deploying risk management - the apics chicago chapter

Supply Chain Management

Richard Gendon APICS-Chicago Webinar

June 25, 2013

Deploying Risk Management Basic Steps Toward

Integrating Supply Chain

Risk Management Practices

Center for Professional Management

Today’s Webinar The Groundwork

Defining Risk

Why iSCRM

Beyond Catastrophe

Inherent Risk

The Difference Between ERM & SCRM & why SCRM with ERM

What Others are Doing

The A Ha Moment Major - um processes & functions

Heat map

What are the tools Primary Tools

SC Resilience There will be disruptions

X-functions & fast flexible equipment

Risk Database – risk register

Specific RM Tools


Today (continued)

What are the tools (continued) Risk Frameworks

Specific RM Tools Risk ID, Tracking and Mitigation

Probability

Steps Define Risk Appetite

Measurement

TTT

Roll-out & Embed

It is Risk Management Discrete risks can, and often should be reduced

Important to understand that in aggregate, risk is necessary

Risk Management is a financial tool Compare to other financial mgt functions

It’s about profit and profitability

Need for integration

Recommendations, Conclusion & Summary


Definition & Context


Definition of Terms

Risk Management is…

Having the ability to handle

uncertainties in a way that

allows us to make rational

decisions regarding them.

• Uncertainty not quantified • Risk quantifiable


Uncertainty

Risk

The Challenge

Identify meaningful Uncertainties

and convert them onto Risk using

Probability tools


Definition of Terms

Risk Management is…

R M


In the Context of Business

At the least, Risk Management should be…

RM



In general, Risk Management should be --

M R



M R

Integrated Risk Management the integrated management of risk

Ideally, Risk Management should be --


Our Company

Importance/Relationship


Current State

Our Company

Risk Management


In Relation to…

Our Company

Risk Management

Operations Management

Financial Management

Quality

Management


Risk Management

Future Direction/Future State

Our Company


Context

Compare & Contrast

Risk Management (RM)

to

Financial Management (FM)


Context

The Goal

Financial Management

Profitability


Context

The Goal

Risk Management Financial Management

Profitability Sustainability


Context

The Goal

Risk Management Financial Management

Profitability Sustainability &


Comparison to Financial Practices

Risk

Prevention

Reaction

Impact

Convert/Quantify

Large Impact

Immediate Concerns

Prevention

Cost

Avoidance

Identification

Drivers/Root Cause

Quantification

Total Impact

Prioritization

Reduction


The Case for Risk Management


Why the focus on RM???

What types of activities does your company engage in

• Sales?

• Procurement/Supply Chain?

• Warehousing/Inventory

• Assembly?

• Manufacturing?

• Compounding?

• Quality Testing?

• Distribution?

• Transportation?


Other activities of interest?


Other activities of interest -

• Growth?

• Innovation?

• R&D

• New Product Development

• Process Improvement

• System Implementations


Why i SC Risk Mgt?

Clue:

Over the next decade - the climate is NOT the only

thing that will heat-up

…and why the heck is there an i before the SC?


Major Mid/Long-Term Trends Globalization

Social Responsibility

Sustainability/Green

Supply Chain/Geopolitical Instability

Population Growth Global Age Gap - Aging Population in Developed

Nations/Younger Population in Emerging Nations

Continuing Technology Improvements

Social Networking

Japan Weakens as a Source of Supply

Urbanization


World Population Growth

0

1,000

2,000

3,000

4,000

5,000

6,000

7,000

8,000

9,000

10,000

1950 1955 1960 1965 1970 1975 1980 1985 1990 1995 2000 2005 2010 2015 2020 2025 2030 2035 2040 2045 2050

Wo

rld

Po

p (

mill

ion

s)

