Many industries such as the automotive, medical and semiconductor sectors must comply with third party standards to control processes, reduce risk and ensure quality during the manufacturing of products. Over the past few years, organizations have begun to embrace an even broader mindset towards risk-based thinking, motivated by the growing discipline of regulatory compliance and an increasing number of unexpected global events that have impacted their operations.
When manufacturers want to implement a new production line, they are examining all of the possible risks and scenario planning for every reasonable action that could either prevent or mitigate a risk if it materializes. Some people call this business continuity, risk management or disaster management.
Nothing has brought these concerns more to top of mind than the past few years of dealing with trade wars, the pandemic, extreme weather and supply chain shortages.
Risk Management Checklist
Risk management is about the practical investment in preventative and mitigating measures that can be tapped during a crisis. There are four main areas to consider when building a risk management or business continuity program:
1. Risk Assessment.
The first action to take is to put a stake in the ground in terms of what could go wrong at each plant, whether it happens to be a fire, earthquake, chemical spill, cyber attack or something else. This will vary for different regions. The possibility of an earthquake impacting operations in California is much higher than in Alabama. An act of terrorism may be more likely to happen in certain countries versus others.
Let’s say a manufacturer is setting up a new production line. The first step would be to complete a risk assessment form that spans different areas:
- Employee Health and Safety
- Finance.
- HR.
- IT.
- Operations.
- Program Management.
Based on the guidelines provided, the person completing the form identifies possible issues and potential impacts – this could be anything from production or shipment delays to impacts on employee health and safety. Then a threat rating is assigned between 1 and 5 for both occurrence and impact, with 5 being a critical situation that warrants the most attention.
Then, preventative and mitigating measures are determined based on factors that could contribute to the adverse event:
- Are there inadequate controls, lack of monitoring or poor training that might add to a problem?
- Could these areas be improved to either prevent or lessen the potential impact?
While an earthquake isn’t preventable, an organization could retrofit their building and upgrade IT systems to ensure that people are safe and can still perform their job duties if a temblor hits.
2. Incident Management & Business Recovery Planning.
Building out all of the details for incident management and business recovery is essential, if not glamorous. A contact list needs to be created so that a key lead can contact all affected employees, customers and suppliers during a disaster. Getting customers and suppliers in the loop early could enable them to become part of the solution. A call notification script should be drafted that provides consistent communications to impacted parties, and decisions need to be made about whom gets told what in certain scenarios. Checklists and drills should also be included, such as how to safely clear employees from a facility.
3. Internal Audit Checks.
Once the business recovery plan is drafted, it should be audited annually. This ensures that the right action plans are included and the correct project leaders and backup leads are identified and verified. Each section, such as advanced planning, revision histories and recovery priorities, must be evaluated as part of the audit to ensure that there’s a solid plan in place and that all participants are properly trained and on board with the approach.
4. Test Exercise.
Every plant should run through a drill for their highest-priority emergencies to evaluate preparedness. They must be able to prove that there’s a data IT recovery capability and have a rough idea of what can be done for a customer in the scope of the test exercise.
- If work needs to be moved to another location, are they able to confirm the backup plant’s capacity and a timeline for the transfer?
- Do they understand the open orders that need to be transferred?
- How does the detailed recovery plan work in terms getting operations back up and running?
- For each action, what would be considered a success and how soon? A sample objective would be to get access to a site within one hour and have at least 80 percent of the team notified within the hour of a situation.
After running a drill, evaluating its effectiveness and making improvements to the plan and communicating it to the team should occur. If actions such as getting access to the site, notifying the team, understanding orders, getting alternate facility confirmation and knowing the right customer contacts can all be demonstrated during the exercise, then the majority of functional activities are ready to go, even if the actual crisis requires some fine tuning of processes. Just like the overall plan, the test runs should be performed at least once a year to verify their continued relevance.
Preventing Problems Before They Happen
At Sanmina, we are seeing increasingly robust expectations for risk management programs across the markets that we serve. Customers are more eager to get involved in understanding the details of these plans than ever before and are considering them an integral part of their manufacturing strategy.
It’s vitally important to understand potential risks, evaluate the scope and effectiveness of an action plan and cultivate a living risk management process that is periodically reviewed and updated. It’s also critical to instill a preventative mindset within an organization’s culture because it’s not always an intuitive thought process. While fixing a problem in the moment may be beneficial, it’s important to build a mindset that’s not just about corrective thinking but a proactive approach that identifies potential root causes that could help prevent or lessen a problem that may occur in the future.