assessing vulnerability of a supply chain:
DESCRIPTION
Assessing Vulnerability of a Supply Chain:. A Strategic Risk Approach. Randy Jouben, Director Risk Management, FIVE GUYS Enterprises, LLC - PowerPoint PPT PresentationTRANSCRIPT
Page 1
Recording of this session via any media type is strictly prohibited.
Page 1
Assessing Vulnerability of a Supply Chain:
A Strategic Risk Approach
Page 2
Recording of this session via any media type is strictly prohibited.
• Randy Jouben, Director Risk Management,FIVE GUYS Enterprises, LLCRandy is responsible for leading the mission of protecting the tangible and intangible assets of Five Guys in the areas of risk management, safety, security, business continuity and compliance.
Page 3
Recording of this session via any media type is strictly prohibited.
What to Expect
• To provide you with an understanding of the risk and vulnerabilities of a supply chain.
• Understand options available to asses risk in the supply chain
• Describe different ways you can integrate supply change management into the Strategic Risk management process
Page 4
Recording of this session via any media type is strictly prohibited.
Uncertainty Increases Business Risk
“Business managers regularly extrapolate from the past to the future but often fail to recognize when conditions are beginning to change from poor to better or from better to worse. They tend to identify turning points only after the fact. If they were better at sensing imminent changes, the abrupt shifts in profitability that happen so often would never occur. The prevalence of surprise in the world of business is evidence that uncertainty is more likely to prevail than mathematical probability.”
“The evidence. . .reveals repeated patterns of irrationality, inconsistency and incompetence in the ways human beings arrive at decisions and choices when faced with uncertainty.”
Peter L. Bernstein, “Against the Gods – The Remarkable Story of Risk”
Page 5
Recording of this session via any media type is strictly prohibited.
Some Working Definitions
• Risk• Risk Management• Strategic Risk Management• Supply chain vulnerability• Robust Supply Change Management• Supply Chain Risk Management• Resilience
5
Page 6
Recording of this session via any media type is strictly prohibited.
Risk
In decision theory: a measure of the range of possible outcomes from a single totally rational decision and their values, in terms of upside gains and downside losses (e.g. gambling)
6
Page 7
Recording of this session via any media type is strictly prohibited.
Risk
• A particular type of hazard or threat e.g. technological risk or political risk
• The downside only consequences of a rational decision in terms of the resulting financial losses or number of casualties
• Risk = probability of occurrence x consequences
7
Page 8
Recording of this session via any media type is strictly prohibited.
Risk Management
“Risk management is the process of measuring or assessing risk and then developing strategies to manage the risk. These strategies can involve the transference of risk to another party, risk avoidance or mitigation, and channel risk sharing.
Page 9
Recording of this session via any media type is strictly prohibited.
Strategic Risk Management
“Strategic Risk Management (SRM) is a business discipline that drives deliberation and action regarding uncertainties and untapped opportunities that affect an organization's strategy and strategy execution.”
Page 10
Recording of this session via any media type is strictly prohibited.
Supply Chain Vulnerability
We should strive to identify vulnerabilities by asking questions such as:o What has disrupted operations in the past? o What known weaknesses do we have?o What ‘near misses’ have we experienced?o What would be the effect of a shortage of a key material? o What would be the effect of the loss of our distribution
site?o What would be the effect of the loss of a key supplier or
customer?
10
Page 11
Recording of this session via any media type is strictly prohibited.
Vulnerability vs. Risk Analysis
A vulnerability analysis is not equivalent to a risk analysis.
• Risk Analysis focuses on human resources, on environmental and property impacts of an accidental event,
• A vulnerability analysis is focused on the system survival.
Page 12
Recording of this session via any media type is strictly prohibited.
Vulnerability vs. Risk Analysis
A vulnerability analysis is not equivalent to a risk analysis.
• The vulnerability analysis has a wider range with respect to the risk analysis.
• Particularly the first concerns the way to weaken the detected threats and restart the system after an accidental event.
Page 13
Recording of this session via any media type is strictly prohibited.
