enhancing security throughout the supply chain - ibm · key contact information ... associated with...

Sp

ec

ia

l

Re

po

rt

S

er

ie

s

David J. ClossJohn H. McConnell Chair in Business Administration Department of Marketing and Supply ChainManagementMichigan State University

Edmund F. McGarrellDirector and ProfessorSchool of Criminal JusticeMichigan State University

A P R I L 2 0 0 4

Enhancing Security Throughout the Supply Chain

1

S P E C I A L R E P O R T S E R I E S

David J. ClossJohn H. McConnell Chair in Business Administration Department of Marketing and Supply ChainManagementMichigan State University

Edmund F. McGarrellDirector and ProfessorSchool of Criminal JusticeMichigan State University

April 2004

Enhancing Security Throughout the Supply Chain

2

ENHANCING SECURITY THROUGHOUT THE SUPPLY CHAIN

3


T A B L E O F C O N T E N T S

Foreword ..............................................................................................4

Executive Summary ..............................................................................6

Introduction ........................................................................................7About the Report..............................................................................7About the Challenge of Enhancing Supply Chain Security ..............7

Understanding Supply Chain Security................................................10New Ways of Thinking About Supply Chain Security ....................10Dimensions of Security ..................................................................13Integrated Supply Chain Security....................................................14Requirements for Supply Chain Security ........................................15Roles for Developing Supply Chain Security ..................................16

Assessing Supply Chain Security ........................................................17Supply Chain Security Assessment ................................................18Government, Carrier, and Terminal/Port Assessment ......................32

Recommendations for Action ............................................................35

Endnotes ............................................................................................39

Bibliography ......................................................................................40

About the Authors..............................................................................41

Key Contact Information ..................................................................43

4

April 2004

On behalf of the IBM Center for The Business of Government, we are pleased to present this report,“Enhancing Security Throughout the Supply Chain,” by David J. Closs and Edmund F. McGarrell.

Major events over the past couple of years, including 9/11, the San Francisco port lockout, HurricaneMitch, SARS, and the recent blackout in the northeastern United States and Canada, have dramatized the vulnerability of the global supply chain. These events, together with trends of increased outsourcing, under-score the need for companies to be more diligent in the way they manage their own extended supply chain,ensuring resiliency of operations end to end. That means addressing all aspects of their operations, fromworking with global suppliers and balancing supply/demand to improving overall security.

Specifically in the area of security, the protection of goods and commodities as they travel through the supplychain poses unique challenges. The report by Professors Closs and McGarrell describes many of the supplychain security challenges that exist today. It highlights the issues governments and firms will face as theyattempt to build greater security into the global supply chain, and offers practical and strategic advice forhow to use investments in new security programs to improve the efficiency and flexibility of the supply chain.

Their report asserts that companies and governments must recognize the need to implement comprehensiveand integrated end-to-end security that extends beyond asset protection and prevents the introduction ofunauthorized contraband, people, or weapons of mass destruction into the supply chain. It also contendsthat organizations should be looking strategically at security and how investments there can create oppor-tunities to build flexibility into their businesses through new processes that give them as early a warning aspossible of any interruptions.

Taking a strategic view of security, this report helps businesses focus on the benefits—not just the costs—associated with implementing supply chain security measures. By increasing supply chain security, compa-nies will see new opportunities for cost savings, have greater visibility for better planning, and be able toforge closer relationships with trading partners—all of which can provide them with a significant advantageover competitors who may not be taking the same approach.


F O R E W O R D

5


This document is based on the results of research and a multi-organizational, cross-functional workshopheld in November 2003. A high-level checklist was also developed to assist companies and governments in assessing the status of their supply chain security and in determining the risks associated with their performance in each category.

We trust that this report will serve as the catalyst for the new thinking, sustained leadership, research, and continual learning required by both the public and private sectors to sustain the global supply chainsecurity needed today and in the future. Supply chain security case studies will help refine the assessmentchecklist and recommended actions described in this report. Clearly, much work remains to be done.

Paul Lawrence Patrice N. KnightPartner-in-Charge Vice PresidentIBM Center for The Business Import Compliance Officeof Government IBM [email protected] [email protected]

6


E X E C U T I V E S U M M A R Y

Global supply chain security has become increas-ingly important due to incidents involving damage,theft, and terrorism. While security has been theprimary focus of a number of institutions involvedin supply chain operations (firms, governments,carriers, and the consuming public), it has tradi-tionally received a functional focus. For example,firms’ security organizations primarily focused onasset security while the government focused onrevenue collection and restricting the flow of illegalitems. In order to effectively meet the demands of a secure supply chain in today’s environment, amore comprehensive and integrated security focusis required, extending beyond asset protection andpreventing the introduction of unauthorized contra-band, people, or weapons of mass destruction intothe supply chain.

This report synthesizes the results of research and a multi-organizational cross-functional workshopsponsored by IBM and held at Michigan StateUniversity (MSU) in November 2003. The work-shop included representatives from manufacturers,distributors, retailers, carriers, government, andacademia. The report is designed to meet fiveobjectives:

• To establish some common definitions regardingsupply chain management and security.

• To describe the broad perspective that is neces-sary for comprehensive supply chain securitymanagement.

• To review the critical dimensions and require-ments for supply chain security.

• To introduce an assessment tool for firms, gov-ernments, carriers, and terminal/port operators tobenchmark themselves against other institutionsinvolved in enhancing supply chain security.

• To propose recommendations, synthesizedfrom MSU research and the workshop, that are critical for enhancing supply chain securityeffectiveness. These recommendations suggestthe need for enhanced leadership; public-private collaboration; additional research forsupply chain security, policy making and appli-cation planning; and educational initiatives todevelop awareness and expertise.

The central thesis of this document is that bothsecurity and supply chain efficiencies can be maxi-mized, but to do so will require changes in thinking,sustained leadership, and continual learning in boththe public and private sectors.

7


About the ReportThis report introduces the concept of supply chainsecurity management and offers guidelines for itsimplementation. The first section characterizes theshift of supply chain security from a focus on assetprotection to one of process integrity that preventsthe introduction of unauthorized contraband, people,or weapons of mass destruction into the supplychain.

It emphasizes the need to consider the institutionsand activities required to move the product fromthe field, forest, or mine to the home or office.While the need for enhanced supply chain securityis apparent, the challenge is for firms to provideimproved security capabilities at minimal to noincrease in cost.

The second section reviews the goals of effectivesupply chain management. While the goal is tocontinue providing increased customer valuethrough high velocity and visibility, the firm and itssupply chain partners must refine their processes toreduce variability and vulnerability. Effective supplychain security management requires a thoroughknowledge regarding these trade-offs. This sectionalso suggests that supply chain security initiativesreflect an extension of the quality movement. Whilethe quality movement focused on product and pro-duction process, supply chain security requires cross-organization process and information integration.

The third section describes an assessment approachthat can be used to evaluate and benchmark firmand institutional supply chain security management

practices. While this assessment provides firms withthe insight to enhance their own supply chainsecurity capabilities, a comprehensive securitysolution requires more involvement of all organiza-tions involved in supply chain planning, execution,control, and monitoring.

The final section describes the institutional rolesand recommendations required to develop a com-prehensive approach to enhancing global supplychain security. A firm or even an entire supplychain cannot solve domestic or global securityproblems on its own. Comprehensive supply chainsecurity requires a partnership involving firms, supply chain partners, service providers, and government. This report describes the institutionalrelationships, objectives, requirements, and bestpractice characteristics. Its ultimate goal is toenhance global supply chain security through leader-ship, collaboration, research, and education.

About the Challenge of EnhancingSupply Chain SecurityThe dawn of the 21st century brought together avariety of factors that created a need for enhancedsupply chain security. First, the increasingly globaleconomy both generates and depends on the freeflow of people, goods, and information. Second,businesses increasingly depend on efficient supplychain operations. Third, increased terrorist threatsresult in significant implications for homeland andglobal security. These factors have created signifi-cant challenges for businesses, for the country, andfor the global economy. Simply put, firms must

Introduction

8


implement continuous improvement processes thatenhance both supply chain execution and security.

Improvements must go beyond the firm itself andextend throughout the supply chain. At the sametime, governmental agencies responsible for themovement of goods and people across borders mustcontinuously review and update security procedureswith the goal of enhancing both security and effi-ciency. This includes balancing the essential govern-mental obligation to protect citizens with the criticalrole of promoting economic viability through trade.Further, the focus must be global, with the goal ofexpanding the number of trusted partners to enhanceglobal trade. Failure to enhance security—asdemonstrated by terrorist attacks in Bali, Israel, Kenya,Saudi Arabia, Spain, Tanzania, and the United States,among others—carries unacceptable risk. Yet,enhanced security must be balanced by the efficientand synchronized flow of goods and informationthroughout the supply chain.

Prior to discussing the challenges, it is useful toestablish common definitions for supply chains andsupply chain security. A supply chain is the combi-nation of organizations and service providers thatmanage the raw material sourcing, manufacturing,and delivery of goods from the source of the com-modities to the ultimate users. Organizations directlyinvolved in the supply chain include raw materialproviders such as mines, farms, manufacturers thatenhance the value of raw materials, wholesalers,distributors, and retailers. Other stakeholdersinvolved with supply chain operations include governments, carriers, and terminal/port operators.Supply chain management is the inter- and intra-organizational coordination of the sourcing, pro-duction, inventory management, transportation,and storage functions with the objective of meetingthe service requirements of consumers or users atthe minimum cost. Supply chain security manage-ment is the application of policies, procedures, andtechnology to protect supply chain assets (product,

facilities, equipment, information, and personnel)from theft, damage, or terrorism, and to prevent the introduction of unauthorized contraband, people, or weapons of mass destruction into thesupply chain.

The challenges facing the public and private sectorsbecome apparent when one considers the extent of global trade. Over 200 million containers areshipped between the world’s seaports annually. TheUnited States receives approximately 17,000 con-tainers per day (Lee and Whang 2003). Only about2 percent of the containers imported are physicallyinspected (Gillis 2002 and 2003). The impracticalityof drastically increasing physical inspection, coupledwith concerns over the security of containers, hasled U.S. Customs to develop the Container SecurityInitiative (CSI), which moves risk assessment andinspection to earlier stages in the supply chain.

The need for heightened supply chain security wasapparent in the May 2002 theft of a truck in Mexicoreportedly carrying eight tons of cyanide, whichresulted in a two-week search by law enforcementbefore the shipment was located. This incident high-lighted the potential threat posed by the movementof hazardous materials as well as the advantages thatwould accrue through a combination of improvedsecurity practices and tracking technology.

Challenges were also highlighted by the diagnosesof foot-and-mouth disease in the United Kingdom,“mad cow disease” in Canada, and bird flu in Asia.The December 2003 announcement of mad cowdisease (bovine spongiform encephalopathy) in the United States was quickly greeted with the clo-sure of beef exports to many U.S. trade partners.Agriculture officials began the process of tracingback the movement of the cow and of other cowsthat may have fed from the same feedlot as theinfected cow. This incident dramatically demon-strated the need to be able to trace the movementof goods (cattle) throughout the food supply chain.

The goal of terrorist events is to bring our economy to a standstill. If we put ananti-terrorist mindset on and make the protocol extremely cumbersome to avoidthe terrorist event, we risk achieving the same outcome the terrorists desire.

—Stephen Zujkowski, senior vice president, Savi Technology (cited in Hannon 2002)

9


At the same time, it highlighted the potential dis-ruption of agricultural and food markets unless sus-pect products can be quickly traced and isolated.

New security measures following September 11,2001, are estimated to cost the U.S. economyalone over $150 billion, of which $65 billion is for changes in supply chains (Bernasek 2002;Damas 2001). Yet, despite these expenditures, con-cerns about the security of goods crossing globalborders remain and the threat of terrorist attacksthat could shut down borders and seriously dam-age the global economy remains ever present.

