Upload
phungkhue
View
212
Download
0
Embed Size (px)
Citation preview
Supply Chain Security Management for
Business Continuity Management.
Case study: Steel Industry
Profesor Virgil Popa Ph.D. Valahia University of Targoviste
5th IEEE International Conference on Advanced Logistics and Transport
1-3 June 2016, Krakow, Poland
Symposium on Logistics & Supply Chain Management
© IEEE INCALT Conference 2016 Virgil Popa 1
AGENDA
1. Introduction
2. Supply Chain Security Management
3. Business Continuity Management
4. Case study. Steel Industry
5. Conclusions and Proposals
© IEEE INCALT Conference 2016 Virgil Popa 2
It appears that everywhere in the world where we meet leaders of the business and political world, practically everybody feels that this age is different…
…A NEW TYPE OF NORMALITY: CHAOTICS
Source: Chaotics – Management si Marketing in Era Turbulentelor, P.Kotler, J.A. Caslione, 2009
© IEEE INCALT Conference 2016 Virgil Popa 3
Blue ocean strategy challenges companies to break out of the red ocean of bloody competition by creating uncontested market space that makes the competition irrelevant. Instead of dividing up existing
– and often shrinking – demand and benchmarking competitors, blue ocean strategy is about growing demand and breaking away from the competition.
W. Chan Kim, Renée Mauborgne - Ocean Strategy – How to Create Uncontested Market Space and
Make Competition Irrelevant,
© IEEE INCALT Conference 2016 Virgil Popa 4
1987 1996 1999 2002 2005
ISO
9001
OHSAS
18001
ISO
27000
ISO
22000
ISO
14001
© IEEE INCALT Conference 2016 Virgil Popa
Evolution of organization
risk standardization
6
2007 2008 2012 2012
ISO
28000
ISO
31000
ISO
22301
ISO
22313
Evolution of organization
risk standardization
© IEEE INCALT Conference 2016 Virgil Popa 7
The issue of risk management standards concerned national organizations, associations and companies from various industries and ISO.
If initial ISO 9000 specifications have not occurred standards of risks ISO 14000 environmental risks resolved then and human risks in the workplace ISO 18000.
© IEEE INCALT Conference 2016 Virgil Popa 8
© IEEE INCALT Conference 2016
Virgil Popa
HACCP ISO 22000 standard developed for food safety and traceability ISO 27000 information security problem solved Finally ISO 31000 raised the issue of standardization in terms of risk management in the organization ISO 28000 for SC questioned the safety realization. Although he defines what the organization must do, member of the chain moves from solving internal processes and processes up-stream and down stream.
9
ISO 22301 and ISO 22313 put business continuity issue by creating a resilient organization.
We think like ISO 28000 are focused on risk management and does not solve security through planning and sharing responsibility for the entire product traceability / main raw material as it does ISO 22000
© IEEE INCALT Conference 2016 Virgil Popa 10
Along with updating the 9000 edition of ISO 2015 puts a hard problem to
solve Risk
© IEEE INCALT Conference 2016 Virgil Popa 11
6.1 Actions to address risks and opportunities
6.1.1 When planning for the quality management system, the organization shall consider the issues
referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that
need to be addressed to:
a) give assurance that the quality management system can achieve its intended result(s);
b) prevent, or reduce, undesired effects;
c) achieve continual improvement. © IEEE INCALT Conference 2016 Virgil Popa 12
6.1.2 The organization shall plan:
a) actions to address these risks and opportunities;
b) how to:
1) integrate and implement the actions into its quality management system processes (see 4.4);
2) evaluate the effectiveness of these actions.
Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.
© IEEE INCALT Conference 2016 Virgil Popa 13
Supply chain risk : the negative
deviation from the expected value
of a certain performance measure,
resulting in negative consequences
for the focal firm.
© IEEE INCALT Conference 2016 Virgil Popa 14
Supply chain disruption : a supply chain disruption is an unintended, untoward situation, which leads to supply chain risk. For the affected firms, it is an exceptional and anomalous situation in comparison to every-day business .
© IEEE INCALT Conference 2016 Virgil Popa 15
Supply chain vulnerability
• Bjørn Egil Asbjørnslett and Marvin Rausand in 1997 [1] define the vulnerability concept as it is applied to the production systems:
“A strong and resilient system is able to support without perturbation or absorb a catastrophic failure and persist”.
• Martin Cristopher, in [3], gives the following definition of supply chain vulnerability:
"an exposition to serious perturbations, deriving by risks inside the supply chain, as well as to risk outside the supply chain".
© IEEE INCALT Conference 2016 Virgil Popa 17
• Reducing the impact of disruptions to the supply chain by Rob Handfield
Supply chain management (SCM) is the
integration and management of supply
chain organizations and activities through
cooperative relationships, effective
business processes, and high levels of
information sharing to create high-
performing value systems that provide
member organizations a sustainable
competitive advantage.
© IEEE INCALT Conference 2016 Virgil Popa
18
Supply Chain Security Management
Security of the supply chain has always been a concern of transport, logistics and manufacturing companies. Concerns about theft, damage and shipment integrity intensify as the value per pound of cargo increases. Add the threat of organized crime, piracy and terrorism, and security of the supply chain becomes critical to business survival.
Security, its demands and constraints, constitute obstacles (logical and physical barriers) in the flow of supply and distribution.
© IEEE INCALT Conference 2016 Virgil Popa 20
By SCSM, we mean enhancing and embedding the traditional security management aspects into holistic management of integrated supply chains, especially within a global context.
Since 2001 governments, Customs administrations, international organizations, researchers, and businesses have carried out diverse actions, and delivered different types of reports, and articles on the topic.
