Professional Documents
Culture Documents
Risk MGMT Exe Summary
Risk MGMT Exe Summary
by
Randy L. Fike
Executive Summary
________________________________________________________________________
Supply chains are rapidly increasing in complexity. Companies no longer rely solely on
manual processes or enterprise resource planning systems; they are deploying
sophisticated advanced planning and scheduling applications to optimize their supply
chain networks. Difficulties with deploying these networks are immense and companies
may not be prepared to cope with the changing nature of risk arising from such a strategic
shift. Who is to possess the deeper understanding of supply chain design, planning and
operations necessary to manage risk in a more integrated, centralized and intricate
environment? The most appropriate organization may be the internal audit department.
Section 404 of the Sarbanes-Oxley Act could be a force against the internal audit
profession’s advancing into the area of supply chain operations. The law requires
publicly traded companies to establish, document and maintain internal controls and
procedures governing financial reporting. With the Act’s emphasis on financial controls
and extensive reporting requirements, internal audit could easily revert to being purely an
internal checking mechanism over accounting transactions. Internal auditors may narrow
their scope to financial controls and not focus on supply chain issues. Outside of some
recent high-profile breakdowns in corporate governance, however, are the large scale
day-to-day risks within a company seated in finance or in the way the supply chain is
executed?
Corporations have lost billions of dollars when faced with supply chain disruptions
including natural disasters, demand and production miscalculations, software
malfunctions and numerous other failures. Even companies extolled for supply chain
effectiveness can encounter difficulties if not fully prepared, and the very actions
intended to strengthen the supply chain can be perversely problematic.
¾ Coordination. The task of ensuring that touch points within the supply chain are
accounted for within the internal audit department’s risk mitigation strategy.
Coordination integrates supply chain planning, strategic sourcing, manufacturing
and deliver to mitigate the risk arising from hand-offs between different supply
chain processes.
¾ Metrics: The task of using indices to help determine where resources should be
directed in conducting on-site reviews of supply chain processes. This includes
establishing which metrics to monitor, identifying the data source for the metrics
and incorporating the use of metrics with supply chain vulnerability mapping for
determining risk levels.
¾ Training: The task of educating the internal audit department on supply chain
methodology and instructing teams on supply chain planning, strategic sourcing,
manufacturing or deliver. This task also includes teaching internal auditors how
to execute vulnerability mapping, monitor supply chain metrics, perform supply
chain audits and facilitate supply chain peer reviews.
¾ Audits: The task of implementing a strategy to mitigate supply chain risk
effectively and efficiently. This task includes risk-based reviews of processes,
enabling technology and strategic/master planning/operational documentation to
provide assurance that adequate operational controls are in place and working as
designed.
¾ Reviews: The task of facilitating supply chain peer evaluations within the
business units. This task includes quality assurance activities to ensure peer
reviews follow an approved methodology, maintain rigor, obtain management
agreement on action items to address deficiencies, and provide follow-up to
ensure agreements were implemented on time and in the prescribed manner.
¾ Failure Mode Event and Criticality Analysis: A tool developed by the National
Aeronautics and Space Administration to identify and assess critical failure modes
and to gauge subsequent impact on system performance. Identified failure modes
must be considered when modeling the supply chain in conjunction with System
Dynamics.
¾ Stress Testing: This tool war games business continuity plans to see if the plans
work as intended. These games simulate real-life supply chain disruptions to
ensure the plans are robust and can continue the end-to-end flow of goods and
services across the supply chain.