Martin Fessey explains how a supply chain risk management strategycontributes directly to protecting shareholder value.

All business risks are not created equal, but they are all connected. Thus, the management of operational, financial and strategic risks throughout the supply chain of your business - from raw material and component suppliers through the manufacturing processes and beyond to marketing and distribution – is critical to its success.

Business interruption is usually just the start of a series of problems and disruption which a company will face. The total impact may involve many indirect consequences, from missed opportunities and loss of market share to one-off costs of management time, litigation and potential harm to corporate reputation. Though rarely quantified, these hidden costs have been estimated to be between seven and 20 times the cost of the initial incident.

Consider the following story:
In August 1998, shares in Shire Pharmaceuticals, now the third largest British drug company by market capitalisation plunged by up to 40 % – more than £200 million in market capitalisation – after an explosion at the New Jersey plant of a supplier of key ingredients for Shire's two most important products. The two drugs, Adderall and DextroStat, accounted for 63 % of group revenues of £40 million in the first half of 1998, and were expected to grow by an average 60% year-on year.

The New Jersey plant was the only plant producing the ingredients for the two drugs. The explosion also disrupted expansion plans credited for Shire's tremendous growth in value. Shire had acquired two US firms in 1997, but the diversion of management attention after the explosion delayed further acquisition plans for almost a year.

I will return to this example later.

Management consultants and professional organisations such as RIMS, AIRMIC and the Association of Corporate Treasurers in the UK have emphasised that successful management of business risks can create competitive advantage and enhance shareholder value.

The organisation that understands this has established a framework for analysing the entire risk profile of a business enterprise and measuring the opportunities and associated threats of all key activities.

For most companies, the ultimate measure of a business interruption is found in its effect on shareholder value. When shareholder expectations of future performance are great – due, for example, to the introduction of a new, high-growth product or expansion into new markets – the value at risk (VaR) related to a business interruption can be of a magnitude far greater than the traditional insurance measurements of a loss, i.e. net profit and fixed costs. Insurance alone, therefore, will not protect shareholder value.

Shareholder value = corporate value – debt
Simply put, the shareholder value of a corporation is the corporate value less debt in the business. Corporate value is measured by the discounted sum of anticipated future cash flow. This, in turn, is driven by market growth, by which I mean product volumes and prices, product development and customer loyalty - margins, that is the strategies the company follows to add value and reduce the cost of capital.

A supply chain risk management strategy helps to protect these “value drivers” and reduce potential disruption of future cash flows and as such, it contributes directly to protecting shareholder value.

Consider the case of Shire Pharmaceuticals again. Shire's stock recovered some of its value in the days after the explosion as the market watched the company managing the crisis. Seven months later, the Financial Times commented: “Shire stands out as something of a star. The well regarded management team acted quickly to stem the damage following the explosion at Arenol ...” However, the commentary went on to say that, despite gains, “the shares are only back where they were before last summer's problems....”, and they had only just recovered in August 1999, 12 months after the incident.

Supply side risk management
Supply chain risk management is a holistic approach to business risk. It is a natural part of the evolution of risk management from loss prevention, through business continuity to protecting and creating shareholder value.

Here is another example of the evolution of risk management in the context of the supply chain.

Gallaher Group plc, a British tobacco company, was able to consider consolidating several manufacturing sites because of technological advances in high-speed cigarette making and packing machinery. Recognising that they would have many “eggs in one basket”, they invested in advanced fire protection, fire walls and other protective loss control features.

In June 1998, when Moody's issued a “Baa2” credit rating to Gallaher's £1.2 billion unsecured bank facility, it made the following observation in its rating document: “While the rating agency acknowledges Gallaher's continued efforts to improve manufacturing and operational efficiencies, Moody's cautions against the added risks of single manufacturing and distribution sources.”

No mention was made of the company's active risk management programme, including its plans to upgrade the remaining plant to a highly protected risk (HPR) and its continuing business continuity planning.

Hindsight is 20/20. However, had Moody's considered these factors, just a single improvement in the credit rating might have reduced Gallaher's cost of capital by 30 basis points, an annual savings of more than £3.5 million.

Supply chain: common challenges
It is a major challenge for management to balance the rewards of maintaining close relations with suppliers and customers, improving product quality and reducing costs and the risks of relying on sole-source suppliers, just-in-time inventories and contractor manufacturing. The challenge is even more complex when knowledge and understanding of risks is lacking.

Many organisations now evaluate the risk profile of their suppliers and out-sourced contractors. The corollary is that suppliers and contractors who actively manage their risks may gain a significant advantage over competitors who are less conscientious.

Consider what happened to Arenol, Shire Pharmaceutical's supplier, after the explosion at its New Jersey plant:
Shire negotiated with US regulatory authorities to produce the active ingredients in its two most important drugs at another plant, operated by an Arenol competitor, Boehringer Ingelheim, at Arenol's expense. Shire also decided to acquire Arenol's intellectual property rights in the ingredients. Arenol lost revenue, lost business and lost intellectual property rights – and ultimately was acquired.