The first pure SCSM paper was published at MIT (Sheffi, 2001), a few months after the infamous terrorist attacks in September 2001.
© IEEE INCALT Conference 2016 Virgil Popa 21
Other ways of developing involvement
SCSM is that of Lee & Wolfe 2003), Supply chain Management and Supply chain risk and vulnerability (i.e. Christopher & Peck, 2004).
© IEEE INCALT Conference 2016 Virgil Popa 22
Supply chain security (SCS) Good Practices
As stated by Menzer et al (2008), “Supply
Chain encompasses the planning and management of all activities involved in sourcing and procurement, conversion, demand creation and fulfillment, and all logistics activities”.
.
© IEEE INCALT Conference 2016 Virgil Popa 23
The White House
Washington
January 23, 2012
“Through the National Strategy for Global
Supply Chain Security, we seek to strengthen
global supply chains in order to protect the
welfare and interest of the American people and
secure our Nation*s economic prosperity.”
Barak Obama
© IEEE INCALT Conference 2016 Virgil Popa 24
National Strategy for Global Supply Chain
Security (the Strategy)
Through the National Strategy for Global Supply
Chain Security (the Strategy), we articulate the United
States Government’s policy to strengthen the global
supply chain in order to protect the welfare and
interests of the American people and secure our
Nation’s economic prosperity. Our focus in this
Strategy is the worldwide network of transportation,
postal, and shipping pathways, assets, and
infrastructures by which goods are moved from the
point of manufacture until they reach an end
consumer, as well as supporting communications
infrastructure and systems. © IEEE INCALT Conference 2016 Virgil Popa 25
BUILDING RESILIENCE IN SUPPLY CHAINS – 2013
REPORT
The World Economic Forum’s Supply
Chain Risk Initiative first started exploring
systemic risks and vulnerabilities to global
supply chains and transport networks in
2011. The initiative’s phase I report, New
Models for Addressing Supply Chain and
Transport Risk, launched at the World
Economic Forum Annual Meeting 2012 in
Davos-Klosters, examines the systemic
supply chain risk landscape and the
possibility of these risks causing serious
disruptions to global supply chains.
© IEEE INCALT Conference 2016 Virgil Popa 26
Joint statement on supply-chain security –
EU
The European Union and the United
States face similar challenges and share a
common approach to the security of the
supply-chain.
We have witnessed several incidents,
such as the October 2010 foiled sabotage of
a U.S.-bound plane, where international cargo
was used to attempt terrorist attacks. Our
vigilance must be constant.
© IEEE INCALT Conference 2016 Virgil Popa 27
ISO 28001
28001:2007 – Best practices for implementing supply chain security, assessments and plans – Requirements and guidelines. ISO 28001 is intended to assist organizations in establish reasonable levels of security and make better risk-based decisions for protection of the supply chain.
© IEEE INCALT Conference 2016 Virgil Popa 28
SECURITY MANAGEMENT SYSTEM ELEMENTS
There are five key elements that are critical to the development of a Security Management System (SMS):
- Security Management Policy
- Security Planning
- Implementation & Operation
- Checking & Corrective Action
- Management Review & Continual Improvement
© IEEE INCALT Conference 2016 Virgil Popa 29
BCM is a management process with the goal of detecting serious risks that endanger the survival of an organization early and to implement safeguards against these risks. To ensure the operability, and therefore the survival, of a company or government agency, suitable preventive measures must be taken to increase the robustness and reliability of the business processes as well as to enable a quick and targeted reaction in case of an emergency or a crisis.
Business Continuity Management (BCM)
© IEEE INCALT Conference 2016 Virgil Popa 31
4. Case study. Steel Industry
The owner: SAMSUNG DEUTSCHLAND GmbH - a branch of SAMSUNG CORPORATION
© IEEE INCALT Conference 2016 Virgil Popa 32
Steel Supply Chain
Integrated Facility
Primary & Finishing
Raw Materials
Suppliers
Cold Rolling / Finishing Facility
Fabrication Facility 1
Automotive
Customers
Consumer
packaging
Industrial
Customers
DC
DC
Source Make
Deliver
Plan
33
© IEEE INCALT Conference 2016 Virgil Popa 33
The XYZ Steel Company
Integrated Facility 2
Primary & Finishing
Cold Rolling / Finishing
Facility 1
North America DC
North Europe DC
South Europe DC
Automotive
Customers
Cold Rolling / Finishing
Facility 2
Integrated Facility 1
Primary & Finishing
Slab Supplier
MRO Supplier
Fabrication Facility 1
Fabrication Facility 2
Packaging
Customers
Industrial
Customers
MRO Supplier
Raw Materials
Suppliers
Raw Materials
Suppliers
Product Flow
Returns Flow
© IEEE INCALT Conference 2016 Virgil Popa 34
The company has implemented several best
management practices including: 5S, Six Sigma,
Kaizen. It is currently implementing Lean
Manufacturing and prepares strategic base for
operations excellence EFQM award. The company
has developed a risk management system which is still
based on ISO 31000, but it is a good start in terms of
internal good practices, taking into consideration all the
risk sources for ISO 28001.
The company was argued before the classic
approach - identifying organizational risk, based on ISO
31000 and quality management instrumental in FMECA,
and especially for domestic incidents. The literature and
practice management deepens and environmental risks
suppliers (up-stream) and customers (down-stream) and
business environment.
© IEEE INCALT Conference 2016
Virgil Popa
35
In our paper-based on the organization studies determines us to go towards what ISO 28000/28001 is based - event risk in organization and processes upstream and downstream with the processes in the value chain of the organization's component supply chain management (Source - Make - Delivery). Incident management through a plan of urgent and truer reactive plan is proposed below for example an action plan and reaction plan.
