What Should I Do to Secure My Supply Chain?
Embarking on food supply chain security initiatives increases supply chain operating costs. Not surprisingly, given the value of security to consumers' safety and a firm's brand, more firms are making this investment. This article provides insights on security issues that firms face, based on 15 interviews with executives in the food industry and a team that Michigan State University created to research supply chain security at food manufacturers and distributors. This team also identified industry security practices and their perceived impact through a survey of food industry employees that included 238 respondents.
|
TODAY'S GROCERY STORE includes a wide assortment of foods that would have been unimaginable just a few decades ago. Thanks to modern transportation and food science technology, we are able to enjoy fresh fruit and organic products year round. However, with great variety and distribution reach also comes some risk. As recent headlines have illustrated, our efficient and far-reaching food supply chain can be vulnerable to contamination incidents. In 2006, the E. coli spinach outbreak reached from California to the east coast, infecting residents in 26 states.1 The recent Salmonella contamination in peanut butter is possibly even more widespread, with the FDA issuing a product recall back to 2004.2 These types of incidents not only cause suffering for the affected consumers, but also diminish revenues and open a firm to legal action. In addition, contamination events may have a long-term impact on brand image that can carry over to the firm's other, non-affected products and even the firm's business partners.
The magnitude and complexity of global supply chains introduce multiple points of possible contamination. It is estimated that as many as 25 different entities participate in the average global supply chain,3 making control and coordination difficult. It can be expensive to secure a supply chain: Estimated costs are up to $150 per trailer for motor carriers4 and $1-2 per square foot for warehouses. And if no metrics exist to measure the effectiveness of a security program, firms will be afforded little assurance that expenditures have truly made them more secure. Furthermore, if firms do implement security measures, consumers will eventually have to absorb these costs.
The U.S. government has taken some steps to regulate and encourage security activity. For example, the Bioterrorism Act of 2002 requires that firms engaged in food processing be able to trace raw materials and finished goods one step up and one step down the supply chain. Additionally, the Customs-Trade Partnership Against Terrorism (C-TPAT) was enacted to protect U.S. borders. C-TPAT is a voluntary, public-private initiative encouraging firms to secure their supply chains and those of their trading partners.
Department of Homeland Security Study
Understanding that the food supply chain is complex and that contamination - both unintentional and deliberate - is a relevant issue, the Department of Homeland Security funded a grant to study this issue. The grant is administered through the National Center for Food Protection and Defense at the University of Minnesota and involves multiple universities. As part of this grant, Michigan State University created a team to research supply chain security at food manufacturers and distributors. This cross-functional team brought together experts in logistics, supply chain management, information systems, disaster management and criminal justice.
The team's first objective was to understand the security issues and challenges that firms face. This was accomplished through interviews with executives from 15 firms in the food industry. Second, the team wanted to identify industry security practices and their perceived impact. This second goal was accomplished through a survey of food industry employees that included 238 respondents (see Exhibit 1 for more details on these firms).
Demographic Analysis
Based on the demographics of participating firms and their responses, several observations were made. First, larger firms (those with more than 5,000 U.S. employees) are more likely to conduct security activities. Activities more common in larger firms include conducting background checks on all employees and audits of contract manufacturer security procedures. Other activities more commonly practiced by larger firms include:
Larger firms also perceive that their efforts result in improved security performance. For example, larger firms are more likely to perceive that the firm's security investment has resulted in reduced security incidents both internally and across the supply chain. Also, this investment has increased resilience in recovering from security incidents across the supply chain. Furthermore, larger firms believe that security efforts have reduced their risk profile with respect to insurability and operations integrity both inside the firm and across the supply chain. However, these performance gains, as compared to smaller firms, come at a price, since the larger firms also believe that their security investment led to increased supply chain operating costs.