Firms often face similar “downstream” exposures which are equally challenging, but usually more difficult to address because the leverage to persuade a customer to actively manage risk is not as strong.

Supply chain connections
Suffice to say, that in the increasingly connected manufacturing economy, the supply chain can be complex. From an insurance perspective, the cost of business interruptions will continue to grow as customers rely more on high technology and special equipment, consolidated operations, reduced inventories, fewer suppliers and, complex business relationships, so-called “interdependencies.”

Add to this modern manufacturing techniques such as ‘pull' rather than ‘push' production – where products are manufactured to the demand of customers rather than a predetermined production schedule, with associated minimal inventory and just in time delivery.

The safety margins and forgiveness previously available to industry are, in most instances, just no longer there.

The traditional “fire survey” approach is inadequate when applied to the management of supply chain risks. Often, while there is a vast amount of information on factory layouts, construction materials, buildings and equipment, comparatively little attention is given to the products and processes which create value for the business.

We all know the pressure is on to reduce expenses and grow profit margins. It is the responsibility of management and directors to strike the optimum balance between risk and reward in this quest.

At what cost and what risk are changes made to accomplish these goals?
These questions can be answered when a supply-chain risk analysis is incorporated into the strategic planning process. In other words, this is an opportunity to manage risks actively in support of business strategies. The result of greater reliability and certainty is greater confidence in anticipated cash flows. Ultimately, that commitment is a worthy and wise use of corporate resources which will in itself be reflected in enhanced shareholder value.

Risk analysis
The process begins with a review of business objectives, operations, products and processes, and associated financial information. There should be close collaboration between corporate and operational personnel, typically using structured self-assessment, facilitated workshops and/or checklists.
The supply chain is modelled along product and process lines focussing on the contribution of each element to the cash flow drivers of the business: growth, margins and cost of capital. The objective is to identify the activities within the supply chain which present the potential for a risk event to cause significant interruption to business.
The review should weigh current and future business strategies which could either increase or mitigate the consequences of an interruption. These might include consolidation of manufacturing, outsourcing, globalisation, branding, use of technology etc.

Where in-depth technical expertise is needed to evaluate unusual or unique circumstances, physical risk assessment specialists can assemble detailed information on the operations, physical hazards and exposures associated with specific products and processes under review.

The risk assessment specialist works closely with operational management to review the historic, current and future activities of the operations for potential physical hazards and exposures to business interruption.

Using best practice guidelines for the industry and processes involved as performance standards or benchmarking criteria, all significant deviations are categorised as risk deficiencies in either management systems or operational design.

Risk measurement
The next step in the process involves the qualitative and quantitative measurement of the hazards and exposures to the supply chain and the business consequences of a loss or interruption. The objective here is to develop a comprehensive financial profile of the frequency and severity of supply chain risks that management and executives can use to establish priorities among diverse risk management demands.

Often in the setting of a risk profiling workshop all of the supply chain exposures that have been identified are ranked according to their frequency and severity. The rankings reflect both damage (replacement capital cost of fixed assets, stock and inventory) and business impact – including the wider potential consequences of an interruption in operations. These can include lost margin, growth, value, increased management time and litigation expenses, missed opportunities, interruption of supply and reduced demand.

For the most critical exposures that impact key products, business units and/or corporate strategies, it may be appropriate to analyse the value at risk (VaR) or cash flow at risk (CaR) associated with a particular risk event.

Discounted cash flow techniques are used to calculate before and after scenarios, and compare the at-risk positions of the business with its capacity to absorb the risks. Ultimately, it may be possible to quantify the effect of the supply chain exposures on shareholder value.
Management solutions
The organisation uses the risk assessment developed so far to identify solutions for managing, eliminating or mitigating supply chain exposures. The solutions are based upon the best practice guidelines of the industries and processes involved, developed through basic and applied loss prevention research. In general, management systems exposures are best addressed through training and education, whereas operational design exposures usually require capital investment.The costs of each proposed solution are estimated and the benefits of each are qualified and quantified with respect to the expected reduction in exposure, or VaR/CaR.

A cost-benefit analysis is calculated for review against business plans and capital expenditure budgets. The organisation is then able to establish an action plan for activities that support its overall objectives. The plan establishes risk priorities, incorporating:
• education and change programmes at corporate and operational levels.
• risk improvement strategy for both management systems and operational design exposures.
• pre- and post-event business continuity planning.
Responsibility for completion of the action plan typically rests with operations management, with support from risk specialists in the areas of training and education, risk engineering and review/audit.

I would argue that supply chain risk management is today's version of “highly protected risk.” At the core, it is really about business performance, not insurance coverage. It is about cultivating innovation and gaining competitive advantage, protecting shareholder value and managing risk to strengthen asset value and developing superior solutions for managing risk to maximize returns. Managing supply chain risks is an essential part of making enterprise risk management work.Martin Fessey, is vice president and manager of global insurancenetwork, FM Global – International Operations. His article is based on his presentation to the annual FM Global risk management symposium, held this year in Brighton, UK. Tel: +44 (0) 208 744 6500; fax: +44 (0) 208 744 6550; e-mail