Supply Chain Risk ManagementAyantan Sikdar, CSCP

February, 2017

Contents

Common Supply Chain Risks

Supply Chain Risk Management

Risk Responses & Plans

Best Practices in Supply Chain Risk Management

Maturity Levels

Risk Management Framework

What does Risk Mean?

Uncertainty &

Discontinuity

Endangers

accomplishment

of business

objectives

Possibility of

loss,

misfortune or

injury

Hazard/

Source of

Danger

Seen/

Unforeseen

Adverse Event

Fluctuations

Non-

Compliance/

Violation or

Breach

Instability &

Complexity

Vulnerabilities &

Security Threats

Common Supply Chain Risks

Poor Quality

Unreliable Suppliers &

Supply Shortages

Equipment Breakdowns &

Plant Shutdowns

Poor Forecasting & Demand Volatility

Service Failures Natural Disasters

Labor DisputesFrequent Schedule Changes

Delivery & Transportation

Delays

Currency Fluctuations,

Customs, Taxation

Legal/ Regulatory/ Compliance

IT & Cyber Security

The risks are indicative only

and not an exhaustive list.

These can be categorized as

Internal and External to

Supply Chain

Common Supply Chain Risk Drivers

Demand Environmental Supply

People ProcessMitigation

Approach

Inte

rna

lE

xte

rna

l

Vulnerability/

Exposure

Geo-political

Governance/

Control

Supply Chain Risks – End to End Networks

Supply Chain Risk Categorization Risk Category is a cluster of risk causes with a label such as external, environmental,

technical or organizational

Strategic (e.g. single sourcing, market dynamics, product line development, information sharing etc.)

Tactical

Operational (e.g. equipment malfunctions, system failures, labor strikes etc.)

Financial (e.g. Loans/ Credits, Accounts Receivables etc.)

Technological (e.g. IT failure, Cyber Disruptions etc.)

Environmental (e.g. Natural Disasters, Sustainability etc.)

Supply Chain Risk Management

Identify RiskCategorize

Risk

Analyze Exposure to

Risk

Determine How to Best

Handle Those Exposures

Supply Chain Risk - The variety of possible events and their outcomes that could have

a negative effect on the flow of goods, services, funds, or information resulting in some

level of quantitative or qualitative loss for the supply chain

Supply Chain Risk = f (Cost, Schedule, Performance, Level of Service, Threat,

Vulnerabilities, Consequences …)

Supply Chain Risk Management - The systematic identification, assessment and

quantification of potential supply chain disruptions with the objective to control exposure

to risk or reduce its negative impact on supply chain performance

1 2 3 4

Risk Levels

Magnitude of Loss

Pro

ba

bil

ity o

f O

cc

urr

en

ce

Risk Level = Probability of Occurrence X Magnitude of Loss

The combination of Probability of Occurrence and Magnitude of Loss creates a 2X2 matrix

Minor Moderate Major Critical

Unlikely

Possible

Likely

Highly

Likely

Supply Chain Risk Management using SCOR

Risk Management in different Business Processes of Supply Chain has been analyzed

using process-oriented SCOR (Supply Chain Operations Reference) Model. It is a cross-

industry standard diagnostic tool for Supply Chain Management.