World Population 1950 - 2050

World

Current

1804 1st Billion

1927 2nd Billion

- 33 - - 14 - - 13 - - 12 - - 13 - - 14 - - 19 -

123 years<


General Impacts - World • More People

• More people than ever before making $5,000 USD equivalent

• Migration to Cities

• More consumers of low priced CPGs

• Increasing political instability

• Higher taxes

• Large unskilled labor pool


Historical Approach


ONLY one piece of the story…

Strong Emotional Response

‘Concrete’ Target

Feeling of Accomplishment

Removes/Reduces Threat


Progressive Companies


Typical Approach

• Brainstorm

• Capture ALL Risks (mix of uncertainties and risks)

• Try to think about the unthinkable

• Consider all associated elements

• Develop a plan for prevention/elimination

• Consider contingencies and identify alternatives

• Develop alternatives as “needed”

Diffuses resources away from prevalent risks

…and No Coordination or Integration


Concentric

Vulnerability

Map

Supply Chain

Risk/Resiliency

Modeling

GM Model

The Resilient Enterprise

Yossi Sheffi

The Great East Japan

Earthquake

Mark Schmale

Presentation to APICS-Chicago

5/17/2011


ERM & SCRM


What’s the Difference

Coverage

Primary Focus

Ownership

Requirement

Concentration

Measurement

Deployment

Primary Risk

Primary Goals

Consideration ERM SCRM

Enterprise

Strategic execution

Sr. Mgt/CRO

Sr. Sponsorship

Financial

Financial & brand

Enterprise

Continuity, Market

Stop loss, Enhance

capital allocation,

ID opportunities,

support legal/reg.

compliance*

SC/Operations

Tactical execution

All SC/Ops Mgt

Willingness to do

Operational

Financial & others

Ops & partners

Cost & Service

Control cost,

improve safety,

insure regulatory

compliance* *Regulatory compliance

-ERM = GAAP, SEC, SOx, etc

-SCRM=OSHA, EPA, cGMP, etc


What’s the Difference

Coverage

Alignment

Ownership

Requirement

Concentration

Measurement

Deployment

Primary Risk

Primary Goals

Consideration ERM SCRM

Enterprise

Strategic execution

Sr. Mgt/CRO

Sr. Sponsorship

Financial

Financial & Brand

Enterprise

Continuity, Market

Stop loss, Enhance

capital allocation,

ID opportunities,

legal/reg.

compliance*

SC/Operations

Tactical execution

All SC/Ops Mgt

Willingness to do

Operational

Financial & others

Ops & Partners

Cost & Service

Control cost,

improve safety,

insure regulatory

compliance* *Regulatory compliance

-ERM = GAAP, SEC, SOx, etc

-SCRM=OSHA, EPA, cGMP, etc


Realization


Who’s Doing What?

SC disruptions more costly over past 3yrs

Frequency of Risk Events with negative outcomes

SC Risk important factor in decision making

RM program is effective

Top 2 challenges cited lack of x-functional collaboration

costs associated with implementing RM

organizational factors – also cited

SC model organized around silos

Professional using ‘predictive’ modeling tools Using risk-sensing data, worst-case scenarios,

business simulation

53%

48%

71%

55%

32%

28%

75%

36%

29%

Deloitte Consulting LLP, Survey of 600 Global Retail & Mfg. Execs

Source: www.supplymanagement.com 2/13/2013 “SC threats increasing but RM is not”

… So what’s the ‘so what’??


A Ha

Under Managed Functions and Processes

The most serious generators of Supply Chain Risks are


Heat Mapping Im

pact

/Sev

erit

y

Likelihood/Probability This over used tool

often takes users in the

wrong direction


Fundamental Enterprise Function

Forecast

The Forecast is

NOT

a Prediction


Forecast

Prediction


Fundamental Enterprise Function

The Forecast IS

An Indication

of Likelihood


Primary SC Risk Mgt Tools! Improve Forecasting & Review SOP Process

Engage in Supply Chain Collaboration

Perform Processes Simplification

Tighten Regulatory (& ISO) Compliance

Drive Lead Time Reduction

Employ Inventory Control & Optimization

Utilize Vendor Evaluation (RFPs & scorecards)

