Stephen Whyte of Qadex explains how to actively manage emerging threats in the food supply chain and the importance of supplier assurance and forecasting risks.
Supply chain risk management maturity model
From a large food business perspective, it is easy to overlook the fact that the industry has a vast number of small and micro businesses, many of which have no supply chain risk management system in place. Food businesses can be divided into the following groups according to the extent to which they are addressing supply chain risks:
• No risk management systems in place – often single multitasking owner manager with no employees.
• Basic systems are present, but not working to any standard. Typically sourcing all ingredients from established distributors and relying on the distributors’ supplier assurance systems. This works well where businesses are sourcing from reputable distributors with robust supplier assurance but fails when distributors are less reputable.
• Working to standards, such as GFSI and BRC, but struggling to consistently comply; are frequent recipients of major non-conformances.
• Doing enough to have minimal non-conformance on audits, but coming under pressure as the robustness of audits increases in a supplier assurance system.
• Companies with no audit non-conformances as a result of investment in supply chain risk management systems, such as QADEX. Companies at this level are constantly challenging and improving their processes. Audits are still a stressful process and there is a sense of relief when an audit goes well.
• Well embedded food safety cultures with systems operating at an excellent level. Audits are not a source of anxiety but are viewed as frequent validation that systems are operating to high standards. Audit non-conformances, where they arise, are a source of intense debate between auditor and auditee and will often revolve around interpretation of a requirement rather than a fundamental shortcoming in food safety systems.
The most advanced food businesses will actively engage with modelling of emerging threats to stay ahead of risks.
Every food and drink business has a unique supply chain and the emerging threats facing a supply chain will vary from business to business. Threats can be classified as:
• Risks initiated by individual or organised human factors, such as economically motivated adulteration (EMA) and substitution, bioterrorism, cyberterrorism and acts initiated by disgruntled employees or external parties.
• Diseases, such as animal disease, pandemics and antibiotic resistance.
• Global challenges, such as political, economic, social and technological (PEST) risks.
• Global challenges, such as sustainability, ethical and global warming.
• Food safety risks
• Marketplace risks due to supply and demand imbalances.
The most advanced food businesses will actively engage with modelling of emerging threats to stay ahead of risks."
Economically motivated adulteration and substitution has been widely publicised since the 2013 horsemeat scandal. The University of Portsmouth has forecast that the extent of food fraud in the UK alone could be as much as ￡11bn per annum. The industry is very good at responding to the most recent incident and has invested vast sums introducing vulnerability assessments to identify EMA risks requiring mitigation, but this has reduced its focus on other emerging risks. Following the 9/11 attacks, there was an increased focus on bioterrorism risks, but in recent years the food industry has been distracted by EMA. However, bioterrorism is still a risk that needs to be considered.
Recently, the threat of cyber-terrorism has grown but many businesses are not prepared for how this could impact on their supply chain. Addressing the consequences of the following situations may help to identify some of the impacts of a cyber terrorism attack:
• Inability to use IT systems
• Inability of suppliers to use their IT systems
• Shutting down of one or more of the major utility networks
• Unavailability of the internet for an extended period
• Telephone and communication systems unavailable.
Risks may be posed by a disgruntled employee or member of the public. Many will remember the story of Paul Bentley, the disgruntled Pork Farms employee who spread nuts around a nut-free area within the factory resulting in a disruption reported to have cost ￡1m. Companies need to consider the impact that a disgruntled employee could have on the business by identifying which actions could cause the maximum disruption.
Recently, the threat of cyberterrorism has grown but many businesses are not prepared for how this could impact on their supply chain.”
Disease related risks
As the world has become more interconnected with rapid movement of people, livestock and goods, exposure to major animal diseases and Zoonoses has increased. Global efforts to co-ordinate risk assessment, communication and collaboration are led by the World Health Organisation.
A pandemic is an epidemic of infectious disease that spreads quickly through the human population across many continents. In recent years, the most likely pandemic risk has been the H5N1 strain of Avian Flu, which has been contained to date. In December 2016, the BBC reported the view expressed by Bill Gates, the American philanthropist, that his biggest fear for humankind is a major flu epidemic, which could kill 33 million people.
Antibiotic resistance is growing in many developed economies. Debate has focused on the perceived impact of antibiotics in intensive farming and while there is conflicting data, there are powerful lobbies pushing for reduction or removal of antibiotic usage in farming operations.