The purpose of this report is to highlight the issuesfacing all stakeholders in global trade as countriesand firms attempt to build greater security into theglobal supply chain while simultaneously working to enhance the efficient flow of goods and services.The guiding thesis is that both security and supplychain efficiencies can be maximized, but to do sowill require changes in thinking, sustained leader-ship, and continual learning in both the public andprivate sectors. For the government official, thedesired outcome is to be able to say, “We haveincreased security to maximize the protection of ourcitizens while facilitating the efficient movement ofgoods across borders.” For the CEO, the desired goalis to be able to say, “We are better off competitivelybecause of our investments in supply chain security.”

The report begins with a discussion of the neces-sary shifts in thinking, noting particularly the scopeof public-private institutional partners responsiblefor supply chain security. The next section coversthe dimensions of supply chain security. The intentis to assist all those responsible for supply chainsby providing a common language and a set of prin-ciples, referred to as the five “V’s,” that are essentialfor supply chains. The report also includes anassessment tool intended to help frame issues,assist firms, and stimulate movement toward sys-tematic metrics. Finally, recommendations areoffered to place the issue of global supply chainsecurity at the top of national and internationalsecurity agendas and to promote the developmentand implementation of secure and efficient globalsupply chains.1

Acronyms

ACI Advance Cargo Information

AMR Advanced Manifest Rule

CSI Container Security Initiative

C-TPAT Customs-Trade Partnership Against Terrorism

DHS Department of Homeland Security

FAST Free and Secure Trade

ISO International Organization for Standardization

RFID Radio Frequency Identification

SCEM Supply Chain Event Management

SST Smart and Secure Tradelanes

TAPA Technology Asset Protection Association

WCO World Customs Organization

WTO World Trade Organization

10


New Ways of Thinking About SupplyChain SecurityThe supply chain security challenges posed by thethreat of terrorism have significant implications for firms and their suppliers, customers, carriers,terminal operators, governments, and global part-ners. Indeed, the global economy is dependent onthe security and resiliency of supply chains. Supplychain resiliency refers to the supply chain’s abilityto withstand and recover from an incident. Aresilient supply chain is proactive—anticipatingand establishing planned steps to prevent andrespond to incidents. Such supply chains quicklyrebuild or re-establish alternative means of opera-tions when the subject of an incident.

For firms, no longer is it adequate to focus on inter-nal security procedures geared toward the preventionof theft and emergency planning for specific plantlocations and distribution centers, the so-called“four walls” perspective. Rather, the demands ofsupply chain security extend beyond theft pre-vention to the threat of terrorism and require the integration of security with many other units. Thus, for example, several firms at the Supply ChainSecurity Workshop held at Michigan State Universityin November 2003 reported the use of a cross-functional team composed of Tax Staff, Customs,Security, Government Relations, Production Controland Logistics, Purchasing, Internal Controls, andHuman Resources. Not only must firms be con-cerned about security procedures within their ownprocesses and those of first-tier suppliers, but alsothey are dependent on the security proceduresthroughout the entire supply chain.

Given the global nature of supply chains, firms aresimilarly dependent on the procedures, laws, andregulations of countries across the globe, and deci-sions about suppliers are likely to increasinglydepend on the “trusted partner” status of the sup-plier country. Finally, supply chain managers mustengage in self-appraisal of supply chain securityand contingency planning, and cross-functionalteams must develop crisis management plans that include planning, mitigation, detection, and response and recovery components (seeSupply Chain Security Assessment beginning onpage 18).

Governments are responsible for facilitating themovement of people and goods across borders andare ultimately responsible for the safety of people,the country, and commerce. For governments andgovernment agencies, the traditional focus hasbeen on the control of trade, ensuring the collec-tion of taxes and fees, restricting the flow of illegalitems, with sampling inspections of imports forsecurity.2 The contemporary focus, however, is shifting to trade facilitation with security concen-trated on earlier stages in the supply chain and the identification of trusted partners to increasesecurity through export inspection and informationtrails. The very notion of trusted partners, however,creates the need for global cooperation.

The United States and many of its trading partnershave responded to the threat of terrorism by initiat-ing a number of efforts to build security and facilitatetrade. Congress mandated that the Department ofHomeland Security (DHS) Directorate of Borderand Transportation Security ensure the speedy,

Understanding Supply Chain Security

11


orderly, and efficient flow of lawful traffic and com-merce (Russell and Saldanha 2003). U.S. Customsand Border Protection, now part of DHS, hasattempted to facilitate trade and increase securitythrough the Customs-Trade Partnership AgainstTerrorism (C-TPAT), Container Security Initiative(CSI), and related programs. C-TPAT seeks to certifyknown shippers through self-appraisals of securityprocedures coupled with Customs audits and verifi-cations. CSI calls for pre-screening of containerscoupled with fast tracking when the cargo reachesthe United States. The Advanced Manifest Rule(AMR) and more recent Advance Cargo Information(ACI) require detailed cargo data before the cargois brought into or shipped from the United Statesby ocean, air, rail, or truck.3 The Free and SecureTrade (FAST) program allows low-risk goods trans-ported by trusted carriers for trusted firms to passrapidly through border crossings while reservinginspection resources for unknown or high-risk ship-ments. These provisions all require internationalcooperation. Also evolving is the creation and useof technology to enhance the detection of tamper-ing, increase tracking efficiency and effectiveness,and extend the scope of trusted partners to increaseefficiency at a greater number of shipping locations.

These global efforts are not confined to the initia-tives of the U.S. government. The World Trade

Organization (WTO) also seeks to facilitate tradeby moving controls and inspection to the exportstage and through the sharing of uniform informa-tion among government agencies, firms, suppliers,carriers, and customers (Damas 2002). The WorldCustoms Organization (WCO), through the 161member countries involved in the Global Standardsfor Supply Chain Security initiative, similarly seeksto promote trade facilitation by developing andpromoting guidelines to help customs administra-tions work together to promote rapid clearance oflow-risk cross-border shipments.

The U.S. Customs programs as well as the efforts of the WTO and WCO have broadened customsverification processes to include exports, relying on declarations that include essential data for adequate cargo risk assessment (commoditydescription, price, origin and destination, shipperand consignee, and transportation provider) (Gillis2003) and by certifying manufacturers, carriers,and other entities. The International Organizationfor Standardization (ISO) is working with theStrategic Council on Security Technology on aSmart and Secure Tradelanes (SST) initiative. SST is developing a technology platform to track con-tainers globally and generate chain-of-custodyaudit trails (Hickey 2003).

We aren’t necessarily replacing the focus on asset protection, but broadening it toinclude other considerations. The current focus on asset protection tends to bemyopic; what is needed is broader language, and a recognition that when the sup-ply chain is cut off, it affects the pipeline for all stakeholders, all resources. Perhapswe need to consider our “assets” in a context of our ability to satisfy our customersand maintain our reputation in the marketplace. That brings supply chain securityinto the conversation.

—Supply Chain Security Workshop, Michigan State University, November 17, 2003

Until we find a way to enable people to share information freely, compliance willremain a cat-and-mouse game in which the primary goal is to get the green lightand move on. Developing a true collaborative partnership between the publicand private sectors will require the creation of true two-way intelligence.

—Supply Chain Security Workshop, Michigan State University, November 17, 2003

12


The goal is to create global data exchange thatallows all members of a supply chain to worktogether, creating an environment similar to that of the quality initiatives in the early 1990s. At thattime, consumers were demanding substantiallyincreased product and service quality. The resultwas a strong organizational focus on efforts toincrease product and process quality. While firmsinitially felt that they could increase prices to coverthe cost of quality improvements, the market quicklyindicated that it would be necessary to increasequality without corresponding price increases. Infact, many firms found it was possible to increasequality while reducing cost. Similarly, it is impor-tant to note that enhanced supply chain security isexpected with no increase in cost. Thus, the chal-lenge today is to review, refine, and extend existingsupply chain practices to provide the desired secu-rity controls while simultaneously lowering supplychain cost.

Firms, governments, and governmental associationsare only some of the institutional components ofthe supply chain. The loss of a key supplier cancritically disrupt a supply chain, and firms aredependent on the security procedures of suppliersin order to insure their own security and to main-tain trusted-partner status with government agen-cies. Customers are obviously the end point of thesupply chain, and thus firms are ultimately depend-ent on their satisfaction. Customers are also impor-tant in the sense that the information needed to

allow auditing of cargo movement from supplier tocustomer must extend to the customer stage. Foodand product recalls linked to imminent danger areperhaps the best examples of this requirement.

Carriers, freight forwarders, port authorities, and ter-minal operators are responsible for critical stages inthe supply chain process. The best procedures of atrusted trading partner are meaningless absent theeffective security procedures of carriers to securegoods in transit. In addition to being key points forinspection, port facilities are potential targets for terrorists seeking to disrupt the supply chain eitherthrough attacks on the facility or as infiltrationpoints for cargo tampering. Consequently, the entiresupply chain is dependent on the security proce-dures (e.g., access control, personnel screening,physical “four wall” security, emergency prepared-ness) of port authorities and carriers and for theireffective interaction with governmental agencies.

Summary: These shifts in thinking about securityare captured in Figure 1. To build supply chainsecurity, no longer can the security function be isolated from other business processes. Rather,security and efficiency must be the responsibility of cross-functional teams. These teams must befocused not only on theft and asset protection butalso on preventing the use of shipments for theconveyance of contraband and weapons of massdestruction. The inadvertent shipment of such contraband poses threats not only to the firm but

Figure 1: Import Compliance Model of Changing Supply Chain Security Requirements

From To

Corporate Security Cross-Functional Team

Theft Prevention Theft Prevention and Anti-Terrorism

Inside the Company End-to-End Supply Chain

Country or Geographic Focus

Contingency Planning Contingency Planning and Crisis Management

Global Focus

Vertically Integrated Supply Chain1st Tier Suppliers

Outsourced Business Model2nd, 3rd Tier Suppliers

13


also to global trade generally. Attention must bedirected to the entire supply chain, and all of theseefforts—whether examined at the firm level or at thelevel of international government associations—require public-private communication, cooperation,and collaboration.

Dimensions of SecurityFigure 2 illustrates some of the institutions that playcritical roles within the supply chain. The supplychain security challenge is to effectively managethe “Five V’s” across the top of the figure (Helferichand Cook 2003). The first challenge is to providethe consumer with better value in return for theirmoney. Consumers expect relatively stable pricesand have low tolerance for dramatic increases orvariations due to supply chain security require-ments. Enhanced supply chain velocity is the sec-ond challenge faced by the linked members of atypical supply chain today. Not only do initiativesto increase product velocity in the supply chainreduce cost by reducing product storage times anddamage, such velocity also results in better qualitybecause products spend less time in storage facili-ties and transportation equipment. Velocity alsolimits the exposure to terrorist threats as it reducesthe time that the product is stationary.

The third challenge is to reduce supply chain variability. Most supply chains commonly experi-ence variability in production and transit times.Variations in production and transit time result inlarger inventory buffers or safety stocks. For exam-ple, if the average transit time from a West Coastproducer to the East Coast market is five days butactual movement time varies from three to 10 days,a five-day buffer stock is required at the destinationto accommodate the variation. The buffer stockresults in lower velocity, higher cost, and greaterpotential product quality and security problems.The fourth challenge is to provide appropriate sup-ply chain visibility. Many supply chain participantscan leverage visibility to resolve problems causedby supply chain variation. Visibility regardingwhere a product is in the supply chain and positivetracking to determine arrival gives manufacturers,wholesalers, or retailers a chance to expedite theproduct or obtain it from an alternative source.

