessons learned and improving risk and supplier man-
agement policies (step 9).
We defne each step and provide additional details on identifying risk (step 2), prioritizing
risk (step 5), developing assessing and executing management strategies (step 6), and capturing
lessons learned to improve risk management (step 9).
Step 1: Recognizing Risk. Before a risk can be addressed, there must be an awareness
that supply vulnerabilities exist (Zsidisin, Ragatz, and Melnyk, 2003). Enterprises need to be
aware that their actions or lack of action creates various supply chain risks.
recovery, and cost. An enterprise can then identify the actions it needs to take such as mitigation strategies or developing
contingency plans for the risks with the greatest consequences to its operations.
36 Identifying and Managing Air Force Sustainment Supply Chain Risks
Step 2: Identifying Risks. Tis step of risk management and assessment requires identifcation
of supply vulnerabilities. Enterprises need to identify the possible risks associated with a
prospective supply strategy. An example of a supply chain risk may be disruptions due to
natural disasters. One way to visualize these risks, which are related to location, is to map
them, as we illustrate later. Te fgure above shows the locations of hurricanes, earthquakes by
magnitude, and tornados by damage for the 48 contiguous states.
6
Other methods for identifying risks include brainstorming, interviews, workshops, supply
chain mapping/description,
7
the Delphi Method,
8
fault or event tree analysis
9
(Ziegenbein and
Nienhaus, 2004), and Nominal Group Technique, or NGT (Zsidisin, Panelli, and Upton,
2000).
10
Some authors recommend assessing vulnerabilities by categories of external risks, such
6
Data for earthquakes are for 1789 to 2004; those for tornados and hurricanes are for 1995 to 2000.
7
Supply chain mapping identifes all members, facilities, linkages, and fows of goods, information, and money in the
end-to-end supply chain from upstream raw materials suppliers through manufacture to downstream delivery to the fnal
customer, use, and then disposal (Gardner and Cooper, 2003).
8
Te Delphi Method relies on a series of questionnaires among a group of experts to discern a consensus as well as reasons
for disagreement. For further information, see Linstone and Turof, 2002.
9
Fault or event tree analysis breaks down a system risk event into component failures step by step by linking failure events
with their causes. Because fault tree analysis is used for qualitative and quantitative analysis of systems, it is essential that
for a risk every cause is considered in the fault tree and conversely that every mentioned cause is actually needed to trigger
the event (Schellhorn, Tums, and Reif, 2002, p. 1).
10
NGT involves individuals frst generating their own ideas, then sharing them with a group, before ranking each. For
more information, see Van De Ven and Delbecq, 1974.
Visualization of Exposure to Natural Disaster Risks
for Customers and Suppliers
5.501 and above
4.501 to 5.5
3.3 to 4.5
Earthquake
Richter scale
Hurricane
Tornado damage
In recent years, the Air Force and, particularly, its suppliers have pursued various means to improve performance, reduce costs, and otherwise adopt best industry practices. Such practices include outsourcing, global sourcing, supply-base rationalization, single sourcing, justin- time deliveries, and lean inventories.
For More Information
Visit RAND at www.rand.org
Explore RAND Project AIR FORCE
View document details
Support RAND
Purchase this document
Browse Reports & Bookstore
Make a charitable contribution
Limited Electronic Distribution Rights
Tis document and trademark(s) contained herein are protected by law as indicated in a notice appearing
later in this work. Tis electronic representation of RAND intellectual property is provided for non-
commercial use only. Unauthorized posting of RAND electronic documents to a non-RAND website is
prohibited. RAND electronic documents are protected under copyright law. Permission is required from
RAND to reproduce, or reuse in another form, any of our research documents for commercial use. For
information on reprint and linking permissions, please see RAND Permissions.
Skip all front matter: Jump to Page 16
Te RAND Corporation is a nonproft institution that helps improve policy and
decisionmaking through research and analysis.
Tis electronic document was made available from www.rand.org as a public service
of the RAND Corporation.
CHILDREN AND FAMILIES
EDUCATION AND THE ARTS
ENERGY AND ENVIRONMENT
HEALTH AND HEALTH CARE
INFRASTRUCTURE AND
TRANSPORTATION
INTERNATIONAL AFFAIRS
LAW AND BUSINESS
NATIONAL SECURITY
POPULATION AND AGING
PUBLIC SAFETY
SCIENCE AND TECHNOLOGY
TERRORISM AND
HOMELAND SECURITY
Tis product is part of the RAND Corporation documented briefng series. RAND
documented briefngs are based on research briefed to a client, sponsor, or targeted au-
dience and provide additional information on a specifc topic. Although documented
briefngs have been peer reviewed, they are not expected to be comprehensive and may
present preliminary fndings.
PROJ ECT AI R FORCE
DOCUMENTED BRI EFI NG
Identifying and Managing Air Force
Sustainment Supply Chain Risks
Nancy Y. Moore • Elvira N. Loredo
PROJ ECT AI R FORCE
DOCUMENTED BRI EFI NG
Identifying and Managing Air Force
Sustainment Supply Chain Risks
Nancy Y. Moore • Elvira N. Loredo
Prepared for the United States Air Force
Approved for public release; distribution unlimited
The RAND Corporation is a nonprofit institution that helps improve policy and
decisionmaking through research and analysis. RAND’s publications do not necessarily
reflect the opinions of its research clients and sponsors.
R
®
is a registered trademark.
© Copyright 2013 RAND Corporation
Permission is given to duplicate this document for personal use only, as long as it
is unaltered and complete. Copies may not be duplicated for commercial purposes.
Unauthorized posting of RAND documents to a non-RAND website is prohibited. RAND
documents are protected under copyright law. For information on reprint and linking
permissions, please visit the RAND permissions page (http://www.rand.org/publications/
permissions.html).
Published 2013 by the RAND Corporation
1776 Main Street, P.O. Box 2138, Santa Monica, CA 90407-2138
1200 South Hayes Street, Arlington, VA 22202-5050
4570 Fifth Avenue, Suite 600, Pittsburgh, PA 15213-2665
RAND URL:http://www.rand.org
To order RAND documents or to obtain additional information, contact
Distribution Services: Telephone: (310) 451-7002;
Fax: (310) 451-6915; Email: [email protected]
Library of Congress Control Number: 2013941129
ISBN: 978-0-8330-7655-7
The research described in this report was sponsored by the United States Air Force under
Contract FA7014-06-C-0001. Further information may be obtained from the Strategic
Planning Division, Directorate of Plans, Hq USAF.
iii
Preface
In recent years, the Air Force and, particularly, its suppliers have pursued various means to
improve performance, reduce costs, and otherwise adopt best industry practices. Such prac-
tices include outsourcing, global sourcing, supply-base rationalization, single sourcing, just-
in-time deliveries, and lean inventories. While these practices ofer many benefts in efciency
and efectiveness, they can also make supply chains more brittle and increase risks of supply
disruptions.
Tis work examines supply chain risk management, including evolving commercial and
Air Force practices. It was part of a project on “Identifying and Managing Risks Associated
with Agile Supply Chains,” conducted in RAND Project AIR FORCE’s Resource Management
Program and sponsored by the Air Force Deputy Chief of Staf for Logistics, Installations, and
Mission Support. Since this research was completed, the Air Force proposed a re organization
of Air Force Materiel Command. Te new structure took efect in October 2012 and estab-
lished an Air Force Life Cycle Management Center (AFLCMC) and an Air Force Sustainment
Center (AFSC). Te AFLCMC consolidates product development and support system design.
Te AFSC integrates depot maintenance and Air Force supply chain activities. Te fndings
and recommendations presented in this report are relevant to how the Air Force will identify
and manage supply chain risk under the new organizational structure.
Tis report should be of interest to those purchasing and providing goods and services to
the Air Force.
RAND Project AIR FORCE
RAND Project AIR FORCE (PAF), a division of the RAND Corporation, is the U.S. Air
Force’s federally funded research and development center for studies and analyses. PAF pro-
vides the Air Force with independent analyses of policy alternatives afecting the development,
employment, combat readiness, and support of current and future air, space, and cyber forces.
Research is conducted in four programs: Force Modernization and Employment; Manpower,
Personnel, and Training; Resource Management; and Strategy and Doctrine.
Additional information about PAF is available on our website:http://www.rand.org/paf/
v
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
SECTION 1
Motivation and Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
SECTION 2
Introduction and Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
SECTION 3
Evolving Commercial Practices in Supply Chain Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
SECTION 4
Department of Defense and Air Force Guidance for Supply Chain Risk Management . . . . . . . . . . 49
SECTION 5
Summary of Air Force Supply Chain Risk Management Case Studies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
SECTION 6
Summary and Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
APPENDIXES
A. Interview Protocol for F-16 and C-17 Interviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
B. Interview Protocol for Company Interviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
C. Description of Department of Defense and Air Force Guidance on Acquisition and
Supply Chain Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
D. Commodity Council Eight-Step Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
E. Categories of Supply Chain Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
vii
Summary
In recent years, the Air Force and, particularly, its suppliers have pursued various means to
improve performance, reduce costs, and otherwise adopt best industry practices. Such prac-
tices include outsourcing, global sourcing, supply-base rationalization, single sourcing, just-in-
time deliveries, and lean inventories.
While these practices ofer many benefts in efciency and efectiveness, they can also
make supply chains more brittle and increase risks of supply disruption. For example, having
fewer sources of supply means a disruption at any one of them is more likely to afect overall
performance. Similarly, just-in-time deliveries and lean inventories mean fewer days of operat-
ing capacity should a supply disruption halt deliveries of raw materials or components.