© IEEE INCALT Conference 2016
Virgil Popa
36
No Identified emergency
situations
Preventive actions Responsible Preventive
actions
Emergency actions Responsible Emergency actions
1 Extreme weather
phenomena: a.
Thunderstorms, heavy
rain, tornadoes
b. Floods caused by
extreme weather
production (Events may
cause damage to building
roofs, rainwater pipes,
clogged sewers, flooding
of technological lines,
basements of buildings or
hydraulic cellars, electrical
rooms, etc.)
- Personnel training in order to
know the color codes for weather
alerts and warnings and to take
preventive measures ;
- Preventive inspection of the
condition of rainwater pipes and
collection pipes;
-Check the condition of sewers and
clean them
-Establish the areas / locations
where the water infiltration may
occur due to various cases,
determine the drainage ways and set
the "action plans in case of
emergency";
SU responsible/ Chiefs of
workplaces
Chief of Administrative
Team/ Chiefs of workplaces
Chief of Energy team and
utilities
Chiefs of plants / Chiefs of
work places
Chiefs of work places
-Announce the chief of plant and the
duty officer;
-Announce the management of the
company;
- Personnel from the affected line in
collaboration with the maintenance
staff (under the command of the
chief of the workplace) initiate
measures to limit the consequences
and to remove the event, according
to the "Action plans in case of
emergency’ ;
-By case it is also requested the help
of firemen team.
Chiefs of the workplaces (foremen /
team chiefs)
Duty officer / Chief of plant Chief
of workplace
Chief of plant/ Chief of workplace
2 Extreme weather
phenomena:
a. Thunderstorms, heavy
rain, tornadoes
b. Floods caused by
extreme weather
production (Events may
cause damage to building
roofs, rainwater pipes,
clogged sewers, flooding
of technological lines,
basements of buildings or
hydraulic cellars, electrical
rooms, etc.)
- Personnel training in order to
know the color codes for weather
alerts and warnings and to take
preventive measures ;
- Preventive inspection of the
condition of rainwater pipes and
collection pipes;
- Check the
condition of sewers and clean them
- Establish the
areas / locations where the water
infiltration may occur due to
various cases, determine the
drainage ways and set the "action
plans in case of emergency";
SU responsible/ Chiefs of
workplaces
Chief of Administrative
Team/ Chiefs of workplaces
Chief of Energy team and
utilities
Chiefs of plants / Chiefs of
work places
Chiefs of work places
-Announce the chief of plant and the
duty officer;
-Announce the management of the
company;
- Personnel from the affected line in
collaboration with the maintenance
staff (under the command of the
chief of the workplace) initiate
measures to limit the consequences
and to remove the event, according
to the "Action plans in case of
emergency’ ;
-By case it is also requested the help
of firemen team.
Chiefs of the workplaces (foremen /
team chiefs)
Duty officer / Chief of plant Chief
of workplace
Chief of plant/ Chief of workplace
Emergency Plan (Examples) Failure Mode, Effects and Criticality Analysis
© IEEE INCALT Conference 2016 Virgil Popa 37
3 Exceptional
situations:
a. War
b. Embargo
c. Revolution
(Probability of such
events is very low.)
- Maintenance
of the alarm sirens, of the
ALD shelter in functioning
state
- Ensuring
safety lighting (in plants
and buildings);
- Maintenance
of telephone lines;
- Set working
instructions in case of war;
- Train the
personnel regarding the
usage of warning signals ;
-Establishing the
evacuation assembly points
and conducting evacuation
exercises with the
employees.
Chief of maintenance
Chief of Maintenance
Chief of
Administrative
General Director
ES Responsible/
Chiefs of workplaces
- Turn on the
electric sirens (after
receiving the notification
and turn on agreement from
local authorities );
-Taking the decision to
evacuate the personnel on
site;
- Telephone
announcement about the
evacuation of the
employees at the site
(following the decision of
the General Director).
Duty officer / Chief of
Administrative
General Director
HR
Director/Chief s of
workplaces
© IEEE INCALT Conference 2016 Virgil Popa 38
Potential situations that may result to
nonconformities
Emergency actions taken Responsible
1. Raw material defects:
Failure to comply with the quality
requirements of raw materials
identified in various stages of
processing in the production flow with
repercussions concerning fulfilling in
time the orders.
1. Failure to satisfy capability conditions,
variations in product characteristics
1. Analyzed distribution characteristics
does not meet customer requirements /
standard values
- it is blocked the nonconformity coil that presents defects from raw
material; - in case of blocking of at least 3 raw material coils in over 24 hours
that comes from the same supplier and shows the same type of defect is prepared and sent an RNAC to the supplier;
- in the next 24 hours the stocks of raw materials from the supplier
involved is analyzed by QC & CS and Processes Programming
&Control teams and in consequential the coils that may have the
same problem are blocked and isolated;
- are requested information from supplier about quality of raw
material in stock;
- if the answer of the supplier imposes this, is requested the
emergency replacement of raw materials affected.
- products that do not meet customer requirements, or are not within
the OTELINOX standard value are blocked;
- the nonconforming product are 100% inspected and it is decided the
way it can be handled according to the “Nonconformities control”
procedure, code …;
- there are established corrective actions for all non-compliant
products in order to eliminate the causes that generated
nonconformities;
- all records of non-compliant products are kept within QC & CS
team;
- for all non-compliant products management staff of the department
from where are generated is informed.
