Upload
derek-hill
View
796
Download
1
Embed Size (px)
DESCRIPTION
Presentation given at CILT Supply Chain Network, London - 15th June 2009
Citation preview
Understanding and Managing Risk
within Complex Supply Chain Projects
CILT Supply Chain Network
London, UK
Monday 15th June 2009
Duracell and Corus suffer
due to steel conflict
(Source: headlines from national newspapers)
Car transporter vessel
sinks after collision
(Source: headlines from national newspapers)
Recall of Mercedes ML
Models
(Source: headlines from national newspapers)
More takeovers and mergers
in the transport sector
(Source: headlines from national newspapers)
Strikes in Austria, France
and Italy
(Source: headlines from national newspapers)
Distribution halted by IT
system fault
(Source: headlines from national newspapers)
EC requires traceability of
food, feed and ingredients
throughout supply chain
(Source: headlines from national newspapers)
Research center studies
terrorism's impact on supply
chain
(Source: headlines from national newspapers)
Risk is unavoidable
Derek Hill
Contingency
Arro
w
Life before Logistex…
Interesting projects…
Not a Risk
Management
Expert
Agenda
• Understanding different types of risks
• Identifying and evaluating risks
• FKI Logistex risk processes and governance
Objective of Risk
Management
• Not to remove risk
• To raise awareness and visibility of risks
• To manage risks by mitigation actions to
prevent major impact
• To prepare for contingency
Improve the predictability
of a project!
Project Predictability
0%
50%
100%
150%
200%
250%
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Planned
Pla
nn
ed
Co
st (
%)
Project Cost
Pro
ject E
nd
Time (months)
Project Predictability
0%
50%
100%
150%
200%
250%
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Planned Risk Managed
Pla
nn
ed
Co
st (
%)
Project Cost
Pro
ject E
nd
Time (months)
Project Predictability
0%
50%
100%
150%
200%
250%
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Planned Risk Managed Freestyle
Pla
nn
ed
Co
st (
%)
Project Cost
Pro
ject E
nd
Pro
ject E
nd
Project Cost
Time (months)
1.Understanding different
types of risks
What Is A Risk?
• A potential event with negative consequences that has not happened yet
– However a risk could also be defined as the event with unforeseen positive consequences; an Opportunity
• A possibility of loss — not the loss itself!
– A source of problem during a project
– Avoid labeling the cost of a risk as a risk (e.g. Schedule slippage). Find the sources!
– Strike at the root of the problem, not the leaves!
• Something that makes the project special
• In the widest sense everything is a risk
• There are better ways of handling recurrent problems!
Two Basic Classifications
• Known unknowns
– Things that we know we don’t know
• Unknown unknowns
– Risks that surface despite our best efforts
Types of Risk
(e.g. risks of being let down by partners, key suppliers, outsource
providers etc)
3rd Party
(e.g. natural disasters, pollution, global warming impacts,
diseases/pandemics)
Environment
(e.g. Country risk, civil commotions, nationalisation)Political
(e.g. HSE, anti-competitive practices, stock market rules)Legislative
(e.g. changes in markets, customers, products, M&A, major
capital investments/projects)
Strategic
(e.g. business continuity, service quality)Operational
(e.g. customer default, failure of key partner/supplier)Credit
(e.g. gearing/interest rates, liquidity, foreign exchange,
commodity prices, systemic risks etc)
Financial
Logistex Corporate Risk Register
Business
• M&A
• Capital expenditures
• Factory moves/closures
• New product development
• Supply chain development
• Organizational restructuring
• Corporate Social Responsibility
• HSE
• Environment
• Currency
• Competencies
Projects
• Technology
• New roles
• Ill defined specifications
• Sourcing and supply chain
• Terms and Conditions
• People
• Organisational
• Estimation
2.Identifying and evaluating risks
Context
• Project objectives
• Scope, terms costs conditions, an guarantees
• Schedule, location, and plan of project
• Assumptions
• Interfaces and stakeholders
• Definitions
Expectations
End-User
Provider
GAP= Difference in expectations
= Increased risk
Influences
End-User
Provider
External
Complexity
Project Risk Profile
• Profiling output
determines weight of
Bid Approval and
Project Execution
Process
Risk Mapping
• Hold a Risk Workshop for key members of project, stakeholder, suppliers etc.
• Brainstorm types of risk and categorise in terms of size of impact.
• Then assess probability of occurrence and populate Prioritising Risk Matrix opposite.
• Risks should be owned and tracked.
PR
OB
AB
ILIT
Y
IMPACT
ME
DIU
MLO
WH
GIH
MEDIUMLOW HGIH
NASA's illustration showing high impact risk areas for the International Space Station
Method
• Describe the Risks
– Brainstorming potential risks
– Walkthrough of the risk identification checklist
Method
• Common language
– Clear and accurate description
– Formulated as an “IF..THEN…” statement
• Example 1
– “The equipment will arrive late and we will incur liquidated
damages.”