To help the Air Force better identify and manage supply chain risks, the Deputy Chief
of Staf for Logistics, Installations, and Mission Support asked RAND Project AIR FORCE
to develop a strategy for managing supply chain risks during sustainment. Te Air Force also
requested a follow-on project focused on the manufacturing supply chain. Tis documented
briefng focuses on the supply chain risks during sustainment. To do this, RAND research-
ers reviewed literature on supply chain risk management (SCRM) and interviewed Air Force
personnel in the sustainment and acquisition communities and supply chain managers from
commercial frms responsible for managing supply chain risks. Te RAND team identifed
risks that are and are not being managed and developed recommendations for future risk man-
agement. We summarize below our key fndings on prevailing practices, current Air Force and
Department of Defense (DoD) guidance, and risks the Air Force may wish to address.
Supply Chain Risks Vary by Industry
Tere are many events that, if realized, could lead to a disruption of a company’s supply chain,
such as earthquakes and foods; see Appendix E for a comprehensive list of supply chain risks.
Te signifcance of the risk varies by industry. For example, “supplier failure” and “strategic
risk” were among the greatest reported concerns of “high-tech” and “aerospace and defense”
frms.
1
Natural disasters and other singular events were of lesser concern. Nevertheless, recent
events—such as the March 2011 earthquake, tsunami, and radiation leaks in Japan, which
afected automotive and electronics supply chains throughout the globe, and Hurricanes
Katrina and Rita in 2005, which disrupted petroleum production—have raised awareness of
how disruptive and costly such events can be. In light of the unpredictability of such events,
1
Examples of strategic risk include loss of manufacturing capacity or overreliance on one supplier.
viii Identifying and Managing Air Force Sustainment Supply Chain Risks
some leading frms are recognizing the importance of responding quickly; while many events
cannot be foreseen or avoided, their efect on the bottom line can be mitigated.
Prevailing Practices in Supply Chain Risk Management
We defne supply chain risk as the efect of uncertainty at any point in the end-to-end supply
chain on its objectives. Te magnitude of supply chain risk may be measured along three
dimensions: likelihood of occurrence, expected consequences, and duration. Risks of the high-
est likelihood, greatest consequence, and greatest duration would require frst attention.
Traditional approaches to SCRM have included such strategies as multiple sources of
supply, extensive competition, expediting, increased order quantities, development of inven-
tory safety stocks, and well-stocked supply pipelines. Each of these strategies has its own risks.
For instance, expediting orders, developing inventory safety stocks, and having a well-stocked
supply pipeline can increase total costs. Qualifying and managing multiple sources of supply
increases complexity. Tere are often limits on the number of capable suppliers, and the ben-
efts of multiple supply sources can be outweighed by limited price leverage and increased vari-
ance in quality and delivery for the same good or service.
Even with the growing realization of supply chain vulnerability, few managers report they
are well prepared for supply chain disruptions; SCRM is an emerging discipline.
Emerging Best Practices in Supply Chain Risk Management
We concluded from our company interviews and review of the literature that proactive SCRM
requires the development of guidance and policies for identifying and managing supply chain
risks. Some frms place less emphasis on calculating the probability of an event and more on
reducing the response time to the realization of an event. Tat is, while one particular event
may have a low probability of occurrence, if all the potential risks are examined as a whole,
there is a good likelihood that one will occur; which one is not as important as having a strat-
egy in place to detect and react. For example, Cisco Corporation lists four key elements in its
SCRM program:
1. Business Continuity Planning, which works closely with internal and external partners
“to document recovery plans and times and drive resiliency standards.”
2. Crisis Management, which is responsible for continuous global monitoring of and
response to disruptions.
3. Product Resiliency, which helps Cisco’s business units address supply chain vulner-
abilities during product design and to prioritize and reduce the costs of risk mitigation
strategies.
4. Supply Chain Resiliency, which identifes points in the supply chain where time to
recovery would be unacceptably high and develops resiliency plans for them.
Proactive SCRM also requires that an enterprise have a supply chain risk assessment and
management process. Often supporting the process are tools for supply chain risk identifca-
Summary ix
tion, assessment, and monitoring. From a review of the relevant literature, we compiled a list of
processes commonly involved in SCRM. We combine these into a proposed nine-step process:
Step 1: Recognize the existence of a potential risk.
Step 2: Identify the exposure of the supply base to the risk.
Step 3: Estimate the likelihood.
Step 4: Estimate the severity of realization of the risk.
Step 5: Prioritize risks by potential costs to allocate scarce resources appropriately.
Step 6: Develop, assess, and execute a risk management strategy for the prioritized list.
Step 7: Develop contingency plans.
Step 8: Monitor the risk environment to respond to changes and re-prioritize responses
to risk.
Step 9: Continuously integrate lessons learned and improve risk and supplier management
policies.
Current Department of Defense and Air Force Guidance
Several DoD and Air Force documents, including the Defense Acquisition Handbook, cite the
need to deal with risk. However, risk identifcation and mitigation strategies in these docu-
ments primarily focus on the acquisition phase and risks in reference to cost, technical per-
formance, or schedule of a weapon-system acquisition program. Altogether, DoD guidance
identifes some, but not all, of the risks identifed in the business literature.
Te Air Force commodity councils have a process for managing risk, but it is geared
toward managing contract risk, not supply chain risk.
One prominent category of supply chain risks identifed in the business literature but
not DoD guidance is natural disasters. Te Federal Acquisition Regulation, through a force
majeure clause, absolves suppliers of risks associated with natural disasters or with “acts of God
or the public enemy.” Tis clause transfers these risks from many suppliers, especially those
located in high-risk areas, to the Air Force. Force majeure clauses are also prevalent in commer-
cial contracts and are necessary to ensure that suppliers are not unduly penalized for acts they
cannot control. Awareness of the force majeure assignment of certain risks to the Air Force is
critical to managing those risks.
Interviews of Air Force Supply Management Personnel Reveal Gaps in
Supply Chain Risk Management
We interviewed a cross-section of representatives from organizations involved with managing
suppliers or who are afected by supply chain disruptions during sustainment.
A questionnaire listing supply chain risks and asking how often they were considered
was administered to each group. Commodity council members that we interviewed reported
considering many of the same supply chain risks identifed in DoD guidance. Tey often or
always consider a relatively small number of risks, such as those related to supplier certifca-
tion or qualifcation, demand uncertainty, overall quality, and technical competency. Tey
consider about half the time such risks as long cycle times, poor training of supplier personnel,
x Identifying and Managing Air Force Sustainment Supply Chain Risks
and insufcient equipment and personnel at supplier facilities; risks resulting from uncertain
demand and poor communications; and internal risks, such as poor forecasting and inad-
equate availability of resources. Tey rarely or never consider risks whose investigation would
require investment in a supply chain risk assessment program or force majeure events for which
the Federal Acquisition Regulation absolves suppliers. It may be logical for Air Force personnel
not to consider these risks if they believe that the Federal Acquisition Regulation leaves them
little leverage over suppliers regarding them. Nevertheless, the efects of such events could be
catastrophic. Consequently, even if the Air Force cannot change the likelihood of a risk, it
should take steps to minimize its consequence and duration.
We examined sustainment approaches for two Air Force weapon systems to determine
when and how supply chain risks were managed. We found that the F-16 sustainment approach
lacks a comprehensive process for SCRM, raising the question of whether organic weapon sup-
port more generally may lack an SCRM process. Boeing management of C-17 aircraft sustain-
ment has some elements of SCRM based on corporate policies, but it is not clear whether these
policies are meant to identify risks beyond those relating to fnancial, quality, or timeliness
issues.
Implications
Te results of this research suggest that many supply chain risks are not considered directly
within the Air Force sustainment community and that, while others are acknowledged, there is
little or no strategy in place to mitigate them. Te primary recommendation from this research
is that the Air Force establish an enterprise-level SCRM organization. Tis organization should
oversee supply chain risk as part of supplier relationship management and should set policy
on how to manage supply chain risk for both organic and contractor-managed sustainment,
develop standard processes and metrics for risk management, expand the types of risk man-
aged, develop tools for risk assessment, and establish metrics and incentives for mitigating
risk. Commercial practices ofer some guidance on this, but the Air Force will need to develop
practices that refect the Air Force’s unique requirements and organization. For example, one
challenge for the Air Force is managing risk over the entire life cycle of the weapon system. Te
Air Force Materiel Command’s recent reorganization created an Air Force Life Cycle Manage-
ment Center (AFLCMC) and an Air Force Sustainment Center (AFSC). Tis new structure
consolidates product development and support system design under AFLCMC and integrates
depot maintenance and Air Force supply chain activities under AFSC. Supply chain risk cuts
across these areas. In this document, we do not explicitly address SCRM during acquisition,
but we contend that many supply chain risks are common to acquisition and sustainment and
are often shaped by decisions made during acquisition. At the time of this writing, the new
structure is taking shape, but it is too early to determine how the Air Force intends to conduct
SCRM or supplier relationship management. We recommend that the new organizational
structure provide a mechanism to integrate supplier relationship management and SCRM
across AFLCMC and AFSC.
xi
Acknowledgments
We particularly thank Mr. Grover Dunn, then Director of Transformation, Deputy Chief of
Staf for Logistics, Installations and Mission Support (AF/A4I), for supporting this project.