QC inspector QC engineer
responsible for complaints of
raw material
QC engineer & Processes
Programming &Control QC
engineer responsible for
complaints of raw material
Operator QC inspector
Plant chief QC engineer
Reaction Plan (Examples)
© IEEE INCALT Conference 2016 Virgil Popa 39
Following the approach of the Balanced Scorecard strategic management sistem can be seen that there is some performing explained by KPI of this approach started by identifying internal risks (mostly) and external ones. By preparing a response plan can also determine business continuity management.
© IEEE INCALT Conference 2016 Virgil Popa 40
• Making a resilient chain / safe driving can generate a system of goals and Key Performance Indicators to be monitored and managers in dashboard. The organization had enough major incidents which resulted in a managerial proactive
© IEEE INCALT Conference 2016 Virgil Popa 42
Name of
process
No. Performance
Indicator
Indicator value
2013 year
Indicator value
2014 year
Indicator
value 2015
year
Target 2016
Client support 1 Orders for analysis: up
to 4 days for at least
98% of total
commands
99.20% 99.40% 99.60% Minimum
99.95%
2 For analysis
applications offer: up
to 13 working hours
for minimum 95% of
applications offer
91.72% 93.30% 93.70% Minimum
95%
3 The first response to
receiving a complaint:
working for up to 6
hours
99,5% of complaints
96.18%
99.24%
99.50%
Minimum
99,5%
4 The final response to
receipt of all
necessary details
investigate by a
maximum of 36 hours
for 99,5% of
complaints
96.40%
99.31%
99.50%
Minimum
99,5%
Delivery 1 Delivery date fixed x 99.03% 98.71% 98%
Raw material
supply
…………………
…………...
…………………
1 Ensuring raw material
for the second rolling
mill of the first and the
third rolling mill.
94% 132% 115.60% 100%
Comparative analysis of Key Performance Indicators for 2013-2015
from Balanced Scorecard of Steel Company
© IEEE INCALT Conference 2016
Virgil Popa
43
No Emergencies identified Preventive actions Responsible actions
prevention
1 Situations assimilated Force
Majeure
a. Strike
b. Situations conflict violent
(The probability of such
events is very low).
Signing contracts
(Orders
supply) with minimal
two main suppliers
simultaneously for the same
type
material and at least one
secondary provider.
CEO
Commercial Director
Director of Resources
2 Destructive phenomena
geological origin
a. Earthquakes
b. Mudslides land
(The probability of such
events is low
several areas simultaneously)
Signing contracts
(Orders
supply) with minimal
two main suppliers
simultaneously for the same
type
material and at least one
secondary provider.
Commercial Director
Head Outlets
1. Procurement strategies
© IEEE INCALT Conference 2016 Virgil Popa 46
3 Extreme weather
a. downpours,
tornadoes,
thunderstorms
b. Floods
(Probability producer
of
phenomena is low
multiple geographies
simultaneous)
Signing contracts
(Orders
supply) with minimal
two main suppliers
simultaneously for the
same type
material and at least
one
secondary provider.
Commercial Director
Head Outlets
4 Emergencies
a. Special War
b. Embargo
c. Revolution
(probability of such
events is low)
Signing contracts
(Orders
supply) with minimal
two main suppliers
simultaneously for the
same type
material and at least
one
secondary provider.
Commercial Director
Head Outlets
© IEEE INCALT Conference 2016 Virgil Popa
47
5 Amendment Act
Government
Signing contracts
(Orders
supply) with minimal
two main suppliers
simultaneously for the
same type
material and at least
one
secondary provider.
Commercial Director
Head Outlets
6 a. strike
b. Situations
conflict
violent
c. Measures taken
government or
other authorities
(The probability of such
events is low)
Signing contracts
(Orders
supply) with minimal
two main suppliers
simultaneously for the
same type
material and at least
one
secondary provider.
Commercial Director
Head Outlets
Auto Manager
© IEEE INCALT Conference 2016 Virgil Popa 48
No Emergencies identified Preventive actions Responsible actions
prevention
1 Situations assimilated
Major Force
a. Strike
b. Situations conflict
violent
(The probability of such
events is very low).
Not provided actions
special.
CEO
Commercial Director
Director of Resources
2 Destructive phenomena
geological origin
a. Earthquakes
b. Mudslides
land
(The probability of such
events is low
several areas
simultaneously)
Ensure fulfillment orders
in stocks of safety.
Commercial Director
Head Outlets
2. STRATEGY OF SELLING
© IEEE INCALT Conference 2016 Virgil Popa
49
3 Extreme weather
a. downpours,
tornadoes,
thunderstorms
b. Floods
(Probability producer of
phenomena is low
multiple geographies
simultaneous).
Ensure fulfillment
orders by public
transportation
alternatives
the contracts with
transport companies.
Commercial Director
Head Outlets
4 Emergencies
a. Special War
b. Embargo
c. Revolution
(probability of such
events is low).
Not provided actions
special.
Commercial Director
Head Outlets
© IEEE INCALT Conference 2016 Virgil Popa 50
5 Amendment Act
Government
Not provided
actions
special.
Commercial Director
Head Outlets
6 a. strike
b. Situations
conflict
violent
c. Measures taken
government or
other authorities
(The probability of
such
events is low)
Ensure delivery
means of
conveyance
alternatives which
are not
affected by
situations
treated as Major
Force.
Commercial Director
Head Outlets
Auto Manager
Ensure safety stock for finished product.
© IEEE INCALT Conference 2016 Virgil Popa 51
To develop discussions with main suppliers and customers (Integrated in the Supply Chain) to achieve a system of security management throughout the chain of organizations that are coordinated from Germany's Korean subsidiary Samsung
© IEEE INCALT Conference 2016
Virgil Popa
54
16 Virgil Popa
Supplier
Plan
Client Client
Supplier
Make Deliver SoSour
sw urce
Make Make Deliver Make Source Deliver Source Deliver
Intern orExtern Intern orExtern
Company
Source
SCOR Model
Return Return Return Return Return Return Return Return
Processes
Best Practice
Measurement
Technology
© IEEE INCALT Conference 2016 Virgil Popa 55
1. Supply chain collaboration
A high level of collaborative working across
supply chains can help significantly to mitigate risk.
