Supply Chain Risk Management

Supply Chain Risk Management
Ken Lawlis Supply Chain/Project Management Professional

Agenda Introduction University of Bath Video – Supply Chain Risk Management (duration 4:38) Canadian Professional Logistics Institute – Risk and Resilience Conference Threat, Vulnerability, Risk & Resilience – Defined Practical Guide to Risk Management (PwC) Kirov’s Supply Chain Risk Register – Overview Kirov’s Tools for Risk Assessment From Risk to Resilience – Deloitte’s Model for Identifying, Assessing and Mitigating Supply Chain Risk Conclusions - Tom Teixeira, Supply Chain Risk in a Global Economy (duration 4:19) Suggested/Further Reading A copy of the title page and agenda will be provided to those attending the PDM.

INTRO – Biographical Data – Ken Lawlis
40 years in Supply Chain Management (Coca-Cola, National Grocers/Loblaws, CSC, PSC, AARLIS Consulting Inc., CIHI – have returned to private consulting Most of my career has been focussed on Public Safety Masters candidate in IPIS – (sponsored by Department of Civil and Environmental Engineering and the Norman Paterson School of International Affairs at Carleton University) PMP MCPM – Masters Certificate in Project Management P.Log. Member of: APICS, Canadian Professional Logistics Institute, PMI, Project Management Association of Canada (PMAC), Canadian Public Procurement Council, Canadian Advanced Technology Alliance (CATA) – Cyber Crime Cyber Terrorism Working Group Graduate Studies in the MA program in Public Policy & Administration BA (Hons) Political Science – focus: Economics and International Affairs Executive training – Queen’s University, Carleton University, the Canadian Professional Logistics Institute, Public Works and Government Services Canada (Procurement, EDP Project Management, Negotiations, Strategic Planning) Good evening ladies and gentlemen. I was honoured to be asked to make a presentation to the Ottawa Chapter of APICS. I hope that in the allotted time I can do justice to a very complex topic. Very briefly, I’ll tell you a little about my career. I’ve been doing this for a long time in a variety of environments, though most of my career has been devoted to Public Safety. I’m currently a candidate in the Masters Program in Infrastructure Protection and International Security at Carleton University. I’m a proud member of APICS and joined its predecessor, which was known as CAPIC , over 30 years ago. Enough about me.

Supply Chain Risk Management Video
Professor Brian Squire, Information, Decision and Operations Group, Supply Chain Risk Management – University of Bath – September 6, 2013 – duration 4:38 I’d like to present an excellent video on Supply Chain Risk Management that very succinctly addresses many of the trends in an increasingly complex, global Supply Chain environment. I thought that I’d search online for humour related to Supply Chain Risk Management to start my presentation. Regrettably, there wasn’t much out there, and what there was, was rather poor. I did find it interesting that the number of views for Supply Risk Management videos, in most cases, didn’t exceed a 1,000 views. Justin Bieber isn’t likely to be worried that his viewership will be eclipsed.

National Conference on Supply Chain Risk and Resilience The Logistics Institute – April 16, 2015
In April of this year the Canadian Professional Logistics Institute held a National Conference on Supply Chain Risk and Resilience. As a P. Log., I was pleased to attend. Many in attendance were members of APICS, as was one of the primary presenters. I’ll very quickly discuss what was presented. Alex Tang, a professional Engineer and expert on restoring critical infrastructure addressed Engineering concerns that arise from cataclysmic infrastructural failure from the standpoint of a Supply Chain practitioner.

Essa al-Saleh, CEO of Agility Global Integrated Logistics addressed the Supply Chain risks associated with establishing and operating his business in emerging markets.

Essa was originally from Kuwait. His background, education and experience are remarkable.

Irvin Varkonyi, a CSCP and P.Log., addressed operational issues relating to Supply Chain resiliency preparedness.

Fergus Groundwater discussed financial risks, including currency fluctuations, exporting abroad, Supply Chain integration and the requirement to be agile. The perspective he offered was that of the CEO of an SME.