We also wish to thank F-16 supply chain management personnel, Boeing personnel, Defense
Logistics Agency personnel, and personnel at several leading companies for taking time from
their busy schedules to answer our interview questions. We are grateful to the reviewers, Ellen
Pint, Sarah Nowak, and Stanley Grifs, for their thoughtful comments. Lastly, we wish to
thank Cliford Grammich for helping us revise this draft and Donna Mead and Jane Siegel for
formatting it.
xiii
Abbreviations
AFGLSC Air Force Global Logistics Support Center
AFLCMC Air Force Life Cycle Management Center
AFSC Air Force Sustainment Center
ALC air logistics center
CAMP commodity acquisition management plan
CEO chief executive ofcer
CFO chief fnancial ofcer
CMP commodity management plan
CVCM customer value chain management
DCMA Defense Contract Management Agency
DFARS Defense Federal Acquisition Regulation Supplement
DLA Defense Logistics Agency
DMS Diminished Manufacturing Source
DMSMS diminishing manufacturing sources and material shortages
DoD Department of Defense
DoDI Department of Defense Instruction
DSCR Defense Supply Center, Richmond
FAR Federal Acquisition Regulation
FY fscal year
GIG Global Information Grid
GSM Global Supplier Management
HSI human systems integration
IPT Integrated Process Team
ISO International Organization for Standardization
xiv Identifying and Managing Air Force Sustainment Supply Chain Risks
LCL life-cycle logistics
LGCC Landing Gear Commodity Council
N/A not applicable
OEM original equipment manufacturer
OMB Ofce of Management and Budget
OSS&E operational safety, suitability, or efectiveness
PAF RAND Project AIR FORCE
PBL performance-based logistics
SAF/AQ Assistant Secretary of the Air Force (Acquisition)
SBU strategic business unit
SCRM supply chain risk management
T&E test and evaluation
1
SECTION 1
Motivation and Methodology
In recent years, the Air Force and, particularly, its suppliers have pursued various means to
improve performance, reduce costs, and otherwise adopt best industry practices. Such prac-
tices include outsourcing, global sourcing, supply-base rationalization, single sourcing, just-in-
time deliveries, and lean inventories.
1
Many new practices to improve the ef ciency and efec-
tiveness of supply chains are increasing their “brittleness” and, consequently, an enterprise’s
exposure to supply disruptions (Grif n, 2008).
Such challenges increase the importance of securing supply; indeed, in the view of some
analysts (e.g., Steele and Court, 1996), securing supply regardless of broader forces in the pur-
chasing environment is the prime task for an efective purchasing organization. Risk manage-
ment for such organizations consists of examining the entire supply chain for a good or service.
1
Many of these practices came into being in response to the theories of management experts, such as W. Edwards
Deming, Joseph M. Juran, and Philip B. Crosby, and the success of Japanese manufacturers, such as Toyota, which put
these theories into practice. For example, just-in-time manufacturing had great success in reducing the amount of work in
progress on manufacturing lines and thereby reducing costs. However, this method depends on reliable supply and short
lead times. Likewise, outsourcing and global sourcing were largely a reaction to comparatively lower costs of labor and
materials available from outside the United States. Tese methods, while reducing some costs, extend transportation time
and increase vulnerability to supply chain disruptions.
Identifying and Managing Supply Chain Risks
Sponsors:
• Deputy Chief of Staff for Logistics, Installations and
Mission Support (AF/A4/7)
• Director of Transformation, Deputy Chief of Staff for Logistics,
Installations and Mission Support (AF/A4I)
Authors:
Nancy Young Moore and Elvira Loredo
2 Identifying and Managing Air Force Sustainment Supply Chain Risks
Tis should include both upstream to identify future supply problems and downstream to
identify future distribution and customer problems.
Developing additional sources of supply can help reduce risks, but having them does not
necessarily reduce supply chain vulnerabilities. Better options to reduce vulnerabilities may be
available by working with existing suppliers, e.g., using dual sites to assure supply at one site
should a disaster strike the other, or making sure suppliers have plans to address a wide variety
of contingencies.
2
2
For example, to reduce single-source risk to its just-in-time processes, Honda of America requires dual capability (i.e.,
more than one production site) among its suppliers (Nelson, Mayo, and Moody, 1998). In addition, after temporarily shut-
ting down all 12 of its Japanese plants because a key supplier’s plant (Riken Corp.), which produces $1.50 piston rings, was
damaged by a 6.8-magnitude earthquake on July 16, 2007, Toyota president Katsuaki Watanabe said, “the company will
examine its risk management and risk control and look for ways to become less dependent on single suppliers. [But it] won’t
change its kanban, or just-in-time, strategy of keeping as little inventory as possible on hand, which reduces warehouse costs
and ensures quality” (Chozick, 2007). For more on supply vulnerability and competitive advantage, see Shef, 2005; and
Shef and Rice, 2005.
Motivation and Methodology 3
Te supply chain challenges the Air Force faces are complicated by its changing missions, oper-
ations, and requirements for support. With the rise of smaller, regional conficts and antiter-
rorist operations has come much more uncertainty regarding Air Force deployments, includ-
ing their timing, location, and intensity. In response, the Air Force has developed plans and
policies that require a very responsive, fexible, and resilient sustainment supply chain for its
forces. Furthermore, the rising costs of sophisticated new technologies to counter new threats
have driven up the real costs of weapons over time, reducing the numbers that the Air Force
can acquire and increasing the consequences of supply chain disruptions.
3
Fewer weapons and more deployments often lead to much lower densities of weapons at
home stations and deployed. Tese lower densities, in turn, make cannibalization more costly
and supply chains for weapon parts more important.
4
3
For example, the Air Force initially sought to purchase nearly 650 F-22 aircraft to replace the F-15 and other aircraft. By
2009, however, Secretary of Defense Robert Gates, citing the need to shift from “big-ticket” items to programs for waging
campaigns against terrorists and extremists in multiple regions, sought to cap the number of F-22 aircraft at 187 (“Gates
Announces Major Pentagon Priority Shifts,” 2009). As he wrote in Foreign Afairs, weapons “have grown ever more baroque,
have become costly, are taking longer to build, and are being felded in ever dwindling quantities” (as quoted in Tompson,
2009).
4
Cannibalization is the removal of a currently functioning serviceable part from a weapon system that cannot currently
perform its mission (because it is awaiting one or more parts or repair) and using it in an aircraft that needs the part to make
it fully mission capable. Te costs of cannibalization are twofold. First, cannibalization carries costs in lost aircraft owing
to the possibility of collateral damage during the part removal and replacement process. Second, cannibalization requires
additional maintenance man-hours to remove and then eventually replace the serviceable part.
Increasingly Varied Operations Require a More
Flexible and Resilient Supply Chain
• Uncertainty in deployment timing and destination
• Lower density of total and deployed aircraft
– Cannibalization more costly
• Higher technology, more integrated weapons
• Pressures to reduce organic support infrastructure
– Physical
– Budget
Increased customer expectations for
responsiveness, resiliency, and cost effectiveness
4 Identifying and Managing Air Force Sustainment Supply Chain Risks
Te increasingly sophisticated technology and integration of Air Force weapon systems,
coupled with outsourcing by original equipment manufacturers, further underscores the impor-
tance of the supply chain and reducing risks to it.
5
Integrated weapon systems can complicate
support because they require more sophisticated testing to ensure that all systems interfaces are
properly functioning. For example, Deputy Secretary of Defense for Acquisition, Technology,
and Logistics John Young said of the F-22, “Te airplane is proving very expensive to operate,
not seeing the mission-capable rates we expected,
6
and it’s complex to maintain . . .” (as quoted
in Tompson, 2009). In response to the estimated $1.5 trillion 55-year life cycle operating and
support costs (Pocock, 2012), Vice Admiral David Venlet, the F-35 Program Executive Of-
cer, is working with Lockheed Martin to reduce projected sustainment costs. Among other
strategies, the Air Force is trying to balance performance-based logistics support provided by
the original equipment manufacturer (OEM) with organic maintenance (Trimble, 2011); this
underscores the complexity of the challenges and potential risks involved in the acquisition and
sustainment of advanced weapon systems.
Projected reductions in defense spending, coupled with increasing costs of new weapons
and personnel, are increasing pressure to reduce the physical size of and budgets for support
infrastructure.
7
Tis has included Ofce of Secretary of Defense policies for outsourcing the
support of some old and many new weapons in so-called performance-based logistics (PBL)
contracts “that optimize total system availability while minimizing cost and logistics foot-
print” (Defense Acquisition University, undated).
8
Reducing the budget for support infrastruc-
ture is likely to lead to consolidation of suppliers and organic facilities as well as possibly more
outsourcing. Consolidation reduces redundancies and means; if a disaster were to strike a con-
solidated site, the consequences would be greater.
5
Boeing’s experience with its “Dreamliner” 787 aircraft underscores the importance of some supply chain issues and risks
in aircraft manufacturing. Its initial test voyage of the aircraft and subsequent delivery to customers were delayed by supply
chain problems, specifcally those in a shortage of fasteners (Holmes, 2007). Later, to gain greater control over its global
supply chain, Boeing purchased a fuselage subassembly plant (“Boeing Acquires Stake in Plant,” 2009).
6
Te F-22s currently in the inventory “are ready to fy only 62% of the time and haven’t met most of their perfor-
mance goals” (Tompson, 2009). According to information from the Reliability and Maintainability Information System
(REMIS) from fscal year 2006 to 2010, F-22 mission capable rates have ranged between 61 and 63 percent.
7
Defense Secretary Gates, as quoted in Tompson, 2009, warned that “Te spigot of defense spending that opened on
9/11 is closing.” Tompson further observes that “the military’s annual budget has fnished growing, and the billions it once
imagined it might spend on future weapons have evaporated. So cuts—and big ones—are coming.” In addition, the “aver-
age military service member is about 45 percent more expensive, after adjusting for infation, in fscal year [FY] 2009 than
in FY98 . . .” (Daggert as quoted in Waterman, 2009). In January 2011, Secretary Gates announced $78 billion in budget
cuts over fve years. President Obama has proposed cuts of more than $400 billion by 2023 (Shanker and Drew, 2011).
