deploying risk management - the apics chicago chapter
TRANSCRIPT
Supply Chain Management
Richard Gendon APICS-Chicago Webinar
June 25, 2013
Deploying Risk Management Basic Steps Toward
Integrating Supply Chain
Risk Management Practices
Center for Professional Management
Today’s Webinar The Groundwork
Defining Risk
Why iSCRM
Beyond Catastrophe
Inherent Risk
The Difference Between ERM & SCRM & why SCRM with ERM
What Others are Doing
The A Ha Moment Major - um processes & functions
Heat map
What are the tools Primary Tools
SC Resilience There will be disruptions
X-functions & fast flexible equipment
Risk Database – risk register
Specific RM Tools
Center for Professional Management
Today (continued)
What are the tools (continued) Risk Frameworks
Specific RM Tools Risk ID, Tracking and Mitigation
Probability
Steps Define Risk Appetite
Measurement
TTT
Roll-out & Embed
It is Risk Management Discrete risks can, and often should be reduced
Important to understand that in aggregate, risk is necessary
Risk Management is a financial tool Compare to other financial mgt functions
It’s about profit and profitability
Need for integration
Recommendations, Conclusion & Summary
Center for Professional Management
Definition of Terms
Risk Management is…
Having the ability to handle
uncertainties in a way that
allows us to make rational
decisions regarding them.
• Uncertainty not quantified • Risk quantifiable
Center for Professional Management
Uncertainty
Risk
The Challenge
Identify meaningful Uncertainties
and convert them onto Risk using
Probability tools
Center for Professional Management
In the Context of Business
At the least, Risk Management should be…
RM
Center for Professional Management
In the Context of Business
In general, Risk Management should be --
M R
Center for Professional Management
In the Context of Business
M R
Integrated Risk Management the integrated management of risk
Ideally, Risk Management should be --
Center for Professional Management
In Relation to…
Our Company
Risk Management
Operations Management
Financial Management
Quality
Management
Center for Professional Management
Context
Compare & Contrast
Risk Management (RM)
to
Financial Management (FM)
Center for Professional Management
Context
The Goal
Risk Management Financial Management
Profitability Sustainability
Center for Professional Management
Context
The Goal
Risk Management Financial Management
Profitability Sustainability
Center for Professional Management
Context
The Goal
Risk Management Financial Management
Profitability Sustainability &
Center for Professional Management
Comparison to Financial Practices
Risk
Prevention
Reaction
Impact
Convert/Quantify
Large Impact
Immediate Concerns
Prevention
Cost
Avoidance
Identification
Drivers/Root Cause
Quantification
Total Impact
Prioritization
Reduction
Center for Professional Management
Why the focus on RM???
What types of activities does your company engage in
• Sales?
• Procurement/Supply Chain?
• Warehousing/Inventory
• Assembly?
• Manufacturing?
• Compounding?
• Quality Testing?
• Distribution?
• Transportation?
Center for Professional Management
Other activities of interest -
• Growth?
• Innovation?
• R&D
• New Product Development
• Process Improvement
• System Implementations
Center for Professional Management
Why i SC Risk Mgt?
Clue:
Over the next decade - the climate is NOT the only
thing that will heat-up
…and why the heck is there an i before the SC?