Presentation Materials
The presentation materials from the Canadian Professional Logistics Institute’s April 16, 2015 Conference on Supply Chain Risk & Resilience may be accessed at: Discussions with the Logistics Institute have revealed that all four presentations may be viewed from their website, a kind and collaborative gesture.

Threat The presence of a hazard and an exposure pathway - threats may be natural or human-induced, either accidental or intentional (source: Federal Emergency Response Plan (2009) – Public Safety Canada) The approach that I’ll be taking today is more focused. I must admit that I generated considerably more than a hundred slides in preparing for this event. I wanted to make the information I presented actionable and succinct. So, I’ve boiled things down to what’s essential. The course I recently completed in Risk Assessment lasted 13 weeks and involved considerable reading. I’d like to share with you the benefit of my studies. Let’s discuss the key concepts first. For the purpose of example, let’s say the threat is the theft of your vehicle – a human-induced intentional act.

Vulnerability A characteristic or attribute of an asset which renders it susceptible to the effects of an incident. Vulnerability informs both the likelihood and consequences of an incident (source: Risk Management Guide for Critical Infrastructure Sectors, Public Safety Canada) Your vehicle is considerably more susceptible to theft if you leave it unlocked and unattended with the keys in the ignition in a region prone to criminal activity. It is quite vulnerable under such conditions.

What is Risk? Risk refers to the uncertainty that surrounds future incidents and outcomes. It is a function of the likelihood and consequences of an incident – the higher likelihood and/or the greater the consequences, the greater the risk (source: TBS Integrated Risk Management Framework) Your vehicle under such circumstances is at risk. The likelihood is great that the adverse event of theft will occur. The probability of theft is high and the consequences of loss are great. Leaving your vehicle unattended and unlocked, with the keys in the ignition, in a high crime neighbourhood can be seen as a high risk behaviour.

Risk Management …is systematically setting the best course of action under uncertainty by identifying, assessing, understanding, acting on and communicating risk issues (source: TBS Integrated Risk Management Framework) Given the circumstances, your best course of action would be to assess the risks associated with your behaviour and modify your behaviour accordingly…remove the keys, lock the doors and avoid high crime zones. Mitigate the risk.

Resiliency Resilience is seen as the ability to accommodate abnormal threats and events, be they terrorist attacks, or perturbations from climate change, or natural disasters such as earthquakes or floods, or economic shocks. Most definitions, particularly those involving individuals, communities and organizations also refer to identifying, assessing and communicating the risk from such threats and events. Let’s say you didn’t take appropriate action and your vehicle was stolen. Resiliency under such circumstances would be your ability to respond to the adverse event. If you were very rich and had a garage full of vehicles your ability to restore normal driving operations would appear to be almost seamless (lower risk event). If, one the other hand, it was your only vehicle and you didn’t mitigate the risk (remove the keys, lock the doors, have insurance in the event that your vehicle was stolen) the consequences would be dire and your resiliency – the restoration of normal driving operations - would be severely hampered. Depending on your financial circumstances, you might never recover and normal driving operations would cease. You’d be out of business, in so far as driving goes.

Risk & Resiliency http://torrensresilience.org/resilience-and-risk
The traditional definition of risk is a measure that reflects the probability and the magnitude of an adverse effect. More recently a broader and more balanced definition has been adopted by the risk management community which recognizes that individuals and organizations take risk to achieve potential benefits. Individuals, communities and organizations which are prepared and ready for an abnormal event, tend to be more resilient. Understanding the probability and the magnitude of potential threats enables an organization to make decisions on how best to reduce the probability and/or impact of such threats, to transfer the risk by taking out adequate insurance, or indeed to do nothing and be ready to accept the potential consequences. There is a risk and reward equation at play. Risk may be tolerated/assumed because the benefits outweigh the perceived costs. If you’re assuming risk in business, it is prudent to document what it is and to communicate the details to those with a need to know (CFO,CEO, members of the board, the Executive Committee) depending upon materiality and risk reporting requirements. Visibility, communication, collaboration and internal controls are the key elements of a resilient and agile response to an adverse event.