8
PBL is the DoD-preferred approach for implementing product support. PBL is a strategy for weapon system product
support that employs the purchase of support as an integrated performance package designed to bring higher levels of
system readiness. PBL delineates outcome performance goals of weapon systems; ensures that responsibilities are assigned;
and provides incentives for attaining those goals for the overall life-cycle management of system reliability, supportabil-
ity, and total ownership cost. DoD Directive 5000.01, Te Defense Acquisition System, provides policies that apply to all
acquisition programs. According to the directive, program managers are required to develop and implement PBL strategies
that optimize total system availability while minimizing cost and logistics footprint. Te directive also requires that pro-
gram managers become the single point of accountability for accomplishing program objectives for total life-cycle systems
management, including sustainment. Te Fiscal Year 2003–07 Defense Planning Guidance requires that each military
department submit a plan that identifes its implementation schedule for applying PBL to all new weapon systems and all
Acquisition Category I and II felded systems (Ofce of the Inspector General, 2004).
Motivation and Methodology 5
Furthermore, Air Force customer expectations for responsiveness, resiliency, and cost
efectiveness, based on their needs and experience in the commercial sector, are rising. Indeed,
customer frustration with expensive, slow, and unreliable support had, in part, been driving
policy to outsource more weapon system support to the private sector, particularly to OEMs
through PBL contracts.
9
More recently, the Air Force has retreated somewhat from outsourcing
due to higher-than-expected costs of outsourced maintenance and repair as well as breaching
of the “50/50 rule,” requiring that at least half of maintenance be performed at a public depot.
As we discuss, the total magnitude, or measure, of risk is a function of likelihood, conse-
quence, and duration of an event. Uncertain deployment timing and destination, lower density
of aircraft, and higher technological requirements, combined with pressures to make the sup-
port system more efcient and efective, can increase the likelihood, consequence, or duration
of supply chain risks if they are not concurrently addressed. Such increased sustainment risks
adversely impact the Air Force’s ability to respond quickly and to sustain agile operations.
9
“PBL strategies may be applied at the system, subsystem, or major assembly level depending upon program unique cir-
cumstances and appropriate business case analysis” (Wynne, 2004).
6 Identifying and Managing Air Force Sustainment Supply Chain Risks
Over time, the Air Force has increasingly relied on contract rather than solely organic sup-
port for its weapon systems; an important implication is that the Air Force must work with
external partners to make its supply chains resilient and responsive and to mitigate risk in
them. Te above table shows the evolution of Air Force weapon system maintenance support
in recent and coming years. Te top row lists major weapon systems by year of introduction.
Each subsequent row in the table lists major support components (e.g., airframe, engines, land-
ing gear) and support functions (i.e., engineering, supply chain management, distribution) for
each system. Te colors in each cell note the status of support.
Tis table shows the Air Force’s shift over time from organic-provided (i.e., internal)
to contractor-provided (i.e., external) maintenance services. A signifcant amount of product
support and depot maintenance is being performed through contracts on existing weapon
systems, with more planned for future systems (Mulligan, 2007). While some elements of
this strategy are being reviewed—for example, maintenance strategies for the C-17 and F-22
aircraft will use more organic support in coming years—it is unlikely that the Air Force will
return, or even want to return, to 100 percent organic maintenance. Regardless of the contract
strategy, both contractor and organic support have supply chain risks. What can vary are the
types and dimensions of the risks as well as the access Air Force managers have to the informa-
tion needed to adequately identify, assess, and manage them.
The Air Force Is Outsourcing More Product Support and
Performing Depot Maintenance Through Contracts
SOURCE: Mulligan, 2007.
NOTES: GTEs/APUs = gas turbine engines/auxiliary power units; CLS = contractor logistics support. “Retiring” means the aircraft are being
removed from Air Force operations and support for them will no longer be funded. “Organic” means the support for the aircraft was provided by
Air Force personnel and facilities. “Contract” means the support was provided by a contractor. Federal law requires that 50 percent of aircraft
maintenance be organic.
Motivation and Methodology 7
Te Air Force asked RAND to help it develop an enterprise-wide strategy for proactively man-
aging supply chain risks. Because supply chain risks span the life of a weapon system, we con-
ducted the study in two phases: Phase one examined Air Force management of supply chain
risks associated with sustainment of legacy or near-legacy systems (that is, those systems whose
production has ended or will soon end), and phase two focused on managing supply chain
risks during acquisition.
Tis document describes our fndings for phase one on sustainment. Our goal for this
phase was to identify those risks the Air Force is currently managing, those it is not currently
managing, and those it should manage.
Our Research Can Help the Air Force Develop a
Strategy for Managing Supply Chain Risks
• Initial focus: sustainment supply chain—identifying
risks Air Force is, is not, or should be managing,
particular for legacy systems
• Subsequent focus: acquisition supply chain risks
8 Identifying and Managing Air Force Sustainment Supply Chain Risks
We began by reviewing the academic and business literature on supply chain risk management
(SCRM). Because this is an emerging feld, the literature is fairly recent and much less devel-
oped than literature on other risks or supply chain management generally. We also reviewed
Air Force and Department of Defense (DoD) guidance regarding sustainment supply chain
risk identifcation and management.
We developed, based on our reviews of the literature and policy guidance, interview pro-
tocols for Air Force and DoD personnel involved in supply chain, contracting, and commodity
management (Appendix A) as well as for industry personnel involved in SCRM (Appendix B).
We selected two weapon systems for case studies: the F-16, a legacy weapon system,
which primarily has organic support and has transitioned from acquisition to sustainment,
and the C-17, a newer system that is contractor-supported and is currently transitioning from
acquisition to sustainment.
Because commodity councils are responsible for writing many sustainment contracts we
also interviewed commodity council representatives at each air logistics center (ALC) regard-
ing their management of supply chain risks. Tese included the Landing Gear Commodity
Council at the Ogden Air Logistics Center, the Communications and Electronics Commod-
ity Council at the Warner Robins Air Logistics Center, and the Propulsion, Instruments, and
Accessories Commodity Council at the Oklahoma City Air Logistics Center. During these
interviews, we learned of the importance of the Defense Logistics Agency (DLA) in managing
Air Force supply chain risk; consequently, we also interviewed DLA personnel at the Defense
Supply Center, Richmond, and DLA Headquarters.
Methodology
• Review supply chain risk management (SCRM)
literature
– Academic and business journals
– Air Force and DoD guidance
• Conduct interviews
– Weapon system mangers (C-17 and F-16)
– Defense Logistics Agency (DLA)
– Commodity councils
– High-tech companies
• Identify risks managed and not managed
• Develop recommendations
Motivation and Methodology 9
We also interviewed representatives of high-technology companies known for their inno-
vative supply chain risk practices to learn more about their SCRM organizations, practices,
and resources.
Troughout this research, we identifed a comprehensive list of supply chain risks and
examined which are managed. We later summarize these fndings and develop recommenda-
tions based on them for the Air Force.
11
Outline
• Introduction/background
• Evolving commercial practices in SCRM
• DoD and Air Force guidance on SCRM
• Summary of Air Force SCRM case studies
– Commodity councils
– Weapon systems
• F-16
• C-17
– DLAs role in Air Force SCRM
• Summary and recommendations
SECTION 2
Introduction and Background
We present our research in the fve sections listed above. We begin this section with an intro-
duction to risk and its three dimensions as well as background on recent trends that afect
supply chain risks. In the next section, we summarize our review of the literature and inter-
views with selected high-technology frms on current SCRM practices and outline a process
for SCRM. In the third section, we summarize our review of DoD and Air Force guidance
regarding sustainment SCRM. In the fourth section, we present our fndings from our inter-
views with Air Force and contractor personnel involved in sustainment contracting and supply
chain management, as well as fndings from interviews with DLA personnel. Lastly, we sum-
marize our fndings and present recommendations for the Air Force to improve its SCRM.
12 Identifying and Managing Air Force Sustainment Supply Chain Risks
• Supply Chain Risk: effect of uncertainty at any
point in the end-to-end supply chain on its
objectives
• Supply Chain Risk Management (SCRM): the
coordination of activities to direct and control an
enterprises end-to-end supply chain with regard to
supply chain risks
SOURCE: Adapted from: International Organization for Standards, 2009b.
We begin with defnitions of supply chain risk and SCRM.
1
Te International Organization
for Standardization (ISO) defnes risk as the “efect of uncertainty on objectives” (2009b,
p. 1).
2
While there is no current ISO defnition for supply chain risk, applying the ISO defni-
tion of risk to supply chain would yield the following: Supply chain risk is the efect of uncer-
tainty at any point in the end-to-end supply chain on its objectives.
3
Uncertainties, in turn, can
lead to disruptions in the supply chain.
Similarly, there is no current ISO defnition of SCRM. Applying the ISO (2009b, p. 2)
defnition of risk management—“coordinated activities to direct and control an organization
1
Enslow (2008, p. 3) describes the supply chain as including “all processes involved in making, moving, storing, or
servicing physical goods . . . from raw material producers through to the end customer. . . . Supply chain activities [may
include] manufacturing, purchasing, warehousing, transportation, and inventory management as well as external activities
performed on [an enterprise’s] behalf by suppliers, logistics partners, transportation carriers, distributors, co-packers, ser-
vice and repair organizations. . . .”
