Professional Documents
Culture Documents
Risk Management in SCM
Risk Management in SCM
The headlines from the last five years have included terrorist acts, the start
of a war, a tsunami hitting two continents, and back-to-back category-3
hurricanes hitting the United State's Gulf Coast. That ought to be enough to
convince any supply manager to start thinking about "the unthinkable." Yet
too often supply management professionals are focused only on
negotiating the best bargain for their materials. They forget that a
seemingly great bargain could be prone to a catastrophic disruption in
supply and result in a costly halt to production.
Executives are waking up to the fact that disruptions in the supply chain
can bring disasters to the bottom line. They are more often requiring all
staffing levels in all departments to participate in effective risk management
planning. The rationale for this is that risk management planning needs to
go beyond the effects of major calamities. Executive management
understands that a company's failure to plan, measure, and mitigate risk
factors in their supply chains can negatively affect product quality,
customer retention, brand strength, and corporate earnings. Particularly for
products that provide high profit margins, risk management takes on an
increasingly important role.
It must identify risks for the entire life cycle of every product or service
the company provides—from initial research and development through
commercialization. To unearth potential supply-related problems, the
entire organization needs to be involved—from purchasing through R&D,
marketing, operations, and sales.
It must be able to predict the financial impact that a supply disruption
can cause.
It must offer strategies that can mitigate the effects of any disruption
of supplies—with costs and benefits associated with each alternative.
It must delve deeper into the supply chain than the first tier. Many
organizations fail to recognize risk throughout all tiers of the supply chain.
This article will discuss ways to identify and analyze supply chain risks. In
addition, we will present six steps that a company can take to build a plan
for dealing with potential supply disruptions.
Many companies struggle with the question of what constitutes risk in their
business. They realize that risk management is important, yet they aren't
sure where to start or what to measure. For this reason, it can be helpful to
understand the general types of risk drivers. There are two main types of
risk: external risks, or those that are outside of your company's control, and
internal risks, or those that are within your company's control.
The sum of all the overlapping risk factors—both internal and external—is
the "total risk" for a given supply chain (see Exhibit 1). By assessing the
total risk, managers can analyze their situations and assign resources to
improve their risk mitigation efforts. To arrive at that total risk, however,
they must undertake a risk management process to identify the
vulnerabilities in each of the risk areas, the circumstances that create the
vulnerability, the probability of occurrence, and a process to mitigate the
risk.
Identify each raw material. Begin by building a flow chart for all the raw
material inputs. Work backward from the actual material you are
purchasing to the origin material sources. Delve deep into each material to
understand and capture the processes used by each supply source. These
might be the supplier's processes for acquiring raw materials or
manufacturing the product. Expand the chart to include potential as well as
existing suppliers to gain an assessment of competition and backup
sources. Identify the value-added steps in the flow of materials to assess
the possibility of buying materials closer to origin to improve
competitiveness as well as reduce potential supply risks.
The information gained from the supplier visit will form the basis of the
supplier summary that the team will create. Developing supplier information
is an ongoing process and must include:
Outlining the assessment process for all of the risk factors would be
beyond the scope of this article. Instead we will focus on those that are
most important to the supply manager.
Supply risks. Evaluate the supply risks for each identified strategic
material throughout its entire supply chain. What are the potential
vulnerabilities or events that create the risk? Work stoppage, raw material
outage, unreliable material supply at origin—these are all potential risks to
consider.
For each potential risk event, assess its impact on your company's
production:
Demand risks. It's also important to determine the demand risks for your
company's finished goods. These risks typically center on the following:
number and size of customers, stability of demand, frequency of new
product introductions, and the financial condition of customers and industry.
Are there emerging technologies that could make your product and
company obsolete? Are there barriers to new competition such as high
capital or patented technology? Assess your company's position relative to
the risk factors to understand demand risk.
Internal Planning and Control Risks. Also know what your internal
financial risks are and the controls in place to manage those risks. There
may be other planning risks to review including the cost and time needed to
add production or sales capacity, qualify alternate supply sources, obtain
government regulatory approval, and make decisions.
Take into account all the identified risks and prioritize them. Using some
sort of risk template, rank the risks in order by assigning a risk score. This
template could be a risk spreadsheet, a Monte Carlo simulation, or your
own internal system based on scenario planning. To establish the risk
score, estimate the probable duration of the disruption and costs to
recover. Include a "worst possible scenario" to assess the effects of a long
period of supply disruption. Then evaluate if other options will provide a
measure of protection and what the cost would be for that protection.
Defining the probability of disruption occurrence along with risk costs will
lead to a "probabilized" total cost of the risk. A Monte Carlo simulation of
the occurrence based on random games of chance will assist in developing
variable values at random to simulate a model and can be placed into a
computer spreadsheet to simulate the risk.
The best way to drive down the cost of risk management is to develop a
thorough risk mitigation plan that considers all the cost drivers associated
with the risk. Use the risk template and information developed in step three
to rate or quantify the identified risks after mitigation. By describing action
steps and estimating costs for these actions, a total mitigation cost can be
estimated after factoring in the probability of an occurrence. In business, it
is essential to present the risk assessment in financial terms.
With the risk analysis data developed, build a professional business case
presentation and present the information to executive management. This
effort should be led by the head of supply chain management or
purchasing. Be specific on the risks identified and clear on the action steps
and commitments needed. Schedule periodic progress reviews with an
executive management steering committee. It is critical to have executive
management support when developing and implementing a risk
management strategy to the organization. They provide a strong voice and
commitment to the goals being outlined and eventually executed.
Management will usher in support from different departments, which will
lend commercial insights and technical expertise to the risk plan.
Once the strategy and plan have been approved, stay the course and hold
periodic team reviews to ensure the strategy remains effective and sound.
When circumstances demand changes, be ready to recommend and
implement those changes to the plan with executive management.
The partnership can provide mutual benefits that will enhance the overall
performance of the two companies while managing the appropriate areas
of risk in an open way. Collaborating on information sharing can help
identify potential areas of vulnerability and lead to stronger emergency
plans. Your suppliers must understand the performance expectations they
have to meet. Continual, documented feedback is essential, and both
companies might benefit from formal performance review meetings. (For
more on the importance of communication, see the sidebar on "Don't
Overlook Communications.")
Author Information
James Kiser is vice president of operations and George Cantrell is a senior
consultant with ADR North America, a procurement consulting firm.