On June 2nd, the Federal Government’s Centers for Disease Control issued some interim findings about the recent romaine lettuce e-coli contamination. The Washington Post report summarizes the outcome well: Five dead, nearly 200 sick in E. coli outbreak from lettuce. And investigators are stumped.
Looking back at the past two months of this lettuce debacle, the most stunning result is that, in spite of the deaths and illnesses, it has been impossible to pinpoint the source of the danger. We know some things, but have no answers to such specific questions as:
WHAT FORM: We know the contamination was found in romaine lettuce, but we still don’t know specifically in what form of romaine. Initially, the FDA declared the source to be only bagged and pre-chopped lettuce. But then it turned out that inmates in an Alaska prison got sick from whole-head romaine.
WHAT PHASE: We don’t know in what phase of the process the e-coli was introduced. Since many of the illnesses were associated with packaged romaine, the path of identifying the phase during which the contamination happened is complicated. Suppliers send lettuce to distributors, who send it on to processing plants. The next phase is chopping, followed by another one – bagging, each a distinct (potentially vulnerable) phase.
WHAT CAUSE: Even the e-coli bug causing the illnesses is a slippery beast. As the report states, “most E. coli bacteria is not harmful, but one type known as E. coli O157: H7 produces a toxin which destroys red blood cells and causes kidney failure and bloody diarrhea. Other kinds of E. coli cause urinary tract infections, respiratory illness and pneumonia.” *
Supply chain benefits vs risks
In an age when around 50% of all materials and sub-assemblies are sourced rather than manufactured in-house, it seems natural to focus on the benefits of ever-expanding supply chains. That focus reveals that, the benefits are significant: the ability to produce larger volumes at a faster pace, to bring new products to the market ahead of competitors, and among others, a reduced need for capital investments (as well as less management time required for the laborious process of capital budgeting). Overall, it appears that larger supply chains enable a company to do more with less and focus on what it may consider the highest value activities, such as innovation and marketing, rather than on the manufacturing process.
The construct of “tiers” (as in “multi-tier”) makes it easy to map the idea of a well-oiled organization-chart-like hierarchy onto this complex process, together with all the expectations of a chain-of-command and the kind of accountability that come with that concept. Is this expectation close to the reality? What are the implications when examining supply chain risks?
Is visibility and monitoring of suppliers adequate?
A recent survey by Deloitte seems to say “no.” While there’s evidence that more people are interested in meeting the challenge, progress is slow. Let’s face it, if we weren’t lagging in managing the risks buried in so many of the links in today’s complex multi-tier supply chains, people would not be dead or sick from eating romaine lettuce bought from trusted retailers or restaurants, or product failures that cost lives like the Takata airbag catastrophe.
The sixty-four-page report Deloitte recently issued asserts that industry is not yet meeting the challenge, as illustrated by our apparent helplessness in the face of the romaine contamination and Takata.
Entitled “Focusing on the Climb Ahead, Third-party Governance and Risk Management, Extended Enterprise Risk Management Global Survey 2018,”** the document reflects answers from a thousand managers from fifteen countries in the Americas, Europe, the Middle East, Africa and Asia Pacific.
The section of the report entitled Sub-Contractor Risk provides a plausible answer to the dilemma of why we’ve been unable to pinpoint the source of the romaine lettuce contamination problem–and worse–that we can’t prevent another one from killing or sickening people.
While there’s evidence that more professionals managing supply chains are interested in improving on this poor performance (as evidenced by the doubling of responses to the Deloitte survey) progress is simply too slow. For purposes of this article, the focus is on the section about sub-contractor risk.
In the section of the report concerning sub-contractor risk, Deloitte flatly states:
Organizations are lacking appropriate visibility and monitoring of subcontractors engaged by third parties.
The commentary points out that, out of the thousand people who responded, only twenty people (2%) regularly identify and monitor their sub-contractors (meaning fourth or fifth partied), and only 10% identify or monitor those they’ve identified as “critical.” Far from merely reporting the statistics, the language of this section pulls no punches (EMNS bold font below.)
Our survey results reveal that respondent organizations lack appropriate visibility of instances where sub-contractors are engaged by their third-parties. The majority (57 percent) of survey respondents do not have adequate knowledge and appropriate visibility of sub-contractors engaged by their third-parties and a further 21 percent are unsure about whether anyone at all in their organization has such visibility or not… the other 88 percent either rely on their third-parties to do so; have an unstructured/ad hoc approach; do not do so at all; or do not know their organizational policy and practices in this regard. This is making it difficult for organizations to determine their strategy and approach to the management of subcontractor risk and to apply the appropriate amount of discipline and stringency. Recent regulation such as the Modern Slavery Act and GDPR, which include requirements to manage layers of fourth/fifth parties, where they exist, makes this a matter of increased concern. Finally, only 18 percent of organizations periodically review the concentration risk associated with their fourth/fifth parties quarterly or half-yearly; while the vast majority (82 percent) review this annually or even less frequently, making it a matter of serious regulatory concern in the highly regulated industries.
Cracking Fatalism in Supply Chain Quality Management
When we apply the results of this report to the unsolved romaine lettuce problem, the answer doesn’t seem as difficult: we can’t identify the source of the contamination because sub-contractors are invisible and not monitored at the level required to either prevent or respond to these breakdowns. These are the facts. The source of the problem is inaction. It is not a mystery. In spite of the sense of fatalism that has enveloped the endless stream of breakdowns in every industry, from airplane manufacture to agriculture to the cosmetics industry to peanut butter, there is no need for these events to happen. They are not natural occurrences. They are occurrences based on a failure to implement the necessary tools and practices to prevent them.
If, for example, the companies involved in this breakdown were using the EMNS SaaS supply chain QA management system GSQA®, or one like it, the following would have happened:
- Each risk-significant material’s supply chain and its members would have been mapped in GSQA® (to the extent required) for the level of visibility that enables true quality assurance.
- Suppliers, sub-suppliers, distributors and co-manufacturers would have been online, providing quality assurance test results for each shippable batch/lot of material via Certificates of Analysis (in GSQA® termed e-COA®). There, the results would have been compared to the receiving entities’ material specifications for their destination(s). Approval would have been mandatory before the shipment could have even been sent on.
- Once the shipping approval was granted (based on the e-COA®) there would have been an alert to the receiving location. This would have been available to interested professionals in the shipping company and at the receiving location.
- The e-COA® would have been accompanied by an Advance Ship Notification (ASN), documenting the ship-from and ship-to locations, date, purchase order, etc.
- This workflow would have taken place at each tracked tier of the multi-tier supply chain, enabling online traceability for ingredients, raw materials, and components all the way through to the finished product.
- Along with the e-COA® any required regulatory certifications and best-practice documents would have been managed in GSQA® with appropriate rigor, to ensure that any unresponsive shipping location (with an over-due submittal) could be targeted for restricted shipping until the situation was resolved.
Simple? Yes. Doable? Yes. Is there a cost? Of course, but reasonable. Would this process save money, reputations, lives? Yes. (see case studies.)
Incidents like the recent (still unresolved) romaine lettuce contamination are not forces of nature. They should not be mysteries. Accepting the situation fatalistically as a part of the “cost of doing business” is not acceptable, when the way to both prevent and resolve them is clear and affordable.
Visit www.gsqa.com for more information on how to protect your supply chain.