Professional Documents
Culture Documents
Supply Chain Risk Management
Supply Chain Risk Management
Submitted to:
Dr. Masood Subzwari
Presented By:
Muhammad Danish 8796
Muhammad Ali 5979
Jan Mohammad Khan 8694
Table of Contents
S.No Contents Page Number
1 Letter of Acknowledgement II
2 Executive Summary 1
3 Introduction 2
18 Conclusion 56
19 References 58
I
Letter of Acknowledgement
April 29, 2009
Dear Reader,
Now that it’s all done, there’s finally time to reflect on the process. No report ever
grows full-bloom from a student’s head. It has hands to help it along the way: phone calls
for advice, serious review by professionals, critical notes and information from the World
Wide Web, and most of all the endless support of always available professor and friends at
It is an honor for us to prepare the report on “Supply Chain Risk Management” which
We would like to thank Dr. Masood for providing us the guidance all along in order
It was a pleasure creating such a report, on a topic so informative and practical, and
Sincerely
II
Executive Summary
Recent supply chain management optimization practices, while reducing costs and
leaning inventory levels, have left companies with unprecedented levels of risk exposure
and very little buffer inventory with which to recover. Many companies have recognized this
Both are necessary components to an effective supply chain risk management strategy.
With strong risk mitigation strategies in place a company is ready to face a given supply
chain event. However, not all events may be anticipated. When these events occur, a
company must be prepared to respond quickly and effectively or risk suffering financial and
To have an effective supply chain risk management strategy, a tool is required that
addresses both sides risk assessment and mitigation and event response.
1
Introduction
undesirable outcomes associated to its occurrence are firm’s inability to meet customer’s
Therefore, it is important for businesses to manage their supply risk. Clearly choosing
raw materials or inventories are kept. This decision however has the undesirable side effects
disruptions occurs due to supplier failure as well as from a variety of other factors such as
Since the early part of this decade, supply chain risk management has become
increasingly more recognized as a critical part of the corporate strategy. The move to leaner,
global supply chains and events such as severe weather, terrorist attacks and financial
assessment and mitigation, the process of identifying those points in the supply chain that
are at risk and developing strategies to mitigate the risk should the worst happen. This
2
process is necessary and correct. Those companies best able to recover from a supply chain
There is another side to supply chain risk management. Despite the best planning
and the best preparation, sometimes an event happens that was not anticipated, or, the
event that was planned for happens, but the mitigation strategy didn’t work as planned.
When this happens, companies need to be able to react quickly to the situation, assess the
impact, determine the best response(s) and implement these responses in a timely manner.
An analogy to consider would be that of driving a car. Most of us drive our vehicles
every day. The worst case scenario would be to get into an accident. Similar to a supply
chain event, a car accident can result in injured people and always costs money. To prevent
Despite our best efforts, dangerous situations, most of which are caused by external
factors out of our control, occur that could result in a serious accident if not handled. Our
ability to respond when these situations occur can determine whether or not the accident
Assess the situation (there is somebody in my lane going the wrong way),
3
Evaluate alternatives,
Implement the maneuver. (swerve to the right and avoid the oncoming car).
To avoid the accident, the response must be instantaneous. If the reaction is too long, the
In supply chain risk management, companies strive to understand and mitigate the possible
risks, but despite these efforts, events caused by external factors outside of their control
may occur that were not anticipated. This means that the company must now respond. This
response must be very fast if the company is to recover from the event. The most prevalent
lag in the system is access to information on which decisions can be made, often referred to
The team for responding to the event can evaluate several alternatives in a rational
The suggested responses can be evaluated and a final decision made by senior
management.
4
The combination of these factors determines how fast a company can respond when a
5
Importance of Supply Chain Risk Management (SCRM)
In realizing the business objectives, organizations are very much dependent on the
supply chain partners and the influence of any link in the supply chain. To ensure that the
gain a full understanding of all the developments and uncertainties that could emerge at
The ability to anticipate and respond promptly to external trends and developments.
Greater mutual understanding of the interests and problems of all supply chain
partners.