The final challenge is to manage supply chain vulnerability. Supply chain vulnerability exists in avariety of forms. An obvious form in the food sup-ply, for example, is product infection or infestationwith a biochemical agent at any point within thesupply chain. Less obvious forms include damageor destruction of the supply chain infrastructure or

Figure 2: Supply Chain Network—The Challenges

Velocity

Variability Vulnerability

Value

Producer

ProductDevelopment

CustomerService

Process Segment

StrategicSourcing

• Plant, Facilities & Equipment• Parts & Supplies• Personnel• Communications and Transaction Processes• Utility Services—electricity, water• Public—ports, highways, bridges, rail, water ways• Financial• Supply Chain Partners Capabilities

ManufactureMarket

Distribution Consumer

Information Technology and Logistics Integration

Real-Time Execution Monitoring and Planning

Threat Profile: Natural, Accidental, Intentional Supply Chain Unforeseen Disruption Incidents

Visibility

Source: Adapted from Helferich and Cook 2003.

14


of the processes used to move and store the prod-uct from the supplier to the customer. Examplesinclude systematic damage or destruction to criticalmaterial suppliers, transportation equipment, trans-port infrastructure, storage facilities, or informationprocessing systems. Such damage was experiencedby firms, suppliers, customers, and carriers in theaftermath of September 11, when borders wereclosed, air transport shut down, and inventoriesrapidly depleted.

Effective and efficient supply chains require thebalancing of the five “V” elements to provide consumer value while minimizing the cost andthreat vulnerability. This balancing must incorpo-rate the multiple perspectives of consumers, firms,government, and the public. From an institutionalperspective, this includes producers, material sup-pliers, manufacturers, wholesalers, distributors,retailers, and carriers. From a capability perspec-tive, this includes individuals with skills in sourc-ing, manufacturing, inventory management,packaging, warehousing, transportation, and secu-rity as well as support sciences (e.g., biochemicalsciences).

A critical component of the global supply chain,indeed the context within which supply chainsexist (represented in Figure 2), is the role of govern-ment and the relationship between governmentsand the private sector. Whereas governments mustbalance the goals of security and trade facilita-tion—and are ultimately dependent on the cooper-ation of the private sector—suppliers, firms,carriers, and other stakeholders in supply chainsmust recognize that international trade is a privi-lege granted by governments. Thus, the globaleconomy ultimately is dependent on the mutual

obligations of both the public and private sectors,with both of them needing to strengthen supplychain security.

Integrated Supply Chain SecurityThe need for supply chain security is apparent froma variety of perspectives. From a traditional assetprotection viewpoint, the value of goods beingshipped in a single ship, plane, or truck can beenormous. One van stolen at London’s HeathrowAirport carried computer chips valued at $10 mil-lion, and Jonathan Littman (2003) estimates that asmall truck or van can easily carry $10 million incargo. Worldwide cargo theft is estimated at over$50 billion annually (National Cargo SecurityCouncil as cited in Littman). However, supplychain security initiatives must extend beyond justasset protection. A secure supply chain must guar-antee shipment integrity throughout the supplychain. This includes:

• Not allowing any biological or chemical agentto be introduced to the product.

• Not allowing any illegal commodity to beintermingled with the shipment.

• Not allowing the replacement of the productwith an illegal commodity or person.

• Not allowing the shipment to be used as aweapon.

The focus on asset protection expands when the firmconsiders the security of its people, facilities, andprocesses globally. The disruption of a key operationhas the potential of rippling through the supplychain and disrupting processes based on just-in-timeinventory. Beyond the firm, the security procedures

The Customs-Trade Partnership Against Terrorism (C-TPAT) represents an importantstart toward collaboratively addressing the issues of supply chain security; however,there are many entities that need to be coordinated, and it is easy to find weaknessesin the current system. Despite all the planning and technology that has beenapplied, we will still be in “organized chaos” in the event of a critical disruption ofthe supply chain. For one thing, we need to become clearer about the dual strate-gies of 1) mitigating risk, and 2) creating a resilient and efficient supply chain.

—Workshop on Supply Chain Security, Michigan State University, November 17, 2003

15


of suppliers and carriers become critical for the effi-cient movement of goods. The picture grows evenmore complex when one considers that this move-ment of goods is dependent on procedures, policies,and practices consistent with governmental practicesintended to increase the security of borders.

The focus on balancing the five “V” elements ofsupply chain security on a global scale points tothe need for integrated supply chain security. This is a shift from traditional security perspectives that have tended to be focused within the “fourwalls” of the plant or facility and asset protectionfocused.

Requirements for Supply Chain SecurityIt is estimated that as many as 25 different partiesare involved in the global movement of a container(buyers, sellers, inland freighters, shipping lines,middlemen [e.g., customs and cargo brokers], fin-anciers, government) (Russell and Saldanha 2003).Thus, secure and efficient supply chains must becross-institutional, including producers, materialsuppliers, manufacturers, wholesalers, distributors,retailers, and carriers. As has been stressed repeat-edly, they must be global and they must enhanceboth security and efficiency.

In many respects, the shifts in thinking required forsupply chain security are very similar to the para-digm shifts that occurred in the quality movement.Gaining efficiencies while ensuring security is verysimilar to the quality movement principle that“higher quality can be attained at lower cost byproper management and operational design” (Leeand Whang 2003: 4). Just as quality managementrejected “sampling inspection” at the end of theproduct line and sought to build quality into allaspects of process, supply chain security will notrely on sampling inspections but rather will be theproduct of building security and efficiency through-out the supply chain (Lee and Whang 2003). Theparallels to the quality movement and the shifts inthinking required for true supply chain security arereflected in Table 1.

Finally, just as expenditures in quality proved to be a smart investment, supply chain security invest-ments will be facilitated by demonstrating return oninvestment (ROI). Here promising signs are emerg-ing. A number of firms participating in the SupplyChain Security Workshop at Michigan StateUniversity report that investments in supply chainsecurity were already yielding ROI (although they

We applaud the efforts that are underway to instill quality processes, to inspectproducts and containers at the points of origin, to use technology to automate thechain of custody, to monitor the process closely during the transportation journey,and to create transparency and visibility across the supply chain. Informational,rather than physical, activities form the core of security measures.

—Lee and Whang (2003: 26)

Russell and Saldanha’s Five Tenets of Security-Aware Logistics and

Supply Chain Operation

Tenet 1: Companies need to partner with local,state, and federal government organizations thatimpact the movement of freight.

Tenet 2: Now more than ever, companies need to know their overseas trading partners and takeresponsibility for securing their cross-border supply chains.

Tenet 3: Companies need a mode-shifting capa-bility to accommodate unexpected delays, inter-ruptions, and disasters.

Tenet 4: Companies need to develop a suite ofcommunication channels and media to managecrises.

Tenet 5: There is a need to adopt the military concepts of agility, reservists, and pre-positioningfor the management of business logistics and thesupply chain in the new environment.

Source: Russell and Saldanha 2003.

16


also report challenges in measuring ROI). Manyfirms and carriers that have increased security andtightened processes have witnessed 90 percentreductions in high-tech theft losses (Littman 2003).5

Lee and Whang’s (2003: 24) case study estimatesthat Smart and Secure Tradelanes proceduresreduce costs by reducing inventory and by reduc-ing inspection time. They conclude, “These costsavings far exceed the costs of implementing elec-tronic seals, the readers, and the other infrastruc-ture investments.” Firms qualifying for TechnologyAsset Protection Association (TAPA) certificationmay receive insurance discounts (Littman 2003).

Roles for Developing Supply Chain SecurityThe transformation to secure and efficient supplychain security requires developing and providingpolicy direction from both the public and private

sectors. This requires leadership from government,domestically and internationally. At the same time,leadership within companies located throughoutthe supply chain is crucial to establishing priorities,developing multifunctional teams, and strengthen-ing relationships and the flow of information fromremote suppliers to customers.

Just as important as leadership within sectors, andperhaps even more so, will be the collaborativeleadership of public and private officials workingtogether to build security while eliminating unnec-essary barriers and maximizing logistical efficiencies.Further, this must include not only the Fortune 500companies but also smaller firms that are foundthroughout global supply chains. Similarly, it mustinclude not just the industrial powers such as theG-8 countries (Canada, France, Germany, Italy,Japan, Russia, the UK, and U.S.), but must be globalin nature.

Quality Movement Security Initiatives

Defects are very costly Security gaps create big risks

Total quality management Improvement of all stakeholders

Emphasis on prevention and Poka-Yoke methods4 C-TPAT, CSI, sealing, and anti-tamper technologies

Source inspection CSI and inspection at origin

Process control Automated chain of custody

Six-Sigma cycle to identify, track, and improve Container tracking and total visibility

Root cause analysis Profiling system for shipments, shippers, carriers, trade routes

“Quality is free” Higher supply chain security at lower cost

Source: Lee and Whang 2003.

Table 1: Lee and Whang’s Model of Supply Chain Security and Quality

Smaller companies are frustrated by the fact that only larger companies are likelyto have a voice in the process, and that only larger companies will be able toafford the investment needed to stay in step with supply chain security. Someattention needs to be given to the needs of smaller companies, to make sure theyhave a voice and can remain both compliant and viable.


17


International and domestic incidents over the lastthree years have emphasized the need for an inte-grated approach to supply chain security manage-ment. Just as a chain is no stronger than its weakestlink, a supply chain is only as secure as its weakestlink, which includes the suppliers, manufacturers,wholesalers, retailers, carriers, terminals, and gov-ernmental institutions that plan, manage, facilitate,and monitor the global movement of goods. Theprevious sections have described the key supplychain objectives and institutions. The challenge,however, is to determine the means to achieve sup-ply chain security with the broad range of relation-ships, processes, and institutions involved.

While there has not been a systematic assessmentof best practices related to supply chain securitysimilar to that completed for typical supply chainmanagement practices (Bowersox, Closs, and Stank2000), a synthesis of the existing literature andmanagement interviews can offer some insightregarding supply chain security best practices. Thetwo assessments that make up this section providea framework for evaluating supply chain securitypractices. The first one, “Supply Chain SecurityAssessment,” takes the perspective of the firm andis appropriate for use by manufacturers, whole-salers, and retailers.6 When assessing a firm’s supply chain security capabilities, the evaluativecharacteristics consider the firm’s capabilities froma number of perspectives. The first focuses on keyfirm relationships. The second focuses on the firm’srefinement of existing processes to enhance secu-rity (personnel security, information technology,facility security, inventory security, transport equip-ment security, transportation tracking and visibility,

receiving, storage, shipping, management educa-tion, internal operations management, and supplychain education). The third focuses on the supplychain security incident management stages (plan-ning, mitigation, detection, response, and recovery).For each perspective, the assessment describes anumber of characteristics of the firm in increasinglevels of sophistication. The second assessment,“Government, Carrier, and Terminal/Port Assessment”beginning on page 32, describes additional evalua-tive characteristics for key supply chain stakeholdersincluding governmental institutions, carriers, andterminal/port operators.

In both types of assessment, three levels of securityperformance are described for each category. Basic(Level 1) refers to the minimum security practicesthat would be expected for organizational relation-ship management, process refinements, and incidentplanning processes. Typical (Level 2) refers to organ-izations that have extended reasonable securityefforts. Advanced (Level 3) refers to the securitypractices that are characteristic of firms that haveplaced a very strong emphasis on enhancing sup-ply chain security.

While the assessment is useful for benchmarkingorganizational security capabilities, it is not realisticthat any firm can bring itself and its supply chainpartners up to the advanced level overnight. As a part of the assessment process, the firm mustdetermine the risks associated with its current performance level in each category. The relativecost/benefits related to each category’s risk mustthen be evaluated to prioritize supply chain secu-rity initiatives. The resulting prioritized list should

Assessing Supply Chain Security

18


then guide management actions to assure maximumutilization of resources while minimizing theimpact to the supply chain.