The challenge is to create the conditions in which
collaborative working becomes possible.
Traditionally supply chains have been
characterized by arms-length, even adversarial,
relationships between the different players.
© IEEE INCALT Conference 2016 Virgil Popa 56
© IEEE INCALT Conference 2016
Virgil Popa
There has not been a history of sharing information either with suppliers or customers. More recently however there have been encouraging signs that a greater willingness to work in partnership is emerging in many supply chains. In the fast moving consumer goods (FMCG) industry there is now significant collaboration between manufacturers and retailers in the form of Collaborative Planning, Forecasting and Replenishment (CPFR) initiatives.
57
The PRECISION Case
A good example is if a customer needing greater precision steel coils has led the company to achieve Steel Company analyzed a large investment in a new process with a special feature section PRECISION. This is evidence of a very good collaboration.
© IEEE INCALT Conference 2016
Virgil Popa
58
Supply Chain Security Measures - The Business
Perspective (Magdalena Jażdżewska-Gutta)
It became obvious that due to long-term
trends of globalization and outsourcing the supply chains became more vulnerable to any disruptions.
Due to the character of supply chains, the consequences of a disruption can be more serious than we expect, as the single threats to any company involved in the flow of goods sum up along the supply chain. It is thus important that companies attach enough importance to implementing supply chain security measures.
© IEEE INCALT Conference 2016 Virgil Popa 59
Vulnerabilies – fundamental factor that make an enterprise/organization suscetible to disruptions
© IEEE INCALT Conference 2016 Virgil Popa 60
Capabilities attributes that enable an enterprise/organization to anticipate and overcome disruptions.
Capabilities can be defined as the combination of an organization”s people, practices, technology and infrastructure that collectively reprezents that organization”s ability to create value for its stakeholders through a distict part of its operations.
© IEEE INCALT Conference 2016 Virgil Popa 61
Some incidents that cause us to warn the
organization implement ISO 28000 for
Generate a continuity of the entire business SC.
Default organization will benefit from the security and
safety stakeholders who have invested and have long-
term expectations.
1. The case with Chinese company (which take
about 24% of the production of stainless steel sheet and
strip) who discontinued collaboration activity by about
one month (too little time to find other customers) will
"compel" the company OTELINOX begin to generate a
security plan integrated downstream with the first three
customers who have a share in sales of about 30%;
© IEEE INCALT Conference 2016 Virgil
Popa
62
Also, but more urgently, it is the company to
do an integrated upstream especially as the first supplier (in Italy) depends on the supply of hot-rolled sheet at a rate of 30-40% and of second (Finland) and third (Spain) on which 15% each.
This plan joint / integrated is even more pressing because the supplier in Italy in 2014 there was a general strike which the outlet of Targoviste (Otelinox) found out about 2 weeks before.
© IEEE INCALT Conference 2016 Virgil Popa 63
Another example, this year, collaborative management in the security chain is given on waste (packaging in coming rolls of wood and paper / cardboard particular) is incident when the certified organization to manage 5 companies collectors (OTR - organization transfer of responsibilities?! - a kind of organization 4PL) ordered (based on very tough legislation regarding environment) amend them. Fines generated extremely large their bankruptcy and effect billiards coup occurred.
© IEEE INCALT Conference 2016 Virgil Popa 64
© IEEE INCALT Conference 2016
Virgil Popa
Business Intelligence: Group of Germany where headquarter site in Europe - Samsung Deutchland which coordinates all the ins and outs of Steel Company find out the month before and generated a growth stock and temporary demand relationship Finland and Spain.
65
Another such case is the change of
ownership in a company that has decided to
close its French led to the loss of a customer
about 10% this year.
The organization is under risk of closure / decrease production if the Romanian government not to grant facilities to the methane - very high consumption after cold rolling passes to achieve flatness board.