Implement and or Expand Sustainability

Incorporate/Upgrade to more Effective Systems/Technologies

Benchmark Logistics

Expand Visual Mfg within Mfg and to other SC Functions

Review Cost Controls

Add Decision Making Tools - Model Alternatives

Supply Chain Resilience


Addressing Supply Chain Resilience

X Functional Training

Fast Flexible Equipment

Primary Tools:


ISO 9001:2008 (or equivalent [e.g., TS 16949:2009])

5.6 Management Review 6.2 Human Resources 6.3 Infrastructure 7.2.2 Review of Requirements Related to Product 7.3.7 Control of Design and Development Changes 7.4 Purchasing 7.5 Production and Service Provision 8.2.1 Customer Satisfaction 8.2.2 Internal Audit 8.5.3 Preventive Action

A Risk Management Toolkit


Risk Database (e.g., Risk Register)

Risk Management Mechanism


Registers &

Monitors


Risk Database Risk Register – Webinar Example

RBS

Risk

Category Risk Description

Probability

(1 - 5)

Impact

(1 - 5) Risk Mitigation Alternative/Contingency Responsible Date:Time

1.1 Attendees Attendees bored 1 5 Low Listen with Co-workers Play "angry birds" on phone Attendee 6/25:12:10

1.2 Attendees

Attendees wild with

excitement 4.5 5 High Less caffine with lunch

Immediately implement

Webinar recommendations Attendee 6/25:12:10

2.1 Speaker Speaker hit by beer truck 1 5 Low Only cross in crosswalks

Have a back-up speaker

available to fill-in

Programs

Director June 2013

2.2 Speaker

Speaker loses

PowerPoint 2 5 Medium

Require presentation to be

sent one day in advance

Have PowerPoint preloaded on

back-up PC

Programs

Director 6/24 & 6/25

3.1 Technology Phone goes dead 5 (if Sprint) 5 High

Have a "Back in 30 Seconds"

slide available Have back-up phone Speaker 25-Jun

3.2 Technology Phone has echo 2 2 Low

Test connection well in

advance Call back into Webex Speaker 25-Jun

3.3 Technology Lost Internet Connection 2 5 High Can keep talking on phone Able to use nearby Starbucks Speaker 25-Jun

3.4 Technology Power Outage 1 3 Medium Phone and PC on UPS Reschedule Webinar Speaker 25-Jun


General and Specific

Risk Analysis & Management Tools


Brainstorming

Structured or semi-structured interviews

Delphi

Check-lists

Primary hazard analysis

Hazard and operability studies (HAZOP)

Hazard Analysis and Critical Control Points (HACCP)

Environmental risk assessment

Structure « What if? » (SWIFT)

Scenario analysis

Business impact analysis

Root cause analysis

Failure Mode Effect Analysis (FMEA)

General Risk Analysis Tools

Source: IEC/FDIS 31010 Risk management – Risk assessment techniques


Fault tree analysis

Event tree analysis

Cause and consequence analysis

Cause-and-effect analysis

Layer protection analysis

Human reliability analysis

Bow tie analysis

Reliability centered maintenance

Sneak circuit analysis

Risk indices

Consequence/probability matrix

Cost/benefit analysis

Multi-criteria decision analysis (MCDA)

General Risk Analysis Tools (continued)

Source: IEC/FDIS 31010 Risk management – Risk assessment techniques


Example General Risk Analysis Tools Bow Tie Analysis Process


Example General Risk Analysis Tools

Bow Tie Diagram


Risk Management Tools

Heat Matrix

Segmentation

Characteristic Matrix

Concentric Vulnerability

Causal Loop Diagram

Decision Tree

Etc.

