Supply Chain Risk Management: Setting the Stage • 11
A study by the Supply Chain Council (SCC) identied a set of barriers
that aect the practice of supply chain risk management. One barrier is
the tendency of senior management to focus on risk management only
during times of crisis, something that needs to shi from responsiveness
to prevention. A second barrier is that SCRM requires many functions to
cooperate, something that is challenging even on a good day. ird, the
study concluded that SCRM responsibilities are typically added to exist-
ing sta responsibilities. While everyone should be a risk management
stakeholder, adding responsibilities to existing duties clearly creates a
competition for resources, a competition that SCRM will oen lose. Next,
the increasing complexity of products, divisions, regions, and supply
chains makes a coordinated SCRM eort more of a challenge. A nal bar-
rier is that a partial eort to SCRM dilutes the perceived need for a real
and sustained risk management eort. A “close enough is good enough”
attitude toward SCRM oen prevails. ese barriers will clearly aect the
state of SCRM.
SOME IMPORTANT RISK CONCEPTS
A working knowledge of some important risk concepts is essential when
talking about SCRM, particularly since these concepts are mentioned
repeatedly throughout this book. We also do not want someone to appear
ill- informed when talking about risk management with others. Part of
understanding risk management is having a working knowledge of the
terms and concepts that populate this body of knowledge. e following
presents some important terms and concepts that will help you speak the
language of a risk manager.
Risk Event
An important distinction exists between risk and risk events. Every day
we face hundreds of risks with various probabilities attached to them
(although we rarely quantify those probabilities). But, and this is impor-
tant, a risk is relatively harmless until it happens. ere is always a risk that
someone will fall o a roof when they are working on their house. Until
that person actually takes the plunge, the risk of falling remains simply a
risk. If the person falls, the risk is now a risk event. A risk event is simple
12 • Supply Chain Risk Management: An Emerging Discipline
to conceptualize—it is a risk that has become a reality. Formally dened,
a risk event is a discrete, specic occurrence that negatively aects a deci-
sion, plan, rm, or organism.
13
Risk events are not only episodic, temporary occurrences. Risk events
can be continuous, particularly if they relate to operational performance
problems. Any supply chain performance problem that is ongoing pres-
ents continuous risk to multiple parties in a supply chain.
A word of caution is in order here. A tendency exists to identify a grab
bag of risk events and then label each event as a risk category. is is gen-
erally an unorganized way to approach risk management. Late supplier
deliveries or supplier quality problems might comprise two such catego-
ries even though they are risk events. Risk events should be organized and
placed into broader risk categories. In the supply chain space a number
of risks might relate to nancial risks, for example, and therefore should
be placed under a nancial risk category. Subcategories of nancial risk
may then be developed that include supplier nancial risk, working capital
risk, or currency risk. A later section will present risk typologies.
Risk Exposure and Vulnerability
Risk exposure involves the quantied potential for loss that might occur
as a result of a risk event. e risk exposure value is oen the outcome of a
comprehensive risk analysis that uses algorithms to combine risks accord-
ing to their probability of occurring against the potential loss if the risk
occurs. A company that can seamlessly switch production between mul-
tiple supplier locations has less risk exposure to a supply disruption com-
pared with a buyer that has access to only a single production location.
Even before a garment factory collapsed in Bangladesh, killing 430 work-
ers in the country’s worst apparel- industry accident, major buyers such
as Walmart and Levi Strauss had ceased doing work with vendors who
operated in multistory buildings. e risk exposure from these operations
was simply too great.
14
For our purposes we view risk exposure and vulnerability as closely
related concepts, although vulnerability tends to be a less quantied con-
cept. We are vulnerable to something if we are susceptible to harm or
injury. Anyone who has built a house on an earthquake fault will grasp the
concept of vulnerability to earthquakes. Or, someone traveling to certain
parts of the world without getting proper vaccinations should appreciate
Supply Chain Risk Management: Setting the Stage • 13
being more vulnerable to diseases. In the information technology (IT)
world, vulnerability refers to the security aws that allow a successful sys-
tem attack by hackers.
15
IT vulnerability is an important concept because
supply chains today are increasingly information enabled.
Risk Resilience
Risk resilience is becoming one of the most researched and discussed top-
ics in supply chain risk management. At a basic level, resilience refers to
the ability to recover from or adjust to misfortune or change.
16
It repre-
sents the ability of a company and supply chain to “bounce back” aer
an event. While the concept of resilience has been studied scientically
in development psychology and ecosystems for many years, it is still an
emerging topic in SCRM. Even in well- developed disciplines the deni-
tions of resilience are oen contradictory and confusing.
17
A good example of pursuing resiliency as an objective comes from the
utility industry. As utilities work to storm- harden their networks (a form
of risk prevention), some are also investing in technology to recover faster
from outages (risk responsiveness or mitigation) through an approach
called the “smart grid.” New systems use advanced technology to pinpoint
problems, reroute power around problem areas, and identify where repair
crews need to go rst to get the most customers restored the fastest.