© IEEE INCALT Conference 2016 Virgil Popa 66
Vulnerability factor
Definition
Sub-factors
1. Turbulence
Environment characterized by frequent changes
in external factors
1.1.Natural disasters 1.2. Geopolitical disruptions 1.3.Unpredictability of
demand 1.4. Fluctuations in currencies and prices 1.5.Technology failures
2. Deliberate threats
Intentional attacks aimed at disrupting
operations or causing human or financial harm 2.1. Labor disputes 2.2. Special interest groups *
3.External pressures
Influences, targeting the firm, that create
business barriers
3.1. Competitive innovation 3.2. Political/Regulatory change, 3.3. Corporate responsibility ** 3.4. Environmental change
4. Resource limits
Constraints on output based on availability of
the factors of production
4.1.Supplier, production and distribution capacity
4.2. Raw material and Utilities availability**
4.3. Human resources
5. Sensitivity
Importance of carefully controlled conditions for
product and process integrity
5.1.Product purity 5.2.Restricted materials 5.3. Fragility*** 5.4. Reliability of equipment 5.5. Visibility to stakeholders 5.6. Symbolic profile of brand 5.7. Concentration of capacity
6. Connectivity
Degree of interdependence and reliance on
outside entities
6.1. Scale of network 6.2. Degree of outsourcing 6.3. Import and Export channels
7.Supplier/Customer
disruptions
Susceptibility of suppliers and customers to
external forces or disruptions
7.1. Supplier reliability
7.2. Customer disruptions
2. Table : Vulnerability Factors (adapted on Pettit)
© IEEE INCALT Conference 2016 Virgil Popa 67
3. Table : Capability Factors (adapted on Pettit)
Capability Factor Definition
Sub-Factors
1. Flexibility in
sourcing
Ability to quickly change inputs or
the mode of receiving inputs
1.1. Supplier contract flexibility
1.2.Multiple sources
1.Flexibility in order
fulfillment
Ability to quickly change outputs
or the mode of delivering outputs
2.1. Alternate distribution channels 2.2. Risk pooling/sharing, 2.3.. Multi-sourcing 2.4. Inventory management 2.5. Re-routing of requirements
1. Capacity Availability of assets to enable
sustained production levels
3.1. Reserve capacity
3.2. Backup energy sources and communications 1.Efficiency
Capability to produce outputs with
minimum resource requirements
4.1. Waste elimination
4.2. Asset utilization,
4.3. Failure prevention 1.Visibility
Knowledge of the status of
operating assets and the
environment
5.1. Business intelligence gathering 5.2. Information technology 5.3. Product, equipment and people visibility 5.4. Information exchange
1.Adaptability
Ability to modify operations in
response to challenges or
opportunities
6.1. Fast re-routing of requirements
6.2. Lead time reduction 6.3. Learning from experience *, **
© IEEE INCALT Conference 2016 Virgil Popa 68
1.Anticipation
Ability to discern potential future events or
situations
7.1. Monitoring early warning signals 7.2. Forecasting 7.3. Risk management 7.4. Business continuity/preparedness planning 7.5. Recognition of opportunities
1. Recovery Ability to return to normal operational state
rapidly
8.1. Crisis management
8.2. Resource mobilization
8.3. Communications strateg
8.4. Consequence mitigation
1.Dispersion
Broad distribution or decentralization of
assets
9.1. Location- specific empowerment
9.2. Dispersion of markets
10. Collaboration
Ability to work effectively with other entities
for mutual benefit 10.1. Collaborative forecasting 10.2. Customer management 10.3.Risk sharing with partners
11.Organization
Human resource structures, policies, skills
and culture
11.1. Creative problem solving 11.2. Cross- training, 11.3. Substitute leadership/empowerment 11.4. Learning/benchmarking
12. Market position
Status of a company or its products in
specific markets
12.1. Customer loyalty/retention market share
12.2. Customer relationships
11.3. Customer communications
13. Security
Defense against deliberate intrusion or attack 13.1. Access restrictions
13.2. Employee involvement
13.3. Collaboration with governments
13.4. Cyber-security
13.5. Personnel security
14. Financial strength Capacity to absorb fluctuations in cash flow 14.1. Insurance
14.2. Financial reserves and liquidity ***
14.3. Price margin
© IEEE INCALT Conference 2016 Virgil Popa
69
4. SELF-ASSESSMENT QUESTIONNAIRE SUPPLY CHAIN SECURITY MANAGEMENT through ISO 28001
SCORECARD
SECTION/ SUBSECTION / ACTIVITY Standard took into account 0% 25% 50% 75% 100%
1. INFORMATION SECURITY SECTION 100
1.1. SUBSECTION - PROCEDURES FOR
PERFORMING BACK-UP, RECOVERY,
REINTRODUCTION AND STORAGE OF RECORDS
100
1.1.1. Your organization has researched upon control
procedures for performing back-up copies, recovery,
reintroduction and storage of own records and
implementation of such actions.
ISO 9001:2015
ISO 17799:2005; ISO 27001:2005
ISO for standards in cybersecurity
X
1.2.SUBSECTION - SECURITY INFORMATION -
PROTECTION SECURITY SYSTEM 100
1.2.1. Your organization has researched upon control for
internal software and ERP (Enterprise Resource Planning)
against unauthorized access to the system and
implementation of such actions.
ISO 17799:2005
ISO 27001:2005
ISO/PAS 28001:2006
X
1.3. SUBSECTION - SECURITY INFORMATIONS -
SECURITY DOCUMENTATION
100
1.3.1. Your organization has researched upon control
procedures security document
ISO/PAS 28001:2006
ISO 17799:2005
ISO 27001:2005
X
© IEEE INCALT Conference 2016 Virgil Popa
70
2. SECTION - SECURITY REQUIREMENTS 0% 25% 50% 75% 100%
2.1. SUBSECTION - OWN ASSESSMENT ON
SECURITY MEASURES 89,29
2.1.1. You performed a self-sssesment on security
and safety
ISO/PAS 28001:2006
ISO 9001:2015
ISPS Code *
X
2.1.2. Your organization has researched upon
security and safey measures
ISO/PAS 28001:2006
ISO 9001:2015
ISPS Code *
X
2.1.3. Your organization has researched upon
registering and reporting procedures about
security issues
ISO/PAS 28001:2006 ISPS
Code *
X
2.1.4. In your organization there are specific
safety and security requirements for import
/export / reexport goods
ISPS Code *
X
2.1.5. You performed an own asessment on your
activity, regarding the potential dangers for safety
systems.
ISO/PAS 28001:2006
ISPS Code *
X
2.1.6. Insurances you have concluded comprises
specific security and safety requirements ISPS Code * X
2.1.7. Some of your customers have imposed you
security requirements ISPS Code * X
© IEEE INCALT Conference 2016 Virgil Popa 71
2.2. SUBSECTION - PHYSICAL SECURITY 9687,
2.2.1. Indicate if limits of external parameters of
your locations are safe
ISO/PAS 28001:2006
(Section A 3.3.)
