Best online Nursing Writing Service agency

Industry Research

Industry Research
Publication Date: 17 September 2010 ID Number: G00206060
© 2010 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its
affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. The
information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all
warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors,
omissions or inadequacies in such information. This publication consists of the opinions of Gartner’s research organization
and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice.
Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or
services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may
include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board of Directors
may include senior managers of these firms or funds. Gartner research is produced independently by its research
organization without input or influence from these firms, funds or their managers. For further information on the
independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity” on its website,
http://www.gartner.com/technology/about/ombudsman/omb_guide2.jsp
Case Study: Cisco Addresses Supply Chain Risk
Management
Dan Miklovic, Roberta J. Witty
This Case Study documents a presentation made at Gartner’s Security and Risk
Management Summit conference in 2010 on how Cisco manages the risks associated
with supply chain disruptions. Gartner assesses Cisco’s supply chain resiliency program
as one of the better-executed programs we have seen, and recommends other clients
study it to understand how they might “derisk” their own supply chains.
Key Findings
A product-centric approach provides more business value than an incident-centric
approach to risk assessment for most businesses.
Transparency is critical to both internal and external support for supply chain resiliency.
Objective metrics contribute to transparency.
As with any significant business endeavor, senior management support is critical to
success. When senior managers care, everyone cares.
Recommendations
Tailor your resiliency challenge to your organization.
Make business continuity planning (BCP) an essential foundation.
Pick your approach, and stay the course.
Incorporate resiliency in the supply chain design rather than focusing on post-disaster
recovery.
Publication Date: 17 September 2010/ID Number: G00206060 Page 2 of 12
© 2010 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
WHAT YOU NEED TO KNOW
Supply chain risk management (SCRM) is a critical discipline within business continuity
management (BCM) that many companies, particularly manufacturing firms, fail to perform well.
This Case Study (which Cisco presented at Gartner’s Security and Risk Management Summit
conference in June 2010; see Note 1) highlights the tools, policies and practices that Cisco has
implemented to support its SCRM process. Gartner believes it is these investments that make
Cisco’s SCRM system among the most evolved in the field.
CASE STUDY
Introduction
Cisco, the global information and communication technology provider, has put in place a supply
chain resiliency program that any company facing possible risk from supply chain disruption
should study. Cisco’s program for SCRM combines tools, policies, practices and management
support into a comprehensive system that enables the company to truly understand and manage
the risks associated with the supply of most of its products. Beginning with new product design
and introduction, and continuing through to current product manufacturing and fulfillment, Cisco
can predict potential risk points and work with members of its supply chain to manage and
minimize those risks. Further, Cisco can recover from external disruptions quickly to minimize the
impact on its customers. Other companies should study what Cisco has done and, as
appropriate, implement SCRM programs that allow them to manage supply chain disruptions as
effectively as Cisco does. Note that a supply chain resiliency program does not negate the need
for proper demand planning, which can lead to product shortages in the market.
The Challenge
Cisco’s business model is complicated, relying extensively on outsourced manufacturing for more
than 95% of the >12,000 products it delivers, most of which are configure-to-order. Cisco sells to
a broad range of customers from the private and public sector, and as Cisco expands its
presence in the consumer sector (with products such as the Linksys line), it is seeing a growing
presence of make-to-stock products. The company’s growth strategy includes being highly
acquisitive. It has made more than 140 acquisitions since its founding and is presently making
three to four acquisitions per quarter. In general, Cisco migrates the supply chain — including
manufacturing — to the outsourced/contract manufacturing model, but it has retained some
manufacturing of acquired businesses, at least in the interim. Cisco implements lean practices
throughout the business, including its supply chain operations, and is focused on customer value
delivered with minimal waste in its systems and processes.
While operating and growing its business in this environment, Cisco has had to balance a number
of conflicting objectives:
Available versus lean: Lean behavior dictates low inventories based on pull (requiring
assembly time), yet customers want product with no lead times (especially an issue if
