Print this article | Return to Article | Return to

Monitoring China Supply-chain Risk

Directly or indirectly, many companies rely on components from China; Sun Microsystems takes a statistical approach to evaluating the risks.
David M. Katz, | US
March 2, 2006

Imagine a supply chain in which one key part could be had only from a single country. That nation is a huge hot spot, threatened by the possibility of war, regulatory shifts, and even sanctions by your home nation against that country's human-rights abuses. If you're a senior corporate executive, you've probably thought about mitigating that risk.

Or perhaps not, judging by the stance of many U.S. companies toward China, experts say. Some executives have had their heads turned by China's cheap labor costs, manufacturing stability, and lack of labor unrest; others apparently aren't aware of the magnitude of their dependence on the country. "Your suppliers have supply chains and their suppliers have supply chains, so people don't know what's from China," says Beaumont Vance, a senior risk manager at Sun Microsystems.

"Every single computer in the world right now has at least one critical component that is made in China," he continues. Vance acknowledges he can't substantiate that claim, but other risk management experts believe it approaches the truth. That concentration of risk would have dramatic effects on the computer industry should any of China's political perils come to pass. For example, says Vance, if the country closed its borders or had some type of catastrophe, "no computers would be made until replacement factories were brought online," says Vance. Business users of computer systems, as well as the heavy-industry and consumer-products companies that have their goods manufactured in China, would also feel the consequences.

To be sure, massive confiscations of foreign assets by China isn't the political risk it once was, according to Roger Schwartz, a senior vice president with Aon Trade Credit. China rates only a "medium," the third of six levels ranging from "low risk" to "high risk," on Aon's 2006 political and economic risk map. Experts at the insurance brokerage also don't see significant exposures to terrorism, economic perils, or foreign-exchange risks for foreign companies that do business with China. Looming much larger, they maintain, are the possibilities of war, legal and regulatory actions, political interference, and "supply-chain vulnerability."

With so much at stake, how can executives determine which risks to act on? Sun Microsystems has taken the "ask the experts" approach further by employing a statistical method called "expert elicitation." As part of an enterprise risk management effort that started about a year ago, the company set out to gauge the relative seriousness of its Chinese-connected supply-chain risks. The more that Sun quantifies the responses from a number of experts rather than relying on a single authority, says Vance, "the more the answer converges on truth."

Sun risk managers first asked seven employees who are knowledgeable about China to brainstorm a list of risks — war, epidemic, social uprising, regulatory upheaval, for example — and rank them by severity (in dollar terms) and probability. The risk managers then ascertained to what extent each risk had been mitigated by insurance, alternative sourcing, or other means. For each risk, the difference between the experts' cumulative figure and the managers' mitigation efforts is the "residual risk," a number Sun managers can use to determine their strategies. (Vance declined to reveal specifics about the results of the exercise.)

Sun also plans to install a software application akin to the widely reported tool that enables the Central Intelligence Agency to sift through massive amounts of "chatter" to discern terrorist threats. The system, provided by Autonomy Inc., sorts through text, audio, and video files to reveal "trend[s] in risk drivers, which in turn helps to predict events," says Vance. The system is already helping to track Sun's non-political risks; yet to be completed is an application that will monitor such risks as government sanctions or embargo-related activities.