Analyze the main risks that can impact on supply chains

Risk definitionThe effect of uncertainty on objectives.Uncertainty is created by a) Variability and b) Ambiguity

Risk Management Process

Understanding and analyzing the nature of the risk,Calculating the possibility of occurrence,Calculating the impact or consequence,Developing options to offset or reduce

Definition of a HazardSource of potential harm or danger.'The possibility that a hazard will cause loss or damage'

VulnerabilityThings or factors that make an organization more prone to risk,The extent to which an organization is affected by potential vulnerabilities

Risk Exposure

Maximum loss or damage that can be suffered.Inherent Risk(before any action),Residual Risk(remaining after controls are in place),Objective: Acceptable residual risk exposure

Risk EventsShocks - Unanticipated events,Crises - Major events, anticipated or otherwise,Disasters - Major natural or human-induced events

Risk AppetiteThe amount of risk an organization is willing to bear.Risk Enthusiastic or,Risk Averse

Levels of Risk Corporate - Over arching, strategic.Delegated - Risk at different levels,

Project - Temporary in nature

Consequences of RiskUpside Risk Uncertainties with positive

outcomes

Downside Risk - Negative outcomes resulting in: Direct Losses and,Consequential losses

Benefits of effective risk management s shapes

Techniques for risk Identification

Published research results,Environmental Scanning,Horizon Scanning,Monitoring benchmark organizations,Market intelligence and MIS,Critical Incident investigation,Scenario Analysis,Process Audit,Periodic Checks,Examining project plans and supply chain maps,Conducting formal risk assessments,Consulting with stakeholders & experts,Employing 3rd party consultants,

Internal and External Sources of Risk

Internal environment - Within the organisation,Micro Environment - Operating environment,Macro Environment - Market and society

STEEPLE

Socio-Cultural,Technological,Economic,Environmental,Political,Legal,Ethical

Range of risks from global trading environment Country Risk,

Payment Risk,Currency and exchange rate risk,Transit and logistical risk,Legal and contractual risk,Compliance and reputational risk

The Competitive Environment - Porter's 5 Forces

Threats from new entrants,Buyer's bargaining power,Supplier's bargaining power,Threat from Substitutes,Competitive rivalry within the industry

Develop a risk assessment and risk register to mitigate risks in a supply chain

What is a risk register? A concise, structured document listing all the identified risks for a business, project or contract, together

with the result of the risk analysis, initial mitigation plans and current status of each risk

Purpose and benefits of using a risk register:

To capture analysis and decisions in a co-ordinated, centralized data store, To provide a template document, To develop risk visibility throughout the organization, To identify accountabilities for monitoring and managing risks, To provide a framework for monitoring, management and review, To provide a basis for allocating resources, To encourage communication about risk issues with key internal and external stakeholders, To provide project sponsors etc with a framework from which they can report.

A Risk register Template typically includes the following columns for entry of data:

A unique reference code identifying each risk,Description of the type and nature of the risk,The date on which the risk was first identified,The risk owner,Probability of the risk event occurring,Impact, cost or consequence if the risk event occurs,identified possible responses or mitigation actions,The risk mitigation action chosen and its effect,Regularly updated information on the current status of each risk

System of flagging with risk registers?Traffic light system

Key Stakeholders in risk management Board of directors at a strategic level,

Risk management function,Line management at a functional level,Risk owners,External and internal audit functions,Cross-functional risk management teams,The procurement and supply function,3rd Party risk auditing and assessment services

Analyze the use of probability and impact assessments to manage risks in supply chains

Risk assessment is? The appraisal of the probability and significance of identified potential risk events

Risk is often quantified using this basic formula? Risk = likelihood / probability times Impact / adverse consequence

Methodologies for assessing the probability and impact of risk are?

Risk probability/impact Matrix,Qualitative risk matrix,Risk scoring accompanied with Risk analysis matrix,Scoring likelihood and impact,Scenario analysis and planning

Quantifying Impact can by done by using a scale of impact definition which defines the following levels:

Catastrophic, loss above a certain amount,Serious, with the assigned bracket,Minor, with the assigned bracket, and,Insignificant, loss below a certain amount.