While these levels characterize firms in increasinglevels of sophistication, it should be noted that sup-ply chain security is a journey, not a destination.While the Advanced column may representsophisticated practices today, those same practicesmay be typical or even basic in the future. Just asinstitutions, technology, processes, and environ-ments change, the practices must adapt as well.Nevertheless, these assessment frameworks providesome systematic direction for evaluating supplychain management security practices at this pointin time.

The two assessments provide tools for firms andkey supply chain stakeholders to benchmark theirown practices, processes, and policies. Firms andstakeholders are encouraged to go through theassessments and “check off” the relevant categoriesas an initial step in assessing whether current prac-tices fall in the basic, typical, or advanced level.Then the assessments can be viewed in the contextof risk, utilized to gauge improvements, and ulti-mately used to develop metrics.

Supply Chain Security Assessment

Elements of the Supply ChainSecurity Assessment

Listed are the dimensions for evaluating firmsupply chain security. For each dimension,the assessment tables list basic, typical, andadvanced practices.

RelationshipsSupplierGovernmentCarrierTerminal/Port OperatorCustomer

Security Efforts within Existing ProcessesPersonnel SecurityInformation SecurityFacility SecurityInventory SecurityTransportation SecurityTransportation Tracking and VisibilityReceiving ManagementStorage ManagementShipping ManagementManagement EducationInternal Operations ManagementSupply Chain Education

Incident Security ManagementPlanning ManagementMitigation ManagementDetection ManagementResponse ManagementRecovery Management

19


Relationships

Supplier Relationships(Practices defining the nature of the firm’s relationship with material suppliers)

Basic (Level One)

Defines minimal supply chain security requirements in contracts

Performs limited pre-screening of suppliers as a condition forbidding on contracts

Communicates defined securityrequirements for suppliers, butdoesn’t verify that practices arebeing implemented

Allows suppliers to perform andreport security self-assessments

Has not established metrics forevaluating supply chain securityperformance

Typical (Level Two)

Defines supply chain securityrequirements in contracts

Considers security capabilities ofpotential suppliers as minor whenproposals are evaluated

Enforces defined security requirements for suppliers

Performs announced inspections/assessments or validation by thirdparty

Has established limited metricsfor evaluating supply chain security performance and makesthem available

Advanced (Level Three)

Includes specific supply chainsecurity requirements in contractsas a condition for acceptance

Mandates that suppliers adhere to established standards (e.g.,Technology Asset ProtectionAssociation prior to bidding)

Pre-screens potential suppliers with security capabilities as amajor consideration

Works collaboratively with suppliers to refine securityrequirements

Replicates best practices andresults among trading partners

Performs unannounced inspec-tions/assessments or validation by third party

Has established comprehensivemetrics for evaluating supplychain security performance andmakes them available

Regularly reviews and objectivelygrades suppliers regarding adherence to security standards

20


Basic (Level One)

Informally tracks government regulations and implications forimplementing supply chain security practices

Has informal procedures andprocesses to communicate security breaches to law enforcement

Has minimal awareness of globaland government initiatives toenhance supply chain securityinitiatives such as WCO, ACI, C-TPAT, and CSI

Avoids notifying governmentregarding vulnerabilities

Does not adjust processes based on government security levels

Typical (Level Two)

Proactively tracks government regulations and implications forimplementing supply chain security practices

Has defined procedures andprocesses to communicate security breaches to local lawenforcement

Actively participates in associa-tions and organizations offeringseminars regarding supply chainsecurity

Tracks public information regarding government initiativesto enhance supply chain securityinitiatives such as WCO, ACI, C-TPAT, and CSI

Informally informs governmentregarding vulnerabilities

Adjusts processes based on government security levels


Takes active role in initiatives toeducate and exchange informa-tion with government officialsresponsible for enhancing supplychain security

Has defined procedures andprocesses to systematically monitor and synthesize informa-tion regarding security breacheson a global basis

Actively participates in cross-organizational initiatives todevelop and influence govern-mental supply chain securitypolicies

Takes active role in guiding andproviding feedback for governmentinitiatives to enhance supplychain security initiatives such asWCO, ACI, C-TPAT, and CSI

Has a defined process to informgovernment regarding known vulnerabilities

Adjusts processes based on government security levels

Government Relationships(Practices defining the nature of the firm’s relationship with local, regional, and national agencies)

21


Basic (Level One)

Requires carrier to meet minimum inspection standards

Gives limited consideration to security capabilities when selecting carriers

Takes no role in specifying driverrequirements for carrier

Requires carriers to have appropriate licenses (e.g., hazardous materials)

Allows carrier to perform andreport security self-assessments

Provides carrier drivers with minimal education regarding supply chain security issues

Typical (Level Two)

Defines security checks andprocesses for carriers

Uses limited number of securitycapabilities when evaluating carriers

Defines general requirements forcarrier drivers

Regularly reviews license requirements (e.g., hazardousmaterials)

Performs announced inspections/assessments

Provides carrier drivers with education focusing primarily on asset security

Requires background checks to be performed on carrieremployees

Requires that carriers have devel-oped and documented responseplans for likely security incidents


Involves carriers in setting standards and establishing security processes

Requires comprehensive securitycapabilities for carrier contracts

Requires carriers to participate in“known shipper” programs suchas offered in the European Unionand the U.S.

Defines specific requirements forcarrier drivers


Performs unannounced inspections/assessments

Provides carrier drivers with comprehensive education regarding their role in enhancingsupply chain security

Requires thorough pre-hiringbackground and reference checkswith regular re-checks to be performed on carrier employees

Proactively tests carrier supplychain security capabilities andresponse plans

Carrier Relationships(Practices defining the nature of the firm’s relationship with air, motor, pipeline, rail,

and water carriers as well as with transportation service providers)

22


Basic (Level One)

Requires terminal operators to meet minimum inspectionstandards

Gives limited consideration to security capabilities when select-ing terminal operators

Performs and reports security self-assessment

Gives minimal consideration to port facility security capabilitywhen evaluating port bids

Typical (Level Two)

Defines security checks andprocesses for terminal operators

Uses a limited number of securitycapabilities when evaluating terminal operators


Approves a Port Facility Security Plan and subsequentamendments


Involves terminal operators in setting standards and establishingsecurity processes

Requires comprehensive securitycapabilities for terminal operatorcontracts


Provides input to Port FacilitySecurity Assessment and subsequent amendments

Provides regular feedback for terminal/port operator regardingsupply chain security requirementsand performance

Proactively tests terminal operators’ supply chain securitycapabilities

Terminal/Port Operator Relationships(Practices defining the nature of the firm’s relationship with private and public entities

that operate air, ocean, and water terminals and ports)

Basic (Level One)

No formal means for customersto provide input regarding supplychain security concerns

Customer has a minimal consideration for supply chain security

Customer has expended minimaleffort to guarantee continuoussupply of critical components

Typical (Level Two)

Firm has established and publicized an individual ororganization to receive customersupply chain security concerns

Customer recognizes supplychain security efforts as a cost of doing business

Customer has established initia-tives to guarantee continuoussupply of critical components


Firm has established and publi-cized an individual or organiza-tion to synthesize informationregarding customer supply chainsecurity concerns and to developimplications

Customer recognizes supplychain security capabilities as acompetitive advantage

Customer has defined plans to guarantee continuous supply of critical components

Customer Relationships(Practices defining the nature of the firm’s relationship with customers)

23


Security Efforts within Existing Processes

Basic (Level One)

Has no “code of ethics” regarding supply chain securitypractices

Uses limited pre-hiring back-ground and reference checkswith rare rechecks

Uses no pre-hiring drug checks

Typical (Level Two)

Has basic “code of ethics” regarding supply chain securitypractices

Uses thorough pre-hiring back-ground and reference checkswith rare rechecks

Uses pre-hiring drug checks asallowed by law

Trains personnel to observe forsigns of employees who might beliving beyond their means


Has comprehensive “code ofethics” regarding supply chainsecurity practices

Uses thorough pre-hiring back-ground and reference checkswith regular rechecks

Uses pre-hiring and random post-hiring drug checks asallowed by law

Trains personnel to observe forsigns of employees who mightrespond to coercion

Personnel Security (Practices that guide the firm’s activities for selection and monitoring of personnel)

Basic (Level One)

Does not require pre-transmissionof crew or cargo manifests

Firms in Level 1 supply chain partnerships engage in minimal,arm’s-length relationships enabledtypically by asynchronous, one-way data push communicationmechanisms

Uses no backup power supply foroperations and security systems

Allows order and shipment documentation to be readilyavailable to operations personnel

Allows order and shipment information to be available to a wide range of individualsinvolved in operations

Typical (Level Two)

Suggests suppliers and carrierstransmit electronic crew andcargo manifests

Firms in Level 2 supply chain partnerships are characterized bypush and pull, asynchronous andsynchronous, point-to-pointclient-server communication

Employs backup power supplyfor operations and security systems

Secures order and shipment documentation, but restraints can be overridden

Controls access to order andshipment information by role andresponsibility in the organization


Contractually requires international carriers to transmitelectronic crew and cargo manifests

Firms in Level 3 supply chain strategic partnerships are characterized by peer-to-peerclient-server communication

Employs backup power supplyfor operations and security systems

Makes available order and shipment documentation on a “need to know” basis only

Controls access to order andshipment information on a “needto know” basis only

Information Security (Practices that guide the firm’s activities to guarantee information integrity, consistency, and timeliness)

24


Basic (Level One)

Relies on passive measures suchas locked doors and fences forfacility security

Has minimal definition of secureareas

Uses locking devices on externaldoors and windows

Has no backup power for criticalfacility areas

Has no established process forestablishing and revising facilityauthorization cards or keys

Provides terminal security byfences

Uses no color coding for uniforms or ID tags to designateaccess privileges

Employs limited video monitoringof facilities and docks

Typical (Level Two)

Relies on passive measures suchas locked doors and gates andoccasional human checking forfacility security

Has clear identification of secureareas

Uses locking devices on externaland internal doors, windows,gates, and fences

Has backup power for key operational areas

Has defined process in place toestablish and revise facilityauthorization cards and keys

Provides terminal securitythrough a combination of fencesand video

Uses color coding for uniforms or ID tags to designate access privileges

Uses closed-circuit video moni-toring of facilities and docks


Provides facility security using acombination of passive and activemeasures including fences, locks,video, and human inspections

Has clear identification and monitoring of secure areas

Equips exterior doors and windows with alarms

Has backup power for key operational areas and high-valuecargo areas

Has defined process in place toestablish facility authorizationcards and keys with dynamicrevisions for changes in personnel

Provides terminal securitythrough a combination of fences,video, guards, and informationtechnology tools (e.g., biometricpersonnel screening)

Uses color coding for uniforms or ID tags to designate access privileges

Requires use of closed-circuitvideo monitoring of facilities,docks, and cargo

Facility Security(Practices that enhance security of the firm’s buildings and their surroundings)

25


Basic (Level One)

Production receipts are recordedbased on deliveries to the warehouse

Warehouse Management Systemdoes not track product movement by employee

No separation of duties (e.g., single individual is responsible forreceipts and withdrawals withoutoversight)

Typical (Level Two)

Inventory receipts in the warehouse are matched with production quantities in the plant

Warehouse Management Systemuses barcoding to track storageand retrieval of product byemployee

Limited separation of duties oroversight


Positive matches are required forproduction and inventory receiptquantities

Warehouse Management Systemuses Radio Frequency (RFDC) totrack storage and retrieval ofproduct and movement byemployee

Documented separation of dutiesand oversight minimize the opportunity for inventory theft or diversion