Identifying emerging threats from animal disease, pandemics and antibiotic resistance could be determined by assessing:
• Reliance on intensively farmed poultry, pork, beef or fish
• Reliance on large numbers of manual labourers at any point in the supply chain, which could be impacted by a disease outbreak disrupting supply
• The impact on a protein supply chain if antibiotics could not be used.
Political and financial risks
Risks, such as fiscal and monetary policy, exchange rates, government regulation, labour market changes or political instability, can impact the food supply chain. While many PEST risks are hard to predict with accuracy, global themes are emerging such as:
• Political uncertainty as electorates move away from the centre to the left and right.
• The shift of economic power from West to East
• Greater uncertainty about the future of Russia
• Ageing populations in the West.
Each food business needs to look at which PEST risks are likely to have the biggest impact on its supply chain. An excellent current summary of the geo-political risks facing the world is available on the Eurasia Group website.
Many food businesses are coming to terms with global challenges of sustainability and ethical compliance along with the risks caused by supply and demand imbalances. All food safety businesses operating to GFSI standards are tackling food safety risks with varying degrees of sophistication but few are looking ahead to forecast emerging food safety risks.
Forecasting emerging threats to supply chains is a big undertaking that requires continual review and update as conditions change. Businesses will need to be alert to the many challenges in addressing these threats (Table 1 (p31)).
||Different teams using different IT systems responsible for different facets of supplier and product approval, ethical, sustainability, product quality and consumer care.
|Quality management systems historically set-up to comply with food safety and customer standards to pass audits.
|Difficult to gather the data required from suppliers in a timely and cost effective manner.
||A global challenge that certification bodies have been grappling with for years.
|Standards not always consistent, causing problems for manufacturers who supply to many retailers.
|International trade has added complication of different approaches in different regions.
|Lack of Resources
||Insufficient technical resource to identify all relevant threats.
|Lack of knowledge
||Lack of qualified scientists to replace those who are retiring or leaving the industry, reducing the industry knowledge
|Lack of VACCP/TACCP
|Lack of experience in completing vulnerability assessments for the BRC Food Standard Issue 7 (introduced in 2015).
|Best practice still
|Best practice still emerging for vulnerability assessments and forecasting emerging threats to the supply chain.
|Bias towards avoiding
|Primary focus of many food safety teams is on avoiding non-conformances to standards.
|Too little data
||Insufficient quantitative data for vulnerability assessments resulting in subjectivity.
|Too much data
||Vast amounts of data in paper based documents, email servers, spreadsheets, ERP and other software systems may
||Subjectivity in risk assessments for supplier assurance systems and evaluation of emerging threats leaves businesses
open to challenge.
|Sub-optimal activity in food safety teams as the focus changes with time.
|Under investment in
|Food safety resources not increasing in line with increased workloads, resulting in resource being stretched.
|Historical data sources
||Historical data sources can be utilised as part of supplier assurance and forecasting emerging threats to a supply
chain and some are available free of charge.
|Internal data sources
||Food safety questionnaires could be upgraded to fulfil many tasks, such as supplier risk assessment and approval,
managing ethical compliance, sustainability and suppliers’ compliance with codes of practice, capturing data from
suppliers to inform vulnerability assessments and to identify emerging threats.
Table 1 Challenges in forecasting supply chain threats
Auditing suppliers is an invaluable tool in the supplier assurance toolbox. Too many food and drink businesses do not audit suppliers due to resource and budget constraints. However, auditing suppliers provides an opportunity to capture additional data, which can help identify emerging threats.
Raw material specifications are often handled by a different team to those responsible for supplier assurance and evaluating emerging threats to a supply chain. In practice, there is useful data within the specifications that could be further enhanced with carefully considered upgrades to specification requirements.
Goods-in checks and quality monitoring is often on an ad-hoc basis to confirm compliance with specification or as mitigation for an identified risk. These are often completed as a tick box exercise rather than capturing data points, which could be later analysed to pick up unusual patterns that might indicate a threat within the supply chain.
Consumer complaints are often seen as the responsibility of customer care teams unless a complaint requires investigation. Level 1 complaints, such as issues of taste and texture, are often only reported with trend reports without detailed data analysis.
Ethical and sustainability compliance data are often handled by different teams without close collaboration with supplier assurance. It is contended that excellent suppliers will perform well across the spectrum of food safety, ethical and sustainability, since these businesses are likely to have enlightened management. Conversely, poor performance in any area could be an indicator of elevated risk in other areas, yet how many food businesses take this integrated approach to evaluating supply chain risks?