Plan Source Make Deliver Return

Business Processes

Metrics

Best Practices

Technology Features

1 2 3 4 5

Supply Chain Risk Management

Plan

Demand Forecasting

Supply Planning

SourceProcurement

Make

Deliver ReturnInventory Management Warranty Management

• Long Lead Time

• Serious Forecasting

Errors

• Demand Uncertainty,

Variability, Seasonality

• Product Variety

• Short Life Cycles

• Bullwhip Effect

• Cost of Capacity &

Subcontracting

• Operator absence/

accidents

• Equipment Breakdown

• Labor Disputes/ Strikes

The Risk Drivers are indicative

only and not an exhaustive list

• Exchange Rate Fluctuations

• Single/ Few Source(s) Purchasing

• Transit Time Variability

• Contractual Agreements

• Suppliers relationships

• Supplier solvency

Production• Lean and Just-in-Time

Manufacturing

• New Product

Development

• Quality Function

• Insufficient

Maintenance

• Outsourcing

• Product Obsolescence

• Inventory Cost

• Demand & Supply Uncertainty

• Service Level

• Poor customer service

• Fraudulent claims

• Warranty policy changes

Field Service

• Response time after

service call• Scheduling of Field Workers

Logistics & Transportation• Natural Disaster, Cargo Security

• Delayed and Damaged Shipments

• Changes in Customs & Regulations

• Hazardous Materials

IT Risks in Supply Chain Management

Information

Infrastructure

Breakdown

IT/ Data & Cyber

Security

Technology

Obsolescence

Information

Delays

Lack of

Information

Transparency

Lack of

Compatibility in

IT Platforms

Not Embracing

Digital

Technologies

Supply Chain Security

Physical Security

- Facilities must be

protected against

unauthorized

access

Personnel

Security

- Screen

employees &

workers with local

regulations

Ocean Container

and Truck Trailer

Security

- Protect against

unauthorized

materials/ persons

into shipments

IT Security

- Ensure all

systems are

protected from

unauthorized

access

Procedural

Security

- Maintain,

document,

implement and

communicate

procedures across

functions

Supply Chain Risk Management – Mitigation Strategies

The Mitigation Strategies

are indicative only and not an

exhaustive list.

Increase Responsiveness,

Flexibility and Capability

Aggregate/ Pool Demand

Information Sharing with SC Partners

Add Inventory of Key Materials/

Components/ Products

Insurance, Security Precautions, Legal

Advice/ ComplianceAdd Capacity

Vertical IntegrationCareful Supplier

Selection and Monitoring

Postponement/ Delayed

Differentiation and Process Sequencing

Sourcing from Multiple Suppliers

Better Customer Management

Vendor Managed Inventory (VMI) &

CPFR (Collaborative Planning, Forecasting and Replenishment)

Predictive Modelling Purchase InsuranceLean Principles & Six

Sigma Techniques

Basic Risk ResponsesFor any identified risk, an organization can take four basic

responses as below :

• Changing a plan to eliminate a risk or protect plan objectives from its impact

Avoid

• Take no action to deal with a risk or an inability to format a plan to deal with the risk

Accept

• Move the resource or financial effects of a risk to a third-party organization like insurance company or supplier

Transfer

• Preventive measures to reduce the probability and/ or severity of identified risks

Mitigate

3. Deploythe response

4. Determine effectiveness

1. Detect the actual risk condition

2. Developa response

Risk Response Plans

Preventive Action – Any risk

response that occurs before a

harmful risk event happens

Contingent Action – Any risk

response that occurs during or after a

harmful risk event

Risk Response Plan is a document defining known risks including description, cause,

likelihood, current status, costs and proposed responses

Risk ID Name Description Probability Magnitude Priority

Risk ID Route

Cause of

Risk

Preventive

Action Plan

Contingency

Plan

Responsible

/ Status Red Flags

Sample Risk Response Plan

Business Benefits of SCRM If companies manage risks in their Supply Chain through a structured process,

they can achieve following business benefits (indicative only, not exhaustive)

Increased transparency

Reduced overhead

costs

Increased service

levels

Improved operational

efficiency

Reduced lost sales

Better supplier

performance and

management

Improved timely

delivery

Increased agility, visibility

& responsiveness

More proactive risk

detection

Reduced production

loss

Early detection of

quality issues

Better asset utilization

Improved risk visibility

Best Practices in SCRM

Make Supply Chain as an integral part of Enterprise Risk Management (ERM)

Regular manufacturing site checks are necessary

Take care of cyber threats along with physical risks in supply chain

Mitigation strategies for sourcing risks

Jointly create contingency and crisis communication plans

Establish business rules based on minimizing supply chain risks

Share Supply Chain information among partners and coordinate risk management to minimize disruption impact

Maturity Levels for Supply Chain Risk Management

- No risk management structure

- Poor visibility

- Limited analysis of SCM threats

- No/ limited response mechanisms

- Risk Management processes are internally integrated

- Basic analysis of SCM threats

- Minimal visibility of changes outside company

- Formal risk management methodologies

- Collaboration among SCM partners

- Information visibility and risk sharing

- Full fledged response mechanisms in place

Level 1

Level 2

Level 3

Supply Chain Risk Management Framework

2. Option Evaluation

3. Mitigation Implementation

4. Continuous Assessment

1. Risk Identification

References1. APICS CSCP BOK

2. APICS Dictionary 14th Edition

3. “Supply Chain Management : Strategy, Planning & Operation” by Sunil Chopra, Peter

Meindl

4. APICS Supply Chain Council

5. BCG Analysis

6. PwC Analysis

7. http://www.gep.com/knowledge-bank

8. International Journal of Production Research

9. ChainLink Research

10. The Global Supply Chain Institute, University of Tennessee

11. Supply Chain Risk Leadership Council (SCRLC)

Thank You