Center for Professional Management
Major Mid/Long-Term Trends Globalization
Social Responsibility
Sustainability/Green
Supply Chain/Geopolitical Instability
Population Growth Global Age Gap - Aging Population in Developed
Nations/Younger Population in Emerging Nations
Continuing Technology Improvements
Social Networking
Japan Weakens as a Source of Supply
Urbanization
Center for Professional Management
World Population Growth
0
1,000
2,000
3,000
4,000
5,000
6,000
7,000
8,000
9,000
10,000
1950 1955 1960 1965 1970 1975 1980 1985 1990 1995 2000 2005 2010 2015 2020 2025 2030 2035 2040 2045 2050
Wo
rld
Po
p (
mill
ion
s)
World Population 1950 - 2050
World
Current
1804 1st Billion
1927 2nd Billion
- 33 - - 14 - - 13 - - 12 - - 13 - - 14 - - 19 -
123 years<
Center for Professional Management
General Impacts - World • More People
• More people than ever before making $5,000 USD equivalent
• Migration to Cities
• More consumers of low priced CPGs
• Increasing political instability
• Higher taxes
• Large unskilled labor pool
Center for Professional Management
ONLY one piece of the story…
Strong Emotional Response
‘Concrete’ Target
Feeling of Accomplishment
Removes/Reduces Threat
Center for Professional Management
Typical Approach
• Brainstorm
• Capture ALL Risks (mix of uncertainties and risks)
• Try to think about the unthinkable
• Consider all associated elements
• Develop a plan for prevention/elimination
• Consider contingencies and identify alternatives
• Develop alternatives as “needed”
Diffuses resources away from prevalent risks
…and No Coordination or Integration
Center for Professional Management
Concentric
Vulnerability
Map
Supply Chain
Risk/Resiliency
Modeling
GM Model
The Resilient Enterprise
Yossi Sheffi
The Great East Japan
Earthquake
Mark Schmale
Presentation to APICS-Chicago
5/17/2011
Center for Professional Management
What’s the Difference
Coverage
Primary Focus
Ownership
Requirement
Concentration
Measurement
Deployment
Primary Risk
Primary Goals
Consideration ERM SCRM
Enterprise
Strategic execution
Sr. Mgt/CRO
Sr. Sponsorship
Financial
Financial & brand
Enterprise
Continuity, Market
Stop loss, Enhance
capital allocation,
ID opportunities,
support legal/reg.
compliance*
SC/Operations
Tactical execution
All SC/Ops Mgt
Willingness to do
Operational
Financial & others
Ops & partners
Cost & Service
Control cost,
improve safety,
insure regulatory
compliance* *Regulatory compliance
-ERM = GAAP, SEC, SOx, etc
-SCRM=OSHA, EPA, cGMP, etc
Center for Professional Management
What’s the Difference
Coverage
Alignment
Ownership
Requirement
Concentration
Measurement
Deployment
Primary Risk
Primary Goals
Consideration ERM SCRM
Enterprise
Strategic execution
Sr. Mgt/CRO
Sr. Sponsorship
Financial
Financial & Brand
Enterprise
Continuity, Market
Stop loss, Enhance
capital allocation,
ID opportunities,
legal/reg.
compliance*
SC/Operations
Tactical execution
All SC/Ops Mgt
Willingness to do
Operational
Financial & others
Ops & Partners
Cost & Service
Control cost,
improve safety,
insure regulatory
compliance* *Regulatory compliance
-ERM = GAAP, SEC, SOx, etc
-SCRM=OSHA, EPA, cGMP, etc
Center for Professional Management
Who’s Doing What?
SC disruptions more costly over past 3yrs
Frequency of Risk Events with negative outcomes
SC Risk important factor in decision making
RM program is effective
Top 2 challenges cited lack of x-functional collaboration
costs associated with implementing RM
organizational factors – also cited
SC model organized around silos
Professional using ‘predictive’ modeling tools Using risk-sensing data, worst-case scenarios,
business simulation
53%
48%
71%
55%
32%
28%
75%
36%
29%
Deloitte Consulting LLP, Survey of 600 Global Retail & Mfg. Execs
Source: www.supplymanagement.com 2/13/2013 “SC threats increasing but RM is not”
… So what’s the ‘so what’??
