“When will we learn?” asks an article in the shipping bible Lloyd’s List, reviewing the findings of a recent report on the Hoegh Osaka. We now know the container ship, which ran aground in the Solent in January 2015, was unsafe when it left port.

For Lloyd’s List and others the issue is one of safety: a proper concern for safety, rather than box-ticking, could have prevented the incident. There are, though, important lessons for supply chains, too, that are worth noting.

On the one hand, it’s important not to overstate the risks to supply chains from shipping catastrophes. Maritime cargo losses are on a long-term downward trend, according to insurer Allianz. Regulation and improved practice have seen losses almost halve in the last ten years.

On the other, shipping lanes are still dangerous places and best practice is undeniably patchy. To quote from Lloyd’s List: “These were vessels operated in developed countries by companies with resources at their disposal. What horrors are happening on the ships not run by immediately recognisable industry names?”

It’s certainly a question worth considering.

So, too, are a couple of other issues. One is that the risks facing the maritime industry are by no means static. Whether it’s the growing number of giant “mega ships” or, less obviously, cyber risks as ships become another component in the Internet of things, the risks continue to evolve.

Another issue, though, is that we’re stuck with some of our geography, which doesn't look like changing anytime soon.

Consider these lines from the BBC report on the Hoegh Osaka: “It was pure chance that the ship ran aground in shallow water. If the ship had started to turn a few moments earlier or later, the Hoegh Osaka would have ended up in the only deep water channel. It would have stopped the container port, stopped the cruise ships, stopped the ferries. And it would have meant Britain's largest oil refinery running out of supplies.”

That, too, is worth thinking about, especially since the Hoegh Osaka is far from the only ship in recent history to have threatened the Bramble Bank, the channel so pivotal to the UK’s refining capacity and free flow of shipping.

Some risks we are probably stuck with, although business can try to make it easier to establish liability when things go wrong. The story of the Hoegh Osaka has this reminder for supply chains, though: it’s not just who’s supplying you that matters; you need to know how they’re doing so, too.

Think you’ve got supply chain problems? Spare a thought for John Titmuss. He took up his role as group supply chain director at United Biscuits (where he was previously HR director) at the start of October. Two months later came Storm Desmond. Then storm Eva.

The flooding of the company’s factory has caused massive disruption to its business. Production of some lines was able to start up again in January, but many of its most famous brands are yet to make it back onto supermarket shelves. Stocks are only expected to reach supermarkets from mid March.

It has been a vivid illustration of the impact natural hazards can have on supply chains even in developed, established markets.

Food for thought
The nation’s biscuit crisis has prompted a fair bit of levity, but the consequences are serious. Industry insiders estimate United Biscuits could be looking at a £50 million insurance claim. But at least insurance will cover the losses, according to the company, and at least its brands are probably strong enough for it to pick up where it left off with suppliers.

For many others, such a business interruption – a three-month break in production – would be terminal.

The food industry, of course, faces significant challenges in terms of managing its supply chain. Supermarkets developed the original just-in-time supply chains, after all – with their approach famously adopted elsewhere.

Added to this they face the usual issues: not just flooding but theft, ethical issues, and increasing complexity from expanding into new geographies. United Biscuits is a good example, with exports rocketing and key target markets including Africa, the Middle East, India and China. Supply chain risks management is as important, or even more so, here as in any other industry.

In this context, the apparent vulnerability of the company’s production – so crippled by flooding at its factory (and not for the first time) is striking. A national shortage of ginger nuts will strike many as a storm in a teacup. It suggests, however, a sector that still has some way to go to build supply chain resilience.

Changing customer demands, high levels of risk in global markets and globally dispersed partners are among the key risks facing manufacturers, according to a survey by pollsters YouGov for GTNexus.

The results, published earlier this month, show four in ten manufacturers have experienced a supply chain disruption impacting their business in the last 12 months – whether external, such as from weather or strikes, or internal, from technology problems or shortages of talent, for example. As the report notes, the findings potentially underplay the issue, with other studies showing up to three quarters of businesses experiencing a disruption each year.

