Volumes have been written on the causes of failure in military operations all over the world, surveys and studies have been done over the years and many fingers are pointing in every direction—a couple of these fingers are pointing straight at us, the Army Logisticians!
Nowadays, logistics operations are conducted in a complex multidimensional environment, and one of the most significant challenges is to deliver the proper logistic services at the right place and in the right time, but also at minimum cost when it comes to resources. To be a successful logistician you must act proactively, by integrating Risk Management culture and procedures not only into planning process, but also into the execution phase!
Be risk aware, not risk averse!
Getting used to the transparency of a risk management framework is the first stepping stone in integrating an effective Risk Culture. Being risk aware rather than risk averse will demonstrate commitment to due diligent operational practices and allow the logistic tasks to grow through the engagement of each soldier.
Having an accurate risk profile for each logistic task and a consolidated picture of principal risks, creates a valuable opportunity to reconnect with your operational environment, build trust amongst people, improve decision-making and assure transparency for stakeholders.
Identify your Stakeholders
We live in a world of dynamic change, with numerous Stakeholders. A stakeholder is the person or the entity that is influenced or can influence the logistic projects. The first step is to thoroughly study all orders and mission environment to identify internal and external stakeholders (positive, negative or neutral) and proceed with their analysis. The analysis focuses on two principal factors:
- Stakeholders’ Interest on the project
- Stakeholders’ Power to Influence the project
A typical logistics system includes many Stakeholders ranging from local contractors, NFIUs, NSEs (& their capabilities) to local population (& its support) etc. The end of this first process is to produce a detailed stakeholder register where the profile of each stakeholder is depicted. This will serve as a critical input to the next face “Identify Risks”.
By definition, Risk Management aims to increase the probability and/or impact of positive events and decrease the probability and/or impact of negative events. By breaking-down the abovementioned definition, we derive to the following statements:
- A Risk can either be an Opportunity (positive) or a Threat (negative)
- A risk could be stated as a two-dimensional factor, formed by Probability and Impact (over the project objectives: Scope, Time, Cost, Quality)
In the “Identify Risks” phase every internal and external entity must participate. “End Users”, that are usually the subordinate units, should not be omitted, so as to have a 360 approach. Any event that could positively and/or negatively impact Logistic Operations must be included, e.g.:
- Supply chain interruptions
- Accidents with victims including soldiers and/or civilians
- Major force events
- Loss of or damage to critical infrastructure
- Appropriate infrastructures (airports, ports or railways) of Host Nation
- Adequate geographical location of infrastructures of Host Nation
- Local population support and provision of supplies from Host Nation without charge
As Logistics reliability is threatened by many internal and external factors, this phase takes more time than any other Risk process so as to be able to reach a comprehensive situational awareness through the exchange of information. To succeed that, various Identification tools and techniques must be used in a combined way through several Facilitated Workshops and Focus Groups. Examples of such tools and techniques are Brainstorming and Delphi technique with SMEs along with Affinity diagrams, SWOT analysis followed by Pre-mortem technique, Flowcharts or Influence Diagrams as well as studying “Lessons Learned” from experiences of HQs already engaged in past deployments. A basic template/artifact for this process is the Risk Breakdown Structure (RBS) presented in picture 4 where basic categories of risks are depicted and must be decomposed through analytical and deductive reasoning.
At the end, a Risk Register is produced filled with numerous Opportunities and Threats, written in a Cause-Risk-Effect format so as to allow the analysts and decision makers to be aware of the cause as well as the possible effects of each risk.
Example of an Opportunity, expressed in a Cause-Risk-Effect format, can be:
“Develop relationships with non-NATO entities (Cause), will provide us access to additional sources of information and open source material (Risk) to enhance traditional intelligence and material sources of NATO and decrease operating time for logistics operations (Impact)”.
On the other hand, an example of an identified Threat can be:
“Due to the low classification of bridges in area A (Cause), there is a risk of transferring supplies in convoys with numerous smallest vehicles (Risk) which may lead to delay in deliveries and security issues during movement (Impact)”.