Mapping


Identification, Mapping & Visualization

Likelihood/Probability

Imp

act

/Sev

erit

y

Segmentation


Sev

erit

y

Probability

Identification/Visualization


Sev

erit

y

Probability vs Frequency

Individual vs Aggregate


Sev

erit

y

Frequency

Approach

• Understand

• Prevent/Eliminate

• Reduce

• Plan for/Allowance


Sev

erit

y

Probability/Frequency

• Understand


• Reduce


• Taking on New Risks

Allow for Added Risk


Sev

erit

y

… And it shifts & changes

• Revisiting

• Re Prioritizing

• Understand


• Reduce


• Taking on New Risks

Probability and/or Frequency

The Requirement Remains Ongoing…


BPM

FM

Treasury

IT

Systems Mgt

QS

ISO QC Mgt Regulatory

OM

Inv Mgt Production

Mgt Whse & Dist Mgt

M&S

Sales Mgt Mrkting Mgt

Process Management

Risk Mgt


Add On

Vendor Certification

Production Lines

Computer Network

Training&Devlpmnt

Profitability Company Objectives

Company Mission

Equipment Material

People Methods Mgt. Initiatives

Performance Measure

ERP System

Morale

Communications

Coaching&Mentoring

Outsourced Product

Quality Mgt.

Company

Direction

Tooling

Components

Chemicals

FDA

EPA

CPI ISO


At Your Company…

QMS Handbook


Incorporated

Vendor Certification

Production Lines

Computer Network

Training&Devlpmnt

cGMP/ISO9001/CPI Company Objectives

Company Mission

Equipment Material

People Methods Mgt. Initiatives

Performance Measure

ERP System

Morale

Communications

Coaching&Mentoring

Outsourced Product

Quality Mgt.

Company

Direction

Tooling

Components

Chemicals


Sampling Markov analysis Monte Carlo simulation

Probabilities Probability of an Event Conditional Probability Rare Event Approximation

“Inverse Probability” - Bayesian statistics and Bayes Nets Probability Distributions Core Monitoring Systems (CMS) Failure Equations

Hazard Rate Reliability Cumulative Failure Probability Failure Probability Density Mean Time Between Failure (MBTF) Continuous Operation with Repair Shutdown Systems (SDS)

Decision & Logic Decision Tree Logic Circuit Ladder Logic

Specific Risk Analysis Tools

Tip: Look at Actuarial Tools to

provide strong probability analysis

and measurements

Part of the RM Trainer’s duties

should be to translate the math

into usable understandable tools


4 Issues with Frequency as “facts”

1. You cannot forecast an occurrence that

you have not experienced

2. You have to suffer the ‘Same Fate’ some

number of times for it to be forecastable

3. Frequency tools offer little/no insight into

the nature of the data points


Process Model – Frequency Analysis

The Business Forecasting Deal by Michael Gilliland


4 Issues with Frequency as “facts”

1. You cannot forecast an occurrence that

you have not experienced

2. You have to suffer the ‘Same Fate’ some

number of times for it to be forecastable

3. Frequency tools offer little/no insight into

the nature of the data points

4. You cannot add-in your what you know


Additionally

Process Mapping

cGMP

APR Review

MES/SCADA

Six Sigma

Utilize these Process as SCRM Tools


BPM

FM

Treasury

IT

Systems Mgt

QS


OM

Inv Mgt Production

Mgt Whse & Dist Mgt

M&S


Process Mapping/Management

Where Does Risk Management Fit-in?


Process Management BPM

FM

Treasury

IT

Systems Mgt

QS


OM

Inv Mgt Production

Mgt Whse & Dist Mgt

M&S



Risk Mgt


BPM

FM

Treasury

IT

Systems Mgt

QS


OM

Inv Mgt Production

Mgt Whse & Dist Mgt

M&S


Comparison to Inventory Management


Risk Mgt


Risk Frameworks


RM Frameworks – COSO 2

ERM Components

Unit/Level

Needed to Achieve Objectives

ERM is ”effective” when the 8 components are functioning properly


RM Frameworks – COSO 1


RM Frameworks – ISO 31000:2009


1. Scope 2. Terms and definitions 3. Principles 4. Framework 5. Process


5.4 Risk assessment

5.4.2 Risk identification

5.4.3 Risk analysis

5.4.4 Risk evaluation

5.5 Risk treatment

5.6 Monitoring and review


Measurement

&

Risk Appetite


Risk Mitigation Approaches

Prevent

Risk Takers

Discrete Risks


Generally,

Move From Higher to Lower

Measurement -ISO/FDA/+

Reduce Risk

Remove Risk

Take Informed Risks


Risk Management Prevent

Risk Takers

In Aggregate -


Risk Management


Formally Recognize Your Organization’s Risk Appetite

Importantly


What Should Your Company Use as

its Top Line SCRM Measurement? Recognizing that Management is the primary Area of Responsibility in SCRM…