2
“Uncertainty is the state, even partial, of defciency of information related to, understanding or knowledge of, an event,
its consequences, or likelihood” (ISO, 2009b, p. 2). “An efect is a deviation from the expected—positive and/or negative”
and “Objectives can have diferent aspects (such as fnancial, health and safety, and environmental goals) and can apply at
diferent levels (such as strategic, organization-wide, project, product and process)” (ISO, 2009b, p. 1).
3
Te Council of Supply Chain Management Professionals (2009) developed the following defnition of supply chain
management: “Supply chain management encompasses the planning and management of all activities involved in sourcing
and procurement, conversion, and all logistics management activities. Importantly, it also includes coordination and col-
laboration with channel partners, which can be suppliers, intermediaries, third party service providers, and customers. In
essence, supply chain management integrates supply and demand management within and across companies.”
Introduction and Background 13
with regard to risk”—to supply chain would yield the following: SCRM is the coordination
of activities to direct and control an enterprise’s end-to-end supply chain with regard to supply
chain risks. ISO further defnes a risk management framework as the “set of components that
provide the foundations and organizational arrangements for designing, implementing, moni-
toring, reviewing, and continually improving risk management throughout the organization”
(ISO, 2009b, p. 2).
14 Identifying and Managing Air Force Sustainment Supply Chain Risks
Tere are three dimensions to measuring the total magnitude of risk. Te frst is the likelihood
or probability of an event that could cause adverse efects (i.e., produce harm or loss) occur-
ring.
4
Te likelihood of occurrence is much higher for some risks than others.
Te second risk dimension is the expected consequence, that is, what will happen to the
enterprise in the event that the risk occurs.
5
An example of a harm or loss of low consequence
resulting from a risk would be short delays in fulfllment of customer orders. An example of
a high consequence (indeed, one that could destroy the enterprise) would be the release of a
highly toxic substance harming or killing a large number of individuals.
Te third dimension of measuring the total magnitude of risk is duration—how long the
risk event causes loss or harm to the enterprise. Events can vary in their immediate and subse-
quent efects. A short event, such as a power outage lasting less than an hour, is likely to have
little lasting impact on an enterprise. A more signifcant event, requiring more than a year to
replace facilities, equipment, or personnel, would obviously have a longer-lasting impact. Te
longer the duration of the consequence, the greater the harm or loss is to an enterprise. If a risk
cannot be avoided, then enterprises will focus on reducing its duration and consequences so as
to reduce total harm or losses.
4
“Risk is often expressed in terms of the consequences of an event (including changes in circumstances) and the associ-
ated likelihood . . . of occurrence” (ISO, 2009b, p. 2).
5
“Risk is often characterized by reference to potential events . . . and consequences . . . or a combination of these” (ISO,
2009b, p. 2).
Risk Has Three Dimensions—Likelihood of
Occurrence, Expected Consequence, and Duration
Low Medium High
Expected consequence
Likelihood
of occurrence
High
Medium
Low
SOURCE: Adapted from Favre and McCreery, 2008.
Introduction and Background 15
Deputy Secretary of Defense John J. Hamre (1998) commented that “[R]adical new business
practices . . . have revolutionized American industry and have fueled American productivity in
the last ten years.” Seeking similar productivity improvements, DoD and the Air Force have
been implementing many of these new industry practices, which have changed some supply
chain risks.
Two major commercial trends that DoD and the Air Force have been adopting, inventory
reductions
6
and outsourcing,
7
can make supply chains more productive but also riskier. High
inventory levels can bufer an organization against internal and external supply disruptions.
Minimal inventory levels resulting from “lean” and other initiatives provide no such bufer.
6
“In May 1990 the Under Secretary of Defense for Acquisition established a 10-point inventory reduction plan” (GAO,
1994, p. 38).
7
Te Federal Activities Inventory Reform Act (FAIR) of 1998 (P.L. 105-270) directs federal executive agencies, including
DoD, to submit to the Ofce of Management and Budget inventories of activities that are “inherently governmental” and
commercial activities (i.e., activities that are not “inherently governmental”) performed by federal employees every year by
June 30. Activities identifed as commercial may be competed against private-sector bidders using Ofce of Management
and Budget (OMB) Circular A-76, Performance of Commercial Activities. If a private-sector bid is deemed cheaper, the
activity is outsourced. In August 2001, President Bush announced the President’s Management Agenda, which included
competitive sourcing as one of fve initiatives to enhance government’s efectiveness (OMB, 2001). More recently, the
Obama administration and Congress have introduced legislation to limit the “inherently governmental” functions that
can be outsourced. Te political pressure to limit outsourcing has been met with equally strong arguments to continue this
practice.
Major Trends Have Affected Supply Chain Risks
• Inventory reduction ! required reliable supply chain
• Outsourcing ! Lead system integrator model
• Supply base rationalization ! single/sole sourcing
• Industry consolidations ! Less competition/choices
• Globalization ! Increased complexity
– Longer supply chains
– Varying political, cultural, economic, and geographic
environments
• Virtual integration ! Increased vulnerability
• Growing concerns regarding environmental, fair labor,
financial, and health and safety issues
16 Identifying and Managing Air Force Sustainment Supply Chain Risks
Similarly, internal production gives an enterprise control over use and scheduling of its
production assets. Outsourced production often requires an enterprise to share production
assets with other customers of the supplier, giving the enterprise little or no control over use
and scheduling assets. Consequently, outsourcing assembly, manufacturing, or production
inputs can lead to more frequent disruptions, particularly when inventory bufers have also
been reduced.
Other commercial-sector trends being adopted in the DoD and Air Force afecting its
supply chain risks include supply-base rationalization,
8
industry consolidations,
9
globalization,
10
and virtual integration.
11
To reduce costs and improve supplier performance, many enterprises have analyzed their
spending and supplier performance and rationalized their supply base. Tis often leads to a
signifcant reduction in the number of suppliers. In response to a 2005 OMB memorandum
(Johnson, 2005) that calls for “leveraging spending to the maximum extent possible,” DoD
and the Air Force have been analyzing their contracts, spending, and supplier performance via
strategic sourcing initiatives, which have often led to the use of fewer suppliers. Using fewer
suppliers can increase supply risks because a larger percentage of inputs will be afected by a
single supplier’s performance.
Over time, as industries mature, they tend to consolidate as a result of mergers, acquisi-
tions, and bankruptcies (Deans, Kroeger, Zeisel, 2002). In the early 1990s, DoD leadership
became concerned that excess capacity in defense frms, resulting from a sharp decrease in
defense spending from its peak in 1985 (Ofce of the Under Secretary of Defense, Comp-
troller, Comptroller, 2009), would lead to higher weapon-system costs. Consequently, DoD
actively encouraged defense industry consolidation through mergers, acquisitions, and restruc-
turing (Perry, 1996). Tese eforts resulted in “a dramatic decline in prime contractors in 10
of the 12 markets DoD identifed as important to national security” (GAO, 1998, p. 2) and
raised concerns about preserving competition with fewer choices for defense aerospace prod-
ucts and suppliers. Such reductions in the number of suppliers could, as noted, increase supply
chain risks.
Another trend that afects supply chain risk is globalization. Seeking to lower total costs,
broaden their customer base, and diversify risks, many enterprises have actively sought suppli-
ers in low-cost countries, moved production there, and expanded marketing and sales beyond
their traditional markets. Tese actions have led to longer and more complex supply chains
as products are customized to local markets and move through varying political, cultural,
economic, and geographic environments as well as multiple distribution channels and trans-
portation modes. Te globalization of American business led the Deputy Secretary of Defense
to remark that “I am not sure what an American company is anymore. I am not sure what
8
Supply-base rationalization is based on “Te idea that an appropriate (often fewer) number of suppliers . . . will reap
lower prices through leveraged volume, standardized service, and lower costs to manage transactions and the supply base.
. . . t will also be easier to monitor supplier performance, and because these suppliers have been identifed as ‘key’ or the
‘best ft’ for the required goods and services, the relationship can grow, fostering integration, trust, value-added services,
and integration” (Dufy, 2005, p. 3).
9
See Deans, Kroeger, and Zeisel (2002) for trends in industry consolidations.
10
For more on trends in globalization see World Trade Organization (2008).
11
Virtual integration is the blurring of the traditional boundaries between supply chain partners through the use of tech-
nology and information (Magretta, 1998).
Introduction and Background 17
an American product is anymore” (Hamre, 1998). He noted further that DoD “want
much to eliminate a defense industrial base and to adopt, in essence, just an industrial base.”
As a consequence, as DoD moves away from its traditional defense industrial base, it will be
tapping into the supply chains of enterprises that are often more global in nature.
Te traditional lines between supply chain partners have also been blurring through the
use of technology such as e-commerce to exchange information throughout the end-to-end
supply chain; this phenomenon has been called virtual integration (Margretta, 1998). Activi-
ties that enterprises used to do internally, such as ordering, confguring, and delivery, are now
being done by customers,
12
suppliers, or logistics providers. Enterprises are developing multiple
channels for serving customers. Tis makes tracking and managing supply chains, and risks to
them, more complex. Such complexity requires sophisticated information systems for opera-
tions, management, and information sharing, which adds new costs and introduces additional
risks to supply chains while managing others.
Lastly, buyer and societal concerns regarding environmental, fair labor, health and safety,
and fnancial issues throughout the end-to-end supply chain broaden requirements for risk
management beyond traditional categories. Such issues can cause dramatic changes in cus-
tomer demand or even boycotts in the commercial sector and changes in policies in govern-
ment as well as political pressures regarding supplier selection, particularly in response to nega-
tive announcements.
