Risk Management 01

Threat
The presence of a hazard and

an exposure pathway -
threats may be natural or
human-induced, either
accidental or intentional.
1
Vulnerability
A characteristic or attribute of an
asset which renders it susceptible
to the effects of an incident.
Vulnerability informs both the
likelihood and consequences of
an incident
2
What is Risk?
Risk refers to the probability of

uncertainty that surrounds future
incidents and outcomes. It is a
function of the likelihood and
consequences of an incident – the
higher likelihood and/or the greater
the consequences, the greater the
risk
3
Risk Management
Risk Management is
systematically setting the best
course of action under
uncertainty by identifying,
assessing, understanding, acting
on and communicating risk issues
4
Resiliency
Resilience is seen as the ability to
accommodate abnormal threats and
events, be they terrorist attacks, or
perturbations from climate change,
or natural disasters such as
earthquakes or floods, or economic
shocks. Most definitions, particularly
those involving individuals,
communities and organizations also
refer to identifying, assessing and
communicating the risk from such
threats and events.
5
Risk & Resiliency
The traditional definition of risk is a measure that
reflects the probability and the magnitude of an
adverse effect. More recently a broader and more
balanced definition has been adopted by the risk
management community which recognizes that
individuals and organizations take risk to achieve
potential benefits. Individuals, communities
and organizations which are prepared and ready for
an abnormal event, tend to be more resilient.
Understanding the probability and the magnitude of
potential threats enables an organization to make
decisions on how best to reduce the probability and/or
impact of such threats, to transfer the risk by taking
out adequate insurance, or indeed to do nothing and
be ready to accept the potential consequences.
6
Risk Mitigation
It will never be possible to completely remove the
probability of a disruptive event. Supply Chain
leaders are expected to have processes which aim
to identify, analyse and evaluate risks and through
consultation, agree upon levels of residual and
tolerable risk, and to take decisions on mitigating
the risks.
If risk mitigation is conducted in a formal and open

manner, organizations are much more willing to
accept the consequences of a disruptive event as
people are then aware that all reasonable action
was taken to reduce the probability and/or impact.
In such circumstances, businesses/organizations
will more readily recover and return to normality.
They are more resilient.
7
Simple Graphical
Representation of Resilience
8
Risk Response
Figure 6. Risk response strategies
Strategies
High
A v o id
Im p a c t
M ed R educe
a n d /o r s h a re
A ccept
Low
Low Med High
Likelihood
9
Risk Register
External, End to End Supply Chain Risks
1. Natural Disasters
■Epidemics
■Earthquakes
■Tsunamis
■Volcanoes
■Weather disasters (hurricanes,
tornados, storms, blizzards, floods,
droughts)
10
Risk Register
2. Accidents
■Fires
■Explosions
■Structural failures
■Hazardous spills
11
Risk Register
3. Sabotage, Terrorism, Crime, and War
■Computer attacks
■Product tampering
■Intellectual theft
■Physical theft
■Bombings
■Biological and chemical weapons
■Blockades
12
Risk Register
4.Government Compliance and
Political Uncertainty
■Taxes, customs, and other regulations
■Compliance issues
■Regulatory financial reporting
■Operations
■Logistics / Trade
■Regulatory Approvals - Marketing
Approvals
13
Risk Register
4. Government Compliance and
■Public Health
■Environmental requirements
■Trade restrictions (e.g., Buy American Act)
■Regulatory Audit history
■Currency fluctuations
■Political unrest
■Boycotts
14
Risk Register
5. Labour Unavailability and Shortage
of Skills
■Availability
■Quality
■Cost
■Unrest
■Strikes and slowdowns
15
Risk Register
6. Industry-wide (i.e., Market)

