Supply Chain Risk Management

The As-Is Landscape

1
 A chronology of supply chain risk management

2008
• Most supply chain executives became interested in SCRM after
the financial meltdown

• Company after company watched, almost helplessly, as customer

orders were canceled, suppliers entered bankruptcy, and
commodity markets became increasingly volatile

2009
• The ISO Group delivered its first set of standards directly relating
to supply chain risk, which was a major recognition of the
importance of SCRM

2
 A chronology of supply chain risk management

• These standards include ISO 73 and ISO 31000:

• ISO 73 profiles the vocabulary and taxonomy of risk within the

supply chain, and

• ISO 31000 provides insight into the principles, practices, and

guidelines to effectively identify, assess, mitigate, and manage
supply chain risk

3
 A chronology of supply chain risk management
2010
• Course for a master’s of business administration degree by
explicitly profiling the emerging elements of supply chain risk
management

• The price water house Coopers study produced several

important takeaways:
• Demand and supply volatility is here to stay
• Supply chain complexity will be with us for many years
• End-to-end supply chain cost optimization will be critical
moving forward
• Risk and opportunity management should span the entire
supply chain, including with key partners
•  
4
 S C R M R isk “ H e a t M a p ” A sse ssm e n t
Leadership
C u s to m e r 10.00 B a la n c e d
D em and Scorecard
Heat Map Color Key 8.00
6.00
Risk Gradient 4.00 S&OP
L o g is tic s
2.00 P ro c e sse s
Low Risk 1 to 4
0.00
Medium Risk 5 to 7 1.00
In te g ra te d 3.00
High Risk 8 to 10 In d u s try
S u p p ly C h a in
5.00
7.00
Supply I n f o r m a ti o n
9.00
S y s te m s
M a n u fa c tu rin g
5
 A chronology of supply chain risk management
• The Supply Chain Risk Assessment Tool, encompasses about 100
questions-of-discovery about a company’s supply chain across 10
tenets of the entire supply chain

• It is a perception-based tool that captures the complexion of a

company’s operating environment relative to a maturity model and
then develops an inherent risk factor for every tenet

• Risk factors are then plotted inside a spider diagram for visual
presentation using a red, yellow, and green designation

6
 A chronology of supply chain risk management
2011

• Integrate risk management practices across all business functions

to ensure understanding, commitment, and alignment

• Identify, measure, and prioritize risks by mapping out the complete

supply chain “ecosystem”

• Emphasize operational flexibility, global visibility, and diversified

supplier portfolio to blunt the impact of supply chain calamities

• Use probability modeling to identify unknown risks and develop

contingency plans

• Insist that suppliers and business partners perform up-front due

diligence

• Hedge risk by making prudent choices about insurance

•  

7
 A chronology of supply chain risk management

2013
• Institute a multi stakeholder supply chain risk assessment
process across the enterprise

• Mobilize international standards’ bodies to further develop

resilience standards

• Incentivize corporations to follow agile, adaptable supply

chain strategies

• Expand the use of data-sharing platforms for risk identification

and responses
 

8
 Four pillars of supply chain risk management

• These pillars include

1. Supply risk,
2. Process risk,
3. Demand risk, and
4. Environmental risk

• Each pillar encompasses its own set of tools, techniques, tactics,

metrics, people, processes, and program issues

9
 1. Supply Risk

• Areas such as supplier continuity, strategic sourcing, supplier

viability and capability, raw material pricing, supplier
assessments, inbound logistics, fraud, corruption, and
counterfeiting

• Inherent risks are disruptions caused by the inability of suppliers

to deliver on time, quality failure, financial failure, compliance
failure, channel complexity, and communication failure

10
 2. Process Risk

• Includes IT systems, mergers and acquisitions, marketing

strategy, organizational structure, frameworks and metrics, supply
chain strategy and execution, manufacturing and quality,
organizational risk assessment, heat maps, and war rooms

• The inherent risks include disruptions caused by quality

problems, inventory shortages, late deliveries, capacity shortages,
equipment breakdowns, IT outages, poor overall execution, and
misalignment of strategy and metrics

11
 3. Demand Risk

• The complexion of this pillar covers areas such as new

customers, market trends, consumer interest/spending, demand
management/forecasting, distribution requirements planning,
product integrity, customer service, and scenario planning

• Inherent risks are disruptions caused by problems in

distribution, actions by competitors, product reputation, brand
management, social media/trending, logistics, and customer
sentiment

12
 4. Environmental Risk

• Encompasses areas such as government regulations, taxes,

economic volatility, currency exchange, natural disasters, and
compliance

• Inherent risks are natural disasters, geopolitical and energy risks,

port security, logistics and facilities security, currency exchange
fluctuations, global economics, war, pandemics, and civil
disobedience

