Enhancing Supply Chain Security

1
Enhancing Supply Chain Security
Dr. Omar Keith Helferich Dr. Judith M. Whipple
Supply Chain Faculty Associate Professor
Central Michigan University Michigan State
University July 31, 2007 Foundation For
Strategic Sourcing
2
Objectives

• Define Supply Chain Security
• Identify status of supply chain security
  initiatives
• Identify competencies and capabilities that firms
  are using to enhance supply chain security
• Discuss benchmarking tool for improving supply
  chain security

This research was supported by the U.S.
Department of Homeland Security (Grant number
N-00014-04-1-0659), through a grant awarded to
the National Center for Food Protection and
Defense at the University of Minnesota. Any
opinions, findings, conclusions, or
recommendations expressed in this publication are
those of the author (s) and do not represent the
policy or position of the Department of Homeland
Security.
3
Definition of Supply Chain Protection and Security

• The application of policies, procedures, and
  technology to protect supply chain assets
  (product, facilities, equipment, information, and
  personnel) from theft, damage, or terrorism and
  to prevent the introduction of unauthorized
  contraband, people, or weapons of mass
  destruction.
• Closs and McGarrell (2004), Enhancing Security
  Throughout the Supply Chain, IBM Center for the
  Business of Government www.businessofgovernment.
  org

4
Secure Supply Chain Requirements

• Preventing any biological, chemical or
  unauthorized agent to be incorporated into the
  product
• Preventing any illegal commodity to be
  intermingled with the shipment
• Preventing transportation assets or a shipments
  contents to be used as a weapon
• Preventing unauthorized access to the product
  and/or supply chain network
• Preventing disruptions of the supply chain
  network/infrastructure

5
Supply Chain Security Impact A State of
Transition

• From
• Corporate security
• Theft prevention
• Inside the company
• Vertically integrated supply chain with 1st tier
  suppliers
• Country or geographic
• Contingency planning
• Reactive

• To
• Cross functional team
• To include anti-terrorism
• End-to-end supply chain
• Business model that includes 2nd and 3rd tier
  suppliers
• Global
• To include crisis management
• Proactive

6
Security Expectations A Changing Future

• Secure supply chains containing advanced
  security processes and procedures
• Resilient supply chains able to react to
  unexpected disruptions quickly in order to
  restore normal operations

Rice and Caniato (2003), Building a Secure and
Resilient Supply Network, Supply Chain
Management Review, September/October.
7
Industries Under Investigation

• Food National Center for Food Protection and
  Defense (A Department of Homeland Security Center
  of Excellence)
• Electronics and Pharmaceuticals (IBM Research
  Grant)
• Hazardous Material (Dow Chemical Grant)

8
Range of Security Strategies
High
High
Unintentional
Intentional
Potential Supply Chain Risk
Potential of Incidents
Intentional
Unintentional
Low
Low
Safety
Security Management
Integrated Supply Chain Security
Range of Security Strategies
9
Key Considerations Capabilities and Competencies

• Capability the infrastructure, processes,
  systems, assets, and resources to develop a
  specific competency
• Competency the broad set of skills, knowledge,
  and aptitude that create and sustain a secure
  supply chain

10
Outcomes of the Food Supply ChainBenchmarking
Research

• Provide industry with in-depth understanding of
  the capabilities that form competencies in supply
  chain security
• Define competencies and understand their impact
  on security performance
• Compare capabilities, competencies and
  performance across firms in the food supply chain
• Create benchmarking process and tool to assist in
  extended and future comparison and evaluation

11
Team Members
Jean Kinsey, Ph.D. Robert Kauffman,
Ph.D. Theodore Labruzza, Ph.D. Jon Seltzer,
Ph.D.
David Closs, Ph.D. Cheri Speier, Ph.D. O. Keith
Helferich, Ph.D. Dan Lynch, Ph.D. Ed McGarrell,
Ph.D. Robyn Mace, Ph.D. Judy Whipple, Ph.D. Doug
Voss, RA
Alan Erera, Ph.D. Chip White, Ph.D. Steven
Morris, RA
12
Competency Assessment
Supply Chain Security Practice Competencies

• Firm Demographics
• Size
• Channel location
• Organizational responsibility

Supply Chain Security Performance
What practices are used? Which practices are more
effective? How do they differ?
13
Competency Performance Drives Security Performance
14
Definitions of Competencies

• Process Strategy (PS) executive commitment to
  security and the institution of a culture of
  security
• Process Management (PM) the degree to which
  specific security provisions have been integrated
  into processes managing the flow of products,
  services and information
• Infrastructure Management (IM) security
  provisions that have been implemented to secure
  the physical infrastructure
• Communications Management (CM) internal
  information exchange between employees, managers,
  and contractors to increase security