In recent years, supply chain risk management’s profile has increased. A 2007 AMR
“Nearly 50% of firms plan to implement or evaluate SCRM technology in the next 12 to 24 months,
indicating that penetration is relatively low and interest levels are quite high.”
6
“Managing Supply Chain Risk in the Supply Chain – a Quantitative Study;” AMR Research;
a Quantitative Study;” AMR Research; Mark Hillman and Heather Keltz; January, 2007
According to the same report, the following business trends are contributing to the
We have been driving the inventory out of our supply chains, saving money and
avoiding liability. Unfortunately, when a supply chain event occurs, there is very little buffer
Global sourcing
More and more, companies are sourcing supply from around the world. Lead times
7
Higher customer expectations
Consumers want instant gratification. Once the decision has been made to buy, they
want the product immediately. Slowdowns in the supply chain causing late orders can often
Instead of dealing with a set of component suppliers, supply chains today consist of a
network of contract manufacturers, with material flowing in all directions (it is not
uncommon for the brand owner to supply materials for their contract manufacturers –
making the brand owner a supplier and customer at the same time.)
Add to this the shorter life cycle of today’s consumer products and life gets
interesting fast!
Making it harder and more expensive to ship goods around the world.
8
The Risks of Prevailing Supply Chain Best Practices
9
Proactively analyzing and Mitigating Supply Chain risk
There are three key phases to proactively managing supply chain risk,
Take action – decide which risks need to be addressed and develop mitigation
Let us describe one-by-one to understand how to accomplish each and the tools needed
The first step is to assess supply sources to determine which ones are most critical to the
business. The most effective approach is to evaluate which suppliers contribute the most to
top-level revenue. From an analytics perspective, a tool is needed that will identify the
ultimate parent of each component, then assess the component’s revenue contribution.
Further, the assessment must be deep as well as broad. The assessment can’t stop at the
contract manufacturer. The assessment must also evaluate components that the contract
manufacturer uses. A low risk contract manufacturer that uses high risk sources is still a high
10
risk. This broad and deep analysis requires a tool that provides visibility to the whole supply
Once the supply base is prioritized in terms of their contribution to revenue, the risk
factors that apply to each supplier need to be assessed. This assessment is typically done
Supply chain risks can come in many forms. It is the responsibility of the risk assessment
team to imagine and understand these various types of risks. Supply chain risks at a high
Natural disasters, (severe weather, fire, earthquake) that disrupt the supply chain.
These types of events are very difficult to plan for; however, knowledge of the local
geography of a supply source helps to identify those suppliers more at risk. (Is the
Flu / pandemic, these types of events are similar to natural disasters in that they are
Political risks, which supply sources, are in an area of the world that is politically
unstable?
Transportation risks, what transportation routes are used to move materials and
11
Unstable Demand, is demand relatively stable? What if demand falls far below
expectation? What inventory liability will the company experience? What if demand
far exceeds expectations? Will the supply chain be able to keep up?
Unstable Supply, is the source reliable? Do they provide good quality products on
time?
These risk factors need to be applied to the supply base such that each supplier is scored
according to the risk factors outlined above. With the scoring of the suppliers and the
assessment of the impact each supplier has on the business, the supplier can be plotted on
12
The colors indicate the relative urgency for risk mitigation. Red indicates that a risk
Take Action
Once there is an understanding of the various risk factors, there is a need to determine
where action needs to be taken. Not all risks will necessarily be addressed. For risks that fall
into the green areas on the matrix above a company may decide not to develop a mitigation
strategy at all.
The mitigation strategies can be different depending on the situation. For risks related to
Demand shaping,
Buffer inventory.
13
The mitigation strategies must be modeled and tested. Given a different source, how
would the different lead times, costs, supply constraints impact the corporate metrics? To
test this effectively, the mitigation strategy is simulated and the results evaluated relative to
If the mitigation strategy chosen does not yield acceptable results, then a different
As time moves on, risk areas will change as will the mitigation strategies. Both the risks
and mitigation strategies need to be reviewed on a regular basis to ensure that new factors
are considered.
