Confidential 1 Supply Chain Risk Management Framework Supply Chain Risk Leadership Council Zurich Case Study 30 January 2008 Confidential – Do Not Forward Outside SCRLC
Confidential 2 Zurich Case Study Risk Management is an iterative process Risk management components Types of risk Types of risk are not mutually exclusive Supply Chain Scope Includes links (logistics and electronic transfer of information) between supplier, your company, and customer Downstream Customer Primary Customer Your Company First-tier Supplier X-Tier Supplier Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information & Communication Monitoring PHYSICAL PROCESS INSTITUTIONAL
Confidential 3 Manufacturer of Business Machines
Confidential 4 Background $2.5bn business supplying high security equipment and software solutions to the worldwide banking industry Centralised (European) risk management and audit Moved European manufacture out to China years ago Initial savings of >50% achieved, now around 40% Investment in local quality management Initially poorly managed extended supply chain
Confidential 5 Risk Management Components I Internal Environment Objective setting Control Activities Monitoring Cost, cost, cost, quality Commercial drivers, little focus on risk management Dimensions: Physical, Tier 1 (China) Quality, delivery, EH&S, insurable risks Audit
Confidential 6 Risk Management Components II Risk Assessment Risk Response Control Activities Monitoring Risk identification ‘deep dive’ Supply chain mapping, EHS, CSR, QA, physical Risk mitigation and transfer Verification and audit, BCM Supply chain metrics, risk mitigation review Corporate (Enterprise) level, belated focus at Supply Chain level Event identification
Confidential 7 Risk Assessment ‘Fundamental’ requirement to monitor and assess EH&S and physical risks Concern over ‘Hyper-optimisation’ in supply chain Growing recognition of reputation vulnerability Supply chain mapped – key product lines Scenarios evaluated
Confidential 8 Risk Response ‘Institutional’ dimension recognised Focus on critical supplies (not just geographical) Actions defined to mitigate reputation exposure Risk transfer options defined
Confidential 9 Control Activities Greater focus on BCM in the supply chain Push audit focus upstream Extending BCM testing assurance to Tiers 1 & 2
Confidential 10 Monitoring Tighten internal monitoring Establish metrics to evaluate overall supply chain vulnerability Monitor suppliers on this basis Maintain focus on competitor activity, customer response and regional drivers Measure effects of risk mitigation(?)
Confidential 11 Conclusions Valuable reference / check Iterative nature of framework Focus on different elements at different times Cumulative value