demand surges).
Standardization versus differentiation: Lean promotes standardization to minimize
variation and improve quality, but too much standardization can eliminate product
differentiation.
Redundant versus affordable: Redundancy can guarantee availability, but the cost
may not be acceptable to customers.
Publication Date: 17 September 2010/ID Number: G00206060 Page 3 of 12
© 2010 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Reliable versus responsive: Fast and quick to market, but with quality products.
Secure versus fast: Need to do things quickly, but securely.
Process-driven versus innovative: Lean is about process standardization, but Cisco
wants to be seen as innovative in the marketplace.
Cisco characterizes these conflicting objectives as “the resiliency challenge” — balancing speed
and flexibility, and how to be innovative while being resilient. What instigated this challenge and
drove home the need to invest in a formal supply chain resiliency program was Hurricane Katrina.
In the aftermath of the hurricane, Cisco released more than $1 billion into the distribution channel
to aid telecom infrastructure recovery, but in doing so, the company realized it could not see
where the product was or the impact the released product was having on the company from a
financial perspective. This “ah-ha” event motivated Cisco to put in place a supply chain resiliency
program.
Approach
Cisco’s value chain risk management program was initiated four years ago, and is built around
four major functional disciplines:
BCP
Crisis management
Product resiliency
Supply chain resiliency
The program today has a staff of eight. Cisco feels as if it is into the second generation. Cisco
has evolved from a supply chain focus to a total value chain focus, and has developed a robust
set of tools and practices that are being strongly embraced by the business units.
Business Continuity Planning (BCP)
Within Cisco’s supply chain resiliency program, BCP is a semiannual process to assess critical
value chain partners (see Note 2). Cisco has a five-step process that consists of:
Identifying key nodes with high impact potential: Nodes are characterized as a
location where a single-source supplier is located or as a major logistics hub or supplier
that touches a large part of the product portfolio. Key nodes are defined as those with a
high revenue impact potential.
Evaluating preparedness based on an objective format: Cisco has developed a
Web-based tool that is objective and is being further standardized via Cisco’s
involvement with the Supply Chain Resiliency Leadership Council (www.scrlc.com).
Cisco conducts initial and periodic evaluations/audits of all critical supply chain partners.
Mapping critical components to supplier sites.
Identifying time to recover (TTR) at the part and site levels: TTR can be measured
against multiple factors, such as at the manufacturing, test or component level. It can be
remediated by second sourcing, recovery locations (hot or warm) and so on. TTR is a
critical element in defining resiliency in Cisco’s program (see Note 3).
Validation through audits and drills: Supplier TTRs are reconciled — claims are
validated and compared to known and tested values. If a supplier fails an audit, it may
Publication Date: 17 September 2010/ID Number: G00206060 Page 4 of 12
© 2010 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
be put on a performance improvement program or see some of its volume shifted to
other suppliers.
Crisis Management
Using feeds from an external provider, NC4 (www.nc4.us), Cisco has developed a crisis
management dashboard. One hundred products in 25 different product families account for just
over half of Cisco’s revenue. Using the BCPs for these products — tied to the External Situational
Awareness feed from NC4 — and a Google Earth mashup, Cisco’s crisis management
dashboard can display the potential disruptive threat on a global basis (see Figure 1).
Publication Date: 17 September 2010/ID Number: G00206060 Page 5 of 12
© 2010 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Figure 1. Crisis Management Dashboard
Source: Cisco
Cisco has a multilevel response model. The lowest level is just an online display, while the
highest level engages senior management in the response. Cisco started with an eight-hour
response window when the program was initiated, but by using some follow-the-sun techniques,
response time to any incident has been cut to a maximum of two hours. The cost to develop the
dashboard was in the low five figures, so the investment has been paid back many times over.
Publication Date: 17 September 2010/ID Number: G00206060 Page 6 of 12
© 2010 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Supply Chain Resiliency/Product Resiliency
The resiliency programs consist of proactive efforts in the design and execution of the supply
chain that reduces post-disaster time to recover and, thus, improves the supply chain resiliency.
When the BCP process and the dashboard are applied at the product or supplier level, they
become the instantiation of resiliency measurement. For the resiliency process to be effective and
for it to provide the transparency desired, hard metrics are required. Since they were unable to
identify any readily available sources of “resiliency metrics” externally, metric developing was part
of the learning process.
