4 min read

How to Build a Business Continuity Plan for Your Spend Category

If you expect your strategic suppliers to have a business continuity plan, doesn’t it make sense for procurement to have category continuity plans for the most critical spend?

A category continuity plan helps you proactively identify the risks and disruption mitigation steps associated with a category or a product or service. It is meant to be clear and actionable – not a 60 page manual.

There are six elements to the process of creating your plan:

 

Understanding your inherent risk

Start by identifying which products or services would cause a problem if you were faced with a supply shortage. It isn’t possible to manage all risks at all times, so focus on those things that are the most important and have a higher level of risk.

You can build a formal risk identification process or ask yourself questions such as:

  • How important are they to operations, from keeping the lights on to ensuring that your staff have everything they need to be successful (critical, nice to have, not that important).
  • How many alternate sources of supply exist?  (many / few)
  • Are there any readily available substitute products that would be acceptable and are easily to implement?
  • How long would it take to switch to an alternative supplier if it is even possible at all (immediate, days, weeks). Is that time period acceptable? And how much would it cost?

Answering these questions will help you decide whether or not you even need to complete your category continuity plan, or how deep you need to go in your due diligence.

Note: The rest of the steps in this process only apply to the categories, products or services you decide you need to focus on.

 

Mapping your supply chain

Supply chain mapping identifies the source of every material, process step or activity necessary to bring a product to your factory or your office, or that a service provider needs to take to be able to provide the services that you are buying from them.

It helps us understand the complexity of a supply chain for any given product or service and identify potential points of failure. Once you have mapped out the supply chain, you can start to stress test it by hypothesizing the impact of various different scenarios.

 

Plan out different risk scenarios

Consider the impact of each risk event across your portfolio (financial / business continuity / reputational) and rank the key points of failure that may require mitigation. The scenarios will differ by category, but here are some examples:

  • A country where a number of suppliers are based has a debt crisis that severely restricts their ability to access credit to fund working capital requirements.
  • The country where your products are shipped imposes an import tax that increases costs by 50%
  • A major port / airport that is a major part of your supply chain or is close to your major distribution center is subject to a sudden labor strike with no end in sight.
  • An earthquake and subsequent tsunami destroy the manufacturing site / service center for a company that is the primary global source for a product / service.
  • Or of particular relevance right now – what happens if there is another wave of coronavirus and various different locations have to go back into lockdown mode?

 

Identify points of failure

You can identify specific points of failure by using tools such as FMEA, or Failure Mode & Effects Analysis, a risk assessment tool that evaluates the severity, likelihood, and impact of risks to help you prioritize your focus.

Ask three questions for each part of your supply chain map:

  • What is the likely severity of the overall supply chain?
  • What is the probability of a risk event impacting that part of the supply chain?
  • How easy it is to detect a problem or risk event in advance of it occurring?

FMEA provides a scoring model that helps you quantitatively determine the points of failure that would have the biggest impact – and this can be your prioritization list for building your mitigation strategy or strategies.

 

Determine mitigation strategies

Here are some of the most common risk mitigation strategies:

  • Make vs. Buy (i.e. should you be bringing this in-house?. In the most extreme cases this may involve investing in or outright buying your supplier. This often happened throughout the manufacturing supply chain during the last financial crisis where critical suppliers had significant leverage due to the difficulty to switch providers.
  • Specification re-scoping / re-engineering.
  • Dual sourcing – recommend that you guarantee a certain minimum volume to your second source to keep them ‘interested”
  • Nearshoring
  • Inventory management
  • Contractual KPI’s and increased governance that provide an early warning system for potential problems.
  • Stronger focus on partnership. When there are shortages or issues, the stronger your relationship, the closer to the top of the list you are from both a communications and risk mitigation / business continuity perspective.  It’s hard to foster this overnight if it has been overlooked so far – but one idea is to proactively help your vulnerable suppliers get the insights they need (which could include pro-bono consulting) to help them access emergency funds through the various loan programs, help them with their own expense management, etc.

 

Build a response plan

The final element of your category continuity plan is to be prepared to respond to a risk event. There are three types of risk events that will require a response.

Change in conditions

This can be a worsening, or an improvement, in conditions across your supply chain, change the risk profile of a product or service, change the failure points, or change the impact or severity of the risk. A change in conditions is based on the emergence of new information, and is often difficult to spot without proactive risk monitoring.

Impending Event

This is also based on new information, but it is a lot easier to spot. It could be a forecasted storm, a threatened labor strike, an upcoming election, or a change in regulatory requirements.

By their nature, changes in conditions or an impending event mean that a risk event has not yet occurred. If you are able to spot them, you can respond to them. If you have performed due diligence on your most material products and services and developed risk mitigation plans, you will know exactly where to focus your efforts to ensure continuity of supply while your competitors are still trying to figure out where to start.

Unexpected or Unthinkable Event:

The third is an event that happens without warning. It’s the type of event where the phone rings at 4am in the morning. These types of events require an immediate response. They can be a natural disaster, an act of terror, the power grid may go down, or a fire at a major supplier site. There could be a data security issue, or political unrest.

Unexpected or unthinkable events require a reactive response, BUT, if you have a category continuity plan, you will know exactly what to do.

A good example of something you can do to be prepared, as well as having your mitigation plans ready, is to have already identified the people who would make up your risk response team, and their roles and responsibilities. That way you can mobilize a response as quickly as possible.

And while your competitors are still trying to figure out how to react, you’ll already be executing the strategic plans that you developed with your internal stakeholders and suppliers.

This is where you, as a procurement professional, have the opportunity to step up and take the lead. In a crisis, no one has all the answers. By being as prepared as possible, and ready to mobilize a category continuity plan, you will be well placed to turn your response into a competitive advantage.

This article originally featured in our weekly newsletter, AOP Insider. To subscribe, and be the first to receive future posts like this, click here.