Risk Mitigation It will never be possible to completely remove the probability of a disruptive event. Supply Chain leaders are expected to have processes which aim to identify, analyse and evaluate risks and through consultation, agree upon levels of residual and tolerable risk, and to take decisions on mitigating the risks. If risk mitigation is conducted in a formal and open manner, organizations are much more willing to accept the consequences of a disruptive event as people are then aware that all reasonable action was taken to reduce the probability and/or impact. In such circumstances, businesses/organizations will more readily recover and return to normality. They are more resilient.

Simple Graphical Representation of Resilience
Think of the example we’ve been developing. It’s relatively easy to see how long it takes to recover critical functionality under varying circumstances. Resiliency is a function of your risk mitigation strategy and risk tolerance.

PwC Risk Response Strategies
Most risk assessment methodologies seek to quantify risk in some manner, usually relating consequences (cost, loss of functionality, loss of life, profitability) to the likelihood of occurrence. Risks are then prioritized, often by the nature of the risk, and mitigation strategies developed. Larger organizations often have an Enterprise Risk Management group.

Risk Assessment Methodology
PwC, ISO, TBS. CSEC, Deloitte and many others offer comprehensive guidelines on Risk Assessment methodologies and techniques. Regrettably, owing to time constraints, we won’t be discussing them today. The attached bibliography lists a number of sources for further reading and assessment.

Kirov’s Risk Register Acknowledgement
Krasimir Kirov holds a Master Degree in Industrial Management and is a Certified Supply Chain Professional (CSCP) and member of APICS. He is a certified Lean Six Sigma Black Belt and certified in Sales and Operations Planning by the S & Op Institute. His book, entitled: Supply Chain Risk Management: Minimize Disruptions, Reduce Risk and Make Your Supply Chain Resilient is a great read. The risk register that follows was provided gratis to those who purchased his book, along with a wide variety of tools to characterize, identify and mitigate SC risk. We’ve discussed the general principles of Risk Management. Now let’s apply a similar approach to Supply Chain Management. To start the discussion, I’d like to acknowledge the Kirov’s comprehensive understanding of Supply Chain operations. His Risk Register is where we should begin. Of all the material I’ve read, I like his approach best. It’s uncluttered and operationally oriented.

Kirov’s Risk Register External, End to End Supply Chain Risks
1. Natural Disasters Epidemics Earthquakes Tsunamis Volcanoes Weather disasters (hurricanes, tornados, storms, blizzards, floods, droughts) Kirov suggests that Supply Chain Risk has four main components 1. External, End to End Supply Chain Risks 2. Supplier Risks: External, Contract Manufacturers or Internal Business Unit 3. Distribution Risks/Disruptions: Inbound or Outbound and 4. Internal Enterprise Risks. We’ll very quickly run through them. My daughter Erin reviewed my presentation. She commented that I needed more graphics and images in my presentation. This one is for her. She’s studying Geophysics in Tasmania where she’s a PhD candidate.

2. Accidents Fires Explosions Structural failures Hazardous spills

3. Sabotage, Terrorism, Crime, and War Computer attacks Product tampering Intellectual theft Physical theft Bombings Biological and chemical weapons Blockades

4. Government Compliance and Political Uncertainty Taxes, customs, and other regulations Compliance issues Regulatory financial reporting (e.g., Sarbanes-Oxley) Operations Logistics / Trade Regulatory Approvals - Marketing Approvals

4. Government Compliance and Political Uncertainty Public Health Environmental requirements Trade restrictions (e.g., Buy American Act) Regulatory Audit history Currency fluctuations Political unrest Boycotts

5. Labour Unavailability and Shortage of Skills Availability Quality Cost Unrest Strikes and slowdowns

6. Industry-wide (i.e., Market) Challenges Capacity constraints Unstable prices Lack of competition Entry barriers Capital requirements Specific assets

6. Industry-wide (i.e., Market) Challenges Process patents Shrinking industry Low supplier profitability Certification Cost trends Recessions/Inflation