• Example 2
– “IF customs requires additional paperwork and this delays
the release of the equipment, which delays the installation,
THEN we will incur liquidated damages.”
Method
• Analyze and Prioritize Risks
– Walkthrough risk sheet and estimate the
probability and cost impact of each risk
– Calculate risk rating of each risk (e.g. probability *
impact)
– Concentrate on Key Risks
Probability
...cannot mitigate this type of risk; no known processes
or workarounds are available
Near Certainty:5
...cannot mitigate this risk, but a different approach
might
Highly Likely:4
…may mitigate this risk, but workarounds will be
required.
Likely:3
…have usually mitigated this type of risk with minimal
oversight in similar cases.
Low Likelihood:2
…will effectively avoid or mitigate this risk based on
standard practices.
Not Likely:1
Your Approach and Processes...Level
What Is the Probability the Risk Will Happen?
Impact
Budget increase of less
than 1%
Additional activities
required; able to meet
key dates
Minor pert shortfall,
same approach retained
2
Cannot achieve key
program milestone
Program critical path
affected
Minor schedule slip;
will miss need date
Minimal or no impact
Schedule
Budget increase of less
than 10%
Unacceptable; no
alternatives exist
5
Budget increase of less
than 10%
Unacceptable; but
workarounds available
4
Budget increase of less
than 5%
Mod pert shortfall, but
workarounds available
3
Minimal or no impactMinimal or no impact1
CostTechnicalLevel
Given the risk is realised, what would be the magnitude of the Impact?
RISK
Reject /
Eliminate
Transfer /
Insure
Reduce
ImpactAccept
Reduce
Probability
Actions
Mitigation and Contingency Planning
• List Mitigation Actions
– Start with most severe risks
– List possible actions to reduce probability and/or cost
– Some risks can be avoided
• Contingency Planning
– Only for the most severe risks that cannot be mitigated
– List actions to take should the risk mature
Risk Provisions
• Provision = (Probability x Impact) + Mitigation cost
• Mitigation cost may out way the Impact cost
– Manage to the Risk
Project Risk Register
Key Risk
• A Key Risk Overview (KRO) is required
• Detailed plan of mitigation actions
• Embed responsiveness
Key Risk Overview
Risks require active
management
• Eliminate the risk NOW - scope, terms & conditions, reject.
• Do something NOW to transfer the risks - Insurer, customer,
supplier.
• Do something NOW to reduce the probability of the risks
occurring.
• Plan contingency actions NOW to reduce the impact if the
risk occurs.
• Set up fallback plans NOW to limit the impact for
implementation before the risk occurs.
• Get everybody’s agreement if you will just accept the risk.
3.Processes and governance
Probability Impact Grid (PIG)
8
13
1
10
23
45
6
7
14
1211
15
9
10
OTHER
RISKS
PR
OB
AB
ILIT
Y
IMPACT
ME
DIU
MLO
WH
GIH
MEDIUMLOW HGIH
Monitor
• Re-Assess Risks regularly
– Has probability and damage of controlled risks
changed?
– New risks identified? Analyse them
Stage-Gate Process
Continuity and Consistency
• Monthly and Gate Based Reviews
8
13
1
10
23
45
6
7
14
1211
15
9
10
OTHER
RISKS
88
13
11
10
2233
4455
66
77
1414
12121111
1515
99
10
OTHER
RISKS
PR
OB
AB
ILIT
Y
IMPACT
ME
DIU
MLO
WH
GIH
ME
DIU
MLO
WH
GIH
MEDIUMLOW HGIHMEDIUMLOW HGIH
Who is involved in Risk Management?
• Customer
• End-user
• Project Team
• Management
• Product Management
• Related Projects
• Subcontractors and Suppliers
Roles in Risk Management
• Business Unit
• Project Team
• Risk Action Owner
• Risk Coordinator
• Steering Group
Risk Roll up & Action Flow-down
• Risk Escalation
– Risks outside the control of the area or affecting next levels objectives
• Risk Action Flow-down
– Actions to ensure business objectives are met (Business Plan Deployment)
Task
Project
Business
Business Unit
CorporateRisk Action
Flow-downRisk Roll-up
(Near the end….)
Risk management should…
• be an integral part of organisational processes
• be systematic and structured
• be based on the best available information
• take into account human factors
• be transparent and inclusive
• be dynamic, and responsive to change
• be tailored
• deliver better projects
07940 764844
Discussion…
• What risks does your business or team face?
• How do you deal with them?
• What lessons (good or bad) can you share?