Think supply chain security think strategy

Sept. 16, 2005
When it comes to protecting your supply chain, a within-the-four-walls focus no longer works. Companies nowadays must depend not only on their own efforts,

When it comes to protecting your supply chain, a within-the-four-walls focus no longer works. Companies nowadays must depend not only on their own efforts, but on the security procedures of their supply chain partners as well.

"You need to focus on supply chain security at the strategic level to make it work across all business units," explains John Mascaritolo, director global logistics with financial electronics company NCR Corp. "If you only look at security at the local level, you'll have different approaches throughout the company."

Manage the total picture to avoid inconsistencies, Mascaritolo adds. "Every touch point has to be scrutinized, beginning with the supplier and ending with the final handoff."

Involvement in supply chain security must reach high enough in the management structure to have a vision of the total picture. At NCR, that includes the directors of logistics, corporate security, import compliance, legal and human resources — in other words, all parties involved in securing the supply chain. Mascaritolo recognizes that people at the local level must maintain security at their touch points, but security requires participation at all levels of the supply chain, including strategic and operations.

A supply chain security workshop conducted recently at Michigan State University (MSU) underscores the strategic nature of supply chain security (go to to see the report, "Enhancing security throughout the supply chain").

According to workshop participants, a four-walls focus no longer works. A comprehensive security solution requires participation of all organizations involved in supply chain planning, execution, control and monitoring. As at NCR, workshop participants are deploying crossfunctional teams composed of Customs, security, government relations, tax staff, production control and logistics, purchasing, internal controls and human resources.

Participants at the workshop also note the demands of supply chain security extend beyond simply preventing theft. They now must deal with the threat of terrorism. That means security procedures within their own processes and those of first-tier suppliers are not enough.

Companies must depend on the security procedures of partners throughout the supply chain. They are also affected by procedures, laws and regulations of countries around the globe. Sourcing decisions will increasingly lean toward the trusted partner status of the supplier's country.

Companies must work with their supply chain partners to refine processes to reduce variability and vulnerability. And they must do this without significantly increasing costs.

As firms struggle to improve supply chain security while holding costs in line, the U.S. Department of Homeland Security (DHS) is offering needed resources in specific areas. When DHS was formed, it created centers of excellence that key on major threats. These centers are located at major universities and collaborate with other schools.

The University of Minnesota, for example, leads a center of excellence focused on the post-harvest food industry. "We're looking at the supply chain from material suppliers to retail," notes David Closs, professor of business administration with MSU, a collaborating university. Closs notes the goal is to gain visibility, integration and cross-functional insight at the strategic planning level.

"With input from a number of industry representatives, we're developing characteristics of what companies should do," Closs continues. "In the area of process strategy, for example, we ask, 'To what degree do upper management people think supply chain security is necessary to protect the company's brand?' We've used these questions to evaluate whether management is serious about supply chain security.

"We categorized needs into 10 supply chain security competencies and 10 characteristics of these competencies," Closs continues. "Now we're testing what typical companies do."

While the study has not yet yielded quantitative data, Closs and his team have made several observations based on responses:

  • Success requires cultural sensitivity to security. "While this seems obvious, a firm's increased focus on security can often be traced to a problem or incident," notes Closs.
  • Crises are typically handled by a small committee or an individual with food safety or quality responsibility rather than a supply chain focus. "Often, they don't know who their transportation company/service provider hires. Most have no clue of standards or checks. They're not sensitive to what happens outside their four walls," explains Closs.
  • There is a stronger focus on security with suppliers than with customers. There also is a stronger focus on security among domestic suppliers than international sources. "Even though these U.S. companies import, they don't think through international issues. They don't know what they're importing," Closs cautions.
  • While larger companies tend to have more security measures, across the board there is a reluctance to spend money on deterrents. Companies are looking for government mandates.

Closs doesn't think the wish for government requirements would be valid across a larger population. He believes companies want guidelines rather than mandated standards. On the other hand, he recognizes many companies won't spend money unless it's required. "Top management thinks, 'My risk isn't that high and this will increase my costs.' The expectation is consumers will not pay more for more secure products. Companies invest primarily to protect their brand equity," Closs suggests.