7. Lawsuits Environmental Health and safety Intellectual property

8. Technological Trends Emerging technologies (pace/direction) Obsolescence Other technological uncertainty

Kirov’s Risk Register Supplier Risks: External, Contract Manufacturers or Internal Business Unit
1. Physical and Regulatory Risks Key Suppliers Located in High Risk Areas Material Unavailability/Poor Planning Raw materials Other materials Legal Noncompliance / Ethical practices Labour practices Safety practices & performance Environmental practices History & outcomes of lawsuits Tax practices

1. Physical and Regulatory Risks Regulatory Noncompliance Customs/trade Security clearance requirements History & outcomes of regulatory audits Regulatory certification requirements (e.g., Food & Drug Administration, Federal Aviation Administration) Critical disclosure – International Traffic & Arms Regulations

2. Production Problems Capacity Too little, too much, or diminishing Order and shipping times Out of stock (i.e., no/low inventory) Performance history, equipment age & downtime (manufacturing & testing equipment) Repair cycle time

2. Production Problems Inflexible Production Capabilities (Long setup times) Technological Inadequacies or Failures Incompatible information systems Slow adoption of new technology

2. Production Problems Poor Quality Defects / contamination in manufactured product Mislabeling of items Lack of training or knowledge Lead Times Backlogs Unresponsive Unreliable Variable

3. Financial Losses and Premiums Degree of Competition/Profitability Downstream integration or too much competition Little/no competition - sole source Mergers & Acquisitions Financial Viability Inability to sustain in a downturn Bankruptcy Withdrawal from the market

4. Management Risks Inadequate Risk Management Planning Lack of business continuity plans Lack of requirements for supplier's supplier business continuity plans Management Quality High turnover Dishonesty Poor labour relations Poor metric scorecards

4. Management Risks Substituting inferior or illegal materials/parts Failing to perform required treatments/tests Submitting inaccurate/false invoices Lack of Continuous Improvement Unwillingness Cost escalation Opaque processes Opportunistic behavior

4. Management Risks Inflation of purchase costs Dependence on One or a Few Customer(s) Poor Communication Internal External Transparency of data & operations

5. Upstream Supply Risks (i.e., Subcontractors and their Subcontractors) Any of the above external/supplier risks Lack of visibility into subcontractors No or poor relationships with subcontractors Diminishing sources of supply Transition “costs” for new suppliers

Kirov’s Risk Register Distribution Risks/Disruptions: Inbound or Outbound
1. Infrastructure Unavailability Roads Rails Ports Air capacity/availability

2. Assets - Lack of Capacity or Accidents Containers Trucks Rail cars Ships Airplanes

3. Labor Unrest/Unavailability Truck drivers Rail operators Longshoremen Pilots

4. Cargo Damage/Theft/Tampering Physical damage Theft and other security problems Tracking the damage Environmental controls (e.g., temperature, humidity)

5. Warehouse Inadequacies Lack of capacity Inaccessibility Damage Environmental controls (e.g., temperature, humidity) Lack of security

6. IT System Inadequacies/Failures 7. Long, Multi-Party Supply Pipelines Increased chance of all problems above Longer lead time

Kirov’s Risk Register Internal Enterprise Risks
1. Operational Risk Loss of Inventory (damage, obsolescence) Equipment loss, mechanical failures Process Issues Process reliability Process robustness Lead time variability Inflexible Production Capabilities (long set up times, etc.)

1. Operational Risk Capacity Too little, too much, or diminishing Order and shipping times Out of stock (i.e., no/low inventory) Performance history, equipment age & downtime (manufacturing & testing equipment) Repair cycle time

1. Operational Risk Poor Quality Defects in manufactured product Failure to maintain equipment Lack of training or knowledge Environmental performance to permits / other

2. Government Compliance and Political Uncertainty Taxes, customs, and other regulations Currency fluctuations Political unrest Boycotts

3. Demand Variability/Volatility Drawdown of the stockpile Exceeding maintenance replacement rate Shelf life expiration Surges exceed production, repair, or distribution Shortfalls

4. Personnel Availability/Skills Shortfalls Sufficient number Sufficient knowledge, skills, experience Union contract expiry High turnover rate