Supply chain risk management should not occur only a few times per year; it should be a
continuous process and monitoring of supply chain risk. It should include trends, not just
absolute numbers. Trends should be used as an early indicator to prevent risk situations
from occurring. Procurement teams need to be trained in risk management so that when
sourcing new suppliers, they can strive to add suppliers that reduce overall supply chain risk.
Logistics teams need to be trained to understand what routes are at risk and when. Supply
management teams need to recognize potential for inventory liability should demand for
14
The Supply Chain Risk management Process
15
Responding to Supply Chain Events
disruption was anticipated or not, responding to supply chain events can take two forms;
strategy
In both cases, the key element is timely alerting that an event has taken place. You can’t
respond to something if you don’t know it has happened. The supply chain should be
monitored and an alert triggered when a disruption has occurred so that those who need to
respond are provided timely notification. That being said, alerting on the event is not
enough. The alert mechanism should be smart enough to alert you on the events that
An unanticipated event is a disruption that despite best efforts was not foreseen and
therefore does not have a mitigation strategy prepared. In this case, the speed with which
the company can react and respond can mean the difference between an insignificant blip
An anticipated event is a disruption for which a mitigation strategy has been prepared.
In most cases, implementation of the strategy goes as planned, but sometimes there are
16
unanticipated problems; material shortages, capacity shortfalls, quality issues. In these
cases, being able to respond effectively can mean the difference between a fast recovery
17
Capabilities needed to Support Supply Chain Risk
Management
While the need is high for supply chain risk management tools, the capabilities of most
supply chain risk management tools are not keeping pace. Companies are looking for tools
to help them assess supply chain risk, develop mitigation strategies and respond to supply
chain events both anticipated and unanticipated. As companies begin their evaluation they
should ensure that any risk management assessment and response tool provide the
following capabilities;
Visibility
In order to properly assess supply chain risk and respond to events, visibility across
the supply chain is required. This means that the supply chain risk management tool must
be capable of integrating with, and modeling ERP analytics from, multiple disparate ERP
18
Event detection and alerting
The sooner a supply chain disruption is recognized, the faster the response. An alert
that shows up in e-mail or a portable e-mail device will ensure that the appropriate people
are made aware of the event when it happens. Too many times, event detection is based on
the event itself. To be truly valuable, alert should be triggered based on the anticipated
impact of the event. For example, if a supplier goes out of business, but the loss of this
Analytics
The full suite of supply chain analytics needs to be modeled in the supply chain risk
management tool to ensure the impact of a potential supply chain event is understood.
When an event happens, analytics are used to model the event and determine the impact.
Above all, these analytics need to be performed in real time, especially when responding to
an unanticipated supply chain disruption. When an event happens, every second counts and
a company can’t wait days or weeks to understand the impact or to determine resolution
alternatives.
Simulation
Simulation is critical to both sides of supply chain risk management. When assessing
the risks, simulation helps to model different risk scenarios. Further, simulation is used to
model alternative mitigation strategies to ensure that they are sound. When responding to
19
an unanticipated supply chain event, simulation is used to model and compare the various
response alternatives.
Collaboration
The risk management team will need to evaluate several possible mitigation
alternatives. Members of the team will likely not have the detailed knowledge necessary to
explore all alternatives in the detail needed to develop a robust mitigation strategy. The
ability to bring other people into the evaluation process is critical both to validate the
proposed strategy and to propose key improvements to the strategy. Similarly when
responding to an unanticipated supply chain event, collaborating with those with the
Scenario comparison
develop multiple approaches that potentially resolve the problem, but in differing ways. The
team needs to make a decision on which resolution or mitigation alternative best meets the
goals of the organization. One approach may extend lead times by 30 days, while the other
may increase the cost of goods sold by 10%. The decision on which approach is best needs
20
Supply Chain Risk Management
Controlling risks throughout the supply chain in the most effective and efficient
manner.
Monitoring current performance in supply chain risk management and the results
achieved.
