MBA 17:SUPPLY CHAIN MANAGEMENT

TOPIC: SUPPLY CHAIN RISK MANAGEMENT

PROCESS

BY
Mutekanga Esau (MCIPS)

CONSULTANT UMI
0392963280/0701963280
emutekanga@yahoo.com/esaumutekanga@gmail
 RISK DEFINED
 Risk = Likelihood (probability) × Impact (adverse consequence)

 Risk likelihood is the probability of occurrence, given the nature of the risk and current risk
management practices
 Risk impact is the likely loss or cost to the organisation or the likely level of impact on its
ability to fulfil its objectives
 Risk is the probability of an un wanted outcome happening. It’s a situation in which desirable
outcomes may not occur and undesirable outcomes may occur. ISO 31000:2009, Risk is the
effect of uncertainty on objectives
 Probability is the measure of the likelihood that a given event or result might occur
 A Risk is an event that “may” occur. The probability of it occurring can range anywhere from
just above zero to just below 100%
 Risk refers to a situation where there is more than one possible outcome to a decision and the
probability of each specific outcome is known or can be estimated
 Risk is the probability (likelihood) that a hazard will cause loss or damage
negative impact. However the size of the impact varies in terms of cost and impact on health, or
human life
 IMPORTANT TERMS
 Hazard: source of potential harm.
 Risk vulnerability: Things or factors that make an organization more prone to risk.
 Risk exposure: Consequences that may be experienced by the organization, if
specific risk is realized.
 Risk appetite: Amount of risk an organization is willing to bear. Firms with high risk
appetite are risk enthusiastic.
 Corporate risk appetite: The overall amount of risk judged to be appropriate at a
strategic level
 Delegated risk appetite: The agreed corporate risk appetite that can be cascaded
down the organisational structure, agreeing risk levels for different parts of the
organisation
 Project risk appetite: Falls outside the day-to-day policy and decision-making of the
organisation
 Risk aversion: Process of avoiding or minimizing risk exposure. I.e., being risk averse
is having a low risk appetite
 RISK EVENTS
Shocks: Unanticipated events which cause trauma and
disruption to an organisation
Crises: Major events which threaten to cause significant
damage or loss to an organisation, its stakeholders or its
reputation
Disasters: Major natural or human-induced events which
cause significant damage to the infrastructure critical to an
organisation or supply chain, and therefore significant
disruption to its operations
QUALITATIVE TOOLS AND TECHNIQUES
Risk probability/impact matrix
A simple risk or impact assessment can be
performed by using a matrix or risk map on
which threats and hazards can be plotted
according to (a) the likelihood of their
happening and (b) the seriousness of their
effect if they do happen:
Figure below is the Risk assessment grid
RISK ASSESSMENT GRID
 SOURCES OF RISKS IN THE SUPPLY CHAIN
 Lack of top management commitment to the project
 Failure to gain commitment of suppliers to efficient and effective deliverables
 Misunderstanding of the statements of requirements
 Lack of adequate product user involvement
 Failure to manage product end user expectation
 Changing scope and objectives of public procurements
 Lack of required knowledge/skill in the public procurement best practices.
 New technological installations in procurement systems such e procurement soft
and hard ware installations.
 Insufficient / inappropriate public procurement staffing
 Conflict between user departments and Procurement and disposal unit
 Rigid public procurement procedures and policies
 Inadequate public procurement funding
 Poor monitoring of the public procurement process.
IDENTIFICATION OF SOURCES OF SUPPLY CHAIN RISKS

Risk identification is the process of understanding what

potential events might hurt or enhance a particular project.
Risk identification tools and techniques include:
Brainstorming
Interviewing
SWOT analysis
 RISK IDENTIFICATION
 Monitoring of published academic research results and reports by risk
consultants
 Environmental scanning and corporate appraisal (STEEPLE and SWOT analysis)
 Horizon scanning
 Monitoring risk events in benchmark organisations
 Market intelligence gathering and management information systems
 Critical incident investigations
 Scenario analysis
 Process audits
 Periodic checks and inspections on health and safety, quality, maintenance
 Examining project plans, supply chain maps etc for identifiable vulnerabilities
 Conducting formal risk assessments
 Consulting with key stakeholders and industry experts
 Employing third party risk audit and risk management consultants
 THE RESULTS OF UNCONTROLLED RISKS IN THE SC
TYPE OF RISK INITIAL EFFECT ULTIMATE EFFECT
Quality problem Product recall; customer defection Financial losses
Environmental pollution Bad publicity; customer dissatisfaction and Financial losses
defection; court action; fines

Health and safety injury Bad publicity; worker compensation claims; Human suffering; financial losses
workforce dissatisfaction; statutory fines

Fire Harm to humans; loss of production and assets Human suffering; financial losses

Computer failure Inability to take orders, process work or issue Financial losses
invoices; customer defection