5. Design Uncertainty Changes to requirements Lack of technical detail Lack of verification of product Changes to product configuration Poor specifications Reliability estimates of components Access to technical data Failure to meet design milestones Design for supply chain (e.g., obsolescence, standardization, and commonality)

6. Planning Failures Forecast reliability/schedule availability Planning data accuracy Global visibility of plans & inventory positions Competition/bid process Acquisition strategy Manufacturability of a design Program maturity Subcontracting agreements

7. Financial Uncertainty/Losses Funding availability Work scope/plan creep Knowledge of supplier costs Strategic risk

8. Facility Unavailability/Unreliability/ Capacity Facility breakdown Mechanical failures Sites located in high risk areas Adequate capacity

9. Testing Unavailability / Inferiority / Capacity Unreliable test equipment Operational test qualifications Operational test schedule Integration testing Transition from first test to mass production

10. Enterprise Underperformance/Lack of Value Customer satisfaction/loyalty Liability Cost/profit Customer demand Uniqueness Substitutability Systems integration Other application/product value

11. Supplier Relationship Management (SRM) Use Contract/supplier management availability and expertise In-house SRM expertise Lack of internal and external communication/coordination Supplier development and continuous improvement

Deloitte’s Risk Model

Video - Conclusion https://youtu.be/-zIyGpRar24
Tom Teixeira, Supply Chain Risk in a Global Economy – Willis TV – November 18, 2013 – duration 4:19 I wish I had more time to discuss Supply Chain Risk and Resilience. Considerably more could be said on how to conduct Supply Chain Risk Assessments and address issues relating to Cyber Security. It’s clear that it is necessary to visualize your Supply Chain, end to end, identify, assess and prioritize risks and document them in a Supply Chain Risk Management Plan (complete with detailed mitigation strategies and business continuity plans). Tom Teixeira’s discussion on Supply Chain Risk in a Global Economy summarizes things quite well. Supply Chain Risk and Resilience is a massive field of study. I hope I’ve provided an overview of what the important issues are. Thank you.

Suggested Reading/Bibliography
APICS. Dictionary 14th Edition, the Essential Supply Chain Reference, Chicago: APICS, APICS. Certified Supply Chain Professional (CSCP) Learning System, 2012 version, Chicago: APICS, CACI International Inc. (CACI) and the U.S. Naval Institute. Cyber Threats to National Security: Countering Challenges to the Global Supply Chain, A summary of personal remarks made by participants at the March 2, 2010 symposium. accessed March 23, Canada, National Strategy for Critical Infrastructure, Her Majesty the Queen in Right of Canada, Carleton University. Welcome to Big Data: Introducing Carleton University’s Institute for Data Science, personal notes and recollections of Ken Lawlis who attended Data Day as a Representative of the CATA Alliance and MIPIS, Data Day was held, April 1, Committee of Sponsoring Organizations of the Treadway Commission (COSO), by Dr. Patchin Curtis and Mark Carey, Deloitte & Touche LLP, Thought Leadership in ERM, Risk Assessment in Practice, COSO: October

Deloitte Development LLC. Supply Chain Resilience: A Risk Intelligent Approach to Managing Global Supply Chains, New York: Deloitte Development LLC, 2012. Department of Homeland Security website, accessed March 23, 2015. Findlay, Valarie. Cyber-Threats, Terrorism and the Counter-Terror Model Research Study, University of St. Andrew’s, The Handa Centre for the Study of Terrorism and Political Violence, / May 2014. Fernandez, Pascal. Supply Chain Collaboration Maturity - What Difference Does it Make? A presentation to APICS/Supply Chain Council on October 2, 2014. IBM Global Technology Services. IBM Security Services 2014 Cyber Security Intelligence Index: Analysis of Cyber Attack and Incident Data from IBM’s Worldwide Security Operations, Somers, NY: IBM, June 2014. IBM Global Technology Services. Resilience in the Era of Enterprise Cloud Computing: Design Considerations for Forward Thinking Organizations, Somers, NY: IBM, July 2014. Manners-Bell, John. Supply Chain Risk: Understanding Emerging Threats to Global Supply Chains, London: Kogan Page Ltd., 2014.