Center for Professional Management
A Ha
Under Managed Functions and Processes
The most serious generators of Supply Chain Risks are
Center for Professional Management
Heat Mapping Im
pact
/Sev
erit
y
Likelihood/Probability This over used tool
often takes users in the
wrong direction
Center for Professional Management
Fundamental Enterprise Function
Forecast
The Forecast is
NOT
a Prediction
Center for Professional Management
Fundamental Enterprise Function
The Forecast IS
An Indication
of Likelihood
Center for Professional Management
Primary SC Risk Mgt Tools! Improve Forecasting & Review SOP Process
Engage in Supply Chain Collaboration
Perform Processes Simplification
Tighten Regulatory (& ISO) Compliance
Drive Lead Time Reduction
Employ Inventory Control & Optimization
Utilize Vendor Evaluation (RFPs & scorecards)
Implement and or Expand Sustainability
Incorporate/Upgrade to more Effective Systems/Technologies
Benchmark Logistics
Expand Visual Mfg within Mfg and to other SC Functions
Review Cost Controls
Add Decision Making Tools - Model Alternatives
Supply Chain Resilience
Center for Professional Management
Addressing Supply Chain Resilience
X Functional Training
Fast Flexible Equipment
Primary Tools:
Center for Professional Management
ISO 9001:2008 (or equivalent [e.g., TS 16949:2009])
5.6 Management Review 6.2 Human Resources 6.3 Infrastructure 7.2.2 Review of Requirements Related to Product 7.3.7 Control of Design and Development Changes 7.4 Purchasing 7.5 Production and Service Provision 8.2.1 Customer Satisfaction 8.2.2 Internal Audit 8.5.3 Preventive Action
A Risk Management Toolkit
Center for Professional Management
Risk Database Risk Register – Webinar Example
RBS
Risk
Category Risk Description
Probability
(1 - 5)
Impact
(1 - 5) Risk Mitigation Alternative/Contingency Responsible Date:Time
1.1 Attendees Attendees bored 1 5 Low Listen with Co-workers Play "angry birds" on phone Attendee 6/25:12:10
1.2 Attendees
Attendees wild with
excitement 4.5 5 High Less caffine with lunch
Immediately implement
Webinar recommendations Attendee 6/25:12:10
2.1 Speaker Speaker hit by beer truck 1 5 Low Only cross in crosswalks
Have a back-up speaker
available to fill-in
Programs
Director June 2013
2.2 Speaker
Speaker loses
PowerPoint 2 5 Medium
Require presentation to be
sent one day in advance
Have PowerPoint preloaded on
back-up PC
Programs
Director 6/24 & 6/25
3.1 Technology Phone goes dead 5 (if Sprint) 5 High
Have a "Back in 30 Seconds"
slide available Have back-up phone Speaker 25-Jun
3.2 Technology Phone has echo 2 2 Low
Test connection well in
advance Call back into Webex Speaker 25-Jun
3.3 Technology Lost Internet Connection 2 5 High Can keep talking on phone Able to use nearby Starbucks Speaker 25-Jun
3.4 Technology Power Outage 1 3 Medium Phone and PC on UPS Reschedule Webinar Speaker 25-Jun
Center for Professional Management
Brainstorming
Structured or semi-structured interviews
Delphi
Check-lists
Primary hazard analysis
Hazard and operability studies (HAZOP)
Hazard Analysis and Critical Control Points (HACCP)
Environmental risk assessment
Structure « What if? » (SWIFT)
Scenario analysis
Business impact analysis
Root cause analysis
Failure Mode Effect Analysis (FMEA)
General Risk Analysis Tools
Source: IEC/FDIS 31010 Risk management – Risk assessment techniques
Center for Professional Management
Fault tree analysis
Event tree analysis
Cause and consequence analysis
Cause-and-effect analysis
Layer protection analysis
Human reliability analysis
Bow tie analysis
Reliability centered maintenance
Sneak circuit analysis
Risk indices
Consequence/probability matrix
Cost/benefit analysis
Multi-criteria decision analysis (MCDA)
General Risk Analysis Tools (continued)
Source: IEC/FDIS 31010 Risk management – Risk assessment techniques
Center for Professional Management
Risk Management Tools
Heat Matrix
Segmentation
Characteristic Matrix
Concentric Vulnerability
Causal Loop Diagram
Decision Tree
Etc.
