It’s Time to Shift to Just-in-Case Strategies

November 18th, 2021 Hannah Tichansky Reading Time: 5 minutes
Blog - Businesspeople in dark office - FI

The pandemic and recent market trends have called for massive organizational shifts in strategy. From increased executive involvement in company-wide initiatives, a need for a holistic approach to risk management, and a shift in procurement’s role in an organization, organizations as a whole need to be more agile and collaborative across functions. One key shift that organizations should be implementing concerns inventory and supplier relationship management- namely, a shift from Just-in-Time to Just-in-Case strategies.

Just-in-Time (JIT): This is a system where supplies and parts were ordered from vendors on an as-needed basis. This system depends on accurate forecasting and can be complicated by unexpected supply chain or market disruptions.

Just-in-Case (JIC): Under this system, parts, supplies, and components are consistently maintained in inventory, reducing backorder and supplier reliability issues in case of future issues.

Under JIC strategy, procurement wizards can build organizational resilience through having contingency plans, and a better understanding of how the supplier landscape affects overall operations.

Disruptions to Your Supply Chain Lurk Around Every Corner

Over the last several years, it can seem like global supply chains are a minefield of hidden (and not so hidden) risks. As physical and digital supply chains continue to gain in complexity, so too do the risks that can halt operations. Just a few examples of these supply chain disruptions include:

  • Pandemic
  • Weather
  • Product recall
  • Supply shortages
  • Transportation delays
  • Geopolitical disruptions (such as border closures)
  • Cybersecurity incidents and data breaches

One recent example of massive supply chain disruption leading to parts shortages was seen during the pandemic, when Wuhan China, headquarters for many mechanical and electronic components suppliers, went into lockdown which created significant delays, shortages, and the decreased market capacity. As other countries started to shut down in early 2020, these disruptions spread and OEMs could not manufacture the needed products. As automotive and smartphone industries are two of the biggest industries using electronic parts and components (each smartphone model contains about 1,000 capacitors and smartphone manufacturers use about half of global MLCCs produced each year), this massively affected ability to manufacture and deliver these products.

Another example of a physical supply chain disruption that had global impacts was the Suez Canal blockage of this past spring, causing close to 400 stalled vessels over six days. This incident led to overcrowded ports and distribution centers, leading to delayed shipments, delivery of raw materials, and further delayed manufacturing and downstream production:

“The world relies on the shipping sector to keep all of us supplied, and the incident in the Suez Canal has shone a spotlight on the delicate nature of these global supply chains… The literal ‘pinch point’ of Suez is a prime example of how an unexpected incident can disrupt the finely balanced system that we all rely on.”

Compliance Week

Don’t Forget About Digital Supply Chains

It’s 2021- keep in mind that supply chains are no longer just physical; digital supply chains are also at risk of disruption. In one of the biggest recent cybersecurity breaches, SolarWinds experienced a cyberattack by foreign hackers throughout 2020. With organizations like the Department of Homeland Security, the US Treasury Department, and multiple Fortune 500 companies as clients, this breach compromised the data privacy of over 18,000 businesses.

Shortly after, in May 2021, Colonial Pipelines informed the public that it had experienced a major ransomware attack and had halted all systems. As a major supplier of 45% of the East Coast’s gasoline, this halt in operations led to panic, gas price increases, and an acknowledgment of the vulnerability of aging infrastructure.

These attacks give evidence that even if an organization doesn’t have a physical supply chain, these vulnerabilities can lead to massive downstream impacts. Planning for “when” rather than “if”, as seen in just-in-case strategies can help to prepare for these incidents and mitigate their effects when they do occur.

Building the Case for Just-In-Case Strategies

Forrester research has analyzed current market trends and has found that1 “55% of security pros reported their organization experienced an incident or breach involving supply chain or third party providers  in the past 12 months.”

As cybercriminals continue to target smaller organizations, third-party incidents will continue to rise and affect companies that fail to invest in risk management around their processes, technology, and people. One key area to build resilience against these types of attacks is to transition to just-in-case (JIC) contingency plans.