At consumer electronics manufacturer Audiovox Corp., Patrick Moffett represents the other reason to invest in security. "I'm a professional and it's the right thing to do," states Audiovox's vice president, global logistics and Customs compliance. "We're doing everything we can to comply with the U.S. Bureau of Customs and Border Protection's (CBP) voluntary security standards represented in the Customs-Trade Partnership Against Terrorism ( CTPAT)," says Moffett.

Moffett agrees the benefits may not outweigh the investment. "Many companies find it's too much bother for the perceived benefit," he says. "The benefit is supposed to be fewer inspections, but I haven't had an inspection for a long time."

Moffett also is working toward certification because he thinks eventually something will happen — like another terrorist strike — and C-TPAT will be mandated. "If that happens, shipments of companies that are not participating will be more heavily scrutinized," he contends.

"Achieving C-TPAT certification is one process. Going through the exercises to secure your supply chain is another process. You have to ask yourself what you can and can't control," insists NCR's Mascaritolo. "Where my carrier is involved or goods are on my property, I'm in control. While I select the freight forwarder who selects the ocean carrier, I don't have control while the container is being loaded."

Securing your supply chain end to end means asking a lot of questions, according to Mascaritolo. "Where are your touch points? Are the touch points secure? Identify weak links in your processes," he urges. "Then break the touch points into steps and examine in detail at the next level. Who attaches the cargo seals? Is there a witness or are the seals given to the driver? Once the carrier has a shipment, if there's an accident, what is my process and what does my carrier do? What happens if a container arrives with a broken seal? Go through what-ifs with your transportation partner. You need a process for handling all these situations," he insists.

"Talk to your international carriers about how they are addressing issues," he adds. "Understand their processes. How do they guarantee the segment they touch is secure? Do they seal containers, do background checks on employees, or inspect their equipment regularly? Do they have documented processes for pickup at known and unknown sources? Do they train employees to look under equipment? At the strategic level, you must understand the carrier's processes." If you're responsible for your entire supply chain, you have the authority to ask these questions, Mascaritolo points out. While an employee at the receiving dock doesn't have that level of authority, what they do is just as important to the security of the supply chain as the person in China who fills the container.

Shedding a little light on light manufacturing

For industries that rely on global supply chains to produce and distribute their products, there is a constant and growing need to be assured that they have the right products on hand at the right time to satisfy final customer requirements. Companies need to avoid having too much stock in warehouses but still have enough to meet demands — a difficult balance to manage.

From his vantage point as associate partner and global leader of supply chain execution and the WMS practice at consulting firm Accenture (, Jeff Hutchinson has noticed increased space within distribution centers (DCs) allocated to light manufacturing. "DCs are using a three-tier approach," he says, "with significant focus being put on re-shelving and re-SKUing. There is thought being put into just coming off a truck and going back into a truck — using the dock as a staging area."

As manufacturers continue to source in Asia, there is a growing movement to perform some light manufacturing operations at the offshore consolidation port. This takes some burden away from domestic DCs and warehouses, allowing quicker movement to final customers since additional operations need not take place as product reaches the U.S.

Hutchinson observes that there have been recent changes in the types of software solutions available for warehousing operations. Three to four years ago it was unheard of to run a DC operation directly under an enterprise resource planning (ERP) system like SAP's (, he notes. Today, however, SAP's current ERP system includes both a WMS as well as a transportation management system (TMS) component.

"Because they don't want all the overhead of extra software services, companies are now willing to use a single vendor for all these functions," Hutchinson points out. "Since processors and capabilities are now fast enough, manufacturers are ready to put core WMS/TMS four-wall operations right into the module of the ERP solution."

Meanwhile, Hutchinson questions the real value radio frequency identification (RFID) provides within distribution operations. "We need to differentiate what the physical technologies provide versus what the information is providing," he notes. The claim has been that RFID delivers additional information. But there is already a lot of information on a bar code. "Is a higher content of information really needed?" he asks.

Where he sees a fit is in an environment that doesn't allow point-of-sight scanning. Then RFID makes sense. "However, if it's just pallet movements, they're already being scanned, and there's an extra cost for RFID for which there's no real need," Hutchinson asserts. "But if there's an application where physical scanning is impossible, then RFID makes sense." — Roger Morton


Audiovox Corp.
Michigan State University
NCR Corp.
University of Minnesota
U.S. Bureau of Customs and Border Protection
U.S. Department of Homeland Security
Learn more about supply chain security at

Latest from Global Supply Chain