Inventory Security(Practices that reduce the risk of inventory theft and diversion)

Basic (Level One)

Has not defined security interfaces with carriers

Uses no standard procedures forseal control and usage

Has established basic lost orstolen goods metrics

Typical (Level Two)

Has defined a single primarysecurity contact with each contracted carrier

Uses standard procedures for seal control and usage

Tracks lost or stolen goods bymonth


Has established an Internet supply-chain-theft report thatcontains all the information to be reported to law enforcement

Uses standard procedures with regular audit procedures for sealcontrol and usage

Lost or stolen goods metricsdemonstrate continuous improvement

Transportation Security(Practices that facilitate the reporting and recovery of goods lost or stolen in transit)

26


Basic (Level One)

Achieves transportation visibilitythrough phone and manual procedures

Does not use real-time satellitetracking for containers

Does not monitor transportationrouting

Typical (Level Two)

Makes real-time tracking capability a prerequisite for carrier contracts

Uses satellite tracking of trucksand containers on a limited scale

Reviews and approves transportroutes prior to movement


Requires Supply Chain Event Management (SCEM) capability to proactively manage transport movements

Requires satellite tracking oftrucks and containers as a condition of contract

Requires approval by firmsecurity of any deviation fromapproved transport routes

Uses tracking and protocols toallow real-time notification ofdiversion to security and lawenforcement

Records and reports detecteddeviations from approved transport routes

Transportation Tracking and Visibility(Practices that minimize risk of goods being lost, stolen, or diverted in transit)

27


Basic (Level One)

Has no standardized process todeter or prevent the introduction of unauthorized weapons, incendiary devices, explosives, or other contraband

Uses no verification of carrier personnel prior to allowing entry

Uses no systematic checking ofcontainers prior to release for re-use

Does not document receiving discrepancies

Does not control private passen-ger vehicle parking

Typical (Level Two)

Has defined and implementedstandardized process to deter or prevent the introduction ofunauthorized weapons, incendiarydevices, explosives, and othercontraband

Requires verification of carrierprior to allowing entry

Systematically checks containersprior to release for re-use

Documents receiving discrepan-cies using paper and photographs

Requires proper weighing, counting, and documenting ofcargo/cargo equipment verifiedagainst manifest documents

Separates employee parking fromvisitor parking

Restricts private passenger vehicle parking to designatedareas


Uses video and scanning technology to deter or prevent the introduction of unauthorizedweapons, incendiary devices,explosives, and other contraband

Requires verification of carrierand driver prior to allowing entry

Systematically checks containersprior to release for re-use

Documents receiving discrepan-cies using electronic and videomeans

Requires proper weighing, counting, and documenting ofcargo/cargo equipment verifiedagainst manifest documents

Controls access to employee parking by a gate/pass and/ordecal system

Prohibits private passenger vehicles from parking in cargoareas or immediately adjacent tocargo storage buildings

Receiving Management(Practices that minimize the risk of receipt of unwanted or unauthorized material)

Storage Management(Practices that minimize the risk of damage or theft of product in a storage facility)

Basic (Level One)

Does not segregate storage basedon product type or destination

Co-locates break areas withstorage or staging areas

Typical (Level Two)

Segregates and marks interna-tional, domestic, high-value, anddangerous goods cargo withinthe warehouse by a safe, vault,caged, or otherwise fenced-inarea

Separates break areas from storage or staging areas

Maintains controlled access tohigh-risk areas


Segregates and marks interna-tional, domestic, high-value, anddangerous goods cargo within the warehouse by a safe, vault,caged, or otherwise fenced-inarea

Separates break areas from storage and staging areas

Requires signing in and out of high-risk areas

28


Management Education(Practices that provide firm management and employees with a broad

understanding of the benefits and costs related to supply chain security)

Basic (Level One)

Supply chain security has limitedtop management visibility

Limited communication of security policies and standards to employees

No recognition of employeesreporting suspicious activities

Typical (Level Two)

Supply chain security is viewedas a “cost of doing business” bytop management

Firm communicates security policies and standards to employees

Public recognition of employeesreporting suspicious activities


Supply chain security is viewedas a competitive advantage bytop management

Firm communicates security poli-cies and standards to employeesincluding consequences of non-compliance

Public recognition and incentivesprovided for employees reportingsuspicious activities

Shipping Management(Practices that minimize the firm’s risk of shipping unwanted

material and having product stolen or damaged in transit)

Basic (Level One)

Has no standardized processdefined for loading and sealingcontainers

Has no standardized monitoringof cargo loading process

Has not established different policies for high-risk shipments

Has no formalized process forinspecting shipping containerintegrity prior to loading

Uses only physical seals for limiting access to containers

Typical (Level Two)

Accepts the process of carrier or third party for loading andsealing containers

Employs standardized monitoring of cargo loading process

Has refined policies for handlinghigh-risk shipments

Has defined process for inspect-ing shipping container integrityprior to loading

Maintains proper storage ofempty and full containers in aprotected environment to preventunauthorized access, includinguse of seals

Tests electronic seals for monitoring access to containers


Defines a standard process for loading and sealing containers and completes periodic audits

Employs closed-circuit monitoringof cargo loading process withrecordings to be maintained for a specified period

Has extensive policies such as two drivers, use of GPS, escortedservice, driver security training, and route varying for high-risk shipments

Has defined process for inspectingshipping container integrity prior to loading with periodicunannounced audits

Maintains proper storage ofempty and full containers in aprotected environment to preventunauthorized access, includinguse of seals

Contractually requires electronicseals for monitoring access to containers

29


Internal Operations Management(Practices that guide the firm in the establishment of policies to enhance internal security)

Basic (Level One)

Gives responsibility for supplychain security to the security organization

Does not regularly review supplychain security procedures

Posts minimal signage regardingsecurity requirements for operations personnel

Has no defined procedures andconditions for notifying Customsand other law enforcement agencies regarding shortages,overages, anomalies, or illegalactivities

Typical (Level Two)

Delegates responsibility for supply chain security across anumber of functional areaswithin the firm

Reviews supply chain security procedures only on an ad hocbasis

Posts signage regarding securityrequirements for operations personnel

Has defined procedures and conditions for notifying Customsand other law enforcement agencies regarding shortages,overages, anomalies, or illegalactivities


Centralizes responsibility for supply chain security manage-ment with a high-visibility cross-functional team

Reviews supply chain security procedures on a regular basis

Posts extensive signage regardingsecurity requirements for opera-tions personnel with references tocentralized reporting

Has defined procedures and conditions for notifying Customsand other law enforcement agencies regarding shortages,overages, anomalies, or illegalactivities

Maintains information to facilitate product tracking

Supply Chain Education(Practices that develop a workforce knowledgeable in supply chain management and security)

Basic (Level One)

Has not reviewed and documented overall supply chainwith the goal of identifyingpotential security risk areas

Has not identified supply chainsecurity education alternatives

Does not conduct training drillsand exercises

Typical (Level Two)

Has reviewed and documentedoverall supply chain with thegoal of identifying potential security risk areas

Has identified supply chain security education initiatives, butdoes not have a plan for movingemployees through the program

Has begun to conduct training drills and training exercises


Has prepared educational material to provide guidelines forprioritizing efforts to minimizerisks

Has identified supply chain security education initiatives andhas a formal plan for movingemployees through the program

Regularly conducts drills andtraining exercises

Extends its supply chain securitytraining to its trading partners

30


Incident Security Management

Mitigation Management(Practices that guide the firm’s efforts to reduce the risk that those incidents

would significantly inhibit a firm’s ability to continue operations)

Basic (Level One)

Has no comprehensive view orstatement regarding its efforts tomitigate the risk of supply chainsecurity initiatives

Typical (Level Two)

Has a comprehensive viewregarding its efforts to mitigatethe risk of supply chain securityinitiatives

Has established a communicationsystem for critical incident management

Has established protocol withappropriate public and privatesector partners


Has a comprehensive view andstatement regarding its efforts tomitigate the risk of supply chainsecurity initiatives

Employs redundant communica-tions system for critical incidentmanagement

Has established protocol andconducted exercises with appropriate public and privatesector partners

Planning Management(Practices that guide the firm in identifying alternative sources and flows

if an incident were to deactivate a key supplier or carrier)

Basic (Level One)

Has no planning process to identify impact of key suppliers

Has no planning process to iden-tify the impact of interruptions onmajor lanes

Is developing framework for defin-ing relative supply chain risk bycountry

Typical (Level Two)

Has established alternative material sources in the case ofsupply chain disruptions

Has established alternative carriersfor use in the case of supplychain disruptions on major lanes

Has defined framework and is rating countries on their relativesupply chain risk



Works with suppliers to establishalternative source as part of contracting process

Works with carriers to establishalternative providers on majorlanes

Has prioritized countries regarding relative risk and hasestablished initiatives to reducethe level of risk

Has established protocol andconducted exercises with appro-priate public and private sectorpartners

31


Detection Management(Practices that guide the firm in the deployment and application of detection equipment)

Basic (Level One)

Has no defined procedures forrecognizing and recording security incidents

Typical (Level Two)

Has defined procedures for recognizing and recording security incidents



Has defined procedures for recognizing and recording security incidents and has established guidelines regardingappropriate responses


Recovery Management(Practices that define the firm’s anticipatory establishment of plans for incident recovery)

Basic (Level One)

Has no documented recoveryplans for supply chain securityincident

Typical (Level Two)

Has documented plans forresponding to a supply chainsecurity incident



Has documented plans for responding to a supply chain security incident and has adefined process to reinstate operations


Response Management(Practices that define how a firm designs the organizational response to an incident)

Basic (Level One)

Has no defined plans to respondto supply chain security incidents

Typical (Level Two)

Attempts to have defined procedures to respond to supplychain security incidents



Has defined and practiced “crisismanagement” procedures forresponding to supply chain security incidents


32

Government, Carrier, and Terminal/Port Assessment


Elements of Government, Carrier, And Terminal/Port Assessment

Government(Practices that facilitate local, regional, and national government ability to both reduce the risk and respond to a security incident)

Basic (Level One)

Allows each response unit (i.e.,Police, Fire, and Public Health)and municipality to develop itsown supply chain security plansand responses

Participates in minimal joint government-industry initiatives to plan and test security incidentresponse capabilities

Does not have any standardizedprocess for evaluating securityrisk

Has no clear definition of govern-mental chain of responsibility forreporting supply chain security incidents

Has no common process for sharing and synthesizing supplychain security incidents

Does not understand its role in supply chain security withrespect to freight

Typical (Level Two)

Facilitates integrated responsesacross municipalities but notacross response units

Participates in joint government-industry initiatives to plan security incident response

Develops and maintains a standardized process for evaluating security risk

Has a defined governmentalchain of responsibility for reporting supply chain securityincidents

Has a common process for sharing supply chain securityincidents

Understands the importance of secure supply chains but is not organized to provide an integrated response

Defines, evaluates, and reportssecurity levels based on established criteria


Facilitates integrated planningand responses across municipalities and acrossresponse units

Participates in joint government-industry initiatives to plan andtest security incident responsecapability

Develops and maintains a standardized process for evaluating security risk and regularly reports metrics

Has a defined and well-communicated governmental chain of responsibility for report-ing supply chain security incidents

Has a common process for sharing and synthesizing supplychain security incidents

Understands the importance of secure supply chains and is organized to provide an integrated response

Develops written security agree-ments with other governments toapply a common methodologyusing transferable and consistentstandards

Facilitates trade for trusted andcooperative shippers, carriers, and firms

Listed are the dimensions that supply chain partners, including government, carriers, and terminal/port operations, should use in evaluating their security. For each dimension, the assessment tableslist basic, typical, and advanced practices.