Supply Chain Management should be using Total Cost of Operations (TCO) as its top line measure

Therefore, as a management

function, SCRM should also

use TCO as its top line

measure


Business impact measurements (cost, revenue, mrkt, etc

Risk indices (can be as simple as low, moderate, high)

Basic Probability

(P(A) = # of event occurrences / # of possible outcomes)

Consequence/probability ratios

Cost/benefit & risk/benefit ratios

Starter General Risk Measures

Expand Measurement From Here


Areas of Consideration


Where Should SCRM Live?

SCRM is a Fundamental Business Activity (FBA)

P

l

a

n

n

i

n

g

P

r

o

c

u

r

e

m

e

n

t

M

a

t

l

H

n

d

l

D

i

s

t

r

i

b

u

t

i

o

n

P

r

o

d

u

c

t

i

o

n

L

o

g

i

s

t

i

c

s

Operations/SC Management

that cuts across ALL SC/Operations functions


Where Should SC Risk Mgt Start?

A. Top down

B. Bottom-up

C. Middle out

D. All of the Above


Who is waiting for whom? Why aren’t

they doing

something?? Why can’t we

get Management

support?


Suggested Approaches

Incorporate

Risk Mgt into

Strategic Plan

Incorporate

Risk Mgt into

Planning

Functions

JUST DO IT

• Top down

• Middle out

• Bottom up

Implement

Risk

Framework

Install Risk

Dbase//Risk

Mgt Software

ID &

Implement

RM Tools

Measuremnts

Trainers

Training

Reporting

Audit

Build a Risk

Register in

MS Excel

Steps:

ID &

Implement

RM Tools

Measuremnts

Trainers

Training

Reporting

Audit

Steps:

Build a Risk

Register in

MS Excel

Optional Measurement

Employ RM

Tools as

needed

Involve others

Steps:


SCRM will NOT Create an

Impenetrable Shield

“Because of the complex nature of today’s supply chains, disruptions will inevitably occur”

Kelly Marchese, Principal

Deloitte Consulting, LLP

Supply Chain Strategy Practice

Global Supply Chain Risk Services Lead

Source: www.supplymanagement.com 2/13/2013 “SC threats increasing but RM is not”


Using Seatbelts

Airbags Seatbelts Spare Tire

An analogy -

Due to Risk/Cost/Benefit Analysis

automobiles come standard

with…

Flotation Devices Roll Cage Onboard Fire Extinguisher System

Due to Risk/Cost/Benefit Analysis

automobiles do NOT come

standard with…


What is a Seatbelt?

At Your Company…

What is a Seatbelt?

What is a Floatation Device?


Bears Repeating

“Because of the complex nature of today’s supply chains, disruptions will inevitably occur” Kelly Marchese, Principal

Deloitte Consulting, LLP

Supply Chain Strategy Practice

Global Supply Chain Risk Services Lead

Source: www.supplymanagement.com

2/13/2013 “SC threats increasing but RM is not”

Trying to anticipate and eliminate every risk is not only cost prohibitive, it is counterproductive


To Do’s Establish measurements

ID risks – beyond catastrophes

ID where risk is acceptable & acceptable risk levels

Include risk assessments in all regular reporting

How to ID risk targets

Heat map?

