managing supply chain risks - starchapter...supply chain risk management what are others saying? cnn...
TRANSCRIPT
1 CONFIDENTIAL © StoneCross Group, LLC
Managing Supply Chain Risks Emerging Trends & Technologies
Jeff St. John
John R.C. Pearce
StoneCross Group, LLC
2 CONFIDENTIAL © StoneCross Group, LLC
Agenda
Trends & “buzz” – what has changed?
What are major risk sources?
What technologies/resources are emerging?
What does “mapping risk” involve?
Benchmarking your firm’s risk?
A recommended approach to SCRM
Q&A
3 CONFIDENTIAL © StoneCross Group, LLC
What Has Changed?
4 CONFIDENTIAL © StoneCross Group, LLC
Supply Chain Risk Management What Are Others Saying?
CNN Money: The Global Supply Chain – So Very Fragile!
Forbes: Supply Chain Risk a Hidden Liability for Many Companies
IDC Manufacturing Insights: Supply Chain Resilience Research & Practice
Fortune: Supply Chain-Risk Management & Sustainability
SupplyChain 247: 6 Strategies to Prepare Your International Supply Chain for Disruption
MIT/PwC: Supply Chain & Risk Management 2013 Study
5 CONFIDENTIAL © StoneCross Group, LLC
Evolutions of Supply Chain Complexity MIT Forum: Supply Chain & Risk Management
Studied 209 companies with global footprints
Dependencies between supply chain entities has increased
Changes in SC network occur more frequently
Increased product introductions
Products and services becoming less standard
Number of entities in supply chain has increased
What Would You Add?
6 CONFIDENTIAL © StoneCross Group, LLC
Top Sources of Supply Chain Risks Massachusetts Institute of Technology 2013 Study
Raw Material Price Fluctuations
Currency Fluctuations
Market Changes
Energy/Fuel Price Volatility
Rising Material Scarcity
Rising Labor Costs
Geopolitical Instability
Supplier/Partner Bankruptcy
Technology Changes
Unplanned IT Disruptions
7 CONFIDENTIAL © StoneCross Group, LLC
Real Time Incident / Event Awareness & Monitoring of a Global Nature
Knowledge of Mandatory Compliance with • Applicable Laws, Regulations and Practices
Complete, Up-To-Date Database & Mapping of • Primary, secondary and sub-tier areas of exposure
• Your locations – suppliers, partners, customers, people
Relevant KPI’s to tie back to SCR
Integrated knowledge of finished product components and relationship to supplier(s)
7
Elements to Controlling Risk
8 CONFIDENTIAL © StoneCross Group, LLC
Supply Chain Mapping Visualizing Your Supply Chain – Amerigo
9 CONFIDENTIAL © StoneCross Group, LLC
Supply Chain Risk Mapping
“It pays to have supply chain backup plans……..
……….providing you know what to backup!”
……SCAIRTM
10 CONFIDENTIAL © StoneCross Group, LLC
RAW MATERIAL SOURCING
MANUFACTURING DISTRIBUTION &
LOGISTICS WAREHOUSING
Manual, Inefficient Processes for Tracking Risk
The SCRM Challenge Where Does Risk Exist – How Is It Addressed Today?
11 CONFIDENTIAL © StoneCross Group, LLC
Emerging Technologies & Offerings Incident Tracking – Planning – Execution – Visibility – Mapping
Resilinc
Razient
Amerigo
InterSys Ltd (SCAIRTM)
GT Nexus
PW - KPMG – Deloitte
FM Global
MetricStream
Trade Merit
CDC/Aptean
Manhattan Associates
Marsh Risk Consulting
SCRLC
ISO 28002
12 CONFIDENTIAL © StoneCross Group, LLC
Global Event Tracking - a Deeper Dive Courtesy of Razient Technologies
13 CONFIDENTIAL © StoneCross Group, LLC
Event Tracking for Supply Chains A Technology Preview – What They Do
Provides timely, daily visibility of all relevant incident types and threats specific to your locations, supplier/sub-supplier, third parties and customer locations
Configurable action and response steps to quickly address risks and threats that may disrupt the flow of goods, materials or other supply chain activities
Tracks compliance against best practices, your company standards, applicable laws and regulations including global regulatory requirements of every vendor in your network
Opens new possibilities of pro-active management of risks and human capital via mobile capabilities
14 CONFIDENTIAL © StoneCross Group, LLC
Defining Events to Track Incidents are Tailored for your Supply Chain
15 CONFIDENTIAL © StoneCross Group, LLC
Going from Reactive to Pro-Active Alerts Monitoring
Global Incident
Management
Global threat
dashboard
Data feeds from
numerous data
sources
Immediate correlation
to locations
Determine which
locations/parts are
facing potential
threats
Crisis management
tracking, and
mitigation steps
16 CONFIDENTIAL © StoneCross Group, LLC
Going from Reactive to Pro-Active Compliance Tracking
Compliance Management
Achieve regulatory
compliance and industry
best practices
Customize, distribute,
manage, and monitor risk
Surveys
Reduce cost of vendor
risk management
through automated
processes
Track and report on
compliance results
Utilize a library of
predefined assessments
Archive compliance
results
Centralized document
collection
17 CONFIDENTIAL © StoneCross Group, LLC
Mobile Event Tracking Capability User Alerts – Incidents – Notifications – General Content
18 CONFIDENTIAL © StoneCross Group, LLC
What is your SC Risk Maturity? How far do you have to go?
Prelimnary Discussions?
Risk Management integrated into your SC?
Mapped critical suppliers & associated risk?
On-going assessment strategy for Risk?
Suppliers chosen based on Risk elements?
Do you segment Risk strategies?
Risk mitigation strategy exist?