In addition to supply chain disruptions that may be out of your control (such as the pandemic, or an extreme weather event), implementing just-in-case strategies also helps build resilience against concentration risk. This is direct or indirect exposure, or group of exposures, that has the potential to lead to large losses that can threaten an organization’s ability to perform its core business. This type of risk can be the result of dependence on a geographic area, single vendors, or fourth parties

Due to their nature, just-in-case strategies can effectively double the size of the

As Forrester states2, “firms making supply chains more resilient and transitioning from just-in-time (JIT) efficiency to the just-in-case (JIC) contingency are effectively doubling the size of the third-party ecosystem,” helping to avoid concentration risks in areas such as:

  • Dependence on a single vendor: Utilizing a single vendor to support all operations can place an organization at risk if issues arise with that vendor.
  • Geographic concentration: Concentrating vendors in a single region can leave companies vulnerable should the region suffer the effects of civil unrest, geopolitical conflicts, or extreme weather events. Vulnerability is increased if the vendors are critical, or if they are all located in a high-risk region.
  • Fourth-party concentration: This risk results when a company utilizes a vendor (or multiple vendors) who all outsource production and/or services to the same fourth parties. Similar to dependence on a single vendor, a concentration of fourth parties can leave companies vulnerable as it would affect both them and their third parties.

Just-in-Case Strategies to Help You Build Resilience

While there are pros and cons to both strategies, current market trends and emerging risks tell us that adopting a just-in-case strategy across the organization helps boost resilience. Tips for implementing these practices include:

Maintain a large inventory of items you depend on:

As its name suggests, just-in-case practices promote having an excess inventory of items that are essential to business operations. Doing this helps protect against potential shortages or delays that occur down the road.

Examine supplier relationships:

Using your TPRM tools, closely evaluate each of your suppliers and their resilience against supply chain disruption. This may involve examining their own inventories, if they operate in a concentrated region, their business continuity plans, and other risk data. There may be instances where procurement wizards can switch suppliers if they operate in more resilient ways, thus avoiding future disruptions for your own operations.

Avoid over-concentration on single vendors/regions:

While it is the reality that many operations are overseas, what can be avoided is high concentration risk. Make sure your suppliers are balanced across a variety of regions so that if a disruption were to occur, you have other channels to pursue. Likewise, over-concentration in a single vendor (even if it has multiple regions it operates in) can also be risky; invest in a variety of vendors and contingency plans so that if a single vendor’s operations are disrupted you have other options.

Embrace digital tools and processes:

It’s time to move away from manual processes and tools when it comes to supply chain management. Just-in-case strategies demand an increased requirement for tools such as supply chain mapping, risk intelligence gained in real-time, business continuity management, and risk assessments. Automated procurement tools provide historical and current data, as well as a platform to view data that can be used to make quick decisions.

It’s Time for Resilience Wizards to Step Up

Becoming a resilience wizard doesn’t happen overnight; thoughtful analysis of current processes, practices, and tools is necessary in order to move forward. By prioritizing high-risk areas first, and gaining a better understanding of supplier landscapes, you can begin to not only shift to JIC practices but also to manage third-party risks in a more holistic, agile way.

To learn more about how procurement wizards and other organizational game-changers can build resilience, reach out to one of Aravo’s experts today.

Hannah Tichansky

Hannah Tichansky is the Senior Content Marketing Manager at Aravo Solutions, the market’s smartest third-party risk and resilience solutions, powered by intelligent automation. At Aravo, she manages all content and thought leadership produced for products and campaigns, and contributes as an author for articles and blog posts.

Hannah holds over 12 years of writing and marketing experience, with 6 years of specialization in the risk management, supply chain, and ESG industries. Hannah holds an MA from Monmouth University and a Certificate in Product Marketing from Cornell University.

Hannah Tichansky is the Senior Content Marketing Manager at Aravo Solutions, the market’s smartest third-party risk and resilience solutions, powered by intelligent automation. At Aravo, she manages all content and thought leadership produced for products and campaigns, and contributes as an author for articles and blog posts.

1,2 Forrester, Predictions 2022: Cybersecurity, Risk and Privacy, Oct. 2021

Share with Your Friends:

Subscribe to Blog Updates

Tags
Our Expertise
Expertise
Who We Help
Customers

Ready to get started?

Get in touch for a better approach to third-party risk management