“Virtually no business involved in producing or selling products is immune to supply chain disruption. Events such as natural disasters that impact supply chains are unavoidable, and a host of other disruptions – everything from supplier shortfalls to product transport challenges to labour strikes, terrorism and social unrest – occur with surprising frequency,” it reads.

Despite this, three quarters of manufacturers operate without a Chief Supply Chain Officer, the survey found. Instead, the findings suggest manufacturers will be increasingly reliant on technology to ensure effective supply chains. Among the top level findings, the survey reports that advanced analytics and the Internet of Things are expected to prove key technologies in boosting supply chain performance.

People or processors?
It’s difficult to fault this: the complexity of modern supply chains increasingly means a technological solution is essential for a coherent view.

As the report notes: “Having visibility across the supply chain and its involved business partners is the single most important way to proactively sense and respond to disruptions, and thus mitigate their impact. You can only control what you can see.”

The report authors are also far from alone in recognising the importance and potential of the Internet of things in enhancing visibility across the supply chain. Moreover, the challenge of achieving visibility and the potential benefits technology could bring are not unique to manufacturing. Similar lessons are just as applicable to sectors such as healthcare and pharmaceuticals.

Yet it’s also obvious that technology alone cannot answer the challenges facing businesses’ supply chains.

First, firms need the right people with the insight and expertise to seek and apply the technology available effectively. Second, businesses need commitment at the top to address issues of supply chain resilience to begin with.

Unfortunately, that commitment is not always as solid as it should be: Another recent survey of pharma and healthcare firms found that, despite unplanned events having a major impact on them, 40% of supply chain decision makers in these sectors still didn’t rank contingency planning as a critical area for investment.

Without a commitment to address that problem, technology will only ever be able to do so much.

Are traditional supply chain methods failing when it comes to companies’ environmental social and governance (ESG) policies? It depends on what you count as success, according to a recent report by the University of Sheffield, picked up by The Guardian.

It suggests  traditional ESG auditing approaches to supply chains are “working for corporations, but failing workers and the planet”. The report’s assessment of corporate schemes using independent auditors to monitor factories, develop codes of conduct for suppliers and publish transparency and ethical reports is damning.

“Audits are ineffective tools for detecting, reporting, or correcting environmental and labour problems in supply chains,” the authors write. “They reinforce existing business models and preserve the global production status quo.”

One issue the academics have with such “benchmarking regimes” is that they are voluntary. This allows corporates to focus their attention where they see the best returns in publicity and efficiency; they argue it has led firms to prioritise environmental concerns over labour market worries, for example. (And one can argue about how well they are doing even when it comes to the environment, according to another recent report.)

Another problem noted is that the “auditors” of these voluntary standards, reliant on the companies for business, have no real power. As it quotes interviewee: “[Y]ou cannot open a locked drawer ... you can look at a record that says something but you wouldn’t be able to go and find out whether it’s actually true”.

That’s reinforced by cases it notes of sites that have passed audits only to have major violations revealed or catastrophes soon after. It’s certainly worrying reading.

Catching it early
Despite this, it’s hard to agree with the report’s authors entirely. One note of caution is that the report’s scope is not huge – 25 interviews over a two-year period with ethical auditors, business executives, NGOs and supplier firms. That, though, doesn’t invalidate some of the points raised.

The key problem, rather, is that it’s difficult to accept the conclusion: that the regime is “working” for companies, despite the failures it outlines. If the auditing regime is not effective in picking up and preventing scandals such as the collapse of the Plaza garment factory in Bangladesh in April 2013 or revelations of slavery and human trafficking in the Thai shrimp industry in 2014 (to use its examples), then it is failing companies, too.

As those examples show, abuses that are allowed to persist ultimately result in scandal or tragedy. Neither benefits businesses, which have commercial as well as moral reasons to prevent them. If the auditing approach is failing, businesses have every reason to drill down to their supply chains and try to put that right.

Beware the black swan: That was the warning from GlaxoSmithKline quality assurance and compliance manager Stephen Mitchell at a recent conference in London.

