Lessons Ever Given on Risk, Control
For several days now I’ve wanted to discuss risk management and compliance lessons we could learn from that cargo container ship trapped in the Suez Canal, but I was stuck on exactly what to say about it.
My thoughts finally dislodged (that’s the last pun, I promise) after reading a superb analysis in the Financial Times of what likely went wrong with the cargo container ship Ever Given. Written by the FT’s “part-time boat correspondent,” Brendan Greeley, the piece picks apart issues with the design of the ship, the design of the Suez Canal, and how a ship’s behavior in the water can change rapidly once it goes from deep to shallow water.
Let’s start with the design of the Ever Given, and just how large this ship is. As Greeley notes in his article, in 2007, the largest container ships in the world could carry about 8,000 containers. Today the largest carry 25,000 containers — a more than 300 percent increase in less than 15 years. The Ever Given itself carries a bit more than 20,000 containers.
Except, these huge ships aren’t built forward, to be longer. They’re built outward, to be fatter.
That changes how the ships behave in shallow water. Specifically, fatter ships are more prone to something known as the bank effect, where the water speeds up and pressure around the hull drops as the ship pushes through. The practical result is that the rear of the boat goes one way, while the stern of the boat goes another way.
So under the right conditions — like a powerfully windy day, such as what the canal experienced on March 17 — a large cargo ship could experience an extreme version of the bank effect, and end up spinning sideways in the narrow confines of the canal. Which, Greeley believes, seems to be what happened here.
A Risk & Control Perspective
If we want to convert all this into an abstract example of risk management and internal control failure, it would look something like this.
Over time, the size of container ships grew rapidly. When one of the largest entered the Suez Canal last week, that trip was a non-standard transaction, and the canal’s process-level controls weren’t strong enough to govern the event.
That is, the canal’s walls weren’t built to repel a ship as large as the Ever Given. As Greeley notes in his analysis, the walls in that section (known as riprap) were only meant to repel the waves generated by standard ships. So when the Ever Given entered shallow waters and encountered the bank effect, the walls were never going to prevent it from running aground. The control wasn’t designed to manage that risk from a non-standard transaction.
This isn’t a new concept for internal audit and financial reporting professionals, either. For example, earlier this year Financial Executives International published a survey of financial executives’ frustrations with internal control over financial reporting. Their number one issue? Designing and implementing controls for non-routine transactions.
However bad your compliance program has been, at least your screw-ups aren’t visible from space.
We could say the same for data security risks. What technology can do has raced ahead of what CISOs and privacy compliance managers want it to do; the First Line of Defense’s ability to use whiz-bang apps has raced ahead of the Second Line of Defense’s ability to impose good IT governance and controls. So we have cybersecurity risks all over the place.
I don’t know that we can blame the Egyptian government here for failing to upgrade the Suez Canal to accommodate behemoth ships like the Ever Given. Egypt has upgraded the canal over the decades, making it both wider and deeper.
The laws of hydrodynamics, however, are what they are. Several universities and research labs do try to model the behavior of giant container ships in shallow water, including the delightfully named Knowledge Center for Maneuvering in Shallow and Confined Water at Ghent University in Belgium. Perhaps our ability to assess the physics of container ships isn’t keeping pace with the economics of global shipping — and proper risk management runs around, too.
A Word About the Rest of the World
Whatever happens with the Ever Given, the rest of the world is stuck with the consequences: a supply chain disaster, likely to gum up international shipping for many weeks. Even if the Ever Given finally floats free this week, we still have hundreds of container ships stuck in the wrong places. By the time they get to their proper ports, those places will be clogged, too.
It’s another powerful reminder of supply chain risk management, and how important that capability is for global corporations.
Plenty of companies rediscovered the importance of supply chain risk management during the pandemic last year. The Ever Given mess is just another reminder of the threat. What matters most in supply chain risk management?
- Understanding which of your supplies are critical components;
- Knowing the sources of those supplies, and where in transit your supplies are at any given moment;
- Assuring that you have adequate reserve supplies, either in inventory already or under contract from backup suppliers;
- Inventory controls so you know how many supplies you’re using;
- Scenario-planning capability to model what would happen to operations if your supplies suddenly ceased arriving;
- Feeding information about supply pricing to your financial planning team, so they’re not caught unawares by changes in cost that might cause financial strain.
And for the really forward-thinking folks, you also want a strong due diligence capability that can quickly assess new suppliers for any human trafficking, antitrust, or corruption risks that might flummox your regulatory compliance.
The Ever Given just drew a line under the importance of scenario-planning and backup sourcing, in bright red ink. Here’s hoping the boat gets moving quickly.
(UPDATE: The Ever Given finally floated away from the canal banks Monday morning.)