18
One
emerging technology cuts o power at the spot where a tree falls into
a power line and then reroutes electricity so nearby customers still retain
power. Using a boxing metaphor, resiliency means being able to take a
punch and still be standing.
A second resiliency example involves oshore oil exploration in the Gulf
of Mexico. It became obvious that following the 2010 explosion at BP’s
Macondo well an array of new and complex regulations would emerge
addressing oshore drilling safety. And that is exactly what happened.
Some observers predicted that drilling in the Gulf of Mexico would not
recover for years, if ever. But that does not seem to be the case. In the
words of one analyst, “Bottom- line, Gulf of Mexico oil production is in
considerably better shape than even the most ardent optimists envisioned
following Macondo.”
19
Part of the reason for such optimism is the oil
industry’s resiliency as it learns to live with stricter safety oversight and
slower permit reviews. Estimates indicate that by 2022 oil output from the
Gulf of Mexico will be 28% higher compared with current levels.
14 • Supply Chain Risk Management: An Emerging Discipline
Risk Appetite
Risk appetite reects the degree of risk that an organization or individual
is willing to accept or take in pursuit of its objectives. is can be mea-
sured in terms of both quantitative and qualitative dimensions. Some also
refer to this concept as risk tolerance or risk propensity, a topic that is well
grounded in the nancial community.
Finance experts view risk appetite as reecting the type of risk that an
institution or individual is willing to undertake in pursuit of a desired
nancial performance. Clearly, someone who invests in derivatives rather
than guaranteed government bonds (assuming they are not Greek bonds)
has a higher appetite for risk. When an organization or individual has a
low risk appetite, we say they are risk averse. As it pertains to supply chain
risk, we can safely conclude that most organizations tend to be risk averse.
Remember, the typical supply chain professional looks at risk in terms of
loss or harm.
Complex models have been developed to identify risk utility functions.
Utility functions transform monetary values (payos and costs) into util-
ity values that specify preferences for various monetary payos and costs.
is encodes a company or individual’s attitude toward risk. A time-
consuming step when developing utility functions is to assess a company’s
or individual’s attitude toward risk. At the company level, this assessment
is part of a dialogue between the board of directors and senior manage-
ment and includes factors such as business model aspirations, institutional
principles, shareholder expectations, and core competencies.
20
An analysis by e Wall Street Journal concluded that the United States
is becoming more risk averse (i.e., a lower risk appetite) as a nation com-
pared with previous periods. If this is true it does not bode well for the
longer- term growth prospects of the U.S. economy as fewer individuals
start new ventures. e Wall Street Journal analysis concluded that three
shis are causing Americans to become more risk averse, an aversion
that will result in fewer new businesses being created and a reluctance to
change jobs or move to take advantage of new opportunities. ese shis
include an aging population (older citizens are not known as risk takers),
the emerging dominance of large corporations in many industries that
shuts out new players and ideas, and a reluctance of venture capitalists to
invest in new opportunities. As one observer says, “e pessimistic view is
we’ve lost our mojo.”
21
At a national level we need risk takers to grow the
economy through innovation and change.
Supply Chain Risk Management: Setting the Stage • 15
Risk Analysis or Assessment
Risk analysis, also called risk assessment, is the process of qualitatively
and quantitatively assessing potential risks within a supply chain. At a
basic level risk analysis involves identifying risks and then evaluating
or mapping these events, at a minimum, across two dimensions. ese
dimensions include the probability of a risk occurring and the impact if
the risk were to become a risk event. Some techniques will score the two
dimensions and multiply them together to arrive at an overall risk score.
Chapter 13 will discuss some validity issues related to this approach.
In the nancial sector, risk analysis refers to the uncertainty of fore-
casted future cash ows streams, variance of portfolio and stock returns,
statistical analysis to determine the probability of a project’s success or
failure, and possible future economic states. Remember, risk analysis (and
risk management) is far more evolved in the nancial community com-
pared with the supply chain community.
Risk Response Plan
A risk response plan is a logical extension of a risk analysis. e risk plan
is a document that denes known risks and includes descriptions, causes,
probabilities or likelihood of risk occurrence, costs, and proposed risk
management responses. A word of caution is in order here. We have all
been presented with (or assigned to write) the dreaded 125-page report
that no one will ever read. In the old days this report would sit on a shelf
in someone’s oce collecting dust. Now, these reports sit in electronic
directories collecting virtual dust. A risk response plan should be a crisp,
actionable document that is not someone’s idea of busy work.
Risk Compliance
Risk compliance includes the internal activities taken to meet required or
mandated rules and regulations, whether they are governmental, industry
specic, or internally imposed. Companies have always had compliance
requirements relating to nancial reporting, environmental compli-
ance, and a host of other areas. At an organizational level, compliance is
achieved through management processes that (1) identify applicable laws,
regulations, contracts, strategies, and policies; (2) assess the current state
of compliance; (3) assess the risks and potential costs of noncompliance
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.