Supply Chain Risk Management
• Supply Chain Risk Management (SCRM) is a discipline of Risk Management which attempts to identify potential disruptions to continued manufacturing production and thereby commercial financial exposure
• Focuses on the interdependences of the actors belonging to the same supply chain: sudden crisis, impacting one or more nodes inevitably creates disturbance which may destabilize the system as a whole
Page 14
Recording of this session via any media type is strictly prohibited.
Robust SCRM
• “Strong in constitution, hardy, or vigorous”• Enable a firm to manage regular fluctuations
in demand efficiently under normal circumstances regardless of occurrence of a major disruption
• But does not in itself make a resilient supply chain
14
Page 15
Recording of this session via any media type is strictly prohibited.
Robust SCRM
• A robust process can be defined as “a process able to deal with reasonable variability”
• A resilient supply chain can be defined as “a supply chain with the ability to recover quickly from unexpected events impacting supply chain performance”
15
Page 16
Recording of this session via any media type is strictly prohibited.
Robust SCRM
• A robust process can deal with reasonable variability in input whilst maintaining good control over output variability.
• It has some resilience but is it capable of recovery from an event that causes exceptionally high levels of variability in input or output requirement?
16
Page 17
Recording of this session via any media type is strictly prohibited.
Resilience
“The ability of a system to return to its original [or desired] state after being disturbed”The core concept of resilience is:
• It encourages a whole system perspective• It explicitly accepts that disturbances happen• It implies adaptability to changing circumstances
17
Page 18
Recording of this session via any media type is strictly prohibited.
Supply Chain Dynamics
• Throughout the 1990s, many firms strived to improve their financial performance by implementing various supply chain initiatives.
• These initiatives were intended to increase revenue, reduce cost (e.g., supply base reduction, online sourcing including e-markets and online auctions, offshore manufacturing, Just-in-Time inventory systems, vendor-managed inventory), and reduce assets (e.g., outsourced manufacturing, Information Technology, and logistics).
Page 19
Recording of this session via any media type is strictly prohibited.
Supply Chain Dynamics
• These initiatives can be effective in a stable environment; however, as the number of supply chain partners increases, these global supply chains become “longer” and “more complex.”
• Long and complex global supply chains are usually slow to respond to changes, and hence, they are more vulnerable to business disruptions.
Page 20
Recording of this session via any media type is strictly prohibited.
The Challenge Of Global Logistics
PRODUCTLINE DIVERSITY
MARKETCONCENTRATION
Page 21
Recording of this session via any media type is strictly prohibited.
Global business : Singer Sewing Machines
• Body shells from USA• Motors from Brazil• Drive Shafts from Italy• Assembled in Taiwan• Sold around the world
Page 21
Page 22
Recording of this session via any media type is strictly prohibited.
How many countries does it take to make a coat
Page 23
Recording of this session via any media type is strictly prohibited.
Categories of Supply
Supply chains comprise nodes and links • Nodes – organisational risk• Links – network risk
Page 23
Page 24
Recording of this session via any media type is strictly prohibited.
Understanding the total costs of ownership
Not just the purchase price, but …..o Increased transport costso Increased inventory financing costso Increased uncertainty of supplyo Longer lead-timeso Less visibility and increased likelihood of “bullwhip” effecto Loss of control in qualityo Longer development cycles for new productso Increased exposure to security risks
Page 24
Page 25
Recording of this session via any media type is strictly prohibited.
Changing Times & An Uncertain World
In a complex inter-organizational supply chain it would be difficult if not impossible for anyone to identify every possible hazard or point of vulnerability.
25
Page 26
Recording of this session via any media type is strictly prohibited.
Why Are Today’s Supply Chains So Vulnerable?
• Widespread adoption of ‘lean’ practices• The move to off-shore manufacturing and sourcing• Out-sourcing and reduction in the supplier base• Global consolidation of suppliers• Centralised production and distribution• All of which combine to make supply chains
vulnerable to disruption
Page 26
Page 27
Recording of this session via any media type is strictly prohibited.
Supply Chain Risk Perspectives
Page 28
Recording of this session via any media type is strictly prohibited.
The Sources of Risk in Supply Chain
• Supply risk• Demand risk• Process risk• Control risk• Environmental risk
Page 28
Page 29
Recording of this session via any media type is strictly prohibited.