Mapping
Center for Professional Management
Identification, Mapping & Visualization
Likelihood/Probability
Imp
act
/Sev
erit
y
Segmentation
Center for Professional Management
Sev
erit
y
Frequency
Approach
• Understand
• Prevent/Eliminate
• Reduce
• Plan for/Allowance
Center for Professional Management
Sev
erit
y
Probability/Frequency
• Understand
• Prevent/Eliminate
• Reduce
• Plan for/Allowance
• Taking on New Risks
Allow for Added Risk
Center for Professional Management
Sev
erit
y
… And it shifts & changes
• Revisiting
• Re Prioritizing
• Understand
• Prevent/Eliminate
• Reduce
• Plan for/Allowance
• Taking on New Risks
Probability and/or Frequency
The Requirement Remains Ongoing…
Center for Professional Management
BPM
FM
Treasury
IT
Systems Mgt
QS
ISO QC Mgt Regulatory
OM
Inv Mgt Production
Mgt Whse & Dist Mgt
M&S
Sales Mgt Mrkting Mgt
Process Management
Risk Mgt
Center for Professional Management
Add On
Vendor Certification
Production Lines
Computer Network
Training&Devlpmnt
Profitability Company Objectives
Company Mission
Equipment Material
People Methods Mgt. Initiatives
Performance Measure
ERP System
Morale
Communications
Coaching&Mentoring
Outsourced Product
Quality Mgt.
Company
Direction
Tooling
Components
Chemicals
FDA
EPA
CPI ISO
Center for Professional Management
Incorporated
Vendor Certification
Production Lines
Computer Network
Training&Devlpmnt
cGMP/ISO9001/CPI Company Objectives
Company Mission
Equipment Material
People Methods Mgt. Initiatives
Performance Measure
ERP System
Morale
Communications
Coaching&Mentoring
Outsourced Product
Quality Mgt.
Company
Direction
Tooling
Components
Chemicals
Center for Professional Management
Sampling Markov analysis Monte Carlo simulation
Probabilities Probability of an Event Conditional Probability Rare Event Approximation
“Inverse Probability” - Bayesian statistics and Bayes Nets Probability Distributions Core Monitoring Systems (CMS) Failure Equations
Hazard Rate Reliability Cumulative Failure Probability Failure Probability Density Mean Time Between Failure (MBTF) Continuous Operation with Repair Shutdown Systems (SDS)
Decision & Logic Decision Tree Logic Circuit Ladder Logic
Specific Risk Analysis Tools
Tip: Look at Actuarial Tools to
provide strong probability analysis
and measurements
Part of the RM Trainer’s duties
should be to translate the math
into usable understandable tools
Center for Professional Management
4 Issues with Frequency as “facts”
1. You cannot forecast an occurrence that
you have not experienced
2. You have to suffer the ‘Same Fate’ some
number of times for it to be forecastable
3. Frequency tools offer little/no insight into
the nature of the data points
Center for Professional Management
Process Model – Frequency Analysis
The Business Forecasting Deal by Michael Gilliland
Center for Professional Management
4 Issues with Frequency as “facts”
1. You cannot forecast an occurrence that
you have not experienced
2. You have to suffer the ‘Same Fate’ some
number of times for it to be forecastable
3. Frequency tools offer little/no insight into
the nature of the data points
4. You cannot add-in your what you know
Center for Professional Management
Additionally
Process Mapping
cGMP
APR Review
MES/SCADA
Six Sigma
Utilize these Process as SCRM Tools
Center for Professional Management
BPM
FM
Treasury
IT
Systems Mgt
QS
ISO QC Mgt Regulatory
OM
Inv Mgt Production
Mgt Whse & Dist Mgt
M&S
Sales Mgt Mrkting Mgt
Process Mapping/Management
Where Does Risk Management Fit-in?
Center for Professional Management
Process Management BPM
FM
Treasury
IT
Systems Mgt
QS
ISO QC Mgt Regulatory
OM
Inv Mgt Production
Mgt Whse & Dist Mgt
M&S
Sales Mgt Mrkting Mgt
Where Does Risk Management Fit-in?
Risk Mgt
Center for Professional Management
BPM
FM
Treasury
IT
Systems Mgt
QS
ISO QC Mgt Regulatory
OM
Inv Mgt Production
Mgt Whse & Dist Mgt
M&S
Sales Mgt Mrkting Mgt
Comparison to Inventory Management
Where Does Risk Management Fit-in?
