The Yoga of Resilience – It Is About Balance*

Resilience

Whether you are reading the headlines, looking at data trends, or living it in the trenches, it is easy to see that our world is full of potential and actual disruptions that can affect business operations.  Examples from the last year include Hurricane Dorian, the UAW strike at General Motors, and the ongoing threat of tariffs and Brexit, and from today’s headlines we have a new threat – the coronavirus. Some disruptions like natural disasters come with little warning, others lurk in the environment and managers struggle to decide if, when and how they should prepare for them.  Being the proverbial ostrich with your head in the sand does not keep the disruptions at bay – it just guarantees you will be blindsided by them. In today’s business environment, it seems managers across all functions need to be always ready to respond.  We call such an organization ‘resilient’ and we define it as the “capacity of an enterprise to survive, adapt and grow in the face of turbulent change”.  While many focus the resilience discussion on surviving the disruption and getting “back to normal”, we believe the concepts of adapting and growth are important elements, as 1) all disruptions are learning opportunities that can make us better next time; and 2) some disruptions necessitate changes that put is in a better position for sustainable future growth.

     Our research efforts working with national and multinational companies led us to conceive of resilience as a balance between understanding your vulnerabilities and building appropriate capabilities.  Vulnerabilities are the environmental factors that make an enterprise susceptible to disruptions

Figure 1: Balanced Resilience

(more details to follow).  We typically think of vulnerabilities as inherent in the environment – not something we can control.  Some organizations face a lot of vulnerabilities – others relatively fewer.  Capabilities are the management controls that enable an enterprise to anticipate and overcome disruptions.  You can think of these as the risk mitigation strategies that managers can choose between.  The goal of an organization is to be in a state of ‘balanced resilience’ – that is one where they have developed the right level of capabilities for the level of vulnerabilities they face (see Figure 1).  If your capabilities aren’t sufficient for your level of vulnerabilities, you are exposed to risk.  If you have built capabilities that go beyond your level of vulnerabilities, you could be eroding profits by over-investing in those capabilities.

Of course, this is a simplified view because it is also necessary to have the right capabilities.  If your organization is highly vulnerable to cyberattacks, it doesn’t matter how much redundancy you have in your supply network.  So, we have to think about this a bit deeper to truly help managers with their decision-making.

To dig deeper, we identified 36 vulnerabilities, which we categorized into 6 categories (see Table 1).  When people discuss risk, they often focus on vulnerabilities like natural disasters, supplier issues or technology failures.  However, a firm’s risk profile is determined by far more than these risks.  Let’s take brand awareness as an example.  Both Coca-Cola and National Beverage face external pressure because they make soft-drinks that research has shown increases obesity and rates of diabetes.  However, the strength of Coca-Cola’s brand makes them more susceptible to public attacks, and therefore at a higher risk of demand fluctuations if another research report hits the headlines connecting their products to consumer health.  Similarly, well-known companies might be more popular targets of cyber-attacks or terrorism than smaller firms.  We must therefore think broadly about vulnerabilities and even understand how multiple risk areas might interact. 

Table 1: Vulnerability and Capability Factors

We also identified 71 capabilities, which we categorized into 14 categories (see Table 1). As with the vulnerabilities, some of these are often the focus of discussions on risk management – flexibility, redundancy and visibility are all terms that get a lot of attention.  Others, like brand loyalty, might not be as obvious, but if Apple delays the launch of a new product because of a supply chain glitch, can they take advantage of their customers’ loyalty?  Yes, many of their customers are willing to wait and are less likely to turn to a competitor’s product, so they can weather the disruption better than, say, Nokia might.  We have also had many interesting conversations with managers and executives around organizational capabilities.  Some organizations (particularly smaller ones) are able to make quicker decisions in a time of disruption because they have empowered decision-makers throughout the organization, or they have better lines of communication between functional areas.  One company we worked with credited their strong employee loyalty for how they managed through a data disruption – the employees were dedicated enough to their jobs and the company that they jumped in and took pride in working overtime to see the organization through the crisis. Indeed, resilience capabilities come in many forms.

Figure 2: Resilience Gaps

Now that we have them identified, we are at a point where we can discuss matching vulnerabilities with capabilities.  For each vulnerability in Table 1, we have identified the specific capabilities that an organization could build to help them prepare for or recover from a disruption caused by that vulnerability.  Think of this as a large matrix with the 36 vulnerabilities down the side and the 71 capabilities across the top.  If you are facing a particular vulnerability, you can look across the row and see the menu of capabilities that you could consider building to help mitigate that risk.  Or if you are thinking of building a particular capability, you can look down the column and see which risks that might help you mitigate.  To further help with decision-making, we have created a tool (SCRAM™) that will help you measure the gap between a particular vulnerability-capability pairing.  If you rate a vulnerability as high, and a capability as low, you have a large gap in that corresponding cell.  Figure 2 shows the results for a SCRAM™ assessment at the factor level, but it can also measure gaps at the subfactor level.  Again, a manager can look at these results across a row or down a column to help determine the menu of capabilities that could be built to match the pattern of vulnerabilities the organization faces, and therefore increase their state of resilience.

SCRAM™ is just one of many tools managers have at their disposal to help develop resilience and be better prepared for the turbulence that lies ahead.  Risk registers, business continuity planning, war-gaming, supply chain mapping and simulation are others that can help firms understand the risks they face and develop action plans to mitigate them, or help the efficiency or effectiveness of recovery efforts if a disruption occurs.  Regardless of the tool applied, the important thing is to think about risk and disruptions as inevitable – be proactive (don’t be an ostrich) and try to create a state of balanced resilience.

This article is based on the following published articles, which would also make good further reading:

  • Fiksel, J., M. Polyviou, K. Croxton, T. Pettit, “From Risk to Resilience: Learning to Deal with Disruption”, MIT Sloan Management Review, Winter 2015. 
  • Pettit, T., K. Croxton and J. Fiksel, “Ensuring Supply Chain Resilience:  Development and Implementation of an Assessment Tool.”  Journal of Business Logistics.  Vol. 34 (1), 2013, pp. 46-76.  Winner of an Emerald Citations of Excellence Award.
  • Pettit, T., J. Fiksel and K. Croxton, “Ensuring Supply Chain Resilience:  Development of a Conceptual Framework.”  Journal of Business Logistics.  Vol. 31 (1), 2010, pp. 1-21.  Finalist for the Bernard J. LaLonde Best Paper Award.  Most cited paper of the decade (2010s).

Author: Keely Croxton

Keely L. Croxton is Professor of Logistics in the Department of Marketing and Logistics at The Ohio State University. She received her Ph.D. from the Massachusetts Institute of Technology (MIT). Her research interests are in optimization and supply chain management. She has also developed an expertise in supply chain resilience, focused on helping companies balance their inherent vulnerabilities with their management capabilities in order to effectively respond to disruptions in the supply chain. Her research has been published in several leading journals and she has been twice awarded the Bernard J. LaLonde Best Paper Award for the Journal of Business Logistics. She is also the author on several chapters of Supply Chain Management: Processes, Partnerships, Performance. Before joining academia, she worked in the automotive, paper and packaging, and third party logistics industries. At The Ohio State University, Keely teaches modeling, forecasting, and supply chain management at the undergraduate, MBA, Ph.D. and Executive Education levels. She is also the co-director of the fulltime MBA program.