Location Of Risk In The Supply Chain
Page 29
SUPPLY RISK
PROCESSRISK
DEMANDRISK
NETWORK/CONTROLRISK
Environmental Risk
Page 30
Recording of this session via any media type is strictly prohibited.
The Sources Of Supply Chain Risk
Page 30
• Loss of major accounts• Volatility of demand• Concentration of customer
base• Short life cycles• Innovative competitors
• Dependency on key suppliers• Consolidation in supply markets• Quality and management issues
arising from off-shore sourcing• Potential disruption at 2nd tier level• Length and variability of
replenishment lead-times
Supply RiskDemand Risk
• Manufacturing yield variability• Lengthy set-up times and
inflexible processes• Equipment reliability• Limited capacity/bottlenecks• Outsourcing key business
processes
Process Risk
• Asymmetric power relationships• Poor visibility along the pipeline• Inappropriate rules that distort demand• Lack of collaborative planning and forecasts• Bullwhip effects due to multiple echelons
Network/Control Risk
• Natural disasters• Terrorism and war• Regulatory changes• Tax, duties and quotas• Strikes
Environment Risk
Page 31
Recording of this session via any media type is strictly prohibited.
Supply Chain Risk Is Systemic
• The biggest risk to business continuity may lie outside the company in the wider supply chain
• The complexity and inter-connectedness of modern supply chains increases their vulnerability to disruption
• Environmental risks are outside our control, but systemic risk is created through our own decisions
Page 31
Page 32
Recording of this session via any media type is strictly prohibited.
Supply chain risk (i)
“The entire Japanese vehicle industry ground to a halt following an earthquake that stopped production of piston rings for engines provided by Riken, the industry leader in the domestic market. Toyota, in particular, was forced to stop operations at all 12 of its domestic plants.”
– Financial Times, 24 July 2007
Page 32
Page 33
Recording of this session via any media type is strictly prohibited.
Supply chain risk (ii)“A fire at a key Philips semiconductor factory in 2000 caused a worldwide shortage of the radio frequency chips used by both Nokia and Ericsson. Nokia immediately lined up another source and redesigned other chips so they could be produced elsewhere. However, Ericsson responded more slowly and lost an estimated $400 million in mobile phone handsets.”
- MIT Sloan Management Review - Summer 2006
Page 33
Page 34
Recording of this session via any media type is strictly prohibited.
Supply chain risk (iii)
“Yesterday it emerged that ice-cream supplies may run short because Unilever’s only UK factory, based in flood-stricken Gloucester, has been closed for the past ten days. The company usually manufacturers five million ice-creams and lollipops a day at the plant. It has stocks in freezers but it could be days before normal production resumes. Industry insiders predict that there will now be an ice-cream war as rival brands attempt to exploit Unilever’s predicament and gain market share.”
– The Times, 31 July 2007
Page 34
Page 35
Recording of this session via any media type is strictly prohibited.
Changing Times & An Uncertain World
‘Known’ problems are only part of the picture • Known Unknowns, Knowable Unknowns and
Unknowable Unknowns• Y2K: The Millennium Bug• Creeping Crises (e.g. Foot and Mouth disease)• Post 9/11 Security Matters• Corporate Scandals, Operational Risk and Business
Continuity
35
Page 36
Recording of this session via any media type is strictly prohibited.
Known Unknowns
Known Unknowns• We know that there exist uncertainties, which we
know how to solve• ‘Known known’
36
Page 37
Recording of this session via any media type is strictly prohibited.
Knowable Unknowns
Knowable Unknowns• There are some uncertainties which we don’t know
how to solve, We may choose ignore or face it
37
Page 38
Recording of this session via any media type is strictly prohibited.
Unknowable Unknowns
Unknowable Unknowns• However, there are still uncertainties that we don’t
know that we don’t know
38
Page 39
Recording of this session via any media type is strictly prohibited.
Y2K: The Millennium Bug
A ‘Known known’ example• In the UK, the government encourage
businesses to take the necessary measures to prevent system crashes, and engage in business continuity planning
39
Page 40
Recording of this session via any media type is strictly prohibited.
Y2K: The Millennium Bug
• As a result, nothing happened and the government was delighted, believing the planning had saved the country from disaster
• But the non-event left many managers skeptical as to whether the costly preventive measures had really necessary?
40
Page 41
Recording of this session via any media type is strictly prohibited.
