Managing the Risk of Supply Chain Disruption

Supply Chain Management and Financial Management Webinar June 19, 2013

Thank you for attending. We will begin at 11:00 a.m. (Central Time) Audio is available through your computers speakers or through direct dial-in

Speakers:
Mary Driscoll, APQC Eric Gerner and John Hejka, Experis Michael Miedema, Baker Hughes

If you have technical questions or need assistance contact GoToMeeting customer support at: (888) 259-8414 or +1-805-690-5751

Housekeeping

Audio is available through your computer speakers or through dial-in. All lines are muted. You can submit questions/comments at any time. We will address all questions during the Q&A session at the end of todays presentation.

Links to the slides and recording will be made available and sent to all attendees via e-mail.
2

2013 APQC. ALL RIGHTS RESERVED.

Todays Speakers

Mary Driscoll, Senior Research Fellow, APQC Eric Gerner, Director of Risk Advisory Services, Experis John Hejka, Finance Transformation COE, Experis Michael Miedema, Director of Strategic Sourcing, Baker Hughes

2013 APQC. ALL RIGHTS RESERVED.

Overview

In April 2013, APQC conducted a survey to test the extent to which supply chain executives and finance managers at large global organizations are concerned about three macro-level, external risk factors to supply chain stability:

High-impact natural disasters such as major tsunamis, earthquakes, volcanoes, or floods; Extreme weather such as devastating droughts, wildfires, or cyclones; and Political turmoil in vitally important world regions.

APQC also asked about the frequency and adequacy of formal risk assessments involving various tiers of supply chain participants.

2013 APQC. ALL RIGHTS RESERVED.

APQC Research

Most organizations caught off guard by unexpected supply chain disruption.

Has your organization experienced at least one unexpected supply chain disruption in the last 24 months?

90% 80% 70% 60% 50% 40% 30% 77%

20%
10% 0% Yes

16% 6% No Don't know

N = 195

2013 APQC. ALL RIGHTS RESERVED.

APQC Research

Supply chain disruption draws the attention of senior executives.

Was this disruption serious enough to draw the sustained attention or intervention of the top executives at your organization?

80% 70% 60% 50% 40% 30% 20% 10% 0%

73%

21% 6% Yes No Don't Know

N = 151

2013 APQC. ALL RIGHTS RESERVED.

APQC Research

The majority of large, global organizations are now concerned about the risk of serious physical disruption of their supply chains due to high-impact natural disasters, extreme weather, or political turmoil.
In your opinion, how concerned are your organizations leaders today about high impact natural disasters, extreme weather, or political turmoil.
100% 87% 87% 86%

80%

60%

40%

20%

13%

12%

14%

0% Concerned High-impact natural disasters (N=192) Not Concerned Extreme weather (N=191) Political turmoil (N=192)

2013 APQC. ALL RIGHTS RESERVED.

APQC Research
Does your organization have key supply chain partners in areas of the world known for high-impact natural disasters, extreme weather, or political turmoil?

70% 60% 50% 40% 30% 20% 10%

63%

28%

9%

0%
Yes No Don't Know

N = 196

2013 APQC. ALL RIGHTS RESERVED.

APQC Research

Among survey participants who have had at least one unexpected disruption in the last 24 months, 56% have added rigor to the process of assessing supply chain resiliency.
60%

56%

56%

44%
40%

44%

20%

0%
Yes, experienced at least one unexpected supply No, did not experience at least one unexpected chain disruption (N=126) supply chain disruption (N=27) Yes, we have taken steps to add rigor No, we have not taken steps to add rigor

2013 APQC. ALL RIGHTS RESERVED.

APQC Research

Only 26% of organizations have a continuity plan that is sound and meets business needs, or is well managed. That leaves 74% exposed to the risk of disruption of physical assets in their supply chain, whether at a company-owned facility or at a key vendors facility.
Majority Not in Good Shape
60%

43% 40% 31% 26% 20%

0% No supply continuity plan/under construction Supply continuity plan being revamped or needs further improvement Continuity plan is sound and meets business needs/ sophisticated and well managed plan

N = 195

2013 APQC. ALL RIGHTS RESERVED.

10

APQC Research

Top 3 obstacles that can undermine management of supply chain disruption risk.

Poor visibility into risk factors among Tier 2 and Tier 3 suppliers Lack the resources needed to assess risks at supplier sites Lack a single process owner for management of supply chain disruption risk

Yes We have poor visibility into risk factors among Tier 2 and Tier 3 suppliers We lack the resources needed to assess risks at supplier sites We lack a single process owner for management of supply chain disruption risk

No

Dont Know 14.0% 11.2% 11.5%

64.8% 47.4% 43.8%

21.2% 41.3% 44.8%

193 196 192

2013 APQC. ALL RIGHTS RESERVED.

11

Whitepaper Forthcoming

All APQC member registrants will receive a free copy of the final whitepaper and nonmember registrants will receive the whitepaper at a discounted price of $50.