Collating and analysing internal data is time consuming and may require replacing manual and paper based systems with an integrated database. The emerging threats to a supply chain are likely to come from areas businesses are not already aware of and are therefore likely to be external to the business.
External data sources
Many food and drink businesses are members of research associations, such as CampdenBRI or Leatherhead Food Research in the UK, which frequently publish updates and reports highlighting emerging risks that their experts have identified. Trade associations are another good source of intelligence, which is often category specific and tailored to the needs of their members.
The European Rapid Alert System for Food & Feed (RASFF) is a quick and effective tool for exchange of information between competent authorities when risks to human health are detected in the food and feed chain. It measures withholding, recalling, seizure and rejection of the products concerned. The United States has a similar system to RASFF, known as Foodshield, which food and drink businesses can access following registration.
In recent years, the internet and social media channels, such as Twitter and Facebook, have become useful tools in the identification and tracking of emerging issues. Google searches for any ingredient along with the term fraud are likely to find a range of articles. The internet and social media present a challenge in validating the credibility of sources and the likely recycling of articles across multiple outlets.
The internet is also an excellent source of data for general emerging PEST risks. A multi-disciplinary team and extensive time is required to research and collate the various risks that could impact on a supply chain. All the internal and external sources discussed so far, are based on historical data. The truly difficult question to answer is what can be done to predict the next sudan I/ acrylamide/dioxin/horsemeat crisis. Very few food businesses have the resources to accurately model and predict emerging threats. Similarly, it would be very difficult for external agencies, such as government, to take on this responsibility, as the scale and scope of the food system is just too diverse.
Nonetheless, approaches ranging from the near-term and practical to innovative, emerging technologies, can provide valuable insight.
While humans begin to struggle with this amount of data, algorithms and artificial intelligence systems will be able to analyse it in real time and pick out patterns.”
Predictive data sources
RASFF is one of the most comprehensive datasets available in Europe but in most instances, it is not used proactively by food and drink businesses. However, in one study, Baynesian Modelling was used to predict 80% of the food frauds reported on RASFF.
TNO’s predictive solution, ERIS (Emerging Risk Identification Support), helps food and drink businesses globally to identify and evaluate existing and emerging food safety risks and respond effectively to them.
Social media is likely to play an increasing role in picking out ‘noise’ and ‘chatter’ around particular ingredient and commodities in the coming years but will require more sophisticated usage by the food and drink sector to analyse the vast streams of data. Algorithms and artificial intelligence are likely to emerge as valuable tools.
While humans begin to struggle with this amount of data, algorithms and artificial intelligence systems will be able to analyse it in real time and pick out patterns. These patterns will be clear signals for emerging threats.
Making sense of data
Well-established principles of risk assessment, referred to as ‘multi-dimensional’ or ‘360°’ risk assessment, are useful for data interpretation.
Product risk assessments can be broken down into sections, such as: micro, chemical, allergy, pesticide and vulnerability, based on business preferences. For multi-site businesses, these risk assessments can be completed at each site based on how the site processes each ingredient and the end product use.
From a group perspective, a ‘worst case’ scenario is taken and this governs whether the site introduces mitigation to manage the elevated risk or increases the supplier risk profile and audit frequency.
Supplier risk assessments need to be much more holistic than food safety risk assessments and to address the following issues as a minimum:
• Food Safety
Separate variables should be scored in each section and the scoring system should be kept simple (low, medium, high) with quantitative variables used for scoring. Subjectivity is not recommended as users get confused and resultant risk assessments can be inconsistent. A useful filter to apply to risk assessments is a probability impact assessment.
Every risk has two characteristics: the probability that it might happen and the impact it would have if it did. These can be assessed on a scale, such as high, medium and low. The guideline for what constitutes high or low is not universal and will need to be configured to each business. The risks can be visually represented on a 3*3 or 5*5 matrix and RAG (red, amber, green) colour coding applied.
Having completed the probability impact assessment, it should be clear which risks require mitigation. Good luck!
Stephen Whyte, Managing Director, Qadex, Oak Business Centre, Ratcliffe Road, Sileby, LE12 7PU, England
Email: firstname.lastname@example.org Web: www.qadex.com Tel: 0845 302 4780
QADEX delivers and supports IT solutions for Brand Protection, Supply Chain Risk Management, Food Specifications, Allergen Risk Management, Customer Complaints Management and NPD.