Risk Mgt
Center for Professional Management
RM Frameworks – COSO 2
ERM Components
Unit/Level
Needed to Achieve Objectives
ERM is ”effective” when the 8 components are functioning properly
Center for Professional Management
1. Scope 2. Terms and definitions 3. Principles 4. Framework 5. Process
RM Frameworks – ISO 31000:2009
5.4 Risk assessment
5.4.2 Risk identification
5.4.3 Risk analysis
5.4.4 Risk evaluation
5.5 Risk treatment
5.6 Monitoring and review
Center for Professional Management
Generally,
Move From Higher to Lower
Measurement -ISO/FDA/+
Reduce Risk
Remove Risk
Take Informed Risks
Center for Professional Management
What Should Your Company Use as
its Top Line SCRM Measurement? Recognizing that Management is the primary Area of Responsibility in SCRM…
Center for Professional Management
Supply Chain Management should be using Total Cost of Operations (TCO) as its top line measure
Therefore, as a management
function, SCRM should also
use TCO as its top line
measure
Center for Professional Management
Business impact measurements (cost, revenue, mrkt, etc
Risk indices (can be as simple as low, moderate, high)
Basic Probability
(P(A) = # of event occurrences / # of possible outcomes)
Consequence/probability ratios
Cost/benefit & risk/benefit ratios
Starter General Risk Measures
Expand Measurement From Here
Center for Professional Management
Where Should SCRM Live?
SCRM is a Fundamental Business Activity (FBA)
P
l
a
n
n
i
n
g
P
r
o
c
u
r
e
m
e
n
t
M
a
t
l
H
n
d
l
D
i
s
t
r
i
b
u
t
i
o
n
P
r
o
d
u
c
t
i
o
n
L
o
g
i
s
t
i
c
s
Operations/SC Management
that cuts across ALL SC/Operations functions
Center for Professional Management
Where Should SC Risk Mgt Start?
A. Top down
B. Bottom-up
C. Middle out
D. All of the Above
Center for Professional Management
Who is waiting for whom? Why aren’t
they doing
something?? Why can’t we
get Management
support?
Center for Professional Management
Suggested Approaches
Incorporate
Risk Mgt into
Strategic Plan
Incorporate
Risk Mgt into
Planning
Functions
JUST DO IT
• Top down
• Middle out
• Bottom up
Implement
Risk
Framework
Install Risk
Dbase//Risk
Mgt Software
ID &
Implement
RM Tools
Measuremnts
Trainers
Training
Reporting
Audit
Build a Risk
Register in
MS Excel
Steps:
ID &
Implement
RM Tools
Measuremnts
Trainers
Training
Reporting
Audit
Steps:
Build a Risk
Register in
MS Excel
Optional Measurement
Employ RM
Tools as
needed
Involve others
Steps:
Center for Professional Management
SCRM will NOT Create an
Impenetrable Shield
“Because of the complex nature of today’s supply chains, disruptions will inevitably occur”
Kelly Marchese, Principal
Deloitte Consulting, LLP
Supply Chain Strategy Practice
Global Supply Chain Risk Services Lead
Source: www.supplymanagement.com 2/13/2013 “SC threats increasing but RM is not”
Center for Professional Management
Using Seatbelts
Airbags Seatbelts Spare Tire
An analogy -
Due to Risk/Cost/Benefit Analysis
automobiles come standard
with…
Flotation Devices Roll Cage Onboard Fire Extinguisher System
Due to Risk/Cost/Benefit Analysis
automobiles do NOT come
standard with…
Center for Professional Management
What is a Seatbelt?
At Your Company…
What is a Seatbelt?
What is a Floatation Device?
Center for Professional Management
Bears Repeating
“Because of the complex nature of today’s supply chains, disruptions will inevitably occur” Kelly Marchese, Principal
Deloitte Consulting, LLP
Supply Chain Strategy Practice
Global Supply Chain Risk Services Lead
Source: www.supplymanagement.com
2/13/2013 “SC threats increasing but RM is not”
Trying to anticipate and eliminate every risk is not only cost prohibitive, it is counterproductive
Center for Professional Management
To Do’s Establish measurements
ID risks – beyond catastrophes
ID where risk is acceptable & acceptable risk levels
Include risk assessments in all regular reporting
How to ID risk targets
Heat map?