2013 APQC. ALL RIGHTS RESERVED.

12

Enterprise Risk Management

Risk Management Framework Supply Chain considerations

APQC Webinar June 19, 2013 Eric Gerner Director of Risk Advisory Services
Experis | Wednesday, June 19, 2013 13

Enterprise Risk Management

Structured Risk Management Drivers

Volatility in performance shock losses

Regulatory scrutiny
SEC increased reporting requirements for risk-related Governance and Compensation practices and policies, risk identification and analysis (Rule 33-9089) Regulators assessing formal Risk Management programs as a component of corporate governance and sustainability

Rating Agencies considering Risk Management practices (Moodys, Standard & Poors)

Legal
Board of Directors and management exposure Fiduciary responsibility to stakeholders Shareholder activist groups

Reputation and market cap preservation

14

Enterprise Risk Management

Risk Management according to Standard & Poors

An approach to assure the organization is attending to all risks
A set of expectations among management, shareholders and the board about which risks the organization will and will not take A set of methods for avoiding situations that might result in losses that would be outside the organizations tolerance A method to shift focus from cost / benefit to risk / reward A way to help fulfill a fundamental responsibility of a companys board and senior management A toolkit for trimming excess risks and a system for intelligently selecting which risks need trimming A language for communicating the effort of the organization effort to maintain a manageable risk profile
15

Enterprise Risk Management

What Risk Management is NOT (according to S&P)

A method to eliminate all risk
A guarantee that the company will avoid losses A crammed collection of longstanding and disparate practices A rigid set of rules that must be followed under all circumstances Limited to compliance and disclosure requirements A replacement for internal controls of fraud and malfeasance A replacement for sound management judgment Exactly the same from year to year

16

Enterprise Risk Management

Supply Chain Governance Key Risk Questions

Is there a process for reporting supply chain risk and performance? Does the organization structure support risk reporting? Are key uncertainties being managed? Are there assurances that supplier capabilities are effective? Is a risk-sensitive culture in place?

Reporting

Strategy

Is there a process for assessing supplier risk and capabilities? Is Board advised of mission-critical risks?

Execution

Tolerance and Policy

Is opportunity-seeking behavior balanced with risk-taking? Are boundaries and limits adequately defined?

17

RISK MANAGEMENT FRAMEWORK

Risk Universe Risk Appetite Risk Tolerance

Enterprise Risk Management

1 - Establish Goals and Objectives

7 - Monitor and Analyze Risk 2 - Identify, Assess and Prioritize Risks

Organizational Structure

Authority Policy

6 - Execute Plan of Action

3 - Develop Response Strategies and Options

Ownership

5 - Develop Plan of Action

4- Assess Capabilities & Information

Informational Flow

18

Enterprise Risk Management

Risk Appetite Residual risk tolerance

Universal
Risk Universe - Key Supply chain issues

Acceptable exposure to volatility of outcome 4 3 1 3 1 2 2 1 1 3

Management and Control Structure 5 4 2 4 2 3 3 2 1 4

19

Quality

Cost structure Capital Requirements Changing economic/political conditions Natural Disasters, business interruption Reputation Information Security and accuracy Timeliness Fraudulent/unethical activity Key customer/capacity

Enterprise Risk Management

Risk Assessment (The Basics)

Timing? Build risk universe first Risk in uncertain future event, not auditable entities Rating criteria Impact (qualitative vs. quantitative) Likelihood Management Effectiveness/Process maturity Velocity Inherent and Residual Risk evaluation
Management processes that address inherent risks reduce the residual risk Inherent risks inadequately addressed by management processes result in heightened residual risks to the organization

Analytical results for prioritizing exposure areas

20

Enterprise Risk Management

Dealing with Residual Risk

Who owns SLAs
Leverage internal audit (audit clause) SSAE 16 Type 1or 2 Ongoing assessment
Risk rating Capabilities

Alignment with goals

Risk tolerance

Interrelationship of risks

Monitoring
Constant communication view as extension of your team
21

Supplier Risk Management & Mitigation

June 2013

Disclaimer
This document (together with its content) is the property of Baker Hughes Incorporated. 2013 Baker Hughes Incorporated. All Rights Reserved. No part of this document may be reproduced, transmitted or otherwise distributed in any form or by any means, electronic or mechanical, including by photocopying, facsimile transmission, recording, rekeying or using any information storage and retrieval system, without the prior written permission from Baker Hughes. Neither Baker Hughes, nor any of its employees, endorse any of the products or services referenced in this document. The views expressed are not necessarily those of Baker Hughes. Baker Hughes expressly disclaims any liability in connection with this document, its contents or its use by any third party.