Vulnerability assessment process is designed to?Identify, Quantify and prioritise areas in which a system, organisation or supply chain is particularly open to risk or attack.

Vulnerability assessment is often performed on systems such as?

IT Systems,Energy and water supply systems,Transportation and logistics systems and,Communication systems

Vulnerability assessments would typically include 4 stages:

Listing or cataloguing the resources(assests and capabilities) in a given system,Assigning a quantifiable value, score or rank order of importance to those resources,Identifying the vulnerabilities or potential threats to each resource and,planning to mitigate or eliminate the most serious vulnerabilities for the most valuable resources.

Collating statistical evidence of risks:

A key technique for evaluating the probability of ocurance is to extrapolate from historical statistical data to predict the likelihood of future occurences.Statistical sampling will often be used as the total population would be impractical.

Sources of statistical data?

Published reports, statistical digests and online databases cataloguing and analyzing risk events, published risk monitoring reports and assessments from various categories of business risk, Statistical surveys of stakeholder groups, The organization's records and documents.

Probability TheoryThe use of probability theory as a quantitative tool aims to add a numerical scale of measurement to ideas such as "very unlikely" or "Quite Likely"Events can be mutually exclusive or Independent

Probability DistributionsBinomila distribution,Poisson distribution,Normal distribution

Explain the development of a risk management culture and strategy to improve supply chains

Risk management standardsISO 31000 - Risk management,ISO 28000 - Supply chain security management systems

ISO 31000 risk management principles, risk management...

Creates and protects value, Is an integral part of organizational processes, Is part of decision-making, Explicitly addresses uncertainty, Is systematic, structured and timely, Is based on the best available information, Is tailored, Takes human and cultural factors into account, Is transparent and inclusive, Is dynamic, iterative and responsive to change, Facilitates continual improvement and enhancement.

ISO 31000 Framework:

Mandate and commitment, Design of framework to manage risk, Implementing risk management, Monitoring and review, Continual improvement

ISO 31000 Risk Management process: Establishing context, Risk assessment, Risk treatment, Monitoring and review,

Communication and consultation

ISO 31000 - 5 Attributes for enhanced risk management

Continual improvement,Full accountability for risks,Application of risk management in all decision making,Continual communication,Full integration in the organization's governance structure

ISO 28000 provides a best practice framework for developing, documenting, implementing and maintaining a effective SMS including elements such as:

Security management policy; objectives / targets; and program, Security management structure, Security management competence, Security planning, Legal and regulatory requirements, Documents, data and information systems and controls, Operational control measures; emergency plans and procedures, Monitoring and measuring security performance, Auditing and evaluating the SMS

Th risk management process:Risk management cycle,Risk management and mitigation strategies,Monitoring, reporting and review

Risk management cycle:

Identify sources of risk, Assess probability and impact of potential risks, Formulate risk management strategies, Allocate accountabilities and resources for managing identified risks, implement risk management, Monitor, report, adjust

Mitigation strategies Tolerate,

Transfer, Terminate, Treat. Treating or mitigating is often explained in application of controls: Preventative controls, Directive controls, Detective controls, Corrective controls

Monitoring, reporting and review

Important, in order to: Ascertain whether the organization's risk profile or exposure is changing, Give assurance that the organization's risk management processes are effective, Indicate where contract risk management processes need improvement

External reporting of risks in corporate accounts

Pressure may be supported by, Regulatory requirements, The expectation of external stakeholders,

The organization's own governance, CSR and risk management policies, The reputational and other benefits of planned, voluntary disclosure

Resource categories for risk management strategies:

Informational resources, Human resources, infrastructure development, Technology resources, Physical resources, Financial resources

Develop a strategy to mitigate risks in supply chains

Risk Management strategy may be used in 2 different ways:

The formulation of a chosen 'approach' or 'plan' to deal with identified risks and,The formulation of a corporate, long-term, proactive strategic framework to manage risk in the organization and supply chain

Risk strategy process:

Determine Risk appetite, Strategic intent, Risk policy, Risk management strategy, organizational framework

Published risk Management strategy might include 6 generic sections:

Section 1: introduction and purpose,Section 2: Aim principles and implementation,Section 3: Risk identification, Section 4: Risk analysis and evaluation, Section 5: Risk Treatment, Section 6: Risk Review and reporting

Formulating a contingency plan:

Identify critical risks,Identify and evaluate solutions, Identify and document selected contingency response, Document what/who will trigger activation of plan, Establish and train response leadership teams, Communicate the plan so that everyone can repond at need.

