Avoiding a Meltdown: Mitigating Risk at CPG

A Risky World

As the seminar “Risk in Global Supply Chains” concluded, Tao Hualing (better known as Rocky among his English-speaking colleagues) sat exhausted. The two-day seminar had been hectic and a little overwhelming. Three weeks earlier, Rocky had been promoted to a new position at CPG, and he was now the director of risk management for the Asia Region. Now he was learning the new language of risk mitigation. The seminar had expanded Rocky’s growing vocabulary (his favorite new term: the “FUD” Factor). As he jotted down some final notes, he wondered how “fear, uncertainty, and doubt” would impact the design of CPG’s Asian network.

CPG, a worldwide leader in household consumables, was known for its ability to create and market irresistibly tasty snacks and beverages. Over the past decade, CPG had used this skill set to tantalize the taste buds of consumers in new markets around the world. As CPG expanded globally, senior management had begun to talk about risk, but it had never made a commitment to defining CPG’s risk tolerance and establishing an organization to evaluate and manage it. Now that the Global Risk Management Group had been formed, Rocky and his colleagues found themselves in the challenging position of developing a proactive framework for continuity planning and risk management.

The need for a robust framework had crystallized in Rocky’s mind over the previous 96 hours. A quality-induced supply glitch at CPG’s Nanjing facility had brought operations on a key production line to a temporary standstill. Initial efforts to resolve the issue with the local supplier proved futile. Desperate to get the lines back up and running, CPG managers were forced to airfreight product from an Australian supplier for delivery to customer DCs. The expedited shipments were expensive, but it cost less than letting the facility sit idle and incurring the wrath of disappointed customers.

The supply disruption and management’s delayed response emphasized CPG’s need to do a better job identifying and mitigating risk. It had also delayed Rocky’s transpacific flight from Shanghai, leaving him jet-lagged throughout the seminar. As Rocky stood up to join his colleagues for dinner, he asked himself two questions:

  1. What critical elements of an effective continuity-planning program are really applicable to CPG?

  2. How can we get everyone throughout the company to take responsibility for risk management?

CPG’s Vulnerable Global Supply Chain Network

At the turn of the millennium, CPG took a close look at its global competitive position. Total worldwide sales were $27 billion, with a little over 25 percent coming from sales outside its U.S. home market. Unfortunately, revenue growth was declining. Throughout most of the 1990s, CPG had achieved 13.3 percent year-to-year sales growth. But, by 2000, annual sales growth had fallen to 6.7 percent. Rising materials costs and fierce competition from global rivals were taking a serious toll.

A decision was made to attack costs by “leaning up” the global supply chain. CPG’s 2001 global footprint included 168 production facilities and 300 DCs. During the next four years, 40 percent of these facilities were shuttered. Although facilities had been eliminated in every region of the world, the greatest decreases (almost 80 percent of manufacturing and 60 percent of distribution) had occurred in the high-cost regions of Europe and North America.

Further, by aggregating buys with “suppliers of choice,” CPG had reduced its supply base by 63 percent. By 2006, international sales accounted for 45 percent of CPG’s $39.8 billion total, manufacturing and distribution facilities in Asia, Central Europe, and Latin America operated at an average of 92 percent capacity, and 31 percent of all purchases were single sourced in region. Delivery lead times and inventory costs had increased, but these “inconveniences” were minimal compared to the rationalization-driven cost savings. CPG was now a lean competitive machine.

Management’s sense of accomplishment evaporated with the commodity shocks of 2008. As oil prices climbed to $140 per barrel, the costs to ship a container from China to the U.S. West Coast shot upward to almost $8,000. The doubling of ocean freight costs was more than matched by increased labor costs in China, which had risen 144 percent in the preceding five years. Worse, contaminated peanut butter in the U.S. and tainted milk in China had made food safety a real concern. CPG’s top leadership began to fear that its global supply chain was too lean—a risk that had been overlooked in CPG’s quest to grow in the face of intense global competition.

A Long Flight Home

Half an hour into his flight back to Shanghai, Rocky pulled out his laptop to review his notes. As tired as he was, he wanted to review what he had learned. A few salient statistics quickly captured his attention.

  • Research shows that 99% of companies suffered a supply chain disruption during the past year! Approximately 58% of these disruptions led to a substantial financial loss.1

  • In a survey of 110 North American companies, 73% of companies indicated that supply chain risk levels had increased since 2005, and 71% said that the financial impact of these disruptions was increasing.2

  • The average financial impact of supply chain disruptions was huge: 107% drop in operating income, 92% decline in return on assets, and 114% decrease in return on sales. Costs also increased by 11%.3

  • Despite the threat and costs of supply chain disruptions, 0% of managers surveyed felt their companies were “highly effective” at supply chain risk management (28% reported low effectiveness, 35% moderate effectiveness, and 24% had no formal risk management process)!