Purpose & Process

Purpose:
Identify Risk in relation to key suppliers and products Quantify the level of Risk Develop a plan to mitigate the Risk based on the overall score or where a single Risk is unacceptable Approve a mitigation plan at the appropriate management level

Process:
Utilize a Risk Analysis Worksheet to determine the Risk Score for each key supplier Where the overall risk score is not acceptable or not acceptable for any single element develop and execute an approved mitigation plan

Areas for Evaluating Risk in Suppliers

Six Risk areas

Single Source/Sole Source (IP)

Financial Stability Privately or publicly held
Markets Served Key Customers

Complexity/Critical Processes/Capability Business Continuity Capacity/Performance (acceptable KPIs) Political, Security, HSE, Trade Compliance

Review & Rating Process

The Commodity Group is responsible for conducting the

risk assessment and mitigation planning, if needed Where a suppliers products cross multiple Commodity Groups, the Commodity Group with the greatest spend is responsible for the risk assessment The risk categories may be adjusted by the Commodity Group as required to properly evaluate the risk
A whole number value is to be assigned from 1 (lowest

risk) to 5 (highest risk) for each risk category. Wherever a 5 risk is indicated a comment field is to be filled in with an explanation of the reason for the risk level

Supplier Risk - Example Ratings

Supplier Risk Evaluation Form
Vendor Name 2009 USD (millions) Vendor Category PL SS/SS (IP) Fin. Stability Complexity/ Critical Process Capability Succession Plan Capacity/ Performance Political and Associated Risks Overall Risk Comment

Supplier A Supplier B Supplier C Supplier D Supplier E

$5 $4 $3 $2 $1

Strategic Partner Critical Supplier Strategic Partner Strategic Partner Strategic Partner

PLT A PLT B PLT C PLT D PLT E

1 5 1 1 1

1 1 3 3 4

1 1 4 3 4

1 1 4 3 4

1 1 3 3 4

1 1 3 3 4

6 10 18 16 21

PL = Plant SS/SS (IP) = Single Source/Sole Source Fin. Stability = Financial Stability

Supplier Risk - Review and Rating Process

Using the risk analysis form to measure the 6 areas of risk, a combined score of the 6 areas between 6 and 30 will be assigned to each supplier. 6 being the lowest risk possible and 30 the highest. Rating Color Green Yellow Red Combined Score <16 16 - 20 >20 Highest Single area Risk Score <5 <5 5 Risk Acceptable Moderate High Action No Further Action Develop Risk Mitigation Plan Evaluate severity of risk and develop Risk Mitigation plan

The Risk Assessment process is to be revisited on an annual basis. Commodity Groups are responsible for a Risk Mitigation Plan to reduce the risk to less than 16 when the risk is between 16-20 with a six month review period. If the suppliers rating is not improved to below 16 in the six month review period, they will then be responsible to develop a new risk mitigation plan which will include alternative products or replace the supplier. A risk mitigation plan is to be submitted for each to the VP of Supply Chain for approval for suppliers who have a risk >20 or any individual category rating of 5.

Supplier Risk Rating Form

Vendor Category Key Product Line Single Source/Sole Source (IP) Financial Stability Complexity/Critical Process Capability Succession Plan Capacity and Performance Compliance/Security Overall Risk Score

Final Q & A

2012 APQC. ALL RIGHTS RESERVED.

30

Presenter Contact Information

Eric Gerner, Experis

Director of Risk Advisory Services Eric.Gerner@experis.com Finance Transformation COE John.Hejka@experis.com Director of Strategic Sourcing Michael.Miedema@bakerhughes.com

John Hejka, Experis

Michael Miedema, Baker Hughes

Mary Driscoll, APQC

Senior Research Fellow, Financial Management mdriscoll@apqc.org

31

2013 APQC. ALL RIGHTS RESERVED.

For More

Visit www.apqc.org/knowledge-base to see more APQC events and browse content. Have a suggestion? Let us know what topics you would like future webinars to cover at www.apqc.org/feedback.

2013 APQC. ALL RIGHTS RESERVED.

32

APQC Contact Information

US: 1 (800) 776-9676 INTL: +1 (713) 681-4020 FAX: 713-681-8578 apqcinfo@apqc.org www.apqc.org

2013 APQC. ALL RIGHTS RESERVED.

34