Challenges
■Capacity constraints
■Unstable prices
■Lack of competition
■Entry barriers
■Capital requirements
■Specific assets
16
Risk Register
6. Industry-wide (i.e., Market)
Challenges
■Process patents
■Shrinking industry
■Low supplier profitability
■Certification
■Cost trends
■Recessions/Inflation
17
Risk Register
Lawsuits
7.
■Environmental
■Health and safety
■Intellectual property
18
Risk Register
8. Technological Trends
■Emerging technologies
(pace/direction)
■Obsolescence
■Other technological uncertainty
19
Risk Register
Supplier Risks: External, Contract
Manufacturers
or Internal Business Unit
1. Physical and Regulatory Risks
■Key Suppliers Located in High Risk Areas
■Material Unavailability/Poor Planning
– Raw materials
– Other materials
■Legal Noncompliance / Ethical practices
– Labour practices
– Safety practices & performance
– Environmental practices
– History & outcomes of lawsuits
– Tax practices
20
Risk Register
Manufacturers
1. Physical and Regulatory Risks
■Regulatory Noncompliance
– Customs/trade
– Security clearance requirements
– History & outcomes of regulatory audits
– Regulatory certification requirements (e.g., Food
& Drug Administration, Federal Aviation
Administration)
– Critical disclosure – International Traffic & Arms
Regulations
21
Risk Register
Manufacturers
2. Production Problems
■Capacity
– Too little, too much, or diminishing
– Order and shipping times
– Out of stock (i.e., no/low inventory)
– Performance history, equipment age &
downtime (manufacturing & testing equipment)
– Repair cycle time
22
Risk Register
Manufacturers
■Inflexible Production Capabilities

(Long setup times)
■Technological Inadequacies or
Failures
– Incompatible information systems
– Slow adoption of new technology
23
Risk Register
Manufacturers
■Poor Quality
– Defects / contamination in
manufactured product
– Mislabeling of items
– Lack of training or knowledge
■Lead Times
– Backlogs
– Unresponsive
– Unreliable
– Variable
24
Risk Register
Manufacturers
3. Financial Losses and Premiums
■Degree of Competition/Profitability
– Downstream integration or too much competition
– Little/no competition - sole source
– Mergers & Acquisitions
■Financial Viability
– Inability to sustain in a downturn
– Bankruptcy
– Withdrawal from the market
25
Risk Register
Manufacturers
4. Management Risks
■Inadequate Risk Management Planning
– Lack of business continuity plans
– Lack of requirements for supplier's supplier
business continuity plans
■Management Quality
– High turnover
– Dishonesty
– Poor labour relations
– Poor metric scorecards
26
Risk Register
Manufacturers
4. Management Risks
■Substituting inferior or illegal materials/parts
– Failing to perform required treatments/tests
– Submitting inaccurate/false invoices
■Lack of Continuous Improvement
– Unwillingness
– Cost escalation
– Opaque processes
– Opportunistic behavior
27
Risk Register
Manufacturers
4. Management Risks
– Inflation of purchase costs
■Dependence on One or a Few Customer(s)
■Poor Communication
– Internal
– External
– Transparency of data & operations
28
Risk Register
Manufacturers
5. Upstream Supply Risks
(i.e., Subcontractors and their Subcontractors)
■Any of the above external/supplier risks
■Lack of visibility into subcontractors
■No or poor relationships with subcontractors
■Diminishing sources of supply
■Transition “costs” for new suppliers
29
Risk Register
Distribution Risks/Disruptions:
Inbound or Outbound
1. Infrastructure Unavailability
■Roads
■Rails
■Ports
■Air capacity/availability
30
Risk Register
Inbound or Outbound
2. Assets - Lack of Capacity or Accidents