Y2K: The Millennium Bug
• Y2K is one of the intractable problems about proactive measures to improve organizational and supply chain resilience
• If successful, mean nothing happens, but leads to questions of value or cost/benefits justification
• It is very difficult to make a business case for proactive ‘just in case’ measures to improve resilience
41
Page 42
Recording of this session via any media type is strictly prohibited.
Creeping Crises
• The outbreak of foot and mouth disease(FMD) in British livestock herds in February 2001 resulted in damage to whole sectors of economy
• FMD was a known threat to livestock, albeit one that had not been seen in UK for a generation
• The impact is engaged in production and distribution of food
42
Page 43
Recording of this session via any media type is strictly prohibited.
Creeping Crises
• But FMD also affected car manufacturers and fashion houses across Europe because of the shortage of high-quality leather
• All ‘knowable unknowns’ events could be the example of ‘creeping crises’
• Creeping crises show the fact that supply chains are more than value-adding mechanisms underlying competitive business models
• Supply chains link organizations, industries and economies, they are part of the fabric of society
43
Page 44
Recording of this session via any media type is strictly prohibited.
Post 9/11 Security Matters
• The events of 9/11 were so far out of risk managers’ field of reference, that they can be classed as “unknowable unknowns”
• The closure of US borders and the grounding of transatlantic flights dislocated international supply chains making supply chain vulnerability front page new
44
Page 45
Recording of this session via any media type is strictly prohibited.
Post 9/11 Security Matters
• Post 9/11, new security measures were hurriedly introduced at US border posts, ports and airports, affecting inbound freight to USA, including:
• Container Security Initiative (CSI)o CSI looked to new technology to pre-screen ‘high risk’ containers
before they arrived at US ports
• Customs-Trade Partnership (C-TPAT)o C-TPAT is a ‘known shipper’ programme, which allows
cargoes from companies certified by US Customs to clear customs quickly
45
Page 46
Recording of this session via any media type is strictly prohibited.
Corporate Scandals, Operational Risk and Business Continuity
• In the world of corporate risk management events(e.g. 9/11) were unfolding that would push ‘operational risk’ to the top of the corporate agenda
• The Enron Corporation collapsed in late 2001o Once held up as a model of best practice corporate risk
managemento Another three companies quickly followed
46
Page 47
Recording of this session via any media type is strictly prohibited.
Corporate Scandals, Operational Risk and Business Continuity
• New regulation, Sarbanes-Oxley Act(SOX) is noteworthy
• SOX requires full disclosure of all potential risks to corporate well-being within the business
• Board members have become more interested in identifying ‘knowable unknowns’ and have turned to risk management and to Business Continuity Management(BCM)
47
Page 48
Recording of this session via any media type is strictly prohibited.
The Risk Management Challenge
Page 48
High
Low
Low High
Probability of Occurrence
Consequence/Impact
• Where can we reduce the probability?• How can we reduce the consequence?
Page 49
Recording of this session via any media type is strictly prohibited.
The Risk Management Challenge
• Decision Theory and Managerial Tendencies
• Objective Risk and Perceived Risk
49
Page 50
Recording of this session via any media type is strictly prohibited.
Decision Theory and Managerial Tendencies
• Concerned paid little attention to uncertainty surrounding positive outcomes, viewing risk in terms of dangers or hazards with potentially negative outcomes
• Managers focus on the possible losses associated with plausible outcomes
• Decisions involving risk are heavily influenced by their impact on the manager’s own performance targets
50
Page 51
Recording of this session via any media type is strictly prohibited.
Decision Theory and Managerial Tendencies
• In comfortable circumstances managers are likely to be risk-averse, but when staring failure in the face, researchers show that this tendency reverses and they become risk-prone
• There is unlikely to be a single unified attitude to risk taking within a large organization
51
Page 52
Recording of this session via any media type is strictly prohibited.
Objective Risk and Perceived Risk
A view of risk set out by the engineers and physicists of The Royal Society:
• ‘Objective risk’: determined by experts applying quantitative scientific means
• ‘Perceived risk’: the imprecise and unreliable perceptions of general public
• ‘Detriment’: the numerical measure of harm or loss associated with an adverse event
52
Page 53
Recording of this session via any media type is strictly prohibited.