21
Every company has its own worst nightmares, its own way of thinking about what risk
means and implies. A brief list of supply chain risks are given below,
Geopolitical instability
Natural disasters
Terrorist infiltration
However, the sheer volumes of supply chain risk events are stark reminder that formulating
plans for each specific event is impractical at best. A more feasible and fruitful approach is to,
Determine what kinds of risks are most probable and impactful, and
22
Construct categories of events that make it simpler to manage and mitigate risk.
chain risk and determine the general relationship that exists between their probability and
their cost/exposure.
Logistics risk
Refers to the dangers associated with the physical movement of goods and
materials. The frequency and impact of logistics risks are best addressed by maximizing
visibility across the global supply chain using technologies such as GPS tracking, real-time
23
Supply and supplier risk
Speak to the potential disruption of raw material and component supplies. For this
category, prediction is critical, being proactive about supply analysis and having contingency
plans and relief suppliers available in the bullpen. Companies also mitigate supply risk by
doing frequent network and capacity modeling. And many have implemented advanced
tools with embedded business rules that help them formulate optimal responses. There
generally is a slightly higher risk associated with suppliers than with supplies. Still, both
types are top of mind, given today's political instabilities and fluctuating fuel prices.
Reducing supply and supplier risk could involve using more distribution facilities that reduce
shipping distances, and possibly implementing more near- or onshore material and
manufacturing sources to reduce shipping timetables and fuel costs. On the technology side,
advanced inventory optimization technologies are available that help quantify supply and
supplier risk and perform simulation analyses to gauge risk impact. To manage these risks, a
company must have the ability to gather comprehensive data and apply analytics to garner
new insight.
Cost/commodity risk
Is closely related to supply and supplier risk. All companies hope to discover supply
alternatives that are less expensive than what they are currently using. The risk is either
failing to recognize these opportunities or not being able to migrate when the opportunities
are discovered. Supply chain models can help avoid this scenario by determining at what
24
Capacity risk
outsourcing partners. In this context, some failure probabilities can be calculated and risk
simply don't know what they have in terms of assets or what parts go into those assets. This
Relate more closely to the supply chain than intellectual property risk.
They also can be addressed by more proactively shaping demand with analytical and
pricing tools and by applying lifecycle management technology to make core product
decisions. Profitability risk and demand risk are also a huge manufacturing issue.
25
Three risk management guidelines
Innovative companies can do more to minimize risk, not just craft a response to it.
They can manufacture locally as well as globally; source contingent suppliers and logistics
providers; better monitor and adjust inventories and safety stock; and establish more
geographically distributed or near-shore supply bases. They also can reduce risk by updating
their supply chain strategies more often than the usually accepted three to five years. After
all, the world's rapidly changing business conditions require supply chain networks that also
should change more frequently. Change is more of a constant then ever before, so
companies must design their supply networks with resilience and agility in mind. Following
26
Effective risk management programs are formal constructs
The leading-edge technology must be combined with business processes that are both
risk-aware and to the maximum extent possible self healing. In effect, the goal is to create a
Most organizations do not have a formal capability for quantifying, anticipating and
operations plans" focus on major disruptions and specific assets, such as backup data
centers or offsite data-storage facilities. In effect, they are "asset-resilient" but not "mission-
resilient." In addition, few entities have evaluated the risks associated with new operating
Companies need to think holistically about how to develop their risk management and
mitigation programs. Historically, most entities' approaches have mirrored the shortcomings
27
In recent years, many have sought to remedy the problem by developing enterprise-
insights are reflected in their development of more integrated risk management models.