33


Carrier(Practices that facilitate a carrier’s ability to minimize the risk of and respond to a security incident)

Basic (Level One)

Meets minimum inspection standards

Does not have a formal process formeasuring its supply chain securitycapabilities

Performs announced inspections/assessments of facilities and equipment

Provides carrier drivers with minimal education regarding supply chain security issues

Allows customers to take no role inspecifying driver requirements forcarrier

Requires carriers to have appropriate licenses (e.g., hazardous materials)

Has not established different policies for high-risk shipments

Makes no use of technology for communicating with and trackingvehicles on road

Has no documented response plans for supply chain incidents

Does no testing of response plansfor supply chain security incidents

Typical (Level Two)

Defines security checks andprocesses for facilities and vehicles

Defines and reports a limited number of security metrics

Performs unannounced inspections/assessments of facilities and equipment

Provides carrier drivers with education focusing primarily onasset security

Allows customers to specify general requirements for carrierdrivers

Requires that background checks be performed on carrieremployees


Has refined policies for handlinghigh-risk shipments

Uses two-way communicationsuch as cell phones to communi-cate with drivers on road

Has developed and documentedresponse plans for every securityincident

Performs announced testing ofresponse plans for supply chainsecurity incidents


Involves key customers in settingstandards and establishing security processes

Defines and reports a comprehensive number of security metrics

Proactively tests carrier supplychain security capabilities

Provides carrier drivers with comprehensive education regarding their role in enhancingsupply chain security

Allows customers to define carrier driver requirements as anelement of the contract

Requires thorough pre-hiringbackground and reference checkswith regular re-checks to be per-formed on carrier employees


Uses biometric personnel screening coupled with continueddevelopment of security measures(e.g., biometric ignition systems)for high-risk shipments

Uses two-way communicationand satellites to communicatewith and track vehicles while on road

Has extensive response plans forpotential security incidents

Performs unannounced testingand tabletop exercises ofresponse plans for supply chainsecurity incidents

Participates in known shipper programs such as offered in theEuropean Union and the U.S.

34


Terminal/Port Operator(Practices that facilitate a terminal/port operator’s ability to minimize the

risk of and respond to a security incident)

Basic (Level One)

Has no Port Facility Security Planin place

Terminal operators meet mini-mum inspection standards


Provides terminal securitythrough the use of fences

Firms minimally consider the PortFacility Security Plan

Does not plan or test port facilityresponses to supply chain security incidents

Typical (Level Two)

Has an established Port FacilitySecurity Plan, but it is notregularly maintained

Terminal operators define security checks and processes for monitoring


Provides terminal securitythrough a combination of fencesand video

Firms approve a Port FacilitySecurity Plan and subsequentamendments

Has developed plans for port facility responses to supply chainsecurity incidents


Has an established Port FacilitySecurity Plan and regularly reviews it

Terminal operators set specificstandards, establish securityprocesses, and regularly reportmetrics

Proactively tests terminal operators’ supply chain securitycapabilities

Establishes critical incident protocol including joint exerciseswith key public and private sector agencies

Provides terminal securitythrough a combination of fences,video, guards, and informationtechnology tools

Allows customers to provide input into Port Facility SecurityAssessment and subsequent amendments

Plans and regularly tests portfacility responses to supply chain security incidents

35


The following four recommendations result from asynthesis of previous literature regarding supplychain security and the Supply Chain Workshop atMichigan State University. The recommendationsfocus on:

• Recommendation One: Leadership and visibility

• Recommendation Two: Greater public-privatepartnership, such as through a joint forum

• Recommendation Three: Promotion of additional research to enhance knowledge of supply chain security issues

• Recommendation Four: Dissemination ofknowledge through education and training

Figure 3 illustrates the inter-relationship betweenthe recommendations and the resulting impact.

The central theme of the recommendations is thatstrong leadership is necessary from a combinedpublic-private partnership to raise awareness of theimportance of supply chain security as a nationalpriority and to promote initiatives to assure results.The partnership should facilitate and prioritize theresearch and dissemination of information regard-ing supply chain security issues, best practices, andperformance measures.

Recommendations for Action

Figure 3: Recommendations

Recommendation Two

Public-Private Sector Collaboration

Recommendation One

Leadership

Recommendation Three

Research

Recommendation Four

Education and Training

Resulting Impacts

• Transforming the Security Industry• Information Sharing• Best Practices and Metrics• Research Priorities• Education and Awareness

36


Recommendation One: Leadership. Increase theawareness, visibility, and importance of supply chainsecurity challenges and issues by fostering public-private sector collaboration and cooperation.There is need for a stronger, integrated messagefrom both public and private sector leaders. Despitea number of important new initiatives increasingthe security of the movement of people and goods,the sheer volume of global trade creates securitychallenges that demand the focused attention ofgovernment and industry leaders. This messagemust establish the link between the requirementsfor efficient movement to support a global econ-omy and the demands for security due to the waron terror. The result is that supply chain securityis recognized across the board as a number onepolicy priority, and it must quickly and forcefullymobilize resources for lasting change.

There is a sense that the security industry as itoperates within firms today is not engaged in thebroader issues of supply chain security, but is stillfocused primarily on fixed asset security. There is a need to find a way to transform this industry,broadening its scope and role in the protection ofsupply chain processes, activities, and infrastructure,as well as firm assets.

This recommendation is similar to U.S. PresidentJohn F. Kennedy’s mandate regarding the space pro-gram in the early 1960s. A similarly unambiguousnational commitment is needed, and it needs to bearticulated by a broad spectrum of leaders so that

everyone understands it as a fundamental necessity,not a product of politics or self-interest. Finally, thefocus must transcend borders and be global inscope.

Recommendation Two: Public-Private SectorCollaboration. Establish a forum that facilitates collaboration and joint action between governmentand industry to improve supply chain security riskassessment and identify best practices.There is a need for a government-industry forum tofoster better information sharing among stakeholdersthat heretofore have not typically interacted. Thegroup must be de-politicized, presenting supplychain security as an essential need for the liveli-hood and security of all. It must also be singularlyfocused on supply chain security and efficiency sothat there is no dilution by other priorities.

The initial focus of the forum should be on two initiatives. First, the group should oversee develop-ment of a framework for assessing and prioritizingrisk in the process of establishing supply chainsecurity. The framework should include a focus onthe critical activities and mission-critical elements.The phrase “mission-critical elements” is meant toinclude trade lanes, products, and infrastructure.

The second initiative should be to establish aneffective platform for sharing information betweengovernment and industry, and within industries.Best practices, whether they are the best practicesof a firm whose supply chain is secure or the best

Trust is needed if we are to develop good intelligence about vulnerabilities in thesystem and determine what needs to be done about them. Ideally, internationalgovernments and companies should be connecting the “best practices” of terror-ists with their likely consequences. But it is tremendously difficult for companies toopenly acknowledge a deficiency or vulnerability, and thereby open themselves upto criticism from interest groups or regulators. In the absence of a shift in organiza-tional culture that encourages companies to identify what isn’t working, compa-nies will continue to try to piece together a strategy for supply chain securityinternally, on their own. We need to find a way to elevate the internal function ofidentifying problems that put the company—and the supply chain—at risk.


37


practices of a terrorist seeking to disrupt it, must be communicated to all stakeholders in supplychain security. This recommendation calls for theestablishment of a robust supply chain securityintelligence collection system, one that facilitatesinformation sharing and communication across thesupply chain, and enables both government andindustry to share essential information. This requiresgreater trust and a changed attitude toward therecognition of weaknesses within a company. Firmsand the public sector must be willing to discussweaknesses so that the combined partnership, rep-resented by the government-industry forum, canpropose common solutions that are both effectiveand efficient.

A key question that needs to be resolved is how the new entity would relate to the global commu-nity. What will be its relationship to the WCO, forexample? It is clear that the forum should act inconcert with national objectives. Yet, it is also clearthat efforts to improve supply chain security mustbe global in nature if the supply chain is to be bothefficient and secure.

Recommendation Three: Research. Undertakeresearch regarding the value and best practicesrelated to supply chain security and disseminatethe results.It is essential that the assessment of priorities,processes, practices, and the development of metricsoccur in an environment that is objective and mutu-ally respected by all stakeholders. This includes acombination of academic and governmental institu-tions, professional organizations, and private sectorfirms. The role of research is to facilitate key stakeholder collaboration, conduct research, andarticulate the underlying value and necessity ofmaintaining supply chain security in language thatspeaks to all stakeholders. Relevant government-industry forums would facilitate research by identifying critical topics for investigation.

The advantages of broader, multidisciplinaryresearch can be identified and disseminated to the institutional components of supply chains. For example, lessons learned in efforts such as theBusiness Anti-Smuggling Coalition, internationaldrug enforcement, and anti-corruption initiativescan be applied to terrorist threats in today’s supplychain environment. The packaging industry is

another important player in securing the supplychain. Access to and application of new technolo-gies that can provide easier evidence of tampering,verification, and anti-counterfeit devices, for exam-ple, can greatly assist in achieving supply chainsecurity through monitoring and detection.

There are three suggestions that require strong con-sideration when establishing the research agenda.First, the global nature of supply chains calls for aglobal research network. Such a network is muchmore likely to enlist the international support andcooperation necessary for common processes met-rics, education, and innovation.

Second, there is a necessary intermediate step priorto the promotion of metrics and practices. Thevalue of supply chain security must be illustratedthrough case studies that demonstrate the benefitsand returns associated with successful risk mitiga-tion. In the end, the case for supply chain securitymust be made in a common language: Its costs andits benefits must be conveyed in a wider, commoncontext that both corporate and political leaderscan easily understand and appreciate.

Third, research should explore the development of assessment tools to continuously validate andimprove the process of implementing supply chainsecurity measures. This suggestion addresses theongoing work of maintaining supply chain securityover time. It suggests that “tabletop” continuity testsshould be conducted on an international scale toensure that security measures remain current andeffective.

The research, facilitation, and articulation that thisentails must be carried out by entities that aremutually recognized as objective by both the publicand private sectors. These entities must also becommitted to objective metrics that can encompassthe value of trade and its impact on the economy.

Recommendation Four: Education and Training.Facilitate the development of education and training resources necessary to disseminate andimplement best practices and approaches.This is the ultimate product of the previous threerecommendations from the research and workshop:resources and programs to provide training toenhance supply chain security along with clear

38


metrics and best practices to guide managers andpolicy makers. The development of metrics is criti-cal for creating a data-driven, reliable system thatsupports risk management models that allow forthe development and valid identification of trustedpartners.

Training and education regarding supply chainsecurity should be incorporated into undergraduate,graduate, executive, and industry trade programsfor a range of disciplines including business, security,public policy, and law. The education and trainingshould include short modules and sessions thatprovide an overview to multiple-day programs, andsemester classes that provide the information toguide assessment and implementation of supplychain security best practices. The content of educa-tion and awareness materials must be tailored to awide range of audiences, from company CEOs toline workers, from government officials to inter-national stakeholders.

Education and awareness are the essential goals of this recommendation; however, incentives foraction will be important in engaging some audi-ences, such as “lower tier” suppliers and foreignpartners. There is a general sense that incentives(e.g., accelerated cargo clearance associated with“fast lane” status, fewer inspections, etc.) havebeen and will be much more effective than penal-ties in bringing about the desired results.

39


1. The report is based on a review of research andpolicy literature; dialogue with private and public sectorleaders; a workshop on supply chain security involving40 leaders from government, industry, and academiaheld at Michigan State University in November 2003;and the experience of leading academic programs insupply chain management and criminal justice/securityat Michigan State University.

2. The level of control of imports and exports varies with the movement of certain technologies tightlycontrolled.

3. The AMR applied to sea cargo. The AdvanceElectronic Presentation of Cargo Information encom-passes ocean, air, rail, and truck. Similar requirementswere imposed by Israel in November 2003 and will soonbe enacted in India for ocean and air shipments.