Assessment and Analysis
Next process is to assess and analyze each risk in the risk register, to estimate the probability of occurrence and its impact on the project. A critical point here is to avoid biases (cognitive, motivational, hindsight, anchoring etc.) by assessing the quality of data the estimations were based upon. Furthermore, there should be a precise classification of risks based on Priority and Urgency.
Looking at Opportunities and Threats in only these two dimensions (Probability & Impact), produces a risk profile that is a snapshot in time and it is a subjective quantification at that point in time that places each risk at a specific point on a P.I. (Probability & Impact) Matrix. But to be more precise, the risk profiling must be conducted in four dimensions. The parameters of direction and speed must be added to the previous produced snapshots. During the above estimations, it is essential to compare all the information over a period to see in which direction risks are moving and at what speed they are escalating. Moving away from just estimating to predicting adds value to the process and it is one step closer to forward-looking risk management.
When Risk Profiling, is done correctly, it highlights, not only the negative side by exposing challenges, but also helps identify hidden opportunities to optimize risks and build a sustainable competitive advantage. Risk profiling is the first step to “looking through the windscreen and not only in the rear-view mirror”; it is proactive in its approach and practice.
Subsequent steps might be to proceed with a quantitative analysis and an overall project risk exposure analysis and decide potential contingency reserves, while taking into consideration principal stakeholders’ risk tolerances. Conclusion of a Quantitative Risk Analysis can be for example how our mission can be affected by the relationship between the third-party logistics service providers and us or by increased distances between logistic base and theater of operations and by restricted availability or usability of the Main Supply Routes (MSRs). No matter which level in the supply network is concerned, both opportunities and threats regarding logistics processes are increasing along with the complexity of the respective system.
Responses to Opportunities and Threats
The high supply and demand uncertainties along the logistics system can lead to high-level operational risks. Popular business measures such as provision of logistics services, outsourcing and strategic alliances also bring new dimensions of risk to logistics systems. There is a variety of response strategies such as Avoid, Mitigate, Transfer for Threats or Exploit, Enhance and Share for Opportunities. The ideal action is to select the appropriate response for a logistic threat and to transform it to a logistic opportunity!
For example, adopting proactive measures by making the structure of logistics and supply chain systems agile, and implementing the ‘‘sense and respond” strategy are effective schemes to handle logistic disruptions. In addition, dynamic contingency plans should also be prepared to provide the optimal ‘‘response” to these problems in a timely manner. For example, if there is only one operational airfield within the area of operations on which the whole of logistics is dependent, the point of main effort of air defense can only be there, but at the same time we must find or create an alternative one.
Risk control and reporting
In this final process the Risk Team is applying the predefined risk response plans, monitors identified risks, including residual ones, identifies new risks, and evaluates the risk process effectiveness throughout the logistics project to produce also Lessons Learned.
Key benefits are:
- The efficiency of the risk approach throughout the logistics project life cycle
- The continuous optimization of risk responses.
Imagine having a formal monthly Risk report produced after an audit inspection or a Risk re- assessment meeting. This report under certain circumstances can be 28 days too late! It is necessary to understand that Risk Management is an iterative process that needs a “Risk nervous system” communicating accurate risk information from all points inside the organization (and outside) and having “live” dashboard reporting on systems like LOGFAS or JCHAT. The sooner people know, the better the decisions and the smaller the losses!
All professionals in logistics management must be aware that, to achieve success and business continuity, they should consider Risk Management as an intrinsic part of all their actions. It is time to renovate by doing Logistic Risk Assessment Workshops before and during operations and produce Risk profiles which will reduce the surprise factor of risks. Getting Bad News in Good Time is always better than a surprise when it comes to Risk management.
The organizational Risk culture is influenced when soldiers raise Risk implications early in discussions and throughout the decision-making process! All is needed is for each soldier to know the basic Risk management principles, acquire the basic Risk Management skills and use them to evaluate the risks associated with his/her job by acting daily to mitigate/enhance and control risks. Risk Management success lays in embedding an effective Risk Management culture!