However, these efforts still fall several steps short of an holistic, centrally guided and
The guiding force behind any company's risk management and mitigation program is
preparation: understanding what potential disruptions exist; the likelihood, severity and
duration of their occurrence; and the range of prioritized responses. The complexities of
today's environments make it nearly impossible to accurately identify all of the scenarios
that might occur. A better and more practical course is to focus on commonalities across
scenarios, shared symptoms. This means developing resilience frameworks not for work
28
stoppages, hurricanes, terrorist attacks and so forth, but rather for labor shortages,
Building a risk program around symptoms (the effects) rather than scenarios (the
events share characteristics, impacts and, most importantly, responses. As discussed above,
there simply are too many potential disruptions for a business to develop comprehensive
resilience programs for every one. For example, problems as varied as weather events and
labor-driven port closures evince a similar need to maintain core services and suppliers. We
often cannot know in advance when or where such upheavals will occur. But we can
develop symptom-based programs that speak to the need for quick responses regardless of
the specifics.
29
Distinctive capabilities for managing risk and achieving
high performance
Companies develop distinctive capabilities by thinking and acting in distinctive ways, one of
which is the ability to understand, anticipate, respond to, and (to varying extents) predict
Global visibility
Every year, supply chains get longer. As a result, visibility, observing the complete end-
to-end supply chain from the point of demand, through design, supply and manufacturing,
all the way to sales, consumption and/or obsolescence, becomes more essential. And it's
not just visibility; it's timely visibility, as close to real time as possible.
30
Intelligent alerts
Shipping goods from Asia into the United States or Europe invariably means multiple
parties, ports and transportation modes. Discovering quickly where a delay will or likely will
occur for example, having alerts pop up via a global sensing mechanism, is key to finding
alternative ways to move goods. The more sophisticated a company is with intelligent alerts,
Advanced analytics
It's not enough to capture, present and summarize information. Companies must have
the tools to work with the information they receive to walk the talk. These analytical
capabilities have not traditionally been part of applications that gather, summarize and
present data, but they are now key to making risk control part of a broader information
management package.
companies to interpret and classify alerts (for example, "Is this a supply issue, a demand
issue, a capacity issue, a customer-preference change, etc.?") and form conclusions about
what the data mean. Analytics also epitomize continuous improvement because they
only demand planning applications have done this. However, analytics capabilities can now
31
Standardized processes and technologies
As companies expand and merge, the need becomes stronger to create business
processes that are consistent across internal functions and operations, as well as among
companies and the business partners and third parties with which they operate. A good
example is working with distributors to serve Asia Pacific markets. While it's unlikely that
identical systems and processes across organizations will be possible, it is nonetheless vital
that they be compatible, for example, with aligned order-management processes, naming
technological incompatibilities are clearly a major risk item, one that can be significantly
In the aggregate, the above four capabilities comprise dynamic operations management,
the ability to see and interpret supply chain information and dynamically adapt sourcing,
inbound supply, manufacturing and distribution operations accordingly. Imagine that out of
five containers on a delayed shipment, only two are critical (e.g., for a scheduled trade
suggestions about what alternatives might be enacted for only those containers. It's the
32
There are innumerable ways that risk can be reduced and material value enhanced
when exceptional risk management capabilities are built into a supply chain's basic
structure. This is the nature, and the reward, of high performance, knowing better than the
competition what to expect, and having the capabilities to turn that knowledge to your
advantage.
33
Supply Chain Risk Management Is A Strategic Concern
Risk can be described as the possibility that a future state or outcome may not turn out
as desired. In a steady state environment, this possibility is low because there is minimal
variability in the system. But supply chains are constantly changing where the sources of
variability can come from customers, partners, suppliers, and internal operations. Today,
supply chain variability is increasing due to a number of trends. For example, demand-
While more choices make customers happy, increasing features and options make it
Increasing competition
Competition creates price elasticity, and the demand picture must be continuously
Changing customer trends are compressing product lifecycles and the time window
34
Supply trends that contribute to variability include
Global operations
Along with its benefits, globalization has also opened a “Pandora’s Box” of risks, Lack
fluctuations, intellectual property theft due to lack of security or enforceability are all part
of the deal.
