Long, complex global supply chains – stretching across geographies and involving many players – represent a unique and difficult risk management challenge. A strong cargo security program requires a holistic approach covering such areas as commercial risks, natural disasters and political upheavals.
Developing a strong cargo security program involves six steps: defining potential risks, determining what you need to mitigate risk, studying and implementing best practices, auditing the risk mitigation process, developing corrective action strategies, and providing risk mitigation training and remediation.
- Defining risk
Cargo risks are as diverse and broad as the geographies, products and participants involved in global sourcing and supply chains. The need for enhanced security measures has been amplified since the 9/11 terror attacks and other adverse global occurrences. But security risk isn’t only limited to terrorism.
Some of the different types of risks include war, piracy or civil strife, risk of theft or loss, counterfeiting and fraud, criminal activities by trusted partners, and armed attacks. Of all the potential risks that could occur, companies need to work with their suppliers and service providers to determine which are most likely to occur within their supply chain. These risks should then be ranked according to which are most likely to occur and which would prove most problematic.
- Implementing risk mitigation “must-haves”
Like many projects, a strong cargo risk mitigation strategy starts with C-level support. Other must-haves include a budget and organizational structure to support the program, financial incentives to encourage compliance to policies, a formal, written security manual and continuous risk management training.
Companies also need to make a clear distinction between cargo security related to risk of loss or damage and anti-terrorism, which require completely different approaches. Incorporating shared risk with vendors and customers, where both costs and benefits are distributed among partners, is another key strategy to lessen risk impacts. Finally, companies should use a layered approach with cargo security. Layered security is characterized by combining integrated elements (layers) to address potential risks.
- Following best practices
Cargo risk management strategies should address people, processes and technology. These include:
- Knowing your supply chain partners, including your vendors’ vendors and customers’ customers. The shipper is responsible for ensuring that they are not doing business with undesirable entities, regardless of whether compliance operations are outsourced or not.
- Mapping out supply chain processes. Software visualization tools can help shippers diagram their supply chain, evaluate risk levels of various supply chain partners and potential issues, and manage cargo flow risks. Identify dwell time and pinpoint maximum points of exposure.
- Using the Incoterms 2010 Rules, which define key responsibilities between the buyer and the seller, to determine where risk of loss or damage to goods begins and ends. Incoterms.
- Knowing what your cargo insurance really covers
- Borrowing best practices from established security entities. There are several organizations that provide suggested security standards and a recognized framework for mitigating risk, including the International Standard Organization’s ISO 28000: 2007 standards, the Business Alliance for Secure Commerce (BASC), and the Transported Asset Protection Association (TAPA).
- Joining industry-specific associations
- Using technology to your advantage
- Developing and managing importer self-audits
At the most basic level, you should be performing regular supplier audits, which should include potential security, social, financial and quality risks. You should diagram your supply chain and profile suppliers according to location, transportation modes, port of shipment, carriers and each supplier’s tier two and tier three supplier. Make on-site visits to prepare parties for upcoming audits, document all audit activities, analyze results and follow up on issues and irregularities as needed. Auditing technology can help alert suppliers to issues, track issue status, block non-compliant shippers from receiving future orders or shipping current orders, and documentation audit activities.
- Develop corrective action plans
Once risks are identified and ranked, shippers should establish corrective action plans (CAPs) for deficient suppliers and other supply chain issues. Companies should keep records of all open and closed CAPs and establish deadlines for completing a CAP. Suppliers need to be alerted of a CAP and if the completion date isn’t met, consider blocking the supplier from receiving future orders or shipping current ones.
- Provide risk mitigation training and remediation.
This training, together with a formal, written security manual, should include overall awareness training and follow-up requirements, including in the areas of procedural, personnel, documents and records, and facility security.