15
Competencies (Continued)

• Management Technology (MT) the effectiveness of
  existing information systems for identifying and
  responding to a potential security breach
• Process Technology (PT) specific technologies
  implemented to limit access and trace the
  movement of goods
• Metrics/Measurement (MM) the availability and
  use of measurement to better identify and manage
  security threats

16
Competencies (Continued)

• Relationship Management (RM) information
  sharing and collaboration between supply partners
• Public Interface Management (PIM) the security
  related relationships and exchanges of
  information with the government and the public
• Service Provider Management (SPM) information
  sharing and collaboration between the firm and
  its logistical service providers

17
Performance Measures

• Ability to detect security incidents
• Reduction in the number of security incidents
• Increased resilience in recovery
• Changed risk profile
• Changed firm and supply chain cost, shrink,
  injuries, and turnover
• Improved security relative to competitors
• Improved ability to meet security requirements

18
What Capabilities (Practices) Create a
Competency? One Example
Defined communication protocols
Information preventing incidents
Information detecting incidents
Information responding to incidents
Information regarding recovering from incidents
Information protocols in case of contamination
Reporting protocols in case of incident
Communications Management
19
Research Process

• In-depth company interviews
• 15 manufacturers
• 13 retailers
• 7 transportation providers
• Questionnaire Development
• Overall Survey Response (total respondents 239)
• Food Products Association (134 58)
• Michigan Department of Agriculture (83 9)
• ASIS International (22 10)
• Respondents Scope of Responsibility
• Quality Management (101 42)
• Supply Chain Management (36 15)
• Security Management (25 10)
• Other (57 24)
• Not Defined (20 8)

20
Who Responded to the Survey Size of Firm?
Size of Firm Manufacturer/ Wholesalers
lt 20 M 59
20 - 100 M 44
100 - 500 M 29
500 M - 1 B 10
gt 1 B 64
Not Defined 32
21
Initial Research Questions

• Where are firms focusing their efforts?
• Is there a difference between large and small
  manufacturers in competency focus?
• Where are firms seeing results?
• Is there a difference between large and small
  manufacturers in security performance?

22
Where are Manufacturers/Wholesalers Focusing
Their Efforts?
Score of 5 Indicates Strong Activity
23
Is There a Difference Between Large and Small
Manufacturers/Wholesalers?
Competency Mean Score (Large) Mean Score (Small)
Process management 4.00 3.79
Management technology 3.97 3.77
Communications management 3.94 3.66
Infrastructure management 3.84 3.68
Metrics/Measurement 3.61 3.31
Process strategy 3.61 3.38
Public interface management 3.54 3.21
Service provider management 3.33 3.03
Process technology 3.07 2.89
Relationship management 2.89 2.66
Indicates statistically significant difference
in mean
24
Where are Manufacturers/Wholesalers Seeing
Results?
(SC)
Score of 5 Indicates Significant Change
25
Is There a Difference Between Large and Small
Manufacturers/Wholesalers?
Performance Measure Mean Score (Large) Mean Score (Small)
Detect incidents inside firm 4.03 3.86
Detect incidents across SC 3.65 3.27
Decreased incidents inside firm 2.69 3.31
Decreased incidents across SC 3.19 3.31
Increased firm resilience 3.67 3.73
Increased SC resilience 3.53 3.35
Improved firm risk profile 2.98 2.81
Improved SC risk profile 3.01 2.98
NOTE Scale anchors Significantly Increased
No Change Significantly Decreased
Indicates statistically significant difference
in mean
26
Is There a Difference Between Large and Small
Manufacturers/Wholesalers?
Performance Measure Mean Score (Large) Mean Score (Small)
Firm reduced operating cost 2.46 2.35
Firm reduced loss/shrink 3.14 3.23
Firm reduced insurance cost 3.11 3.02
Firm reduced personal injury 3.27 3.28
Firm reduced employee turnover 3.02 3.04
SC reduced operating cost 2.50 2.55
SC reduced loss/shrink 3.06 3.10
SC reduced insurance cost 3.04 2.94
SC reduced personal injury 3.13 3.18
SC reduced employee turnover 3.04 3.06
NOTE Scale anchors Significantly Increased
No Change Significantly Decreased
27
Perceived Performance Results for
Manufacturers/Wholesalers

• The positive results are
• Increased detection within firm and across supply
  chain
• Increased firm and supply chain resilience
• Decreased personal injury
• However, there has been an increase in firm and
  supply chain operating cost

28
Further Research Questions

• Do some firms consider security as a high
  strategic priority?
• What do these firms do differently than low
  priority firms?
• Do high priority firms have better performance
  results than low priority firms?