X
2.2.2. Your organization has researched upon the
control procedures about acces through all points
and gateways to your locations. ISO/PAS 28001:2006
X
2.2.3. Apply security measures / closing to the
doors, windows and gates, both to the ones in
the inside and in the outside
ISO/PAS 28001:2006
X
2.2.4. Your organization has researched upon the
safekeeping procedures of keys to access points.
ISO/PAS 28001:2006
X
2.2.5. Your organization has researched upon
procedures to ensure that only authorized
personnel have access to parts of your locations
ISO/PAS 28001:2006
ISPS Code *
X
2.2.6. Your organization has researched
regarding on procedures to protect your premises
against unauthorized access by personal
vehicles. X
2.2.7. Your organization has researched upon
procedures applicable in cases of unauthorized
access or intrusion.
ISO/PAS 28001:2006
ISPS Code *
X
2.2.8. Your organization has researched
regarding on procedures for maintaining the
security of buildings and external boundaries
ISO/PAS 28001:2006
X
© IEEE INCALT Conference 2016 Virgil Popa
72
2.3. SUBSECTION - UNITS OF
TRANSPORTATION OF GOODS 70,0
2.3.1. You are the owner of cargo
transportation meanss used in your activity X
2.3.2. You have experience in conducting
inspections for cargo transportation units
and vehicles
ISO/PAS 28001:2006
X
2.3.3. Your organization has researched
upon control procedures regarding
monitoring the security of cargo
transportation units used in your business as
long as they are under your responsibility
ISO/PAS 28001:2006
ISPS Code *
X
2.3.4. Your organization has researched
upon applicable procedures to solve
incidents regarding unauthorized access and
wrong/harmful handling of your cargo
transportation units.
ISO/PAS 28001:2006
X
2.3.5. In case maintenance activity and
repair of cargo transportation units are
performed externally, specify if you have
researched upon surveillance procedures of
cargo transportation units at their return,
before loading
ISO/PAS 28001:2006
X
© IEEE INCALT Conference 2016 Virgil Popa
73
2.4. SUBSECTION LOGISTICS PROCESSES 75,0
2.4.1. Indicate in the next cells what kinds of transport are
normally used by your business X
2.4.2. Indicate in the next cells if transport is performed on
your expense or through an external contractor. X
2.4.3. Indicate in the next cells if where transport is carried
out by an external contractor, the relation is based on a simple
agreement or understanding to provide services, or rely on
contracts that include responsibilities and procedures for
ensuring safe transport of your goods X
2.4.4. Indicate in the next cells, in case if you do not use a
regular contractor, how do you ensure safety and security of
your goods X
2.5. SUBSECTION - ENTRY OF GOODS 95,33
2.5.1. Your organization has researched upon the procedures
regarding security and safety required for goods entered your
ocations.
ISO 9001:2015
ISO/PAS 28001:2006
ISO/PAS 17712; ISO 9001:2015
X
2.5.2. Your organization has researched on procedues
applicapble to solve the situations if incoming goods breach
security and safety arrangements agreed with suppliers.
ISO/PAS 28001:2006
X
2.5.3. You ensure that goods are received only in a supervised
places.
ISO/PAS 28001:2006
X
2.5.4. Your organization has researched on the procedures to
be followed to ensure that staff are informed of procedures
and measures for safety and security.
ISO/PAS 28001:2006
X
2.5.5. Your organization has researched on the procedures for
the receipt of goods which pose a risk to security and safety. ISO 9001:2015
X
2.5.6. The fees to be paid are separate on different activities,
as are orders of goods, receipt it, goods registration in the
accounts and pay bills. X
© IEEE INCALT Conference 2016
Virgil Popa
74
2.6. SUBSECTION - STORAGE OF GOODS 100
2.6.1. Your organization has researched on
procedures regarding the security and safety issues
needed to enclosure the place of goods storage .
ISO 9001:2015
ISO/PAS 28001:2006
ISPS Code * Certificat TAPA
X
2.7. SUBSECTION PROCESSING OF GOODS 100
2.7.1. Your organization has researched upon
procedures on security and safety needed to
enclosure the place of the processing of goods.
ISO/PAS 28001:2006
X
2.8. SUBSECTION - LOADING OF GOODS 100
2.8.1. Your organization has researched upon
physical and documentary procedures to control the
loading of goods.
ISO/PAS 28001:2006
ISO/PAS 11712: 116 ;ISO/PAS
17712
ISPS Code *
X
2.8.2. Your organization has researched upon
security and safety measures required by your
customers at the time of loading.
ISO/PAS 28001:2006
X
2.9. SUBSECTION - SAFETY REQUIREMENTS
FOR SUPPLIERS 100
2.9.1. You have procedures estabilited with your
suppliers regarding implementation of security and
safety measures. X
© IEEE INCALT Conference 2016 Virgil Popa 75
2.10. SUBSECTION - SECURITY
PERSONNEL 100
2.10.1. Your organization has
researched procedures on personnel
policy that takes into regarded the
security requirements of your
activity.
ISO/PAS 28001:2006
X
2.10.2. You train your staff
regarding security and safety
requirements.
ISO/PAS 28001:2006
X
2.10.3. You have security
requirements aplicable of staff
employed temporarily.
ISO/PAS 28001:2006
X
2.11. SUBSECTION - EXTERNAL
SERVICES 100
2.11.1. You have security
requirements included in contracts
with external suppliers such as, for
example those applicable security
guards, cleaning, maintenance
ISO/PAS 28001:2006
X
ISPS Code is the International Code for the Security of Ships and Port Facility provided
in Government Decision no. 248 of 26.02.2004.