To ensure the metrics were objective and comparable, Cisco created an index that is used either
to judge a supplier or assess a particular product/design. The index has multiple elements. For
designs/products, the component element and the manufacturing and test elements are critical,
while for suppliers, the supplier-centric metrics replace the component-based metrics as shown in
Figure 2.
Figure 2. Resiliency Index Definition
Source: Cisco
A key factor in ensuring supplier resiliency is Cisco’s inclusion in contracts that the TTR trumps
“force majeure” when it comes to disruptions. After all, the point of the process is to mitigate the
risks associated with the disruptions that force majeure clauses usually are put in place to
address from a supplier liability perspective. If the disruptions are covered by force majeure
clauses, then Cisco would not be able to enforce its resiliency program — hence the reason TTR
supersedes force majeure.
Publication Date: 17 September 2010/ID Number: G00206060 Page 7 of 12
© 2010 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
When applied against specific products, the resiliency scores are reported semiannually to senior
management by the general managers. This ensures that designers know management is aware
of product resiliency, and operations executives are managing supplier resiliency to minimize risk
to the business.
Results
Cisco considers the specific economic benefits to be proprietary information, but it has cited
multiple examples of how its SCRM program has benefited the company:
Chengdu earthquake (May 2008) — This 7.8-magnitude earthquake in central China
occurred on a Sunday (U.S. time). Cisco was able to use its crisis management
capabilities to shift suppliers and reschedule orders by the end of Monday, minimizing
the impact on key customers.
Financial crisis (late 2008 to mid-2010) — After analytics revealed that five key
suppliers faced a high risk of disruption, Cisco instituted “last-time buys” or exercised
other options, such as second sourcing. Cisco was not affected when all five suppliers
ended up filing for bankruptcy.
Product derisking (ongoing) — With the current tools, Cisco can derisk a product
before the product is introduced into the market. This can save as much as $1 million
(the cost to derisk a well-established existing product). As noted above, proper supply
chain demand planning is still required to avoid product shortages in the market. Failure
to forecast demand can still result in product shortages due to parts availability issues.
Critical Success Factors
As with any significant undertaking, high-level management support at the board level is critical to
project success. A supply chain risk management program requires significant cultural change
internally, as well as within the value chain. Without that senior management support, Cisco
would not have executed as well as it has. That senior-level interest has led to business-unit-tobusiness-unit comparisons of risk vulnerability, which has led to internal competition, which, in
turn, is driving down risk quotients across all business units.
Transparency into the SCRM processes has been critical both internally and with trading
partners. Internally, by giving engineers clear and objective information about new designs and by
providing suggested remediation steps to derisk a design, Cisco has found that, in almost all
cases, the engineering staff readily adopts the get-well plans (see Note 4). Also internally, clear
and objective metrics have facilitated the business-unit comparisons noted above. Externally,
when working with suppliers, having clear and objective measurements opens a dialogue with
suppliers about the costs to derisk. With an open, two-way dialogue, Cisco can decide to invest
with its suppliers or to accept higher piece-part pricing for a less-risky position.
Lessons Learned
Cisco initially took an incident-based risk prioritization analytical approach, which proved to be
interesting, but of minimal actual use. This initial analytical approach categorized the potential
financial risk of disruptive incidents based on the product of the risk of the incident and the
financial impact. The highest risk incident from the original analysis was an earthquake in San
Jose, the location of Cisco’s corporate headquarters. With a 62% probability of a disruptive
earthquake — and all the revenue at stake — it was clear such an event would be catastrophic.
Likewise, earthquakes in Japan and Taiwan had potentially billions of dollars of disruptive impact,
as did weather-related incidents in other parts of Asia (see Figure 3).
Publication Date: 17 September 2010/ID Number: G00206060 Page 8 of 12
© 2010 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Figure 3. Initial Approach Was Incident-Focused
Source: Cisco
In reality, however, none of the risks has actually occurred. Meanwhile, other risks, although
judged to be less likely or with lower financial impact, occur regularly. Cisco learned that, while
the incident-based approach was useful into “scaring the business” into funding the program, the
reality was that they were always “guessing wrong,” so they shifted to a product-based approach.
Analysis showed that relatively few products accounted for more than half the potential risk to
Cisco (see Figure 4). As is the case in many companies, relatively few products account for a