35
Process fragmentation
While a focus on core competency has made companies more competitive, a multi-
enterprise supply chain also creates operational silos and communications disconnects,
Many companies are forced to trade off the cost advantage of off-shore operations with longer
The root cause behind the dramatic increase in supply chain risk can be summed up as follows,
On one dimension, the scope of change is increasing (driven by customer trends), but on
36
Supply Chain Risk Management Framework
The Design phase essentially defines the boundaries of the risk management strategy. It
works just like an insurance policy in the sense that it about understands what risks you
want to protect yourself against, and how much you are willing to pay for that protection. It
is a deliberative exercise that involves a number of techniques and tools to weigh all the
decision variables and finally converge on the optimal supply chain network design that
balances all these objectives. The design phase also deals with the more qualitative aspects
37
of risk since it is often relative to a number of factors like industry characteristics,
With the optimal network in place that is aligned with your tolerance for risk, the Planning phase
focuses on surfacing all potential deviations from the normal operating plan, evaluating their impact,
ranking these risks, and developing detailed contingency plans that are to be put into action in the
event of a disruption. The planning exercise reveals that the total numbers of feasible options to
mitigate risk are actually finite and relatively manageable, where the event and its resolution can
The quality of planning is reflected in execution in terms of how quickly you can recover
from a disruption. The more thorough and detailed the planning scenario, the less time
needed to design or deliberate the appropriate course of corrective action. The other key
aspect of this phase is defining clear alert criteria that serve as the trigger mechanism to
38
Strategic: Designing for Risk
The strategic or design phase must satisfactorily address the following question:
Do I have the right supply chain network structure that is aligned with my risk
management objectives?
Answering the above question involves a number of activities or tasks which are
discussed below.
different sequence than listed below, and sometimes it may need multiple iterations.
Ultimately, the point of the exercise is to be thorough while understanding that the design
phase essentially defines the boundary of possibilities for the risk mitigation plans that will
Documenting the risk management objective helps provide guidelines to the executive
management team in terms of how it aligns with the business agenda, how important it is
relative to other initiatives, and what the cross-functional team needs to look like. Start by
asking some basic questions at a high level to create a vision for Risk Management,
39
Why are we doing this?
This step is about gaining a deeper understanding of what risks you want to protect yourself
It should be comprehensive
Currently, there is no single formula or standard approach to assessing the risk appetite
for a company’s supply chain. While we chose to classify the risks in the four categories as
It should be interactive
all the relevant risk dimensions (at least initially, in case you wish to administer this to a
40
It should be iterative
The discussion format helps to evolve the questionnaire by verifying, adding, modifying,
Since tolerance for risk varies by individual, there is an element of subjectivity to the
exercise. The ability to capture these inputs across multiple respondents and “normalize”
the answers for the group will require knowledge of data collection and analysis methods to
41
Define the Risk Management organization
The Risk Profile helps the executive team understand (at a high level) if there are indeed, gaps in
the current risk management strategy, and subsequently create the appropriate organization who is
tasked with closing these gaps. In addition to the team internal to the enterprise, the organization
chart should also identify the appropriate Risk Management counterparts in the partner
In addition to reviewing the data from the Risk Appetite survey, a SWOT analysis
Risk Management team get aligned on a shared, high-level view of the Risk Management strategy.
The final task in the strategy phase is to ensure that the supply chain network is designed to
meet the stated Risk Management objectives. It is an iterative process that involves the following
steps;
Since there is already a network structure in place, the first step is to map the “as-is”
network structure in terms of cost, lead times, inventory levels, supplier quality, etc.
Next, we analyze the alternatives and compare the implications of different structures such
as nearshore, off-shore operations, etc.. This step must wait until the Planning phase flushes
42
Select the optimal network structure. Given the strategic nature of these changes, it may
take time to implement some of the decisions to align the network with the risk
management objectives.
43
Tactical: Planning for the “Undesirable”
Following the decisions regarding the optimal network structure, the tactical or planning
Do I understand all the possible risk events or deviations from normal operating
plan?
And do I know of all possible alternative plans in case these events happen?