12
Deputy Defense Secretary John Hamre (1998) noted that “[d]uring the last 10 years, American businesses pioneered
some startling relationships that efectively blur the distinction between customer and provider.”
18 Identifying and Managing Air Force Sustainment Supply Chain Risks
Traditional approaches to supply chain risks were to bufer them with multiple suppliers,
extensive frequent competition, expediting, increased order quantities, inventory safety stocks,
and other stocks throughout the end-to-end supply chain (Giunipero and Eltantawy, 2004).
Nevertheless, these bufering strategies also have risks and costs associated with them, includ-
ing limited price leverage; increased variance in supply orders, quality, and delivery; limited
opportunities for collaboration and continuous improvement; and having too much, too little,
or the wrong inventory. All of these can lead to increased total costs.
13
Inventory bufer stocks
throughout the supply chain can also hide problems that enterprises should fx (Cordon, 1995).
Overall, the benefts realized in lower total costs and improved quality, delivery, and
reliability from new supply chain management practices, though carrying new and diferent
risks, increase the importance of shifting from reactive supply chain risk bufering to proac-
tively identifying, understanding, and efectively managing end-to-end supply chain risks and
vulnerabilities (Zsidisin, Ragatz, and Melnyk, 2003). Enterprises need to identify prospective
risks and vulnerabilities that could afect the end-to-end supply chain, determine their prob-
ability, and assess the likely consequence of such events. Once prospective risks are identifed,
enterprises need to prioritize them and develop ways to prevent harmful events from occurring
and mitigate and manage them should they occur (Steele and Court, 1996; LCP Consulting in
conjunction with the Centre for Logistics and Supply Chain Management, 2003; and Zsidisin,
Ragatz, and Melnyk, 2005).
13
Indeed, Zsidisin, Panelli, and Upton (2000) claim that “bufer strategies . . . are generally more expensive to maintain
and usually do not reduce the chance of detrimental events from occurring in the supply base,” though they sometimes can
help “‘buy time’ for the purchasing frm to come up with a solution to their incoming supply problem.”
Traditional Supply Risk Buffering Strategies
Also Have Risks
Strategy Risks
Multiple sources of supply Limits price leverage and
increases variance in
quality and delivery
Frequent and extensive
competition
Limits opportunities for
collaboration and
continuous improvement
Expediting Increases total costs
Increased order quantities Increases bullwhip effect
Inventory safety stocks Increases total costs
Well-stocked supply
pipeline
Increases total costs and
hides supply chain
problems
Introduction and Background 19
It is to be expected that the perception of what constitutes a risk and the severity of the risk will
vary by industry and business; there can be diferences in risk assessment within organizations
as well. Risk managers (i.e., persons responsible for assessing and managing supply chain risks)
and supply chain managers were recently surveyed regarding the types of risks that concern
them (Enslow, 2008;
14
Hillman and Keltz, 2007). Overlapping risks from the two separate
surveys included
15
• supplier delays/quality/disruptions
16
• logistics delays and disruptions
17
• natural disasters
18
14
Te survey results were for risks beyond the risk manager’s traditional concerns with property and casualty insurance.
15
Survey questions are tailored to represent the concerns of diferent segments of the organization. For example, supply
chain managers may have diferent perceptions of risk than do fnancial managers or insurance risk assessors.
16
Tese can be caused by supplier shortages/constraints of labor, equipment, facilities, and/or inputs (goods and services)
to their production processes, poor and/or variable inputs to production or production processes, or fres, explosions, struc-
tural failures, hazardous spills, fnancial problems, or labor strikes or slowdowns.
17
Tese include events that delay, disrupt, or afect the safety and security of road, rail, air, and ocean movements of inputs
to and outputs from production.
18
Tese include earthquakes, foods, hurricanes, tornados, tsunamis, and volcanic eruptions.
Risk Managers and Supply Chain Managers Have
Different Perspectives on Risk
0 10 20 30 40 50 60
Other
Regulatory risk
Geopolitical event
Strategic risk
IP theft, counterfeiting, gray market
Brand reputation (recalls, fair labor)
Customer-facing (e.g., demand volatility)
Natural disasters
Logistics delays/disruptions
Internal operations/infrastructure
Suppliers delays/quality/disruptions
Pricing
Risk Managers SC Managers
Percent respondents
SOURCES: Adapted from Enslow, 2008; Hillman and Keltz, 2007.
NOTES: IP = intellectual property; SC = supply chain.
.
20 Identifying and Managing Air Force Sustainment Supply Chain Risks
• intellectual property theft, counterfeiting, or “gray market” (e.g., distribution of products
through unauthorized, unintended, or unofcial channels) issues.
19
Tese are highlighted in the fgure.
Enterprise risk managers were also surveyed regarding
• price
20
• internal buying enterprise operations/infrastructure
21
• demand volatility
22
• brand reputation (i.e., recalls, fair labor). (Tis risk was not asked of supply chain
managers.)
Whereas supply chain managers were also surveyed regarding
• strategic risk
23
• geopolitical events
24
• regulatory risks
25
• other risks for which enterprise risk managers were not surveyed.
Te results of these surveys show the relative importance of diferent supply chain risks
from an enterprise and supply chain perspective. Tese diferences highlight the gap between
risk visibility within organizations and the need to manage risk specifc to each operation.
19
Tese include internal employee or supply chain partner intellectual property theft, substituting of deceitful imitation
of key inputs to production or deceitful imitation of fnal products, and the distribution of products through unofcial,
unauthorized, or unintended channels.
20
Price risk involves the variability of raw materials costs.
21
Tese risks can be facility, labor, or equipment shortage/unavailability, or mechanical breakdowns. Tey can also be
related to poor planning and management.
22
Demand variability/volatility can lead to surges or shortfalls in production, repair, or distribution.
23
Strategic risks represent a broader category of external risks than demand volatility (i.e., customer demand uncertainty),
to include market conditions, fnancial stability, and the ability to successfully launch a new product or sell the right prod-
uct in the right market. Tey are particularly challenging when demand and supply are highly variable and products have
short life cycles.
24
Tese can include currency fuctuations, political unrest, and changes in trade policies.
25
Tese include changes in taxes, customs, tarifs, and other restrictions on imports and exports.
Introduction and Background 21
Te above table is from Hillman and Keltz’s (2007) survey of supply chain managers and ranks
relative concern for seven risks in eight industries. Not surprisingly, concerns about supply
chain risks vary by industry. Of these industries, “high-tech” and “aero and defense” are per-
haps most relevant to the Air Force. In both industries, both “supplier failure” and “strategic
risk”
26
are among the greatest concerns. Other risks of great concern among aerospace and
defense supply chain managers but of less concern to those in “high-tech” industries include
geopolitical events, regulatory risks, and logistics failures. Supply chain managers in the aero-
space and defense industries reported that natural disaster risks are not applicable to them. We
will discuss later what may be driving this lack of concern.
When we compare the results of the survey of supply chain mangers by industry (shown
in the slide) to those of the survey of supply chain managers (Enslow, 2008), we see that there
are diferences even within the same functional area across industries. Terefore, if one com-
pany relies on another to perform risk mitigation, it is important to understand any diferences
in each company’s (or industry’s) perception of risk.
26
Examples of strategic risk include loss of manufacturing capacity or overreliance on one supplier.
Supply Chain Risk Concerns Vary by Industry
Factor Overall Chem. Retail High-
Tech
Auto Aero &
Defense
Pharma Con-
sumer
Goods
Ind./
Discrete
Supplier failure 1
Strategic risk 2
Natural disaster 3
?
Geopolitical event 4
Regulatory risk 5
Logistics failure 6
IP infringement 7
Other 8
SOURCE: Hillman and Keltz, 2007.
Most
concern
Less
concern
N/A
Representatives of 89 U.S. manufacturing and retail companies who participated in evaluations of SCRM technology and services purchases
23
Outline
• Introduction/background
• Evolving commercial practices in SCRM
• DoD and Air Force guidance on SCRM
• Summary of Air Force SCRM case studies
– Commodity councils
– Weapon systems
• F-16
• C-17
– DLAs role in Air Force SCRM
• Summary and recommendations
SECTION 3
Evolving Commercial Practices in Supply Chain Risk Management
SCRM is challenging for several reasons. Often, risk mitigation strategies are costly, may
involve procuring backup systems, or may involve establishing alternative sources of supply.
Te return on investment from mitigation strategies may be difcult to quantify and justify to
management, and this may be especially true for investments to mitigate risks with high impact
but low likelihood. Business environments are very dynamic, and an inventory of the risks that
cause concern will change as the business environment evolves, new competitors and suppliers
enter or leave the market, governments and regulations change, etc. Tere may be limited vis-
ibility of upstream supply risks, making it difcult to assess and communicate the exposure to
risks to upper management. SCRM requires balancing and communicating the uncertainty
that an event will happen, the costs of preparing for the event, and the costs of paying for the
consequences. We turn next to some of the best commercial practices for SCRM.
24 Identifying and Managing Air Force Sustainment Supply Chain Risks
Te table above lists several risk categories, signifcant events within those categories that have
occurred in the past decade, and their consequences to the supply chain. Tese events also
reveal that low-probability, high-consequence events may be difcult to predict at the event
level, but, when grouped together, they happen more often than might be suspected.
Among these events were the September 11, 2001, terrorist attacks on the United States,
which led to a shutdown of U.S. borders for days and grounding of nearly all fights. Tey also
include natural disasters, such as hurricanes Katrina (August 2005), Rita (September 2005),
and Ike (September 2008), which devastated several regions of the United States, including oil
production facilities; the 2008 earthquake in Chengdu, China, which killed more than 80,000
people and disrupted manufacturing there
1
; and the 2011 earthquake and tsunami in Japan,
which also killed thousands and caused supply disruptions that reverberated throughout the
global supply chain. Even events such as the volcanic eruption in Iceland, which are peripher-
ally connected to the global supply network, can also create disruptions that require manage-
ment attention.