Probability tools vs impact vs frequency
Comparisons
Other industries
Others operating in a similar manner
Influencers (e.g., maintenance on aircraft)
Risk/Reward ratio – not all risks should be carefully managed
Center for Professional Management
To Don’ts Set-up a VP of Risk
Push the responsibility down on everyone
Have annual meetings to ID large catastrophic events
Concentrate on eliminating all risks
Center for Professional Management
Tests Are there discussions of risk in meetings
Are there discussions of risk when considering new
ideas
Following discussion of risk are assessments with
measurements undertaken
Are formal risk reports made
Is there a provision for risk processes in the strategic
plan
Center for Professional Management
Risk Management Flow
Initial Assessment Identification
Conversion
Segmentation/Categorize
Prioritization
Business Case
Planning
Implementation
Integration
Communications
Steps
Center for Professional Management
Risk Management Flow
Initial Assessment Identification
Conversion
Segmentation/Categorize
Prioritization
Business Case
Planning
Implementation
Communications
Prevent
Eliminate
Avoid
Control
Leave Alone
Take
Steps Decision Points
Center for Professional Management
Additional Risk Control Tools Succession Planning
Support for ongoing learning, create and maintain a
Learning Organization
Reserve Funds for Capital Purchases
ID System vendors
Utilize Logistics Companies that provide ship & rail
Review source of supply & supplier portfolio; change
supplier scoring based on new requirements, educate
and change suppliers as indicated
Reset Incentive Plans to focus on New Priorities
Center for Professional Management
Is It Risk Management?
Risk Mgt activities are focused on disasters
Risk Mgt & Cost Accting are separate
Risk is not part of most meeting discussions
Center for Professional Management
It’s Risk Management…
Not Risk Prevention
“Management” is an equally important word
Employ Management Processes
Center for Professional Management
Enduring Risk
As part of active informed decision making
Not through -
Oversight
Neglect
Center for Professional Management
What Makes it Integrated?
Aligned to Corporate Strategy
Integral Part of the Business
Tactics Coordinated
Practices/Procedures Embedded
Common Tools, Language & Understanding
Center for Professional Management
Is It Risk Management? It’s the Management of Risk
Like other functions and processes formal management, of any type, improves the probability of positive outcomes
Includes: Risk Avoidance, Risk Reduction, & Informed Risk Taking
Addressing Catastrophe is only a small part
Safety Issues ALWAYS take precedence Safety notwithstanding, SCRM’s top line measure
should be (read: must be) TCO
Get Started 1st Measure – Impact, Risk indices, probability Pick the Risk Areas to focus efforts on (& to not focus on) Expand measurement, employ risk tools, Risk register, etc.
Build in Flexibility - moving toward Agile
Integrate and embed into every process & function
Center for Professional Management
Typical Formal SCRM Roll-out
Select Appropriate Risk Tools
Develop Knowledge & Skills
Train a Core Group of Managers
Use Train-the-Trainer to Train Others
Incorporate RM Measures into Reporting
Establish Testing and Audit Procedures
Center for Professional Management
< > embed
To Address Inherent Business Risk…
…Integrate Risk Management
Center for Professional Management
Embedding RM into Functions
Environment of Process Improvement
Committed Managers
Informed Managers
Use Proven RM/FM Methods
Train-the-Trainer
Distribute Throughout Organization
Build into New Employee Orientation
Repeat
Center for Professional Management
In Summary
Top-line Understanding
Top-line Measurement
Management
Deployment
Primary Risk Areas
Next Steps Start basic measurements
Improve risk data
Train-the-Trainer
Employ risk tools & develop risk
specific measurements
Push to Agile
Risk Appetite
TCO
top-down,bottom-up,<>
Embed in Functions
Undermanaged Functions
Impact, Indices, probability
Risk Register
ID/Recruit Candidate
Actuarial type tools
Flexible X-functions
Test for Over Reliance
Area of Consideration Area of Focus
Center for Professional Management
So, Plan for the Future
Move toward Integrated SC Risk Mgt
Appropriately MANAGE Risk
Eliminate Undo Risks/Take Informed Risks
Develop Risk Managers
Integrate Risk Management in ALL Processes
Drive the Process
Bring Energy
Be a “smart person at the table”
Thank You
Richard Gendon Managing Director
Center for Professional Management
PO Box 227
Naperville, IL 60566
630 263-5400