Planning for Risk requires a different perspective. Traditional supply chain planning is
about creating a single optimal plan that is released to execution. This supply chain plan
assumes “normal operating conditions” and assumes a fixed network path across the nodes
44
In contrast, Risk Management involves MULTIPLE “network paths” or contingency
plans for any deviation. The example shown in Figure above shows an exception event
occurring at N2. We show two possible mitigation plans to correct the deviation, each
triggered when a certain level has been reached in the “risk threshold”. The thresholds can
Unanticipated events are a fact of life and deviations will occur, but through proper
planning it is possible to quickly get back on track before it is too late. i.e., before they have
Developing these mitigation plans for the “undesirable” constitutes the majority of
the effort behind the Risk Management exercise. Good contingency planning is all about
being proactive, because the goal of execution is get back on track in the shortest possible
time. By having well-thought out contingency plans ready to be put into action, immediately
upon knowledge of the event, companies can ensure they can indeed protect themselves
Many companies don’t formally do Risk Management because they believe that the
future is too uncertain to plan for every contingency. While it is possible that any number of
events can happen, the numbers of feasible options available to mitigate those events are
actually finite. To be more precise, they fall into three dimensions Material, Capacity, and
Information, which means the mitigation strategies can be identified, ranked, documented,
and prepared for deployment with reasonable effort and management commitment.
45
For a given network, Planning involves the following activities or tasks:
In this step, the Risk Management team looks at each node in the supply chain network
structure and identifies all the potential constraints and failure points. As shown in Figure
above, every risk event can be related to one of three types: inventory (material), capacity,
or information. In effect, we portray the enterprise as being supported by these “three legs”
This is often one of the more challenging aspects of a Risk Management strategy
46
Identify the alternative courses of action (for each failure point)
In this step, we come up with potential alternatives for each failure point. The team
enumerates the advantages and disadvantages for each alternative as well as estimates the
cost and effort to implement it. The teams can also proactively build detailed contingency
plans using Microsoft Project as ready-to-deploy templates to compress the reaction time.
This step underscores another key challenge for Risk Management because in order to
rank the alternatives, we also need to be able to quantify the impact as well as the cost of
the alternatives. If possible, cost models can be built to support these decisions. Otherwise,
techniques like AHP are useful for managing qualitative decision criteria.
Finally, all the preparation, analysis, and design of the various contingency plans are
recorded in the Risk Management database. While it needs to capture some basic data
elements (Alert Criteria, Type of Risk, Preferred Mitigation strategy, Alternative strategies,
velocity will become clearer as we delve into the Execution phase discussion. Evolving this
Management organization.
47
Tactical: Understanding Supply Chain Risk
At this point, it is worthwhile to help understand the different types of supply chain
risk. In fact, Risk Management is a broad term that encompasses a number of different
activities and initiatives that you may already be doing today, such as Supply Chain Event
Nevertheless, the key point here is that all these activities need to be aligned along a
clear and cohesive strategy for managing the different types and sources of variability and
risk in supply chains. One approach to identify and classify these risks is illustrated in figure
48
Quadrant 1: Desirable but not necessarily viable
While this quadrant represents the least risk it is not always a viable goal due to supply
chain realities.
Typical supply chain examples in this category include transportation delays, inventory
short/over-supply situations, capacity shortages, etc. that are now increasingly common due
While the more severe types of disruptions may provide the impetus for a formal Risk
Management initiative, not effectively addressing the challenges of this quadrant can create
losses as a result of “death by a thousand paper cuts”. But by monitoring these events, root
causes can be analyzed and strategies can be devised to reduce the frequency of these
a supplier loss situation (fire, labor strike, etc.) where continuity of the business is at risk.
While detailed contingency plans can reduce recovery time, the nature of the
disruption and conditions on the ground will influence how quickly you can get back on
track.
49
Quadrant 4: Need for structural change
The most effective way to mitigate the risk from these types of events is to change
the supply chain network structure. Because of their higher frequency or probability of
occurrence, examples of such disruptions are typically associated with trends. The external
trends are often geo-political in nature such as rising energy prices, corruption, unfavorable
exchange trends, regulatory trends, etc. Trends could also be internal where management
changes may be necessary to implement a change in strategy. In any event, the recovery
time is often the longest due to the structural changes required to reduce this type of risk.