4. “The Poka-Yoke system involves designing theprocess such that if some deviations to perfection happenin the production process, they could be identified rightaway and automatically corrected to prevent defectsfrom recurring” (Lee and Whang 2003:8).

5. Littman (2003) notes that successful efforts toreduce high-tech theft during the 1990s combined tradi-tional security measures (guns, guards, and gates) withnew technologically based steps including electronictracking, alarm and access control, GPS systems, biometrically controlled ignition systems, etc.

6. It should be noted that many aspects of the“Supply Chain Security Assessment” pertain to all stakeholders, but to differing degrees.

Endnotes

40


Bernasek, A. (2002). The friction economy:American businesses just got the bill for the terror-ists attacks: $151 billion a year. Fortune, 145, 4:104–110.

Bowersox, D. J., D. J. Closs, and T. P. Stank (2000).21st Century Logistics: Making Supply ChainIntegration a Reality (Chicago: Council of LogisticsManagement).

Damas, P. (2002). Cutting red tape in cross-bordertrade. American Shipper, 44, 8: 14, 16–17.

Damas, P. (2001). Supply chains at war. AmericanShipper, (Nov.) 17–18.

Gillis, C. (2003). End-to-end customs control.American Shipper, 45, 3: 6–8, 10, 12.

Gillis, C. (2002). Customs agencies turn attentionto exports. American Shipper, 44, 8: 8–10, 12–13.

Hannon, D. (2002). High-tech security becomestop priority in supply chain. Purchasing, 131, 11(June 20): 39, 41.

Helferich, O. K. and R. L. Cook (2003). Securingthe Supply Chain (Chicago: Council of LogisticsManagement).

Hickey, K. (2003). One strong chain. Traffic World,267, 21 (May 26): 18–19.

Lee, H. and S. Whang. (2003). Higher supply chainsecurity with lower cost: Lessons from total qualitymanagement. Graduate School of Business,Stanford University. 1–28.

Littman, J. (2003). Thwarting the perfect crime.Electronic Business, 29, 4 (April 1): 50–54.

Russell, D. M. and J. P. Saldanha. (2003). Fivetenets of security-aware logistics and supply chainoperation. Transportation Journal, 42, 4: 44–54.

Bibliography

41


David J. Closs is the John H. McConnell Chaired Professor of BusinessAdministration in the Department of Marketing and Supply ChainManagement at Michigan State University. He has been extensivelyinvolved in the development and application of computer models andinformation systems for supply chain operations and planning. Dr. Closshas worked with over 100 of the Fortune 500 corporations in areas involv-ing logistics strategy and systems. In addition, he actively participates inlogistics executive development seminars and has presented sessions inNorth America, South America, Asia, Australia, and Eastern Europe.

His primary research interests include logistics strategy, logistics informa-tion systems, and logistics planning techniques. He was one of the principalresearchers guiding two studies investigating domestic and global logisticsand supply chain best practices.

Dr. Closs has authored and co-authored numerous articles and made presentations regarding world-classlogistics capabilities and logistics information systems applications. He is a co-author of Supply ChainLogistics Management; Logistical Management: The Integrated Supply Chain Perspective; 21st CenturyLogistics: Making Supply Chain Integration a Reality; and World Class Logistics: The Challenge of ManagingContinuous Change. In addition, he has published papers in the Journal of Business Logistics; InternationalJournal of Physical Distribution and Logistics Management; International Journal of Logistics Management;Supply Chain Management Review; and International Marketing Management

Dr. Closs received his Bachelor of Science, Master of Business Administration, and Doctor of Philosophyfrom Michigan State University.

A B O U T T H E A U T H O R S

42


Edmund F. McGarrell is Director and Professor of the School of CriminalJustice at Michigan State University. He also serves as Co-ExecutiveDirector of the Global Community Security Institute at Michigan StateUniversity (MSU). The Institute serves as an umbrella for MSU’s homelandsecurity initiatives that build on the university’s particular strengths ininterdisciplinary research, public-private partnerships, and online educa-tion tools.

In addition to homeland security, Professor McGarrell’s research interestsare in the area of communities and crime. He is the principal investigatorof an initiative sponsored by the National Institute of Justice whereby theSchool of Criminal Justice is providing training, technical assistance, andresearch in support of Project Safe Neighborhoods (PSN). PSN is a majorDepartment of Justice program intended to reduce firearms violence in theUnited States. McGarrell has conducted several long-term research projects including an experiment on theuse of restorative justice conferences as an alternative response to juvenile crime and a strategic problemsolving initiative to reduce homicide and firearms violence.

McGarrell’s research has been funded by the National Institute of Justice, Office of Juvenile Justice andDelinquency Prevention, private foundations, industry, and state and local agencies. He is the author ofJuvenile Correctional Reform and Returning Justice to the Community: The Indianapolis Restorative JusticeExperiment, and co-editor of Community Corrections and Community Policing in a Rural Setting. His articles have appeared in a number of journals including American Behavioral Scientist, Crime andDelinquency, Criminology and Public Policy, Journal of Research in Crime and Delinquency, InternationalJournal of Comparative and Applied Criminal Justice, Justice Quarterly, Justice Research and Policy, as wellas reports by the Office of Juvenile Justice and Delinquency Prevention and the National Institute of Justice.

McGarrell previously was a faculty member at Indiana University, where he served as chair of theDepartment of Criminal Justice, and at Washington State University at Spokane. He previously served asdirector of the Crime Control Policy Center at the Indianapolis-based Hudson Institute, as co-director of theWashington State Institute for Community Oriented Policing, and was a visiting fellow at the NationalCenter for Juvenile Justice.

McGarrell received his Bachelor of Arts degree from Mansfield University and and his Masters of Arts andDoctor of Philosophy from the School of Criminal Justice, University at Albany, State University of New York.

43


To contact the authors:

David J. ClossJohn H. McConnell Chaired Professor of Business Administration Department of Marketing and Supply Chain ManagementEli Broad College of BusinessN370 Business College ComplexMichigan State University East Lansing, MI 48824(517) 353-6381

e-mail: [email protected]

Edmund F. McGarrellDirector and ProfessorSchool of Criminal Justice Michigan State University 560 Baker Hall East Lansing, MI 48824 (517) 355-2192 fax: (517) 432-1787

e-mail: [email protected]

K E Y C O N T A C T I N F O R M A T I O N

44 To download or order a copy of a report, visit the Center’s website at: www.businessofgovernment.org

E - G O V E R N M E N T

Supercharging the Employment Agency: An Investigationof the Use of Information and CommunicationTechnology to Improve the Service of State EmploymentAgencies (December 2000)

Anthony M. Townsend

Assessing a State’s Readiness for Global ElectronicCommerce: Lessons from the Ohio Experience (January 2001)

J. Pari SabetySteven I. Gordon

Privacy Strategies for Electronic Government (January 2001)

Janine S. HillerFrance Bélanger

Commerce Comes to Government on the Desktop:E-Commerce Applications in the Public Sector (February 2001)

Genie N. L. Stowers

The Use of the Internet in Government Service Delivery(February 2001)

Steven CohenWilliam Eimicke

State Web Portals: Delivering and Financing E-Service(January 2002)

Diana Burley GantJon P. GantCraig L. Johnson

Internet Voting: Bringing Elections to the Desktop(February 2002)

Robert S. Done

Leveraging Technology in the Service of Diplomacy:Innovation in the Department of State (March 2002)

Barry Fulton

Federal Intranet Work Sites: An Interim Assessment (June 2002)

Julianne G. MahlerPriscilla M. Regan

The State of Federal Websites: The Pursuit of Excellence(August 2002)

Genie N. L. Stowers

State Government E-Procurement in the Information Age:Issues, Practices, and Trends (September 2002)

M. Jae Moon

Preparing for Wireless and Mobile Technologies inGovernment (October 2002)

Ai-Mei ChangP. K. Kannan

Public-Sector Information Security: A Call to Action forPublic-Sector CIOs (October 2002, 2nd ed.)

Don Heiman

The Auction Model: How the Public Sector Can Leveragethe Power of E-Commerce Through Dynamic Pricing(November 2002, 2nd ed.)

David C. Wyld

The Promise of E-Learning in Africa: The Potential forPublic-Private Partnerships (January 2003)

Norman LaRocqueMichael Latham

Digitally Integrating the Government Supply Chain:E-Procurement, E-Finance, and E-Logistics (February 2003)

Jacques S. GanslerWilliam Lucyshyn Kimberly M. Ross

Using Technology to Increase Citizen Participation in Government: The Use of Models and Simulation (April 2003)

John O’Looney

Services Acquisition for America’s Navy: Charting a New Course for SeaPort (June 2003)

David C. Wyld

E-Reporting: Strengthening Democratic Accountability(February 2004)

Mordecai Lee

Understanding Electronic Signatures: The Key to E-Government (March 2004)

Stephen H. Holden

Measuring the Performance of E-Government(March 2004)

Genie N. L. Stowers

CENTER REPORTS AVAILABLE

45To download or order a copy of a report, visit the Center’s website at: www.businessofgovernment.org

F I N A N C I A L M A N A G E M E N T

M A R K E T - B A S E DG O V E R N M E N T

Credit Scoring and Loan Scoring: Tools for ImprovedManagement of Federal Credit Programs (July 1999)

Thomas H. Stanton

Using Activity-Based Costing to Manage MoreEffectively (January 2000)

Michael H. GranofDavid E. PlattIgor Vaysman

Audited Financial Statements: Getting and Sustaining“Clean” Opinions (July 2001)

Douglas A. Brook

An Introduction to Financial Risk Management inGovernment (August 2001)

Richard J. Buttimer, Jr.

Understanding Federal Asset Management: An Agendafor Reform (July 2003)

Thomas H. Stanton

Efficiency Counts: Developing the Capacity to ManageCosts at Air Force Materiel Command (August 2003)

Michael BarzelayFred Thompson

Determining a Level Playing Field for Public-PrivateCompetition (November 1999)

Lawrence L. Martin

Implementing State Contracts for Social Services:An Assessment of the Kansas Experience (May 2000)

Jocelyn M. JohnstonBarbara S. Romzek

A Vision of the Government as a World-Class Buyer:Major Procurement Issues for the Coming Decade(January 2002)

Jacques S. Gansler

Contracting for the 21st Century: A Partnership Model(January 2002)

Wendell C. Lawther

Franchise Funds in the Federal Government: Ending theMonopoly in Service Provision (February 2002)

John J. Callahan

Making Performance-Based Contracting Perform: Whatthe Federal Government Can Learn from State and LocalGovernments (November 2002, 2nd ed.)