Business Continuity Planning Process Project initiation and management, Business risk assessment,

Business impact analysis, Business continuity strategy, Business continuity action plans, Testing, Stakeholder involvement, Maintenance

Generic framework for BCP:

Business risk assessment and business impact planning, Plan development, Document, Test, Maintain

Basic elements of a DRP

Roles and responsibilities, Incident checklists for key staff, First stage, Follow-up Stages, Document review

Disaster recovery lifecycle

Commence disaster log, Emergency services, Record of damage, Assemble the recovery team, Look after, support and brief staff, Inform stakeholders, Public and media relations, Debrief and learning, Review of DRP

Analyze the main methods for eliminating corruption and fraud in supply chains

Nature of Fraud, what are the 2 main categories?

Removal of funds or assets from an organization,Intentional misrepresentation of the financial position of an organization.

Why does Fraud occur?(Main pre-conditions)

Motive,There must be something worth stealing,There must exist an opportunity,There must be a failure of internal control or fraud risk management.

Types of fraud?

Online fraud,Telephone fraud,Being used for fraud,Corporate identity theft,Minor fraud,Competitor fraud

Types of corruption?Conflict of interest,Bribery, gifts and hospitality,Money laundering

Legislation affecting bribery and corruption?

Bribery Act 2010: (it covers) Bribery,Being bribed,Bribery of foreign public officials,Failure of a commercial organisation to prevent bribery on its behalf.

Corporate Governance Framework Financial reporting,Internal control,Audit,

Compliance

Sarbanes Oxley Act Aimed at?Preventing conflicts of interest,Assuring the integrity of internal controls,Enhancing transparency

SOX requirements include:

Internal controls must assure that any information material to financial performance is made known to the CEO / CFO,The audit committee is also required to oversee controls and establish financial risk management and assessment policies

Analyze the main operational risks in supply chains

Contract Failure includes?Contract Failure Risk,Legal Risk,Negotiation Risk.

Contract Failure Risk includes Factors such as:

Capacity and capability of prospective suppliers,Percentage of supplier capacity utilized by the contract,Likelihood of unanticipated demand,Supplier lead times and flexibility,Supply risks affecting supply chain or suppliers,Accuracy and clarity of specs,Vulnerabilities in Supply chain quality assurance,Accuracy of scheduling and forecasting,Quality, reliability and transparency of data,Cost management,Project and contract management effectiveness

Legal risk Poor contract development and contracting process,

Unmanaged battle of the forms,Poor contract admin and change control,Lack of adequate protection of IP,Issues of liability,Cost and relational damage from disputes

Negotiation Risk

Risk of 'losing out',Unacceptable or unfeasible concessions,Reaching an impasse,Adversarial relations,Conflict or divergent tactics,Ethical and reputational risk,Compliance Risk

Financial Risk includes?

Currency and exchange rate risks,Credit Risks,Supplier financial instability - Springate model,investment Risk

Springate model

A - Ratio of working capital to assets,B - Ratio of net profit before interest and taxes to total assets,C - Ratio of net profit before taxes to current liabilities,D - Ratio of sales to total assets,

Z = 1.03A + 3.07B + 0.66C + 0.4D,

Low score indicates risk of insolvency

Definition of Quality Fitness for purpose,Conformance to spec or requirement,

Comparative excellence

Costs of QualityCosts of Appraisal and Prevention,Cost of Failure: Internal & External

Approaches to managing quality failure risk

Quality Control - Reactive,Quality Assurance - Proactive,Quality Management - includes both above,Total Quality Management - Business Philosophy

Service Quality Risk - SERVQUAL Model

Gap between buyer and supplier perceptions of quality,Gap between Concept and specification,Gap between specification and performance,Gap between communication and performance,Gap between buyer expectations and perceived service

Supply Risk may arise from?