ISASA. An Introduction to the Business Model for Information Security, Rolling Meadows, IL: ISACA, Kirov, Krasimir. Supply Chain Risk Management: Minimize Disruptions, Reduce Risk and Make Your Supply Chain Resilient, self-published, purchased on amazon.ca, April 8, operationalexcellencetraining.com/ (Operational Excellence Series Book 6) (Kindle Locations 3-7). Kindle Edition. Maleski, Mark, et. al., Cyber Threat Metrics, Sandia Report, SAND , Albuquerque, NM: Sandia National Laboratories, March , accessed March 23, Marchese, Kelly and Jerry O’Dwyer. From Risk to Resilience: Using Analytics and Visualization to Reduce Supply Chain Vulnerability, Deloitte Review, Issue 14, accessed March 23, MLA Handbook for Writers of Research Papers, 7th Edition, New York: The Modern Language Association of America, 2009.

Norman, Thomas L. Risk Analysis and Security Countermeasure Selection, Boca Raton: CRC Press, 2010. Peck, Helen. Supply Chain Vulnerability, Risk, Robustness & Resilience, PowerPoint Presentation, a synopsis of Mangan, Lalwani and Butcher’s work published in: Global Logistics and Supply Chain Management, Hoboken, NJ: John Wiley & Sons, 2008. Ponemon Institute Cost of Data Breach Study: Global Analysis, Benchmark research sponsored by IBM and independently conducted by Ponemon Institute LLC., Traverse City, MI: 2014. PwC. A Practical Guide to Risk Assessment: How Principles-Based Assessment Enables Organizations to Take the Right Risks, PwC: December 2008. PwC. From Vulnerable to Valuable: How Integrity Can Transform a Supply Chain – Achieving Operational Excellence Series, PwC : December 2008. Rice, James B. and Spayd, Philip W. Investing in Supply Chain Security: Collateral Benefits, Washington, DC: IBM Center for the Business of Government, May 2005. Schuh, Christian., et al., Supplier Relationship Management: How to Maximize Vendor Value and Opportunity, New York: A. T. Kearney Inc., 2014.

Schuh, Christian. et al., The Purchasing Chessboard: 64 Methods to Reduce Cost and Increase Value with Vendors, New York: A. T. Kearney Inc., 2009 (Kindle Locations 2-4). Kindle Edition. Telecommunications Industry Association (TIA). Securing the Network: Cybersecurity Recommendations for Critical Infrastructure and the Global Supply Chain, Portable Document File (pdf) document on the TIA website, date of publication: July 20, accessed March 23, 2015

Supply Chain Risk Management Videos
Emeritus Professor Martin Christopher, Marketing and Logistics, SCM Key Challenges – Cranfield University School of Business – duration 8:31 Peter Foster, Cyber Breach Response Plans – Willis TV – June 19, 2015 – duration 2:54 Sharon Lindstrom, Managing Supply Chain Disruptions: How are Manufacturers Today Viewing Supply Chain Risk – Protiviti Risk and Business Consulting – November 12, 2012 – duration 3:14 Professor Brian Squire, Information, Decision and Operations Group, Supply Chain Risk Management – University of Bath – September 6, 2013 – duration 4:38 Tom Teixeira, Supply Chain Risk in a Global Economy – Willis TV – November 18, 2013 – duration 4:19 Professor Richard Wilding, Supply Chain Risk Reduction – Cranfield University School of Business – June 16, duration 5:57 Joe Yacura, Supply Chain: Understanding Risk Factors – Information Systems Group (ISG) – duration 7:58 for segment on cyber security (play 15:17 to 23:15) – total duration 28:45

Supply Chain Risk Management

Similar presentations

Presentation on theme: "Supply Chain Risk Management"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Supply Chain Risk Management

Similar presentations

Presentation on theme: "Supply Chain Risk Management"— Presentation transcript:

Similar presentations

About project

Feedback