Are critical suppliers cooperative?
Are third-parties evaluated for Risk?
Suppliers periodically evaluated for Risk?
Do you know of critical “risk funnels” that you share with competitors?
19 CONFIDENTIAL © StoneCross Group, LLC
SC Risk Maturity Benchmark MIT Study Results: 60-40-10
Reactionary
Awareness
Proactive
Integrated
Resilient
All Risks
Traditional risks
Non-traditional risks
“Black swan” events
Major emerging trends/risks
20 CONFIDENTIAL © StoneCross Group, LLC
Define
Measure
Analyze
Improve
Control
• Improve processes and controls
• Identify ways to remove or avoid situations which affect
risk exposure
• Define risk area and scope
• Categorize the nature of the risk, i.e., (non)compliance or
incident
• Develop a baseline of current activities / performance
• Assess the current processes and controls environment
• Assign relative risk value to factors affecting risk in each
risk area
• Identify changes or other factors that can positively or
negatively affect the risk
• Develop processes and structure to manage and monitor
risk
• Develop reporting mechanisms to warn of situations or
incidents which affect risk exposure
20
SCRAM®
An Approach To Risk Management
21 CONFIDENTIAL © StoneCross Group, LLC
Complete Initial Client Profile Background and Understanding
Document
Work with Executive Leadership to Complete the Risk Intelligence Maturity Model
• Identify key stakeholders in the organization
• Complete Individual Maturity Model Analysis with each stakeholder
• Compile and Analyze Results
• Work with organizational Leadership to interpret results
Identify Key Organization Stakeholders / Leadership Team to
participate in the Supply Chain Assessment & Management
(SCRAM®) process
Work with Stakeholders / Leadership to strategically identify “Critical Risk Areas” of focus to highlight during process
Define
Measure
Analyze
Improve
Control
21
SCRAM® Approach
Define risk area and scope / understand Client Business Practices
22 CONFIDENTIAL © StoneCross Group, LLC
Deploy Subject Matter Expert(s) (“SME”) to conduct Risk
Assessments • Meet with key Client process and control owners • Remote and In-Field assessments of Client processes and controls
Document Risk Assessment results
• Document discussions with process and control owners • Document Client processes and controls pertaining to Risk assessments • Obtain supporting documentation, as necessary, to support processes and controls
Confirm Risk Assessment results with process / control owners
• Compile results of assessments • Follow-up discussions with process and control owners to validate findings
Define
Measure
Analyze
Improve
Control
22
SCRAM® Approach
Assess Current Processes and Controls Environment
23 CONFIDENTIAL © StoneCross Group, LLC
Relatively Low
Probability of Occurring BUT Relatively High
Consequence
High Vulnerability to
Enterprise and Requires Constant Attention
Relatively Low
Probability of Occurring and Relatively Low
Consequence
Relatively High Probability of Occurring
BUT Relatively Low Consequence
Probability of Occurrence LOW
HIGH
HIGH
13 24
Co
nse
qu
en
ce
s
1
8
33 18
23
SCRAM® Approach
Define
Measure
Analyze
Improve
Control
24 CONFIDENTIAL © StoneCross Group, LLC
Define
Measure
Analyze
Improve
Control
Affinity Diagram: Brainstorm improvement ideas around a risk
area and group ideas for the purpose of selecting the most
appropriate
Improvement Ideas
Cause and Effect Diagram: Identify the various changes and
initiatives that can affect the improvement effect desired
Interrelationship Diagram: Identify and analyze the cause and
effect relationships across the various issues initiatives to
highlight key drivers and outcomes in a holistic manner
Force Ranking: Force rank the improvement changes /
initiatives based upon severity of the risk outcomes from
not making the changes
24
SCRAM® Approach
Identify Improvement Initiatives Using Lean / Six Sigma Tools for Mitigating Risk
25 CONFIDENTIAL © StoneCross Group, LLC
Define
Measure
Analyze
Improve
Control
Establish Official “Enterprise Risk Management” (ERM) Framework
• Document auditable Control Objectives and Control Activities within ERM – Entity-Level Controls – Controls Objectives and Activities by Risk Area
• Document Client Entities governed by ERM Framework • Establish Control Owners within Client organization • Establish Control Assessment Rotation Plan / Frequency
Consider Adoption of a Risk Management Tool for Ongoing Management and Monitoring of Organization-Wide Risks
25
SCRAM® Approach Develop Processes to Manage and Monitor Risk
26 CONFIDENTIAL © StoneCross Group, LLC
ISO 28002
27 CONFIDENTIAL © StoneCross Group, LLC
ISO 28002:2011 Latest Version of ISO Standards
“……specifies requirements for a resilience management system in the supply chain to enable an organization to develop and implement policies, objectives, and programs, taking into account legal, regulatory and other requirements to which the organization subscribes; information about significant risks, hazards and threats that may have consequences to the organization, its stakeholders, and on its supply chain; protection of its assets and processes; and management of disruptive incidents.”
28 CONFIDENTIAL © StoneCross Group, LLC
SCRLC Supply Chain Risk Leadership Council
“A cross-industry organization including world-class manufacturing and services supply-chain organizations and academic institutions that work together to develop and share best practices in supply-chain risk management. Its mission is to create supply-chain risk management standards, processes, capabilities, and metrics that reflect current best practices and can be widely adopted.”
29 CONFIDENTIAL © StoneCross Group, LLC
Benefits of a Mature SC Risk Program
“Companies with mature capabilities in supply chain management and risk management do better along all surveyed dimensions of operational and financial performance than immature companies.”
MIT Forum for Supply Chain Innovation 2013
Phone: 1-617-852-2708
30 CONFIDENTIAL © StoneCross Group, LLC
Questions