Inadequate buyer-side processes for E, A and S,Inadequate buyer & Supplier side processes for Contract and performance management,Unanticipated levels of demand,Unanticipated shortages or price fluctuations,Unmanaged performance issues,Excessively lean supply chains,Inadequate provisions for physical security,Natural or human caused disasters,Market risks,Commodity risks,

Transportation risks,Lack of lesson learning and continuous improvement.

Logistics complexity issues?

Global supply chains are increasingly lengthy and complex,Lean thinking has reduced waste, but at the expense of safety stock to react to shocks,Effective delivery is increasingly dependant on ICT infrastructure.

Technological considerations?

Hardware and software theft,Cyber attack and data theft: Hacking, Viruses, Phishing.Technology failure: Teething, Performance, Compatibility problems, System breakdown.

Implementation of New technology checklist?

Objectives,Personnel,Relationships,Technology,Finance,Power

Information risks include risks to?

Intellectual capital,Integrity and security of data,System failure,Compliance,Integrity and value of data,Design and implementation of MIS,Turnover of key personnel,Loss of organizational knowledge.

Supply chain relationships risks?

Single sourcing arrangements,Outsourcing arrangements,Long-term partnership relations,Supplier tiering,

Supplier switching.

Reasons for outsourcing failure?

Failure to distinguish between core and non-core activities,Failure to identify and select a suitable supplier,Unrealistic expectations of outsource provider,Inadequate & Inappropriate t's & c's in contract,Lack of well- defined KPI's,Lack of management skills to control supplier performance & relationships,Gradual surrender of control of performance of contractor.

Key elements in mitigation of outsource risk?

Decision based on clear objectives and measurable benefits,Rigorous supplier selection,Rigorous supplier contracting,Clear and agreed service levels,Continuous and rigorous monitoring of service delivery and quality,On-going contract and supplier management,Contract review.

Offshoring risks?

Protection of IP,Additional transport and logistical risks,Political instability,Operational risk from difficulty to monitor and control,Operational, reputational and compliance risk arising from cultural, legal and linguistic differences.

Contractor relationshipAn integrated project team approach is commonly used, bringng together multiple, integrated supply chains into one supply chain.

Contract strategies?

Full turnkey, Partial turnkey, Client-coordinated approach, Management contracting.

Project partnering?Joint ventures and consortia, Private public partnerships, Private financial initiative.

Project pricing agreements?

Fixed price agreement / lump sum contract Fixed price but with provision for upward or downward revision

Compare project lifecycle models that can mitigate risks in supply chains-

Project Lifecycle Models, A Four stage Model

Define, Design, Do, Develop

A five stage model

Definition, Planning, Organising, Controlling, Closing

Prince2 Model Directing, Planning, Strating up, Initiating,

Controlling a stage, Managing product delivery, Managing stage boundaries, Closing a project

Using Project Lifecycle models, it allows PM's to:

Understand the distinct phases that all projects go through, Manage the expectations of stakeholders at each stage, Break down the project in a rational manner, Apply stage based planning and control tools such as gates, end-stage reviews, and end-stage approvals

Project Definition and specification

Clear statement that encompasses 3 aspects: Objectives, Scope, Strategy

Developing a project initiation document

It should include the following elements:Project vision, goals and objectives, Business case for the project, Critical success factors by which achievement will be judged, Details of project scope, Risk assessment, Roles and responsibilities within the project team, Project control mechanisms, Reporting lines and procedures, List of planning milestones, Project budget

Elements of a Project Management Plan

Overview, Objectives, General Approach,

Contractual aspects, Schedules, Resources, Personnel, Risk management plans, Evaluation methods

Need for integrated plans for:

Time (Scheduling), Cost, Quality management, Risk and contingencies, Resources, Communication

Organisation and implementationStructure (Functional, Matrix, Pure Project), Personnel Needs (Project Teams)

Project monitoringRecognises that the progress of the project must be continually measured and compared against milestones, targets and other indicators of quality, time and cost

Project Control Administrative interface that ensures that the project is progressing as intended.

Two key elements to control of a project:Milestones and, Mechanisms for feedback gathering, reporting and communication on milestone attainment.