13
 120

100 100 100 100 100

80
70
The diRerence
Maturity Index

60 between the top &

50 bottom of each box
indicates the
40 scope of activity
40
30

20

0
Supply Process Demand Environment 14
The supply chain risk management adoption

• Leading-edge companies are much more likely to integrate and

align risk with corporate goals
• They generally have more visibility into their organization as they
are substantially more likely to perform “what-if” scenario-
planning and change analysis

1. Early Adopter Companies

2. Industry Average Companies

3. Laggard Companies

15
 1. Early Adopter Companies

• Leverage their ERM tools and technology to enhance the

integration of risk management across the business

• They continually link risk management to company goals and

compensation

• They are improving visibility and monitoring of Key Risk

Indicators with new business analytic tools

• Implement processes that are aligned with risk management and

compliance, build a risk awareness culture throughout the
organization, and secure executive commitment for risk
management initiatives

16
 1. Early Adopter Companies

• These practices are being driven by a factor of two- or three-to-

one above the industry average and laggard companies

• These companies maintain a senior management champion of

risk, segment risk duties, cross-functionally coordinate risk
management, establish roles and responsibilities to execute risk,
and establish a risk committee to oversee key risks

• These commitments by early adopters eclipse the industry

average and laggards again by a factor of two- or three-to-one

17
 2. Industry Average Companies
• Average companies attempt a standardized approach to
communication and organizational collaboration relative to risk

• Some of these companies are beginning to integrate and align risk

with corporate goals

• Some are also developing and measuring risk and

performance

18
 2. Industry Average Companies

• Several are beginning to improve the time-to-decision by

optimizing risk knowledge management activities and expanding
risk visibility throughout the organization

• Senior management oversight and engagement associated with

risk to improve executive buy-in is starting to occur at this
level

19
 3. Laggard Companies

• Laggards talk about supply chain risk but do not fund projects to
prepare for and respond to risk events at any real level

• Most have someone in the CFO’s office reviewing enterprise risk

in the classical financial terms, such as hazard, financial, and
strategic risk

• The average operational and supply chain professional does not

maintain scenario game plans for risk events; therefore, SCRM is
an event-driven, ad hoc, or part-time experience

20
 3. Laggard Companies

• Most executives in this category assume incorrectly that their

people will know what to do in a risk event

• It is safe to conclude that a majority of companies are still

considered laggards in terms of their SCRM capabilities

• This suggests that we have more work to do to move companies

away from the laggard status

21
 3 .5
Early Adopters,
3
to H ig h
10% of Sample Size

2 .5

Average, 20% of
Low

2
Sample Size
–

1 .5
L evel

Laggards, 70%
1
of Sample Size
M a tu rity

0 .5

0
0 0.5 1 1.5 2 2.5 3 3.5
A d o p tio n R a te – L o w to H ig h 22
 Summary of Key Points

• Most supply chain executives became interested in SCRM after

the financial meltdown of 2008. For many, 2008 was the genesis of
their risk management efforts.

• In 2009, the ISO Group delivered its first set of standards directly
relating to supply chain risk, which was a major recognition of the
importance of SCRM. These standards include ISO 73 and ISO
31000.

23
 Summary of Key Points
• The Supply Chain Risk Assessment Tool encompasses about 100
questions-of-discovery about a company’s supply chain across 10
tenets covering the entire supply chain.

• The basic premise is that as the supply chain matures, the

inherent risks faced by that supply chain diminish.

• The new normal of global supply chains features more global

sourcing and manufacturing, hyper-demand requirements, longer
supply chain lead times, more potential points of failure, and
managing supply chains in far-flung corners of the world.

24
 Summary of Key Points

• Over a period of several years, Zurich found that 85% of

organizations experienced at least one supply chain incident that
caused disruption to their business.

• The Risk Maturity Index suggests that companies with the highest
level of risk maturity experience 50% lower stock price volatility
than less-developed counterparts.

• The Four Pillars of SCRM are supply risk, process risk, demand
risk, and environmental risk .

• The supply pillar is by far the most mature of the four because
procurement professionals have been dealing with supplier
uncertainty and risk for over 50 years.

25
 Summary of Key Points

The demand pillar ranks second in terms of maturity, followed by the

process pillar and finally the environmental pillar.

SCRM Adoption utilizes a categorization scheme revolving around

laggards, industry average, and early adopters.

In terms of the as-is state, it is safe to conclude that a majority of

companies are still considered laggards in terms of their SCRM
capabilities.

26