Other risk categories, such as strikes and changes in the law or regulations, have also
occurred within the past decade. A ten-day West Coast port lockout (September and October,
2002)
2
led to shipping backlogs of more than 100 days that took almost two months to clear
1
Because they have robust business continuity and SCRM plans, both Cisco and Intel, who had suppliers in Chengdu,
were able to smoothly transfer operations to other sources (Dornfeld, 2008; Solomon and McMorrow, 2008).
2
Te Pacifc Maritime Association, which represents major shipping lines and terminal operators at 29 West Coast ports,
“locked out 10,500 members of the International Longshore and Warehouse Union, charging the union was engaged in a
slowdown of work that amounted to a strike with pay.” (Isidore, 2002).
A Sample of Recent Upstream Supply Chain Disruptions
Illustrate the Importance of Proactive Risk Management
Risk Category Event Consequence to
Supply Chain
Terrorist Attack
Terrorist Attack: 9/11 Port and air traffic shutdown
Act of Nature
Hurricanes (Ike, Rita, Katrina) Oil production facilities
heavily damaged
Earthquakes/tsunamis (Chengdu,
China; Japan)
Capacity of high-tech
industries reduced
Volcanic eruptions, Iceland Flight cancellations
Strikes
West coast port strikes Distribution backlogs
Evolving Commercial Practices in Supply Chain Risk Management 25
and is estimated to have cost the U.S. economy $1 billion to $2 billion per day (Isidore, 2002;
McKenna, 2007; and Hannon, 2008). Such events caused many enterprises with lean supply
chains to realize they needed to improve their risk management practices.
Federal legislation has also prompted concerns with business disruption and continuity
planning. Te Sarbanes-Oxley Act of 2002 “mandates that organizations . . . understand the
risks that may impact their fnancial reporting processes and requires them to put in place the
proper controls” (Berman, 2004); that is, management processes and practices to manage risks
that may afect fnancial performance of the enterprise. While Sarbanes-Oxley does not specif-
ically address business continuity planning, complying with it requires companies to establish
controls, engage in risk assessment, implement control activities, create efective communica-
tion and information fows, and monitor their control processes. Tis has led many enterprises
to establish or strengthen business continuity plans and programs. Because outsourced pro-
cesses (i.e., the performance of external supply chain partners) can have a direct impact on an
enterprise’s fnancial statements, those that report to the U.S. Securities and Exchange Com-
mission are required to assess the efectiveness of their suppliers’ internal control structures
pertinent to their contractual agreements. Some enterprises are beginning to require their sup-
pliers to develop and share their business continuity plans. Tis has led to the establishment of
SCRM organizations and their placement within business continuity programs.
26 Identifying and Managing Air Force Sustainment Supply Chain Risks
According to two recent surveys, risk managers and supply chain managers do not appear
to be well prepared for events that impact their supply chains.
3
Virtually no risk managers
reported that their SCRM was highly efective, while just over one-third reported that theirs
was moderately efective. Among supply chain managers, only 11 percent reported that they
were actively managing supply chain risk. Tis is not surprising given the relatively recent
awareness of increasing supply chain risks and establishment of business continuity and SCRM
organizations.
3
Enslow, 2008, summarizes an online survey of 110 risk managers located predominantly in North America, which was
done in cooperation with Risk & Insurance magazine. Te author does not give a response rate. Fifty-one percent of survey
respondents were from large enterprises ($1 billion or more in annual revenue), 30 percent were from midsize enterprises
($50 million–$999 million), and 19 percent were from small enterprises (less than $50 million).
Hillman and Ketz, 2007, report results from a survey of 89 supply chain managers at U.S. manufacturing and retail
companies. Respondents were qualifed and only eligible to participate in the study if they were part of an evaluation for
SCRM technology and services purchases. 52 percent of respondents were from discrete manufacturing, 36 percent were
from process manufacturing, with the remainder from retail with 40 percent having 15,000 or more employees and 33 per-
cent having fewer than 5,000 employees. Te authors do not give a response rate.
Few Risk and Supply Chain Managers Report That Their
Enterprises Are Well Prepared for SCRM Risk-Related Events
Moderately
effective
35%
Low
effectiveness
28%
No formal
risk process
24%
Do not
Know
14%
Highly
effective
0%
Actively
managing
risk
11%
Actively
assessing
risk
24%
Concerned
but no formal
process
47%
Not
concerned
about risk
18%
SOURCES: Adapted from Enslow, 2008; Hillman and Keltz, 2007.
Risk Managers
Supply Chain Managers
Evolving Commercial Practices in Supply Chain Risk Management 27
Te fgure above, adapted from Verstrate (2008), illustrates how a lack of proactive SCRM
delays recovery and increases the magnitude of the consequences of an event. Te horizontal
axis denotes time, and the vertical axis represents a change in the business or environment. Te
black line tracks how the business environment is changing, while the enterprise’s reaction to
that change is shown by the red line. Enterprises that are adept at adapting to change reduce
latency, so the red line and black line are very close. When there are no plans for quickly iden-
tifying events that could impact an enterprise’s supply chain, there can be a delay in recogniz-
ing such events—decision latency. Once an event has been recognized, if there are no plans for
managing or mitigating the specifc type of event that has occurred, response delays—change
design latency—will increase while an enterprise determines the best response. Once a response
has been designed, it needs to be implemented, which further delays an enterprise’s response—
change implementation latency. Finally, after implementation, an enterprise needs to determine
whether its response to the supply chain disruption was efective—validation latency. If not
efective, the implementation may need to be modifed, further delaying the enterprise’s return
to normal operations.
A well-publicized example of the costs of delay in responding to a supply chain disrup-
tion was a brief fre caused by lightning at a Phillips Electronics semiconductor plant in Albu-
querque, New Mexico (Latour, 2001). Te fre adversely impacted the supply of critical com-
puter chips for both Nokia and Ericsson cell phones. Nokia noticed a problem with its chip
supply before Phillips notifed it of the fre. As soon as it realized chip production would not
be resumed quickly, Noika “redesigned chips on the fy, sped up a project to boost production,
Lack of Proactive Risk Management
Delays Recovery and Increases Impact
SOURCE: Adapted from Verstrate, 2008.
Business or
environment
change
Enterprise
reaction to
change
Latency
Quality of
response
Decision
Time
Change design
Change
implementation
Validation
+
+
+
28 Identifying and Managing Air Force Sustainment Supply Chain Risks
and fexed the company’s muscle to squeeze more out of other suppliers” (Latour, 2001). Erics-
son did not have other chip suppliers and was slow to react, failing to fnd alternative sources
of supply. As a result of its ability to detect the problem faster than Ericsson and execute a
response, Nokia gained market share at the expense of Ericsson, which soon exited cell phone
production.
4
4
Ericsson eventually developed a proactive SCRM approach (Norrman and Jansson, 2004) but too late to prevent the
large losses associated with the fre at the Phillips plant.
Evolving Commercial Practices in Supply Chain Risk Management 29
We conclude from our company interviews and review of the literature that proactive SCRM
requires an organization that develops guidance and policies for identifying and managing
supply chain risks. It must develop the capability to target critical risks and develop and exe-
cute risk management plans.
Proactive SCRM also requires that an enterprise have a supply chain risk assessment and
management process. Often supporting the process are tools for supply chain risk identifca-
tion, assessment, and monitoring. Along with those tools are strategies for mitigating and
managing many supply chain disruptions. Strategies may include identifying or developing a
second source or site for manufacture, holding inventory to cover requirements for the duration
of the disruption, and, in the long term, designing future products and selecting suppliers to
reduce overall supply chain risks.
Proactive Management Requires Establishment of
SCRM Organizations, Processes, and Practices
• SCRM organization
– Guidance and policies
– Resources for people and training
• SCRM process
– Tools
– Strategies
• Emerging practices
• Business continuity/SCRM plans
• Incentives
• Metrics
30 Identifying and Managing Air Force Sustainment Supply Chain Risks
SCRM Organization
• Enterprise-wide SCRM organization
– Develop policy, processes, tools, and metrics
(e.g., suppliers with business continuity plans,
time to recovery)
– Institutionalize reporting requirements (e.g.,
board of directors level)
• Strategic business units
– Identify, assess, and prioritize risks
– Develop and implement specific plans
– Request and review supplier business
continuity plans
– Monitor and report risks
Te enterprises most successful at SCRM have a formal SCRM program (Enslow, 2008). Tey
create a partnership of corporate risk managers and supply chain operations. Te risk man-
ager mobilizes the enterprise against supply chain risks, while supply chain operations work to
ensure that risk processes are designed cross-functionally and end-to-end and embedded into
current activities. For example, cross-functional SCRM might include representatives from
procurement, manufacturing, and sales. An end-to-end perspective would identify supply
chain risk along all the points of the supply chain, including subtier suppliers.
We asked representatives from three companies how they were organized for SCRM.
All reported that they had an enterprise-wide SCRM organization that develops policies, pro-
cesses, tools, internal metrics (such as number of suppliers with business continuity plans), and
supplier time to recovery commitments. Tese centralized organizations also institutionalize
reporting requirements for SCRM, which can include regular reports to the enterprise’s board
of directors.