Project closure comprises of:Project Completion and,Review

Evaluate the contribution that project planning can make to managing risks in supply chains

Project planning contributes in a number of ways:

It forces those involved to consider potential risks and vulnerabilities, It identifies the deliverables, likely duration and cost of the project, It determines resources required at each stage of the project, It allows time for the examination of costs quoted, challenging of business need and over-specification, It identifies the tasks to be undertaken, the sequence and timing within which they need to be undertaken and any dependencies between tasks, It underpins control processes, It provides for end-stage or gateway reviews, It specifically establishes expenditure budgets, It provides tools and outputs, It supports management by exception, It allows the needs, views and interests of project stakeholders to be taken into account

Identifying activities

Work Breakdown Structure by:Activity, Functional area, Product

Sequencing activities depends on:

Dependencies between activities, Interactions between activities, Resource requirements of activities, Durations or timings of activities

Estimating activity timings techniques

Bottom-up estimating, Top-down estimating, Comparative estimating, Parametric estimating, Three-point estimating

Estimating project costing (basic techniques):

Various statistical techniques, An activity schedule costing approach, Bills of quantity, From a client point of view by estimate of project contractor

Two main approaches to establishing project budgets:

Top-down budgeting, Bottom-up budgeting

Critical path analysis can be done using:

Network analysis

Gantt Charts Read through

BaselinesA set of assumptions and methods that are used as the base evaluation of risk. in project management, a baseline is the project's original plan: that is, the starting schedules and milestones.

Optimising resource allocation (2 main problems):

Over-allocated, Under-allocated.

Resource smoothing / leveling used to come to efficient use of resources.

Evaluate how the organisation, implementation, monitoring and control of projects mitigate risks in supply chains

Efficient organization of work packages involves grouping activities so that:

They form meaningful manageable chunks of the whole project for the designated individual or team, They optimize the use of available resources, They minimize the need for coordinating mechanisms within work packages, They can be regarded as a single area of accountability, as the responsibility of a single manager or team leader.

Determining the needs of personnel:Determining the needs of personnel and, Determining the needs for personnel

Health and safety issues (Why plan to minimize?)

To protect people from pain and suffering, To comply with relevant legal and policy standards, To minimize the costs of accidents and ill-health, The enhance their ability to attract and retain quality staff, To avoid negative PR and enhance their brand and reputation for corporate social responsibility

Legal framework on health and safety Health and Safety at Work Act 1974

Hazards in the project environment: Incorrect or irresponsible use of equipment, machinery and tools, Hazards of movement associated with confirmed or cluttered spaces, stairs, poorly maintained flooring or wet and slippery floors, Storage, handling and use of hazardous materials and chemicals, Operation of machinery, Inadequate lighting, heating, ventilation or hygiene, Poor ergonomic design of work spaces, equipment and furniture, putting strain on workers, Heavy lifting,

Risk of fire

Performance review mechanisms must:

Adopt simple performance measures that are easily understood by the project team, Ensure that managers measure only what is really important, Set appropriate control limits, tolerances or acceptable variances, report by exception only,

Range of control methodologies:

End stage assessments, Highlight reports, Checkpoints, Milestones and gates, Techniques such as project budget, gannt charts and network analysis, Complex project management software.

Progress tracking metrics:Percentage complete values, Estimated remaining durations, Actual start/finish times

Implementing remedial action 9reducing the overall duration of the project):

Reviewing and challenging individual task durations, Analyzing the logic of activity sequencing, Authorizing overtime, additional work shifts and so on, Increasing resources, Reducing quality without impacting on firness for purpose.

Range of tactics available to reduce overall project costs:

Reducing the scope or reducing resources assigned, Challenging initial resource estimates, Challenging project overheads, Negotiating competitive market rates for contracted staff, Planning and m0bilising resources over longer periods

Change control orders Read through

Obtaining client acceptance and installing deliverables:

Key final step is obtaining sign-off by the client, Sell the successes of the project.Documenting the project, Issuing the final report.