50
Operational: Monitoring and Executing to Risk Events
The operational or execution phase must satisfactorily address the following questions:
What must I do quickly to get back on track — or minimize the impact of the event?
And what can I learn from this to improve for the next time?
When an event or deviation happens, each contingency plan will be put to the test in
terms of its “reflexes”. As shown in above figure, speed of execution is everything because
the slower your reaction time, the longer it will take to “get back on track” and the greater
your potential loss. In some cases, there may be multiple mitigation plans driven by time
sensitivity.
51
Transportation is a typical example that illustrates both points: The cost of expediting
goes up and the options change with each day until action is finally taken.
natural disasters or calamities) are hard to anticipate and require someone outside the
organization to activate the alert. In other cases, a company can also proactively monitor for
events (e.g., failed to receive advance shipment notification), and by keeping a history of
risk events and exceptions, they may be able to analyze and predict the next likely
occurrence.
Once the alert criteria has been defined for the monitoring process, the Execution phase
52
The Execution phase involves the following activities or tasks:
In this step, the disruptions are identified, categorized, and the details are recorded in
the Risk Database, and the resolution process is triggered by the request for a meeting.
Pre-assigning each risk event or category to specific owners ensures that someone
immediately begins driving the resolution process. And the Risk Management
organization chart should make the escalation process clear should it warrant senior
level attention.
The first meeting is convened to brief relevant parties, the situation is discussed, and
tasks and deadlines are assigned to team members to gather more information (if required)
53
Auto-notification of all relevant departments and risk team members and scheduling
of first meeting.
Send a summary of the risk situation along with attachments or links to appropriate
Collaborate
If the planning phase is thorough and contingency plans were created in detail, then
collaboration is likely to be minimal. But for events with low probability of occurrence but
high severity of impact (natural disaster, terrorism, etc.), there will be unique information
arriving in real time that must be considered before making an optimal decision. In this case,
there may be multiple meetings before a final decision is put into action.
Reach out to other companies who are willing to share their experiences in dealing
Consider subscribing to a newsflash service for each region in your global supply
chain
For terrorism or natural disaster events, proactively contact your local, state, and
federal emergency services for any program information that should be known
ahead of time.
54
Continuously Improve
To some extent, good Risk Management is also a matter of experience because empirical
knowledge makes the contingency plans better. But the learning curve can only be
compressed if there is a continuous improvement process that tracks how often risk events
happen, what was done, how effective it was, and how it could be improved for the next
time. This is how you build a sophisticated Risk Management knowledgebase, and it
becomes your ultimate tool for survival and success in an increasingly uncertain world.
55
Conclusion:
summarized as follows,
opportunity in Supply Chain Management. While the “adaptive” supply chain philosophy is
recognized as key to dealing with variability, few companies actually do it well. To get to the
next step in the SCM journey, Planning needs to expand its current perspective to plan for
The MRP to APS evolution was about creating more “desirable” plans (this is an
The Risk Management evolution is about planning for “undesirable” events (this is an
Since it is the “undesirable” part that forces rapid adaptation, Supply Chain Event
management approach. The processes that come after the alert are what need to be
formalized as the next step in the Adaptive SCM evolution. What makes this effort feasible
While disruptions happen for a variety of reasons, its’ impact can be only of three
56
To recover from these problems, the universe of feasible mitigation strategies isn’t
These need to be proactively developed with proper planning and with the right guidance
and technology enablers, the implementation effort and cost can be made attractive for
greater adoption.
57
References:
“Essential Characteristics of a Supply Chain Risk Management Strategy”
www.iwchallenge.com/0109/images/0109SupplyChainRisk.pdf
www.riskcentral.org/e107_files/public/1188463346_scr_overview.pdf
www.accenture.com/NR/rdonlyres/.../0/InfoDriven_POV_single.pdf
www.som.utdallas.edu/centers/c4isn/documents/c4isn-framework-August06.pdf
58