Marketing risk Revenue drops Financial losses

Fraud Theft of money Financial losses
Security Theft of money, assets or plans Financial losses
International trading Foreign exchange losses Financial losses
Political risks Foreign government appropriation of assets; Financial losses
prevents repatriation of profits
 CATEGORIES OF RISK
Strategic risks: Arise from the vision and direction of an
organisation, and the organisation’s positioning in a
particular industry, market and/or geographic area
Operational risks: Arise from the functional, operational
and administrative procedures by which organisational
strategies are pursued
Financial risks: Arise internally from the financial
structure of the business, and externally from financial
transactions with other organisations
Compliance risks: Arise from the need to ensure
compliance with laws, regulations and policy frameworks;
and the potential damage incurred by exposure of non-
compliant or illegal activity
 CATEGORIES OF RISK cont’d
Market risks: strategic risks arising from factors or changes in
the external supply market
Technological risks: both strategic and operational risks arising
from technology dynamism and obsolescence, systems or
equipment failure, data corruption or theft, new technology
‘teething troubles’, systems incompatibility and so on
Supply risks: both strategic and operational risks arising from
supply market instability and resource scarcity; supplier
failure; supply disruption; the length and complexity of supply
chains and logistics; and so on
Reputational risks: financial and/or compliance risks, arising
from exposure of unethical, socially irresponsible or
environment-damaging activity by the organisation or its
supply chain
EXAMPLES OF INTERNAL SOURCES OF RISKS IN THE SUPPLY CHAIN
Human personality factors
Cultural values and norms
Group dynamics
Human error and inexperience
Business management
Malicious activity
Breakdown of technology, equipment or systems
Security risks
Lack of internal controls
Workplace hazards
Poor employee relations
Loss of key personnel and knowledge
 USING A RISK REGISTER-why?
To capture all analysis and decisions about identified risks in a
co-ordinated, centralised (but accessible) data store
To provide a template document, allowing risk information to be recorded
systematically and in a standardised format
To develop risk visibility throughout the organisation
To identify accountabilities for monitoring and managing risks
To provide a framework for risk monitoring, management and review
activities
To provide a basis for allocating resources to risk monitoring, management
and review, and for presenting a business case for risk management
To encourage (and act as a tool for) communication about risk issues with
key internal and external stakeholders
To provide project sponsors, contract managers and other designated risk
owners with a framework from which risk status can be reported
 RISK REGISTER TEMPLATE
A unique reference or code number identifying each risk
Description of the type and nature of the risk
The date on which the risk was first identified
The risk owner
Probability of the risk event occurring
Impact, cost or consequences if the risk event occurs
Identified possible responses or mitigation actions, to
reduce probability or impact, or both
The risk mitigation action chosen and its effect (if any)
Regularly updated information on the current status of
each risk
 TEMPLATE FOR SECURITY RISKS
Risk Question

Buildings Does the business have manufacturing or warehousing premises?

Are the company’s premises easily accessible to the public, or visited by many people?

Information Could your paperwork or computer data have commercial value to a competitor?

Espionage Does the business operate in markets subject to fashion or technological advance?

Intellectual property Does it have inventions, trade marks or well-known brand names?

Attacks on premises Does it employ large numbers of people?

Tampering Does the company sell fast-moving consumer goods (FMCG)?

International Do your executives travel to unstable developing countries?

Does the company have assets in unstable developing countries?

Review Has the company failed to carry out a security review?

Total points [score one point for each box ticked]:

[Score: 0–3 points: low risk. 4–6 points: moderate risk. 7–10 points: high risk.]
THE RISK MANAGEMENT /PROCESSCYCLE
RISK MANAGEMENT STRATEGIES (4 TS)
Tolerate (or accept) the risk: if the assessed likelihood or impact of
the risk is negligible (or there is no viable way to reduce the risk), no
further action may, for the moment, be required, or justified
Transfer (or spread) the risk: eg by taking out insurance cover, or not
putting all supply eggs in one basket – or using contract terms to
ensure that the costs of risk events will be borne by (or shared with)
supply chain partners
Terminate (or avoid) the risk: if the risk associated with a particular
project or decision is too great, and cannot be reduced, the
organisation may consider not investing or engaging in the activity or
opportunity
Treat (mitigate, minimise or control) the risk: take active steps to
manage the risk in such a way as to reduce or minimise its likelihood
or potential impact, or both
SUPPLY CHAIN RISK MITIGATION APPROACHES
 Supplier evaluation and selection
 Supply chain management
 Demand and inventory management
 Logistics management
 Contract development and management
 Insurances
 Risk identification and assessment at the system design stage
 System testing and change-over arrangements for new systems
 Preventive maintenance, repair, updating and replacement of hardware, software and peripherals
 Ensuring that information systems are subject to robust access controls
 Rules and protocols for the effective and secure use of information systems
 Protocols for the backing-up of stored data
 Systems maintenance, contingency planning and back-up systems
 Database management
 Protocols and controls over contract changes, variations, versions and updating
 Internal controls, checks and balances to prevent misuse of data or funds, and fraud
 Intellectual property protection
 Confidentiality of commercially sensitive data
 Training staff in the requirements of relevant legislation
 Documentation of value-adding knowledge and information
SUPPLY CHAIN RECOVERY PLAN FOR SUPPLIER FAILURE RISK
 Advance planning for contract termination and transition (exit strategy)
 Contract, performance and relationship management to minimise risk
 Supply chain mapping and environmental (STEEPLE) monitoring
 Pre-identified and pre-qualified back-up sources of supply
 Pre-negotiated framework contracts, with emergency (‘hot start’) call-off facilities
 Establishment of direct contacts with lower-tier suppliers
 Pre-authorised procurement card or cash payment facilities to enable the payment
of emergency suppliers
 Use of telephone cascade, intranet or email to inform all relevant staff of the need
to trigger the emergency response plan
 Trigger supplier transition arrangements and termination clauses
 Notify business contacts and other stakeholders as appropriate
 BENEFITS OF RISK MANAGEMENT IN THE SUPPLY CHAIN
Avoids or minimises costs incurred by risk events, shocks and crises
Avoids or minimises costs incurred by failure to demonstrate risk mitigation
Avoids disruption to production and revenue streams
Secures supply, by mitigating supply chain vulnerability
Protects market share
Supports business and supply chain resilience
Safeguards the key human resources of the organisation
Enables the organisation to attract and retain quality employees, suppliers
and network partners
Helps management objectively to decide which risks are worth pursuing and
which should be avoided
Improves the quality of strategy-, policy- and decision-making
Improves organisational and supply chain co-ordination
Improves stakeholder confidence and satisfaction
I THANK YOU

22