5a supply chain and operating risk (1)
TRANSCRIPT
SUPPLY CHAIN AND OPERATING RISK
1
Supply Chain Management
■ The management of the flow of goods and services from point of origin to point of consumption
■ Movement and storage of
– raw materials– work-in-process inventory– finished goods
■ Objective: “maximize customer value and gain sustainable competitive advantage”
2
Supply Chain Management ■ Customer service
– Product quality and assortment– Right location– On time delivery– After sale service
■ Reduce operating costs
– Reduce fixed assets■ Warehouses, transportation fleet
– Increase cash flow ■ Faster product flow to customer
■ Decrease inventory
3
Supply Chain Design■ Typically not strategic
■ Supply chains typically evolve through ad hoc responses to specific problems
■ Can lead to supply chain problems
– Long time to market for new products– Long delivery lead times– Inventory shortages/excess safety stock– Production bottlenecks
■ Leads to higher costs
■ Leads to unnecessary risks
4
Supply Chain Design
■ Align supply chain with strategy
■ What are your core competencies/comparative advantages?
– What is incidental?
■ What are the tradeoffs?
– E.g. Speed vs cost■ Air freight is fast but expensive
■ Transoceanic ship is cheap but slow
5
Supply Chain Risk Management
■ Supply chain risk management process
– Identify risks– Measure risks– Prioritize risks for mitigation– Evaluate risk mitigation tactics– Implement risk mitigation tactics
6
Supply Chain Risk Management■ Identify risks
– Interviews/brainstorming■ Good for known risks, less effective for unknown risks
– Bill of materials (BOM)■ List of raw materials, sub-assemblies, intermediate assemblies, sub-components,
components and quantities needed to produce final product
– Supply chain map■ Software, consultants
7
Supply Chain Map
8
Supply Chain Map
9
Supply Chain Map
10
Supply Chain Risk Management■ Hazard and Operability (HAZOP) analysis
– Team based approach (from chemical industry) – Piping and instrument drawing (P&ID) – graphical representation of process– Systematic review of process
■ Identify potential failures and their causes
■ Failure Modes and Effects Analysis (FMEA)– Team based approach (from reliability engineering)– Review components, assemblies and subsystems – Identify failure modes, causes of failure, effects on the rest of the system
■ Both approaches include potential remediation of causes of failure
11
Supply Chain Risk Management
12
Supply Chain Risk Management
13
Supply Chain Risk Manaegment
■ Measure risks
– Frequency – Severity
■ FMECA: C is for criticality
– Create Risk Map
14
Supply Chain Risk Management■ Frequent vs Rare Risks
■ It is difficult to obtain good estimates of the probability of rare risks (“tail risk”)
– Good estimates require data– There is little data on the occurrence of rare risks
■ What is the probability of X > 5?
■ What is the probability of X > 25?
15
Supply Chain Risk Management
16
Supply Chain Risk Management
■ Prioritize risks
– Need to find ways to mitigate high severity risks■ These have the potential to disrupt the supply chain, reduce firm value
■ Risk Mitigation Tactics:
– High frequency, high severity – Avoid– Low frequency, high severity – Risk transfer – High frequency, low severity – Loss control – Low frequency, low severity – Retain
■ Implement and monitor risk mitigation tactics
17
Supply Chain Risk Management■ Loss detection
– Can you anticipate the event?■ E.g. 2002 West Coast dock strike
– How long after the event before you become aware of it?■ E.g. 2011 Fukushima earthquake
■ Anticipation, early detection allow earlier response, which mitigates damage
– E.g. 2000 Phillips fabrication plant fire■ Nokia: had multiple suppliers who increased production
■ Ericsson: sole supplier, slow response, eventually left handset market
18
Operating Risk Management■ Risks arising from day-to-day operation of the business
– Compliance risks■ Legal
■ Tax
■ Accounting
■ Regulatory
– Business process risks■ Governance
■ Payment processing (AR/AP, payroll, cash disbursement)
■ HR (employee hiring, training, termination)
– Hazard risks■ Fire, flood, etc,
19
Operating Risk Management■ Problem is similar to supply chain risk management
■ Same risk management process– Identify risks– Measure risks (frequency and severity)– Risk prioritization– Risk mitigation tactics– Implement and monitor RM tactics
■ Need to understand business processes– Work flow: e.g., Hourly employee payroll: How are hours recorded?