Probability tools vs impact vs frequency

Comparisons

Other industries

Others operating in a similar manner

Influencers (e.g., maintenance on aircraft)

Risk/Reward ratio – not all risks should be carefully managed


To Don’ts Set-up a VP of Risk

Push the responsibility down on everyone

Have annual meetings to ID large catastrophic events

Concentrate on eliminating all risks


Tests Are there discussions of risk in meetings

Are there discussions of risk when considering new

ideas

Following discussion of risk are assessments with

measurements undertaken

Are formal risk reports made

Is there a provision for risk processes in the strategic

plan


Risk Management Flow

Initial Assessment Identification

Conversion

Segmentation/Categorize

Prioritization

Business Case

Planning

Implementation

Integration

Communications

Steps


Risk Management Flow

Initial Assessment Identification

Conversion

Segmentation/Categorize

Prioritization

Business Case

Planning

Implementation

Communications

Prevent

Eliminate

Avoid

Control

Leave Alone

Take

Steps Decision Points


Additional Risk Control Tools Succession Planning

Support for ongoing learning, create and maintain a

Learning Organization

Reserve Funds for Capital Purchases

ID System vendors

Utilize Logistics Companies that provide ship & rail

Review source of supply & supplier portfolio; change

supplier scoring based on new requirements, educate

and change suppliers as indicated

Reset Incentive Plans to focus on New Priorities


Is It Risk Management?

Risk Mgt activities are focused on disasters

Risk Mgt & Cost Accting are separate

Risk is not part of most meeting discussions


It’s Risk Management…

Not Risk Prevention

“Management” is an equally important word

Employ Management Processes


Enduring Risk

As part of active informed decision making

Not through -

Oversight

Neglect


Integrated Risk Management??


What Makes it Integrated?

Aligned to Corporate Strategy

Integral Part of the Business

Tactics Coordinated

Practices/Procedures Embedded

Common Tools, Language & Understanding


Conclusions

Summary

Recommendations


Is It Risk Management? It’s the Management of Risk

Like other functions and processes formal management, of any type, improves the probability of positive outcomes

Includes: Risk Avoidance, Risk Reduction, & Informed Risk Taking

Addressing Catastrophe is only a small part

Safety Issues ALWAYS take precedence Safety notwithstanding, SCRM’s top line measure

should be (read: must be) TCO

Get Started 1st Measure – Impact, Risk indices, probability Pick the Risk Areas to focus efforts on (& to not focus on) Expand measurement, employ risk tools, Risk register, etc.

Build in Flexibility - moving toward Agile

Integrate and embed into every process & function


Typical Formal SCRM Roll-out

Select Appropriate Risk Tools

Develop Knowledge & Skills

Train a Core Group of Managers

Use Train-the-Trainer to Train Others

Incorporate RM Measures into Reporting

Establish Testing and Audit Procedures


< > embed

To Address Inherent Business Risk…

…Integrate Risk Management


Embedding RM into Functions

Environment of Process Improvement

Committed Managers

Informed Managers

Use Proven RM/FM Methods

Train-the-Trainer

Distribute Throughout Organization

Build into New Employee Orientation

Repeat


In Summary

Top-line Understanding

Top-line Measurement

Management

Deployment

Primary Risk Areas

Next Steps Start basic measurements

Improve risk data

Train-the-Trainer

Employ risk tools & develop risk

specific measurements

Push to Agile

Risk Appetite

TCO

top-down,bottom-up,<>

Embed in Functions

Undermanaged Functions

Impact, Indices, probability

Risk Register

ID/Recruit Candidate

Actuarial type tools

Flexible X-functions

Test for Over Reliance

Area of Consideration Area of Focus


As with any management process…

Make Decisions Based on Facts


So, Plan for the Future

Move toward Integrated SC Risk Mgt

Appropriately MANAGE Risk

Eliminate Undo Risks/Take Informed Risks

Develop Risk Managers

Integrate Risk Management in ALL Processes

Drive the Process

Bring Energy

Be a “smart person at the table”

Thank You

Richard Gendon Managing Director


PO Box 227

Naperville, IL 60566

630 263-5400

[email protected]

deploying risk management - the apics chicago chapter

Documents