“We’ve got to refocus on areas of potential vulnerability in the supply chain,” he’s reported as saying. “If there’s a massive power failure or your IT goes down, what do you do? You need a plan B and even a plan C, which we don’t see often enough.”

Mitchell’s surely right about the need to look at supply chain weaknesses in the pharmaceuticals industry. Whether a power failure qualifies as a “black swan” is another question, though.

In author Nassim Taleb’s original use the term had in mind “highly improbable” events that have an extreme impact. Power cuts are, as many businesses and homes have recently discovered, all too common – whether as the result of flooding, storms or technical problems.

For the most part, the pharma industry is able to mitigate the impact of such cuts, so that they don’t interrupt the operation.

Power cuts do have the potential to seriously challenge the supply chain, however. First, as Mitchell pointed out, human error can rapidly undo resilience – and, as this tale makes clear, quickly make highly improbable events materialise. There are also a number of more recognisable black swan events, such as EMP attacks or geomagnetic storms, as well as ever-present threats such as terrorism.

For many parts of the world, however, fragile and unreliable power networks are not the results of black swans but business as usual. The challenge for businesses not directly affected is, most obviously, to have robust strategies in place to ensure they know which parts of their supply chain are in vulnerable regions and the strategies those suppliers have in place to ensure resilience.

But there is another element to robust continuity planning, too: looking ahead to potential future problems much closer to home, where we take reliable power for granted. As ever, the best way to keep the lights on is to make sure you’re not in the dark about the potential risks.

Last week, we briefly mentioned Hedley Rees’s excellent new book Find It, File It, Flog It: Pharma’s Crippling Addiction and How to Cure it (well worth £14 of anyone’s money at Amazon).

The book quotes our own Catherine Geyman saying: “The (lack of) resilience of global pharmaceutical supply chain networks has been laid bare in recent years by the global drug shortage crisis.”

She is included as one of several “expert witnesses” in the book. Another is Professor Andrew Cox, Chairman of the Advisory Board & Vice President at the International Institute for Advanced Purchasing & Supply. He says this: “Unfortunately for the major Pharmaceutical companies that used to be the ‘channel captains’, who controlled the industry and all of its major supply chains through a judicious control internally of critical assets, there has been considerable evidence of very poor practice in outsourcing in recent years.”

This outsourcing has led to a significant decline in the visibility and control of the supply chains and is one of several problems identified in the book. Furthermore, while the focus is on big pharma, it makes clear that the problems with supply chains are not limited to the major companies.

In his introduction, Rees describes a visit to a small drug developer to try to persuade them to consider improving the supply chain: “As we progressed through the meeting, it became clear that he was explaining to me why what I offered was of no interest, because he was aiming to make an exit once proof of concept was achieved. The chance to exit would be almost entirely based on the clinical efficacy data. The supply chain thus created would be someone else’s problem.”

Whether it’s start-ups or the industry leaders, then, the supply chain is far too often seen as someone else’s problem. That leaves a lack of clarity around big questions such as where inventory is, its condition, its transportation, its storage and suppliers’ reliability.

Rees’s book is excellent at making clear many of the problems with the current model, and it is badly needed. Hopefully, though, some of its arguments are increasingly gaining traction. The point that the industry has focussed too much on new product development (the “find it, file it” part) at the expense of the supply chain, for instance, is one we’ve heard before.

There are some encouraging signs of action to address weaknesses, too. A recent survey of the wider healthcare industry in the US, for example, shows increasing numbers tackling risks in the supply chain such as security and compliance. However, in other respects there is still considerable work to do: only 60% of those surveyed, for example, think contingency planning is important – a majority, but not a very big one.

As the report notes: “Unplanned events have impacted healthcare supply chains in the last 3-5 years, but a large percentage of supply chain decision makers still do not consider the subject important.”

Changing such attitudes will take time, but it is vital. Rees’s book is a most welcome contribution to that effort.

Labour is riding up the supply chain agenda. On October 29 requirements under the Modern Slavery Act came into force obliging companies to make an annual statement on their policies for excluding slavery from their own organization and their supply chains. The government has also published guidance on how to adhere to the new regime.