29
Strategic Security Construct

• Our firm's senior management views supply chain
  security as necessary for protecting our brand or
  reputation.
• Our firm has a corporate level strategy to
  address security concerns.
• Our firms senior management views supply chain
  security as a competitive advantage.
• Our firms senior management views supply chain
  security initiatives as a necessary cost of doing
  business.
• Our firms senior management supports food supply
  chain security initiatives.

127 firms classified as high priority 72 as low
priority.
30
Is There a Difference Between High and Low
Strategic Priority Firms?
Internal Security Measure Mean Score (High) Mean Score (Low)
Information systems provide timely information for response 4.35 3.42
Information systems provide valid information for response 4.27 3.49
Information systems allow us to quickly share information 4.48 3.50
Our firm uses RFID to effectively track products 1.89 1.58
Our firm incorporates prevention information into training 4.49 3.67
Our firm incorporates detection information into training 4.29 3.14
Our firm incorporates response information into training 4.34 3.19
Our firm incorporates recovery information into training 3.95 2.48
Our firms information systems are secure 4.40 3.63
NOTE Scale anchors Strongly Disagree
Strongly Agree
Indicates statistically significant difference
in mean
31
Is There a Difference Between High and Low
Strategic Priority Firms?
External Security Measure (across the supply chain) Mean Score (High) Mean Score (Low)
Information systems provide timely information for response 4.19 3.19
Information systems provide valid information for response 4.14 3.33
Information systems provide actionable information 3.81 2.87
Our SC partners uses RFID to effectively track products 1.88 1.63
Our firm has processes in place to prevent a SC incident 4.27 3.13
Our firm has processes in place to detect a SC incident 4.28 3.14
Our firm has processes in place to respond to a SC incident 4.45 3.30
Our firm has processes in place to recover from a SC incident 4.20 2.98
Our SC partners information systems are secure 3.49 2.60
NOTE Scale anchors Strongly Disagree
Strongly Agree
Indicates statistically significant difference
in mean
32
Do High Strategic Priority Firms Perform Better
than Low Strategic Priority Firms?
Performance Measure Our firms security investment has significantly reduced/significantly increased Mean Score (High) Mean Score (Low)
Our ability to detect security incidents inside our firm 4.18 3.72
Our ability to detect security incidents across the supply chain 3.73 3.23
Security incidents inside our firm 3.39 3.28
Security incidents across the supply chain 3.33 3.12
Our resilience in recovering from security incidents inside our firm 3.86 3.43
Our resilience in recovering from security incidents across the supply chain 3.62 3.22
NOTE Scale anchors Significantly Increased
No Change Significantly Decreased
Indicates statistically significant difference
in mean
33
What Measures Impact Detection/Recovery for High
Strategic Priority Firms?

• Internal
• Timely information to respond
• Prevention information in employee training
• Recovery information in employee training
• External
• Processes in place to recover from an incident in
  our supply chain
• Our supply chain partners information systems
  are secure

34
The Creation of an Assessment and Benchmarking
Tool

• Survey for internal company use
• Summary of results from company use
• Benchmark of company results by item, competency,
  and total score

35

Example of a Firms Diagnostics Results Example of a Firms Diagnostics Results Example of a Firms Diagnostics Results Example of a Firms Diagnostics Results Example of a Firms Diagnostics Results
Food Supply Chain Security  Firm World Class  
Scale Disagree 1 2 3 4 5 Agree Mean Benchmark Gap
1 Process Management 3.52 4.08 (0.56)
2 Process Strategy 2.69 3.68 (0.99)
3 Infrastructure Management 2.01 3.94 (1.93)
4 Communication Management 3.80 3.98 (0.25)
5 Management Technology 4.00 4.05 (0.05)
6 Process Technology 3.14 3.16 (0.02)
Public Interface Management 3.51 3.56 (0.05)
Metrics/Measurement 3.06 3.64 (0.58)
Service Provider Management 3.43 3.36 0.07
Relationship Management 2.44 2.96 (0.52)
Overall Score 31.60 36.39 (4.79)

Large gaps indicate problem areas
World Class is the sample mean plus 1 standard
deviation
36
Conclusions

• Food supply chain firms are increasingly
  interested in protecting their supply chains to
  protect their customers and brand names.
• Firms must develop a broad range of competencies
  to achieve supply chain protection.
• Firms have seen performance improvements in
  detection and resiliency.
• In general, firms embarking on supply chain
  security initiatives will, at least initially,
  increase firm and supply chain operating cost.
• Better performance is linked to extended supply
  chain security efforts throughout the supply
  chain.