Second, firms with higher revenue (over $500 million) generally report more security and defense initiatives than lower revenue firms. For example, high revenue firms are more likely to monitor security metrics across the supply chain and regularly conduct security audits to determine weaknesses in physical security. Further, higher revenue firms are more likely to perform background checks on all firm employees and regularly assess the qualifications and credentials of security personnel. Higher revenue firms also indicate that their security investment has led to an increased ability to recover from security incidents across the supply chain.
Third, firms operating globally are also more likely to conduct supply chain security activities than those operating domestically. In particular, global firms are more likely to have processes in place to detect, respond to and re-cover from contamination/security incidents in the supply chain. Correspondingly, firms with a global supply base engage in more security activities than those with local/regional supply bases. However, in terms of perceived performance, firms selling their goods in local/regional market areas reported greater perceived performance improvements resulting from their security and defense initiatives. In particular, these firms are more likely to perceive that their security investment results in reduced security incidents across the supply chain and significantly reduced loss/shrink.
Fourth, firms primarily engaged in manufacturing activities (as opposed to retailing or distribution) are more likely to participate in initiatives such as product tracking and recall and the Hazard Analysis and Critical Control Point (HACCP) method. In addition, manufacturer's information systems are more likely to provide detailed shipment information within 24 hours for each food item transported within the past year. These initiatives led to stronger perceived performance through increased ability to detect security incidents inside the firm, and there is some indication that firms accomplish these capabilities without increased operating costs. However, firms focused in non-manufacturing areas (i.e., retailing or distribution) perceive that their senior management views supply chain security as a competitive advantage. Non-manufacturing firms also indicate that their security and defense has improved based on the following measures:
What Are High Performers Doing Differently?
Three measures were considered in separating the "high performers" from the rest of the respondents. First, the ability to detect security incidents illustrated that the firms had detection and communication mechanisms in place to identify security breaches. Firms perceiving a greater ability in this area typically reported more activity in educating supply chain partners regarding security procedures and auditing the security procedures of contract manufacturers. High performers also reported a greater level of activity in utilizing metrics in a brand protection program and monitoring security metrics across the supply chain. Additionally, these firms reported substantially greater levels of senior management activity in the creation of a senior security management position or team including cross functional responsibility and accountability. This senior management team views supply chain defense costs as a cost of doing business today.
Second, high-performing firms were identified by their perceived ability to reduce security incidents. To accomplish this, firms reported a greater level of activity in auditing security procedures of infrequently-used suppliers and customers. Another differentiator was the use of key supply chain partners to develop security metrics and to monitor security incidents across the supply chain. A final differentiator was that high performers reported that their senior management believes that security is a competitive advantage and has established initiatives assessing the security capabilities of domestic and international partners.
Third, the ability to recover from security incidents separated high performers from the rest of the respondents. These firms reported substantially greater levels of audit use to determine if relationships should be maintained with customers and suppliers. Also, they defined the consequences for supply chain partners who fail to comply with security procedures. Another activity that distinguished these firms was a substantially greater utilization of security metrics in a brand protection program and monitoring these metrics across the supply chain.
Conclusion
Food manufacturing and distribution firms are increasingly interested in protecting their supply chains to protect their customers and brand names. But this is a challenging task, given the magnitude of the supply chain. High performing firms, however, demonstrate that by looking beyond the four walls of the firm and involving their supply chain partners they can better detect and recover from security incidents. Specific actions include supply chain partner audits and joint development and monitoring of security metrics. Also important is top management awareness and involvement in supply chain security. Top performers indicate that they have high level positions or teams in place to monitor supply chain defense performance and initiate appropriate initiatives. Finally, it is important to note that initially firms embarking on supply chain security initiatives will experience an increased firm and supply chain operating cost. Again, the trade-off between security and cost must be evaluated with respect to brand protection and customer willingness to pay.
This research was supported by the U.S. Department of Homeland Security (Grant number N-00014-04-1-0659), through a grant awarded to the National Center for Food Protection and Defense at the University of Minnesota. Any opinions, findings, conclusions or recommendations expressed in this publication are those of the author(s) and do not represent the policy or position of the Department of Homeland Security.