Lawrence L. Martin

Moving to Public-Private Partnerships: Learning fromExperience around the World (February 2003)

Trefor P. Williams

IT Outsourcing: A Primer for Public Managers (February 2003)

Yu-Che ChenJames Perry

The Procurement Partnership Model: Moving to a Team-Based Approach (February 2003)

Kathryn G. Denhardt

Moving Toward Market-Based Government: TheChanging Role of Government as the Provider(June 2003)Jacques S. Gansler

Transborder Service Systems: Pathways for Innovation orThreats to Accountability? (March 2004)

Alasdair Roberts

46


To download or order a copy of a report, visit the Center’s website at: www.businessofgovernment.org

H U M A N C A P I T A L M A N A G E M E N T

Profiles in Excellence: Conversations with the Best ofAmerica’s Career Executive Service (November 1999)

Mark W. Huddleston

Reflections on Mobility: Case Studies of Six FederalExecutives (May 2000)

Michael D. Serlin

Managing Telecommuting in the Federal Government:An Interim Report (June 2000)

Gina VegaLouis Brennan

Using Virtual Teams to Manage Complex Projects:A Case Study of the Radioactive Waste ManagementProject (August 2000)

Samuel M. DeMarie

A Learning-Based Approach to Leading Change(December 2000)

Barry Sugarman

Labor-Management Partnerships: A New Approach toCollaborative Management (July 2001)

Barry RubinRichard Rubin

Winning the Best and Brightest: Increasing the Attractionof Public Service (July 2001)

Carol Chetkovich

A Weapon in the War for Talent: Using SpecialAuthorities to Recruit Crucial Personnel (December 2001)

Hal G. Rainey

A Changing Workforce: Understanding DiversityPrograms in the Federal Government (December 2001)

Katherine C. NaffJ. Edward Kellough

Life after Civil Service Reform: The Texas, Georgia, andFlorida Experiences (October 2002)

Jonathan Walters

The Defense Leadership and Management Program:Taking Career Development Seriously (December 2002)

Joseph A. FerraraMark C. Rom

The Influence of Organizational Commitment onOfficer Retention: A 12-Year Study of U.S. Army Officers(December 2002)

Stephanie C. PayneAnn H. HuffmanTrueman R. Tremble, Jr.

Human Capital Reform: 21st Century Requirements for the United States Agency for International Development(March 2003)

Anthony C. E. QuaintonAmanda M. Fulmer

Modernizing Human Resource Management in theFederal Government: The IRS Model (April 2003)

James R. ThompsonHal G. Rainey

Mediation at Work: Transforming Workplace Conflict atthe United States Postal Service (October 2003)

Lisa B. Bingham

Growing Leaders for Public Service (November 2003)

Ray Blunt


M A N A G I N G F O R P E R F O R M A N C E A N D R E S U L T S

Corporate Strategic Planning in Government: Lessonsfrom the United States Air Force (November 2000)

Colin Campbell

Using Evaluation to Support Performance Management:A Guide for Federal Executives (January 2001)

Kathryn NewcomerMary Ann Scheirer

Managing for Outcomes: Milestone Contracting inOklahoma (January 2001)

Peter Frumkin

The Challenge of Developing Cross-Agency Measures: A Case Study of the Office of National Drug ControlPolicy (August 2001)

Patrick J. MurphyJohn Carnevale

The Potential of the Government Performance andResults Act as a Tool to Manage Third-Party Government(August 2001)

David G. Frederickson

Using Performance Data for Accountability: The NewYork City Police Department’s CompStat Model of PoliceManagement (August 2001)

Paul E. O’Connell

Moving Toward More Capable Government: A Guide toOrganizational Design (June 2002)

Thomas H. Stanton

Performance Management: A “Start Where You Are, UseWhat You Have” Guide (October 2002)

Chris Wye

The Baltimore CitiStat Program: Performance andAccountability (May 2003)

Lenneal J. Henderson

Strategies for Using State Information: Measuring andImproving Program Performance (December 2003)

Shelley H. Metzenbaum

Linking Performance and Budgeting: Opportunities in theFederal Budget Process (January 2004, 2nd ed.)

Philip G. Joyce

How Federal Programs Use Outcome Information:Opportunities for Federal Managers (February 2004, 2nd ed.)

Harry P. HatryElaine MorleyShelli B. RossmanJoseph S. Wholey

Performance Leadership: Eleven Better Practices ThatCan Ratchet Up Performance (April 2004)

Robert D. Behn

48



I N N O V A T I O N

Managing Workfare: The Case of the Work ExperienceProgram in the New York City Parks Department (June 1999)

Steven Cohen

New Tools for Improving Government Regulation: AnAssessment of Emissions Trading and Other Market-BasedRegulatory Tools (October 1999)

Gary C. Bryner

Religious Organizations, Anti-Poverty Relief, andCharitable Choice: A Feasibility Study of Faith-BasedWelfare Reform in Mississippi (November 1999)

John P. BartkowskiHelen A. Regis

Business Improvement Districts and Innovative ServiceDelivery (November 1999)

Jerry Mitchell

An Assessment of Brownfield Redevelopment Policies: The Michigan Experience (November 1999)

Richard C. Hula

San Diego County’s Innovation Program: UsingCompetition and a Whole Lot More to Improve PublicServices (January 2000)

William B. Eimicke

Innovation in the Administration of Public Airports(March 2000)

Scott E. Tarry

Entrepreneurial Government: Bureaucrats asBusinesspeople (May 2000)

Anne Laurent

Rethinking U.S. Environmental Protection Policy:Management Challenges for a New Administration(November 2000)

Dennis A. Rondinelli

The Challenge of Innovating in Government(February 2001)

Sandford Borins

Understanding Innovation: What Inspires It? What MakesIt Successful? (December 2001)

Jonathan Walters

Government Management of Information Mega-Technology: Lessons from the Internal Revenue Service’sTax Systems Modernization (March 2002)

Barry Bozeman

Advancing High End Computing: Linking to NationalGoals (September 2003)

Juan D. RogersBarry Bozeman


N E T W O R K S , C O L L A B O R A T I O N , A N D P A R T N E R S H I P S

Leveraging Networks to Meet National Goals: FEMA andthe Safe Construction Networks (March 2002)

William L. Waugh, Jr.

21st-Century Government and the Challenge ofHomeland Defense (June 2002)

Elaine C. Kamarck

Assessing Partnerships: New Forms of Collaboration(March 2003)

Robert KlitgaardGregory F. Treverton

Leveraging Networks: A Guide for Public ManagersWorking across Organizations (March 2003)

Robert Agranoff

Extraordinary Results on National Goals: Networks andPartnerships in the Bureau of Primary Health Care’s100%/0 Campaign (March 2003)

John Scanlon

Public-Private Strategic Partnerships: The U.S. PostalService-Federal Express Alliance (May 2003)

Oded Shenkar

The Challenge of Coordinating “Big Science” (July 2003)

W. Henry Lambright

Communities of Practice: A New Tool for GovernmentManagers (November 2003)

William M. SnyderXavier de Souza Briggs

Collaboration and Performance Management inNetwork Settings: Lessons from Three WatershedGovernance Efforts (April 2004)

Mark T. Imperial

50



The Importance of Leadership: The Role of SchoolPrincipals (September 1999)

Paul TeskeMark Schneider

Leadership for Change: Case Studies in American LocalGovernment (September 1999)

Robert B. DenhardtJanet Vinzant Denhardt

Managing Decentralized Departments: The Case of the U.S. Department of Health and Human Services(October 1999)

Beryl A. Radin

Transforming Government: The Renewal andRevitalization of the Federal Emergency ManagementAgency (April 2000)

R. Steven DanielsCarolyn L. Clark-Daniels

Transforming Government: Creating the New DefenseProcurement System (April 2000)

Kimberly A. Harokopus

Trans-Atlantic Experiences in Health Reform: The UnitedKingdom’s National Health Service and the United StatesVeterans Health Administration (May 2000)

Marilyn A. DeLuca

Transforming Government: The Revitalization of theVeterans Health Administration (June 2000)

Gary J. Young

The Challenge of Managing Across Boundaries:The Case of the Office of the Secretary in the U.S.Department of Health and Human Services (November 2000)

Beryl A. Radin

Creating a Culture of Innovation: 10 Lessons fromAmerica’s Best Run City (January 2001)

Janet Vinzant DenhardtRobert B. Denhardt

Transforming Government: Dan Goldin and theRemaking of NASA (March 2001)

W. Henry Lambright

Managing Across Boundaries: A Case Study of Dr.Helene Gayle and the AIDS Epidemic (January 2002)

Norma M. Riccucci

Managing “Big Science”: A Case Study of the HumanGenome Project (March 2002)

W. Henry Lambright

The Power of Frontline Workers in TransformingGovernment: The Upstate New York Veterans HealthcareNetwork (April 2003)

Timothy J. Hoff

Making Public Sector Mergers Work: Lessons Learned(August 2003)

Peter Frumkin

Efficiency Counts: Developing the Capacity to ManageCosts at Air Force Materiel Command (August 2003)

Michael BarzelayFred Thompson

Managing the New Multipurpose, MultidisciplineUniversity Research Centers: Institutional Innovation inthe Academic Community (November 2003)

Barry BozemanP. Craig Boardman

T R A N S F O R M I N G O R G A N I Z A T I O N S


S P E C I A L R E P O R T SC E N T E R F O R H E A L T H C A R E M A N A G E M E N T R E P O R T S

Enhancing Security Throughout the Supply Chain(April 2004)

David J. ClossEdmund F. McGarrell

The Power of Frontline Workers in TransformingHealthcare Organizations: The Upstate New YorkVeterans Healthcare Network (December 2003)

Timothy J. Hoff

IT Outsourcing: A Primer for Healthcare Managers (December 2003)

Yu-Che ChenJames Perry

52

BOOKS*

Collaboration: Using Networks and Partnerships(Rowman & Littlefield Publishers, Inc., 2004)

John M. Kamensky and Thomas J. Burlin, editors

E-Government 2001(Rowman & Littlefield Publishers, Inc., 2001)

Mark A. Abramson and Grady E. Means, editors

E-Government 2003(Rowman & Littlefield Publishers, Inc., 2002)

Mark A. Abramson and Therese L. Morin, editors

Human Capital 2002(Rowman & Littlefield Publishers, Inc., 2002)

Mark A. Abramson and Nicole Willenz Gardner, editors

Human Capital 2004(Rowman & Littlefield Publishers, Inc., 2004)

Jonathan D. Breul and Nicole Willenz Gardner, editors

Innovation(Rowman & Littlefield Publishers, Inc., 2002)

Mark A. Abramson and Ian Littman, editors

Leaders(Rowman & Littlefield Publishers, Inc., 2002)

Mark A. Abramson and Kevin M. Bacon, editors

Managing for Results 2002(Rowman & Littlefield Publishers, Inc., 2001)

Mark A. Abramson and John Kamensky, editors

Memos to the President: Management Advicefrom the Nation’s Top Public Administrators (Rowman & Littlefield Publishers, Inc., 2001)

Mark A. Abramson, editor

New Ways of Doing Business(Rowman & Littlefield Publishers, Inc., 2003)

Mark A. Abramson and Ann M. Kieffaber, editors

The Procurement Revolution(Rowman & Littlefield Publishers, Inc., 2003)

Mark A. Abramson and Roland S. Harris III, editors

Transforming Government Supply Chain Management(Rowman & Littlefield Publishers, Inc., 2003)

Jacques S. Gansler and Robert E. Luby, Jr., editors

Transforming Organizations(Rowman & Littlefield Publishers, Inc., 2001)

Mark A. Abramson and Paul R. Lawrence, editors

* Available at bookstores, online booksellers, and from the publisher (www.rowmanlittlefield.com or 800-462-6420).

About the IBM Center for The Business of GovernmentThrough research stipends and events, the IBM Center for The Business of Government stimulates research and facilitates discussion on new approaches to improving the effectiveness ofgovernment at the federal, state, local, and international levels.

The Center is one of the ways that IBM seeks to advanceknowledge on how to improve public sector effectiveness. The IBM Center focuses on the future of the operation and management of the public sector.

About IBM Business Consulting ServicesWith consultants and professional staff in more than 160 countriesglobally, IBM Business Consulting Services is the world’s largestconsulting services organization. IBM Business Consulting Servicesprovides clients with business process and industry expertise, adeep understanding of technology solutions that address specificindustry issues, and the ability to design, build and run thosesolutions in a way that delivers bottom-line business value. Formore information visit www.ibm.com/bcs.

For additional information, contact:Mark A. AbramsonExecutive DirectorIBM Center for The Business of Government1301 K Street, NWFourth Floor, West TowerWashington, DC 20005(202) 515-4504, fax: (202) 515-4375

e-mail: [email protected]: www.businessofgovernment.org