Final steps before a project can be regarded a complete:

Frequent reviews and project meetings to maintain urgency, Classifying outcomes into 3 categories(read), changing the project manager, Measuring the results, Communicating success, Embedding the results, Dissolving the team quickly, Celebrating successes

Post-completion audit focus:Assessing whether and how far the outcomes met the expectations of the sponsor and stakeholders, Assessing the effectiveness of the management process

Audit process involves the following steps:

Establishing the procedures, Checking the documentation to ensure procedures were followed, Report on any areas where it appears that shortcomings arose

Review and audit criteria

Financial, Time, Quality, Human resources, Environmental, Planning, Control

Analyse the use of contractual remedies for managing risks in supply chains

Types of Contract terms

Express,Implied,Warranty,Condition

Caveat Emptor Common law principle that means: Let the buyer beware

Remedies for Contract Failure

Damages,Specific performance,Injunction,Quantum Meruit

Meaning of Liability The legal and financial responsibility or obligation of an entity in a situation.

Types of LiabiiityStrict Liability and,Vicarious Liability

Indemnity Clause Assigns primary liability to the other party in the contract

Indemnity clauses might include:

Costs or Debts,Loss or damage to the buyer's propertyas a result of neligent or defective work,Business losses incurred by a suppler's poor advice, Injury to staff, cusomers or 3rd parties caused by negligence

Limitation of liability

Exclusion clause is applied to contract clauses which,Totally excludes one party from the liability which would otherwise arise from some berach of contract, or which,Restrict or limit its liability in some way, or which,Seek to offer some form of 'guarantee' in place of normal liability for breach of contract.

Testing, inspection and acceptance clauses may be used to stipulate:

The buyer is not legally bound to accept delivery of goods before inspection and/or testing of the goods to ascertain that they confirm to specification and are fit for purpose and,That the buyer is to be allowed a reasonable time to inspect and test incoming goods

Liquidated damages purpose?To put the injured party into the position it would have been in if the contract had been properly performed.

Analyse the use of outsourced 3rd parties in risk management in supply chains

Credit Rating ServicesServices offered to businesses wishing to access credit and financial information about other businesses as part of their due diligence prior to entering into contracts or business partnerships

Other Business services offered by 3rd parties:

Employment agencies,Information assurance consultants,Premises security services,Other security based services and consultancies,Brokerage and agency services,Legal services,Insurance services

Risk Auditing services may be brought in from or outsourced to?

External auditors,Risk consultants and security advisors,Research companies,Mystery shoppers

One of the key benefits of using external auditors?

Independence

Benefits of appointing an external risk consultant?

They bring a 'fresh eye' to the organization,They offer independent judgment,They bring specialist expertise and wide experience of the risk category and issues,

They may offer specialist resources and competencies for managing risks

3rd Party resources for disaster recovery include the following:

Commercial services providing for off-site back-up storage of data and documents,Specialist services for the recovery of ICT systems and data centers,A range of commercial services to whom business critical operations can be outsourced or contracted on short term basis,Sources of alternative premises, facilities or work accommodation,Public emergency services,Grants and financial assistance

Evaluate the use of insurances for protection against risks in supply chains

Range of insurance cover for:

Theft and Fraud,Damage to property,Fire and flood,Marine, aviation and motor transit,Public liability,Product liabilty,Employer's liabiiity

Benefits of insurance:

Reduces financial impact of risk event,Aids recovery,May satisfy customers, suppliers and other key stakeholders,May be required by the contract of purchase or sale,May be required by law

Key Legal principes of insurance:

Contract,Indemnity,Insurable interest,Proximate Clause,Mtitgation,Subrogation,Utmost good faith

Underwriting process A procss by which one party agrees to accept some of the risk of another party, in exchange for a

premium

Underwriting involves the following procedures:

Evaluating the risk exposure of the potential client,Deciding whether to accept the risk and how much coverage the client will receive,Determining a premium,Protecting the insurance company's portfolio of risk,

Types of insurance

Casualty insurance,Property or indemnity insurance,Liability insurance including: Public liability, Employer's liability' Professional indemnity and product liability,Credit insurance and,Business interruption insurance

Analyse the use of contingency plans to overcome risks in supply Chains

Contingency planning defined?Planning to mitigate the impacts of risk events, variances and failures by making secondary plans in-case something goes wrong or the original plan fails.

Role of Contingency planning? It is important because...

Many risks cannot be completely eliminated,Risks may be low priority but high impact,Risk mitigation is more effective when proactive than reactive.

In crises level contingencies, immediate emergency response plans will be linked to?

More comprehensive plans, such as:

To maintain business continuity and,To begin disaster recovery.