Objective Risk and Perceived Risk
Social scientists contend that, where people were involved, objective and perceived risk become inseparable
• Risk is not a discrete or objective phenomenon• Risk is an interactive culturally determined one• Risk is inherently resistant to objective
measurement
53
Page 54
Recording of this session via any media type is strictly prohibited.
Objective Risk and Perceived Risk
• Engineering-derived ‘objective’ views lead to a business process engineering and control perspective
• Open interactive societal systems views offer a persuasive argument for perceived risk
• The global supply chain view illustrates that culturally determined perceptions of risk could vary greatly from one region to another
• Hence the forces of nature can demonstrate just how far removed from a controlled environment this all might be
54
Page 55
Recording of this session via any media type is strictly prohibited.
Managing Supply Chain Risk
• Map the supply chain• Identify the critical paths• Utilise cause and effect analysis (TQM tools)• Implement supply chain event management• Adopt agile practices• Formalise supply chain risk management
Page 55
Page 56
Recording of this session via any media type is strictly prohibited.
Identify The Critical Path(s)
Critical paths are characterised by:-• long lead-times • no short-term alternative source of supply • Bottlenecks • high levels of identifiable risk (i.e. supply, demand,
process, control and environmental risk)
Page 56
Page 57
Recording of this session via any media type is strictly prohibited.
Use cause and effect analysis
How To.• pareto analysis • asking ‘why?’ five times • fishbone charts • failure mode and effects analysis
Page 57
Page 58
Recording of this session via any media type is strictly prohibited.
Pareto Analysis
80% of disruptions will share 20% of the causes
Page 59
Recording of this session via any media type is strictly prohibited.
Asking “Why?” Five Times
1. Q. Why did the machine stop?A. There was an overload and the fuse blew.
2. Q. Why was there an overload?A. The bearing was not sufficiently lubricated.
3. Q. Why was it not sufficiently lubricated?A. The lubrication pump was not pumping sufficiently.
Page 60
Recording of this session via any media type is strictly prohibited.
Asking “Why?” Five Times
4.Q. Why was it not pumping sufficiently?A. The shaft of the pump was worn and rattling.
5.Q. Why was the shaft worn?A. There was no strainer and metal scrap got in.
Page 61
Recording of this session via any media type is strictly prohibited.
Asking “Why?” Five Times
Repeating why five times like this can help uncover the root problem and correct it. If this procedure were not carried through, one might simply replace the fuse or the pump shaft. In that case the problem would reoccur in a few months.
– Taiichi Ohno - Toyota Production System
Page 62
Recording of this session via any media type is strictly prohibited.
Cause And Effect Analysis
Page 62
Page 63
Recording of this session via any media type is strictly prohibited.
Failure Mode And Effects Analysis (FMEA)
Asks three questions:- What could go wrong?- What effect would this failure have?- What are the key causes of this failure?
Provides an assessment of risk for each possible failure:S = severity of effectO = likelihood of occurrenceD = likelihood of detection
Page 63
Page 64
Recording of this session via any media type is strictly prohibited.
Risk Analysis Scoring System
Page 64
Page 65
Recording of this session via any media type is strictly prohibited.
Risk Analysis Scoring System
Page 66
Recording of this session via any media type is strictly prohibited.
Risk Analysis Scoring System
Page 67
Recording of this session via any media type is strictly prohibited.
Supply Chain Risk and Risk Management Strategies
Page 68
Recording of this session via any media type is strictly prohibited.
Creating a Resilient Supply Chain:Strategic Approaches
Page 69
Recording of this session via any media type is strictly prohibited.
Creating a Resilient Supply Chain:Strategic Approaches
Page 70
Recording of this session via any media type is strictly prohibited.
“It is not the strongest of the species that survive nor the most intelligent, but the one most responsive to change”.
– Charles Darwin
Page 70
Page 71
Recording of this session via any media type is strictly prohibited.
Questions, Final Comments and Contact Information
Thank You for Joining us Today!Randy F. Jouben, CPCU, ARM,CBCP, MBCI, AIC, AINS,
Director, Risk ManagementFive Guys Enterprises, LLC10718 Richmond Highway
Lorton, Virginia 22079Direct: 703-436-1959