One company reported that strategic business units (SBUs) do the actual identifying,
assessing, and prioritization of supply chain risks for their products and services. Te SBUs
also develop and implement specifc risk management plans, request and review supplier busi-
ness continuity plans, and monitor and report supply chain risk up to SBU and enterprise
management.
Te Cisco SCRM team is part of its Customer Value Chain Management (CVCM) orga-
nization (Harrington and O’Connor, 2009). Within the CVCM organization, it partners with
Global Supplier Management (GSM), which is responsible for sourcing decisions and manag-
Evolving Commercial Practices in Supply Chain Risk Management 31
ing relationships; Product Operations, which is responsible for developing products from engi-
neering innovations, and Global Manufacturing Operations, which is responsible for global
manufacturing and logistics. CVCM also partners with Cisco engineers to assess the resiliency
of new products. Lastly, CVCM partners with Cisco’s suppliers, manufacturing partners, and
transportation and logistics providers to continuously manage supply chain risks.
Te four key elements of Cisco’s program are as follows:
1. Te Business Continuity Planning Program, which works closely with internal and
external partners “to document recovery plans and times and drive resiliency standards.”
2. Crisis Management, which is responsible for continuous global monitoring of and
response to disruptions.
3. Product Resiliency, which helps Cisco’s business units address supply chain vulnerabili-
ties during product design as well as to prioritize and reduce the costs of risk mitigation
strategies.
4. Supply Chain Resiliency, which identifes points in the supply chain where time to
recovery would be unacceptably high and develops resiliency plans for them.
32 Identifying and Managing Air Force Sustainment Supply Chain Risks
In developing SCRM organizations, enterprises may seek to develop or impart certain skills.
Survey responses of risk managers (Enslow, 2008) indicated that the following skills were very
important for success:
• strong networking and orchestration—79 percent
• basic understanding of end-to-end supply chain process—77 percent
• efective articulation to colleagues of how risk initiatives deliver short-term operational or
fnancial improvement—70 percent
• ability to “talk the language” of the chief executive ofcer (CEO)/chief fnancial ofcer
(CFO) and other enterprise-wide audiences to gain support for initiatives—66 percent
• ability to educate functional personnel on key risk areas and best practices—63 percent
• adeptness at aggregating risks across functional silos and business units to monitor total
enterprise risk—63 percent.
Strong networking and orchestration skills are particularly important because supply
chain risks cut across diferent functions within the enterprise as well as suppliers external to
the enterprise. While the goal of SCRM is to prevent adverse consequences (e.g., additional
costs, short- and long-term loss of business) to the enterprise, it is often hard to justify expend-
ing scarce resources for SCRM initiatives to prevent loss. Terefore, articulating how risk
initiatives deliver short-term operational or fnancial improvement is particularly important.
In addition, supply chain risk managers need to speak the language of the CEO and CFO in
Desired Skills for Supply Chain Risk Managers
• Strong networking and orchestration
• Basic understanding of end-to-end supply chain process
• Effectively articulate how risk initiatives deliver short-
term operational or financial improvement
• Talk the language of the CEO/CFO to gain support for
initiatives
• Effectively educate functional personnel on key risk
areas and best practices
• Adept at aggregating risks across functional silos and
business units to monitor total enterprise risk
SOURCE: Adapted from Enslow, 2008.
One enterprise we interviewed hires people
knowledgeable in supply chain management
and trains them in SCRM
Evolving Commercial Practices in Supply Chain Risk Management 33
terms of enterprise-wide benefts or loss avoidance of SCRM initiatives in order to obtain the
resources to develop and execute SCRM strategies.
Te companies we interviewed also reported that supply chain risk managers needed to
be able to efectively educate diferent functional personnel on key risk areas and best practices
for managing those risks. Further, they need to be adept at aggregating risks across functional
silos and enterprise business units to monitor total enterprise risk.
Representatives from one company we interviewed told us that they seek to hire persons
knowledgeable in supply chain management, which they say is harder to teach, and then train
them in SCRM.
34 Identifying and Managing Air Force Sustainment Supply Chain Risks
Te above fgure outlines a composite, multistep process for supply chain risk assessment and
management based on fve proposed methods for analyzing supply vulnerabilities described
in the literature.
5
Te nine-step process begins by recognizing the existence of a potential risk
5
Yates and Stone (1992) suggest four elements for risk appraisal: existence, including awareness of the potential for pos-
sible loss; identity, including identifcation of specifc losses that might occur; likelihood, including determination of the
likelihood of a possible loss; and signifcance, including assessment of the signifcance of a possible loss.
Zsidisin, Ragatz, and Melnyk (2003) propose a second model based on awareness, prevention, remediation, and knowl-
edge management. Awareness is both internal and external and may include fnancial reports, supply chain mapping, and
use of audit instruments. Prevention includes identifcation, assessment, treatment, and monitoring of risks, and may
include such actions as a risk register. Remediation includes planning how to minimize impact and duration of a risk
and the resources required to address it. Knowledge management includes tracking results and actions for continuous
improvement.
Zsidisin, Ragatz, and Melnyk (2003) also suggest a model adapted to the strategic sourcing process. Its frst step is ana-
lyzing internal requirements and understanding risk tolerance. Its second step is analyzing the supply market to understand
market risks. Its third step is to determine the approach to risk management and relationship types to reduce and bufer
risks. Its fourth step is to identify and evaluate suppliers, including assessing the risks of each. Its ffth step is to build and
manage relationships, including monitoring risks in them.
Ziegenbein and Nienhaus (2004) suggest a four-part continuous SCRM process. Its elements include identifcation of
risks, including a structured documentation of risks and their sources; assessment of risks, including measuring their prob-
ability and impact; controlling risks, including evaluating risks and deciding how to cope with them; and monitoring risks,
including a transparent overview of supply chain risks at all times.
LCP Consulting in conjunction with the Centre for Logistics and Supply Chain Management (2003) proposed an
SCRM fow beginning with a description of the supply chain. An enterprise may then use vulnerability self-assessment
templates to document risks in such areas as demand, supply, environment contingency, process, and control. Once the self-
assessment is complete, an enterprise may evaluate the implications of the risks they face, including their scale, duration,
SCRM Is a Multistep Continuous Process
1. Recognize
existence
2. Identify 5. Prioritize
4. Assess
probable
impact/
significance
3. Estimate
likelihood of
occurrence
6. Develop,
assess, and
execute
management
strategies
7. Develop
contingency
plans
9. Capture
lessons learned
and improve
8. Monitor
Evolving Commercial Practices in Supply Chain Risk Management 35
(step 1), identifying the exposure of the supply base to the risk (step 2), estimating the likeli-
hood and severity of realization of the risk (step 3 and 4), prioritizing risks by potential costs
to allocate scarce resources appropriately (step 5), developing, assessing, and executing a risk
management strategy for the prioritized list (step 6), developing contingency plans (step 7),
monitoring the risk environment to respond to changes and re-prioritize responses to risk (step
8), and, fnally, continuously integrating lessons learned and improving risk and supplier man-
agement policies (step 9).
We defne each step and provide additional details on identifying risk (step 2), prioritizing
risk (step 5), developing assessing and executing management strategies (step 6), and capturing
lessons learned to improve risk management (step 9).
Step 1: Recognizing Risk. Before a risk can be addressed, there must be an awareness
that supply vulnerabilities exist (Zsidisin, Ragatz, and Melnyk, 2003). Enterprises need to be
aware that their actions or lack of action creates various supply chain risks.
recovery, and cost. An enterprise can then identify the actions it needs to take such as mitigation strategies or developing
contingency plans for the risks with the greatest consequences to its operations.
36 Identifying and Managing Air Force Sustainment Supply Chain Risks
Step 2: Identifying Risks. Tis step of risk management and assessment requires identifcation
of supply vulnerabilities. Enterprises need to identify the possible risks associated with a
prospective supply strategy. An example of a supply chain risk may be disruptions due to
natural disasters. One way to visualize these risks, which are related to location, is to map
them, as we illustrate later. Te fgure above shows the locations of hurricanes, earthquakes by
magnitude, and tornados by damage for the 48 contiguous states.
6
Other methods for identifying risks include brainstorming, interviews, workshops, supply
chain mapping/description,
7
the Delphi Method,
8
fault or event tree analysis
9
(Ziegenbein and
Nienhaus, 2004), and Nominal Group Technique, or NGT (Zsidisin, Panelli, and Upton,
2000).
10
Some authors recommend assessing vulnerabilities by categories of external risks, such
6
Data for earthquakes are for 1789 to 2004; those for tornados and hurricanes are for 1995 to 2000.
7
Supply chain mapping identifes all members, facilities, linkages, and fows of goods, information, and money in the
end-to-end supply chain from upstream raw materials suppliers through manufacture to downstream delivery to the fnal
customer, use, and then disposal (Gardner and Cooper, 2003).
8
Te Delphi Method relies on a series of questionnaires among a group of experts to discern a consensus as well as reasons
for disagreement. For further information, see Linstone and Turof, 2002.
9
Fault or event tree analysis breaks down a system risk event into component failures step by step by linking failure events
with their causes. Because fault tree analysis is used for qualitative and quantitative analysis of systems, it is essential that
for a risk every cause is considered in the fault tree and conversely that every mentioned cause is actually needed to trigger
the event (Schellhorn, Tums, and Reif, 2002, p. 1).
10
NGT involves individuals frst generating their own ideas, then sharing them with a group, before ranking each. For
more information, see Van De Ven and Delbecq, 1974.
Visualization of Exposure to Natural Disaster Risks
for Customers and Suppliers
5.501 and above
4.501 to 5.5
3.3 to 4.5
Earthquake
Richter scale
Hurricane
Tornado damage