Apparently, CPG was not alone. Most companies faced higher risks—and like CPG, they struggled to know how to manage them. Somehow, Rocky felt little solace. He continued scanning his notes.

Business continuity planning defined—a method used to ensure that essential activities can continue during and after a disruption. Continuity planning seeks to prevent interruption of mission-critical activities and to restore normal operations as swiftly and smoothly as possible. The typical process includes six steps:

Figure 2.1: Business Continuity Planning Lifecycle

As Rocky considered each of the six steps, he realized that CPG was really not very good at any of them. That CPG knew how to track consumer trends nobody doubted, but keeping track of macro political/economic issues was not part of anybody’s job description. Nor did anyone spend much time identifying and classifying risks at the macro or micro levels.

Subconsciously, Rocky started to ask himself a few questions.

  • If protectionism reared its ugly head, how would CPG’s network be affected? What about a dramatic shift in exchange rates?

  • If the financial crisis forced a key supplier to shut down, where would CPG find a replacement? Did anybody at CPG really know what the financial status of each supplier was?

Examining these questions forced Rocky to acknowledge that his team really needed to start at the beginning, asking the basic question, “What are the risks that CPG faces at the country, facility, and product levels?” He’d seen a related statistic on this! Turning the page, Rocky found the number: Only 15 percent of companies could summarize supply chain risk levels by country, product, and supplier.4

Rocky wondered why companies struggle so much in their quest to understand and manage risks? As he glanced at the top of the next page, Rocky’s eyes riveted on a timeline that showed some of the events that had caused highly visible supply chain disruptions in recent years. Some of the events looked like they could be anticipated; others seemed to appear out of nowhere. How do you anticipate a supplier’s production facility burning down? Or, how do you forecast something like an earthquake or a SARS outbreak?

Figure 2.2: Events Causing Highly Visible Supply Chain Disruptions

As he considered the timeline, Rocky thought about the many war stories he had heard during the past two days that had identified and described a plethora of risks. He found himself writing down question after question.

  • Which risks were most likely to disrupt CPG’s operations? What were the real probabilities for each risk? How could these probabilities be quantified and communicated?

  • If the risks could be categorized, would that make it easier to track and measure them? Did anyone within CPG already have some of this data? What third-party monitoring services could CPG look to in order to reduce the internal scanning burden?

  • If a disruption did occur, what would be the consequences and costs? Specifically, how would each disruption impact (1) customers, (2) other supply chain partners, and (3) CPG’s revenue and brand reputation?

  • What solutions should be employed in each scenario? Is redundancy or responsiveness a better approach to risk mitigation? When is each of the following appropriate: alternate cites, second sources, transshipment, or inventory?

  • What would CPG’s time to recover be? What other measures are appropriate to evaluate the success of a risk-mitigation strategy?

  • Given the size and scope of CPG’s Asian operations, how could Rocky and his team keep it all straight?

  • How would he and his team demonstrate their value added—i.e., how can they quantify the benefits of enhanced supply chain risk management?

Rocky knew his team would have to tackle these questions in developing a comprehensive risk-mitigation strategy. But that would have to wait. Rocky could barely keep his eyes open long enough to stow his computer and cover himself with his blanket. As long as his plane did not crash, he could work on securing CPG’s future tomorrow.


  1. Why can only 15 percent of companies summarize supply chain risks levels by country, product, and supplier? Why did 0 percent of surveyed managers feel their companies were highly effective at supply chain risk management?

  2. Is there anything in your life that is analogous to risk management? If so, how are the two things similar? What does this mean about planned behavior?

  3. Focusing on Rocky’s list of questions, what specific advice would you give to Rocky?

  4. What tools should Rocky employ as he analyzes risk and develops a business continuity plan?

  5. What resources can Rocky use to help him mitigate risk at CPG Asia?

Action Activity

Put yourself in Rocky’s place. Develop a 2×2 risk-assessment matrix. Identify and map the 10 most “important” risks CPG Asia faces to your matrix.

Now, imagine you are a sourcing manager at CPG Asia. What are your 10 most important risks? How do they map to the matrix?

If you take the perspective of a marketing manager, what are your 10 most important risks? How do they map to your matrix?

Note: This case was written by Stanley E. Fawcett of Weber State University as a basis for class discussion and is not designed to illustrate effective or ineffective management. The problem scenario has been fictionalized for readability, and company-specific statistics may have been altered for competitive intelligence reasons.