relatively large percentage of the company revenue.
Publication Date: 17 September 2010/ID Number: G00206060 Page 9 of 12
© 2010 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Figure 4. Product Focus
Source: Cisco
By derisking those 100 key products, Cisco no longer had to worry about which incident might
cause a problem, yet was still able to have a significant financial impact on the company. The key
to accurately derisking a product is to have an objective risk index that leads to believable and
trusted measurement. Each key product is provided a scorecard (Figure 5).
Publication Date: 17 September 2010/ID Number: G00206060 Page 10 of 12
© 2010 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Figure 5. Product Resiliency Integrated Scorecard Tool
Source: Cisco
Given that it can cost as much as $1 million to derisk an established legacy product, the ability to
derisk during the product design phase is critical. By providing the engineers with a get-well
program instead of a mandate, acceptance was high and — except where there is a substantial
business objective that dictates the need to accept the risk — products are now entering
production with relatively low risk indexes. Gartner has found that typical product derisking steps
might include:
Selecting alternative components that might have multiple sources of supply
Selecting existing components with similar and acceptable performance characteristics,
instead of an all-new design
Substituting a commodity-grade component with additional testing, instead of a premium
component and vice versa — whichever has lower risk
Qualifying additional manufacturing sites
Specifying alternate test procedures
Publication Date: 17 September 2010/ID Number: G00206060 Page 11 of 12
© 2010 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
In the absence of standards and objective metrics around risk assessment and supplier business
continuity planning, Cisco took a leadership position in the Supply Chain Resiliency Leadership
Council (www.scrlc.com). This multicompany initiative is working to develop standards for the
objective measurement of resiliency that all participants can support and use. This will lower the
costs of assessments, improve their accuracy and shorten the time it takes to do them.
RECOMMENDED READING
“A New Approach: Obtain Business Ownership and Investment Commitment for Business
Continuity and Resilience Management Through Key Performance and Risk Indicator Mapping”
“Out of the Ashes: Business Continuity Management Lessons From Iceland’s Volcanic Eruption”
Note 1
Cisco Presentation at the Security and Risk Management Summit
This Case Study is derived from discussions with Cisco and the presentation “Building Resiliency
Across the Customer Value Chain” delivered by John O’Connor, Director of Value Chain
Solutions and Resiliency at Cisco (session code SEC16_F7, 20 through 23 June 2010, Gaylord
Hotel, National Harbor, Maryland).
Note 2
BCP
Gartner uses the term “BCP” in a different context than Cisco in the context of this Case Study.
Cisco is referring to BCP as an element of its supply chain resiliency program, while Gartner
refers to BCP as an overall business activity encompassing IT disaster recovery, supply chain
resiliency, natural disaster (including pandemic recovery), as well as physical infrastructure
recovery.
Note 3
Time to Recover (TTR)
Cisco defines TTR as the time it takes to go from total disruption to a return to 100% capacity.
Note 4
Get-Well Plan
A “get-well plan” is essentially a list of actions the engineers might take to lower the risk index of
a product. It might include component substitution, alternate suppliers, different assembly
locations, second sourcing and so on.
This research is part of a set of related research pieces. See “‘New Normal’ Business Demands
New Focus on Innovation, Cost, Risk Management and Governance” for an overview.
Publication Date: 17 September 2010/ID Number: G00206060 Page 12 of 12
© 2010 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
REGIONAL HEADQUARTERS
Corporate Headquarters
56 Top Gallant Road
Stamford, CT 06902-7700
U.S.A.
+1 203 964 0096
European Headquarters
Tamesis
The Glanty
Egham
Surrey, TW20 9AW
UNITED KINGDOM
+44 1784 431611
Asia/Pacific Headquarters
Gartner Australasia Pty. Ltd.
Level 9, 141 Walker Street
North Sydney
New South Wales 2060
AUSTRALIA
+61 2 9459 4600
Japan Headquarters
Gartner Japan Ltd.
Aobadai Hills, 6F
7-7, Aobadai, 4-chome
Meguro-ku, Tokyo 153-0042
JAPAN
+81 3 3481 3670
Latin America Headquarters
Gartner do Brazil
Av. das Nações Unidas, 12551
9° andar—World Trade Center
04578-903—São Paulo SP
BRAZIL
+55 11 3443 1509

[Button id=”1″]

WE WRITE ESSAYS FOR STUDENTS

Tell us about your assignment and we will find the best writer for your project

Write My Essay For Me

If you are seeking for fast and reliable essay help, you got on the right page. You can order essays, discussion, article critique, coursework, projects, case study, term papers, research papers, reaction paper, movie review, research proposal, capstone project, speech/presentation, book report/review, annotated bibliography, and more. From now on, you can stop worry and forget about writing assignments: your college papers are safe with our expert writers

STUCK with your assignments? Hire Someone to Write Your papers. 100% plagiarism-free work Guarantee!

PLACE YOUR ORDER