© IEEE INCALT Conference 2016 Virgil Popa 76
CONCLUSION ON SELF-ASSESSMENT QUESTIONNAIRE
on compliance with ISO 28001 and ISO 27001
1. INFORMATION SECURITY SECTION 100%
2. SECTION - SECURITY REQUIREMENTS 93,33%
TOTAL (SIMPLE MEAN) 94,75%
© IEEE INCALT Conference 2016 Virgil Popa 77
5. The Process Classification Framework
Valahia University, ECR Department 78
APQC (American Productivity and Quality Center) © IEEE INCALT Conference 2016
Virgil Popa
Calculations AHP
SCORECARD Total
scor
Activities 0
%
25
%
50
%
75
%
100
%
10.1. Manage enterprise risk
(17060)
53.33
%
10.1.1.Establish the enterprise
risk framework and policies
(16439)
55
%
10.1.1.1.Determine risk tolerance for
organization (16440)
X
10.1.1.2.Develop and maintain enterprise
risk policies and procedures (16441)
X
10.1.1.3.Identify and implement enterprise
risk management tools (16442)
X
10.1.1.4.Coordinate the sharing of risk
knowledge across the organization (16443)
X
10.1.1.5.Prepare and report enterprise risk
to executive management and board (16444)
X
Proposal for risk measurement system aggregate of
organizations and alliance SC based on APQC’s Process
Classification Framework (PCF)
© IEEE INCALT Conference 2016
Virgil Popa
79
10.1.2. Oversee and coordinate
enterprise risk management activities
(16445)
45.83
%
10.1.2.1. Identify enterprise level
risks (16446)
X
10.1.2.2. Assess risks to determine
which to mitigate (16447)
X
10.1.2.3. Develop risk mitigation
and management strategy, and
integrate with existing performance
management processes (16448)
X
10.1.2.4. Verify business unit and
functional risk mitigation plans are
implemented (16449)
X
10.1.2.5. Ensure risks and risk
mitigation actions are monitored
(16450)
X
10.1.2.6. Report on risk activities
(16451)
X
© IEEE INCALT Conference 2016 Virgil Popa
80
10.1.3. Coordinate business unit and
functional risk management activities
(16452)
62,5
%
10.1.3.1. Ensure that each business
unit/ function follows the enterprise
risk management process (16453)
X
10.1.3.2. Ensure that each business
unit/ function follows the enterprise
risk reporting process (16454)
X
© IEEE INCALT Conference 2016 Virgil Popa 81
10.1.4. Manage business unit and
function risk (17462)
50
%
10.1.4.1. Identify risks (16456) X
10.1.4.2. Assess risks using
enterprise risk framework policies and
procedures (16457)
X
10,.1.4.3. Develop mitigation plans
for risks (16458)
X
10.1.4.4. Implement mitigation
plans for risks (16459)
X
10.1.4.5. Monitor risks (16460) X
10.1.4.6. Analyze risk activities and
update plans (16461)
X
10.1.4.7. Report on risk activities
(16462)
X
Total X © IEEE INCALT Conference 2016
Virgil Popa
82
6. Working All Together (WAT) for Supply Chain
Excellence
Information flow
Reverse Logistics
Supplier Manufacturer Retailer 3PL 3PL
Products/Services Flow
Reverse Factoring (A/P)
Bank of retailer
Bank of manufacturer
Bank of supplier Factoring (A/R)
Factoring financial institution
Factoring financial institution
Cash Flow
4PL 4PL 4PL
© IEEE INCALT Conference 2016 Virgil Popa 83
A new solution for the win-win approach is: Reverse Factoring As the name reveals, reverse factoring solutions are based on factoring – a transaction in which suppliers sell receivables to factors for immediate cash.
© IEEE INCALT Conference 2016 Virgil Popa 84
A recommended solution: Factoring
Factoring classic and normal financial collaboration between manufacturer-retailer is made by commercial credit. Factoring is a new comprehensive finance business including commerce financing, credit survey, receivables administration and credit risk guarantee.
© IEEE INCALT Conference 2016 Virgil Popa 85
A new solution for the win-win approach is: Reverse Factoring As the name reveals, reverse factoring solutions are based on factoring – a transaction in which suppliers sell receivables to factors for immediate cash
© IEEE INCALT Conference 2016 Virgil Popa 86
© IEEE INCALT Conference 2016 Virgil Popa 87
http://www.northwestern.edu/standards
-management/topics/supply-
chain/papers.html
GLOBAL STANDARDS
FOR SUPPLY CHAIN
MANAGEMENT IN
CONSUMER
PACKAGED GOODS
INDUSTRY
2. The Data Pool registers a product
in the GS1 Global Registry and sends
very basic information about the
item.
3. The GS1 Global Registry holds this
basic information about all items and
the location of each items’ source Data
Pool.
1.A manufacturer will:
- Align data internally
- Prepare data for
external publication in
line with EAN.UCC
Standards
- Publish item
information to the
source Data Pool
- Synchronize changes
to this date
- Approve retailer
requests to subscribe
to date.
4. A retailer will:
-Search the GS1
Global Registry, via a
selected Data Pool, for
an item (by GTIN or by
description) – the
Registry returns the
details of the items to the Data Pool
- Request subscription
to manufacturer data
- Receive data and any subsequent changes
- Align data with
internal data.
5. The trading
partners
synchronise the
item information
between their
respective Data
Pools.
6. The same process
applies for
synchronising Party
information, published
by manufacturer or
retailer, based on the
GLN.
Registry Manufacturer
Retailer
Data Pool
Data Pool
Global Data Synchronization network on the Electronic Product Code Network
Contact: Professor Virgil Popa Ph. D.
www.virgilpopa.com
www.scm-journal.com www.ecr-uvt.ro
[email protected] [email protected]
© IEEE INCALT Conference 2016 Virgil Popa 90