The requirements only affect those with a turnover of more than £36 million (although that includes worldwide revenues), and those with financial years ending after 30 March 2016. That will give most organisations time to get to grips with the regulations. Many will need it.

In reality, if ensuring labour abuses in the supply chain were simple, legislation would scarcely be necessary. For the vast majority of companies, the reputational risks, if not the moral imperative, should be enough to focus attention on the issue. From the supermarket giants to technology leaders the potential for adverse publicity has been well demonstrated.

In fact, obligations to screen international as well as domestic sources under the Act were in part a result of pressure from big businesses for a level playing field for those already taking responsibilities seriously. As the Parliamentary joint committee examining the proposed law noted: “IKEA told us that ethical supply chains were ‘absolutely’ more profitable, Tesco said that a good reputation ‘more than pays for itself’ in the long run, and Marks & Spencer told us that trust was ‘a key part of [their] competitive advantage’.”

So, why is legislation necessary? Well, we have to admit that there obviously are some unscrupulous businesses, even if they are small minority. Two other reasons are probably more relevant, though.

First, many businesses don’t think it’s a problem for them. Inevitably, much of the attention around modern slavery has focused on retailers and consumer goods companies; they’re among the best known household names, with the biggest reputations at stake.

It’s a misconception that other sectors aren’t at risk, however, and it’s good to see this appreciated by the likes of the PSCI (the Pharmaceutical Supply Chain Initiative). It included a discussion of modern slavery in its agenda for its annual AGM this month.

The other reason legislation is necessary, of course, is that it is complex. The commitment required from companies in terms of time, money and technology to drill down and have confidence and visibility of each layer of the supply chain is significant. The regulation tells us that it is exactly what is expected, however.

As the Home secretary Theresa May writes in the foreword to the government guidance: “It is simply not acceptable for any organisation to say, in the 21st century, that they did not know. It is not acceptable for organisations to ignore the issue because it is difficult or complex.”

There will, in other words, be no more excuses.

In a digital world, cyber risks are an increasing concern for businesses – as our colleagues within the InterSys technical group are well aware. This deals with the findings of the government’s Information Security Breaches Survey 2015, which shows both the prevalence and impact of cyber breaches. There’s a lot more businesses can be doing, they note.

There are obvious implications for the supply chain, too. As research by Standard Chartered (picked up by the FT) highlighted, technology has transformed the global supply chain, bringing massive benefits. Radio-frequency identification (RFID) technology and the Internet of things, for example, have made it much easier to track and monitor orders and shipments through the supply chain. Similarly, technology facilitates much greater coordination between businesses.

“Supplier companies can be completely integrated in managing the supply chain. Instead of an ordering department sending orders to suppliers, everybody can be linked directly to inventory management systems,” the report states.

While the benefits of that are obvious, so too are the risks. Increased connectivity, if not properly handled, brings the potential for increased vulnerabilities. Moreover, the reliance on technology exacerbates the potential problems in cases where a breach does occur (one reason, possibly, why the government survey shows the average cost of security breaches soaring).

The other, and related, point is that a company cannot afford to look just at its own cyber security. As delegates heard at the Infosecurity Europe event where the Security Breaches survey was launched, businesses need to work not just on their own procedures and practices, but also with their suppliers.

Experts are urging businesses to work with suppliers to raise the level of their “cyber hygiene” – encouraging them to follow principals such as those laid out by the government’s the Cyber Essential Scheme. The view is based on a number of cases where attackers have targeted suppliers to circumvent big firms’ security.

“Try to be an intelligent customer,” Jon Townsend, head of cyber intelligence and response at the UK’s Department for Work and Pension (DWP), advised the audience. “And if you think suppliers are not meeting your information security requirements, instead of beating them up with the contract, work with them to put it right.”

That’s good advice. As a first step, though, businesses need to have visibility of the supply chain to identify where the potential vulnerabilities are, and identify who has what information. Fortunately, that’s an area where technology can help as well, with the growing market for supply chain management software.