■Containers
■Trucks
■Rail cars
■Ships
■Airplanes
31
Risk Register
Inbound or Outbound
3. Labor Unrest/Unavailability
■Truck drivers
■Rail operators
■Longshoremen
■Pilots
32
Risk Register
Inbound or Outbound
4. Cargo Damage/Theft/Tampering
■Physical damage
■Theft and other security problems
■Tracking the damage
■Environmental controls (e.g., temperature, humidity)
33
Risk Register
Inbound or Outbound
5. Warehouse Inadequacies
■Lack of capacity
■Inaccessibility
■Damage
■Environmental controls (e.g., temperature, humidity)
■Lack of security
34
Risk Register
Inbound or Outbound
6. IT System Inadequacies/Failures
7. Long, Multi-Party Supply Pipelines
■Increased chance of all problems above
■Longer lead time
35
Risk Register
Internal Enterprise Risks
1. Operational Risk
■Loss of Inventory (damage, obsolescence)
■Equipment loss, mechanical failures
■Process Issues
– Process reliability
– Process robustness
– Lead time variability
– Inflexible Production Capabilities (long set up
times, etc.)
36
Risk Register
1. Operational Risk
■Capacity
■Too little, too much, or diminishing
■Order and shipping times
■Out of stock (i.e., no/low inventory)
■Performance history, equipment age & downtime
(manufacturing & testing equipment)
■Repair cycle time
37
Risk Register
1. Operational Risk
■Poor Quality
■Defects in manufactured product
■Failure to maintain equipment
■Lack of training or knowledge
■Environmental performance to permits / other
38
Risk Register
2. Government Compliance and

■Taxes, customs, and other regulations
■Currency fluctuations
■Political unrest
■Boycotts
39
Risk Register
3. Demand Variability/Volatility
■Drawdown of the stockpile
■Exceeding maintenance replacement rate
■Shelf life expiration
■Surges exceed production, repair, or distribution
■Shortfalls
40
Risk Register
4. Personnel Availability/Skills Shortfalls

■Sufficient number
■Sufficient knowledge, skills, experience
■Union contract expiry
■High turnover rate
41
Risk Register
5. Design Uncertainty
■Changes to requirements
■Lack of technical detail
■Lack of verification of product
■Changes to product configuration
■Poor specifications
■Reliability estimates of components
■Access to technical data
■Failure to meet design milestones
■Design for supply chain (e.g., obsolescence, standardization,
and commonality)
42
Risk Register
6. Planning Failures
■Forecast reliability/schedule availability
■Planning data accuracy
■Global visibility of plans & inventory positions
■Competition/bid process
■Acquisition strategy
■Manufacturability of a design
■Program maturity
■Subcontracting agreements
43
Risk Register
7. Financial Uncertainty/Losses
■Funding availability
■Work scope/plan creep
■Knowledge of supplier costs
■Strategic risk
44
Risk Register
8. Facility Unavailability/Unreliability/ Capacity

■Facility breakdown
■Mechanical failures
■Sites located in high risk areas
■Adequate capacity
45
Risk Register
9. Testing Unavailability / Inferiority / Capacity

■Unreliable test equipment
■Operational test qualifications
■Operational test schedule
■Integration testing
■Transition from first test to mass production
46
Risk Register
10. Enterprise Underperformance/Lack of Value

■Customer satisfaction/loyalty
■Liability
■Cost/profit
■Customer demand
■Uniqueness
■Substitutability
■Systems integration
■Other application/product value
47
Risk Register
11. Supplier Relationship

Management (SRM) Use
■Contract/supplier management
availability and expertise
■In-house SRM expertise
■Lack of internal and external
communication/coordination
■Supplier development and continuous
improvement
48
Deloitte’s Risk Model
49

Risk Management 01

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Risk Management 01

Uploaded by

Copyright:

Available Formats

Threat

The presence of a hazard and

Risk refers to the probability of

If risk mitigation is conducted in a formal and open

Low Med High

6. Industry-wide (i.e., Market)

■Inflexible Production Capabilities

2. Assets - Lack of Capacity or Accidents

2. Government Compliance and

4. Personnel Availability/Skills Shortfalls

8. Facility Unavailability/Unreliability/ Capacity

9. Testing Unavailability / Inferiority / Capacity

10. Enterprise Underperformance/Lack of Value

11. Supplier Relationship

You might also like