■ Pay calculation, payroll and income taxes, benefits accrual/usage?
■ Loss detectability– How long does it take to discover process failure?
20
Operating Risk Management■ Two main approaches
■ International Organization for Standardization (ISO) 9000+
– Quality Management System (QMS)■ meet the needs of customers and other stakeholders while meeting statutory and
regulatory requirements related to a product or service
– Introduced 1987 , most recent update 2015
■ Committee of Sponsoring Organization (COSO)
– A process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance of the achievement of objectives in the following categories:■ Effectiveness and efficiency of operations
■ Reliability of financial reporting
■ Compliance with applicable laws and regulations
– Introduced 1992, most recent update 201721
Operating Risk Management: ISO■ Principle 1 – Customer focus
– Organizations depend on their customers and therefore should understand current and future customer needs, should meet customer requirements and strive to exceed customer expectations.
■ Principle 2 – Leadership
– Leaders establish unity of purpose and direction of the organization. They should create and maintain the internal environment in which people can become fully involved in achieving the organization's objectives.
■ Principle 3 – Engagement of people
– People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization's benefit.
■ Principle 4 – Process approach
– A desired result is achieved more efficiently when activities and related resources are managed as a process.
22
Operating Risk Management: ISO■ Principle 5 – Improvement
– Improvement of the organization's overall performance should be a permanent objective of the organization.
■ Principle 6 – Evidence-based decision making
– Effective decisions are based on the analysis of data and information.
■ Principle 7 – Relationship management
– An organization and its external providers (suppliers, contractors, service providers) are interdependent and a mutually beneficial relationship enhances the ability of both to create value.
23
Operating Risk Management: COSO■ 1. Control Environment
– Integrity and Ethical Values– Commitment to Competence– Board of Directors and Audit Committee– Management’s Philosophy and Operating Style– Organizational Structure– Assignment of Authority and Responsibility– Human Resource Policies and Procedures
■ 2. Risk Assessment– Company-wide Objectives– Process-level Objectives– Risk Identification and Analysis– Managing Change
24
Operating Risk Management: COSO■ 3. Control Activities
– Policies and Procedures– Security (Application and Network)– Application Change Management– Business Continuity/Backups– Outsourcing
■ 4. Information and Communication
– Quality of Information– Effectiveness of Communication
■ 5. Monitoring
– Ongoing Monitoring– Separate Evaluations– Reporting Deficiencies
25
Operating Risk Management: COSO
26
Operating Risk Management■ From Sadun/Bloom/vanReenen: Core Managerial Practices are:
■ Operations Management
– Use of lean techniques– Reasons for adopting lean techniques
■ Performance Monitoring
– Process documentation– Use of key performance indicators– KPI reviews– Discussion of results – Consequences for missing targets
27
Operating Risk Management■ Target Setting
– Choice of targets– Connection to strategy
■ Extent to which targets cascade down to individual workers– Time horizon– Level of challenge– Clarity of goals and measurement
■ Talent management– Talent mindset at the highest levels– Stretch goals– Management of low performance– Employee value proposition– Talent retention
28
Operating Risk Management ■ Both ISO and COSO can be viewed as systematic approaches to implementing good
management practices
– e.g., performance targets, KPIs for business processes
■ Both tend to focus on Performance Monitoring
■ Most managers think they are above average
– Lake Woebegon Effect: where all the women are strong, all the men are good-looking, and all the children are above average.
■ Implementing good management practices can lead to sustainable competitive advantage
29