​Part I of this article explained how over the last seven years, researchers at The Ohio State University have been exploring the concept of enterprise resilience, i.e. how companies can prosper in the face of turbulent change by being able to recognize, understand, and compensate for vulnerabilities. Part II of this article explains the SCRAM (supply chain resilience assessment and management) framework, which enables a business to identify and prioritize the supply chain vulnerabilities it faces, as well as the capabilities it should strengthen to offset those vulnerabilities. ​

The SCRAM approach represents a systematic view of supply chain dynamics, helping companies to understand the inherent vulnerabilities that could lead to disruptions and the capabilities that are within their control. By learning from experience and developing a better understanding of their vulnerabilities and capabilities, companies can reduce the frequency of disruptions and the severity of their impacts, resulting in increased customer satisfaction and reduced supply chain operating costs. While reducing inherent vulnerabilities may be difficult, there are many options for improving capabilities. The cost of the improvements must be balanced against the expected supply chain performance benefits.

Six Vulnerabilities You Need to Know About – Every business has its vulnerabilities, and most of the time those vulnerabilities are inherent to the business and difficult to avoid, but by recognizing them, you’ll be better equipped to deal with disruptions as they happen.

1 - Turbulence

  • Definition: Environment characterized by frequent changes in external factors beyond the company’s control
  • Examples: Unpredictability in demand, fluctuations in currencies and prices, geopolitical disruptions, natural disasters, technology failures, pandemics

2 - Deliberate threats

  • Definition: Intentional attacks aimed at disrupting operations or causing human or financial harm
  • Examples: Terrorism and sabotage, piracy and theft, labor disputes, special interest groups, industrial espionage, product liability

3 - External pressures

  • Definition: Influences, not specifically targeting the company, that create business constraints or barriers
  • Examples: Competitive innovation, government regulations, price pressures, corporate responsibility, social/cultural issues, environmental, health and safety concerns

4 - Resource limits

  • Definition: Constraints on output based upon availability of the factors of production
  • Examples: Raw material availability, utilities availability, human resources, natural resources

5 - Sensitivity

  • Definition: Importance of carefully controlled conditions for product and process integrity
  • Examples: Restricted Materials, supply purity, stringency of manufacturing, fragility of handling, complexity of operations, reliability of equipment, safety hazards, visibility of disruption to stakeholders, symbolic profile of brand, customer requirements for quality

6 -Connectivity

  • Definition: Degree of interdependence and reliance on outside entities
  • Examples: Scale and extent of supply network, import/export channels, reliance on specialty sources, reliance on information flow, degree of outsourcing

So, in the face of all these disruptions, what’s the answer? Resilience. Resilience is the capacity of an enterprise to survive, adapt and grow in the face of turbulent change. Resilience means improving the adaptability of global supply chains, collaborating with stakeholders and leveraging information technology to assure continuity, even in the face of catastrophic disruptions.

Resilience goes beyond mitigating risk; it enables a business to gain competitive advantage by learning how to deal with disruptions more effectively than its competitors and possibly even using those disruptions to its advantage. Resilient systems don’t fail in the face of disturbances; rather, they adapt.

Building resilience is not a substitute for other methods of ERM. Rather, it is an ongoing process that enables companies to embrace change in a turbulent and complex business environment by expanding their portfolio of capabilities. Establishing a culture of resilience will help companies to thrive in an age of turbulence. Part III of our article focus on the relationship between cyber risk and resiliency.