16 • Supply Chain Risk Management: An Emerging Discipline
against the projected expenses to achieve compliance; and (4) prioritize,
fund, and initiate any corrective actions deemed necessary.
22
While com-
pliance reporting requirements have been around for many years, the
hazard events of the last 15years have brought about new compliance
requirements, particularly in the area of international supply chains.
Risk Governance
Risk governance includes the frameworks, tools, policies, procedures,
controls, and decision- making hierarchy employed to manage a busi-
ness from a risk management perspective. At times the governance struc-
ture includes a chief risk ocer, who is normally identied as the person
responsible to coordinate and oversee the risk management process and
approve reports to the corporate audit committee of the board of directors.
Chapter3 will address the pros and cons of designating chief risk ocer.
e risk concepts presented here are certainly not the only ones that
comprise the vocabulary of SCRM. ey are, however, the more impor-
tant ones. It would be dicult to proceed with our risk discussion without
having this working knowledge of risk terminology.
CATEGORIZING RISK
While various frameworks categorize the domain of supply chain risk,
no standard agreement exists regarding what these categories should be.
Any categorization scheme should identify broader risk categories and
then place specic risks within those categories. One perspective classies
supply chain risk into nine categories—design; quality; cost; availability;
manufacturability; supply; nancial; legal; and environmental, health
and safety.
23
We think that a more simplied approach might better suit
our needs.
Perhaps the most logical way to look at supply chain risk is to consider
the four categories that dene enterprise risk management—strategic,
hazard, nancial, and operational risks. While some frameworks present
more categories, the thriiness of these four categories is a virtue. e fol-
lowing describes these categories.
Strategic Risk. For something to be strategic, it must be necessary to
or important in the initiation, conduct, or completion of a strategy or
Supply Chain Risk Management: Setting the Stage • 17
strategic plan. Strategic risks are those risks that are most consequential to
an organization’s ability to carry out its business strategy, achieve its cor-
porate objectives, and protect asset and brand value. Chapter4 explores
strategic risk in detail.
Hazard Risk. is category of risk pertains to random disruptions,
some of which involve acts of God. is category includes bellowing ash
from a volcano in Iceland, a tsunami that devastated Japan, serious oods
in ailand, and a super storm named Sandy that aected the eastern
United States. is category also includes res and malicious behavior
such as accidents, product tampering, the, and acts of terrorism. Hazard
risk is normally what we think of when we purchase insurance as a form
of risk protection. Chapter5 addresses this risk category.
Financial Risk. Financial risks relates to the internal and external
nancial diculties of the participants within an integrated supply chain.
While we can make the argument that all supply chain risk events eventu-
ally have nancial risk implications, we categorize a risk as nancial when
the primary and immediate eect of the risk, rather than a subsequent or
secondary eect, is nancially related. Chapter6 explores nancial risk
in detail.
Operational Risk. Operational risk arises from daily operations. By far
a disproportionate set of supply chain risks will be categorized as opera-
tional since this category includes internal and external quality problems,
late deliveries anywhere in the supply chain, service failures due to poorly
managed inventory, problems related to poor forecasting, and a thou-
sand other events related to operational performance failures. Chapter7
addresses operational risk specically.
Other Ways to Look at Risk
A somewhat dierent way to look at risk is according to a three- category
system that categorizes risks as systemic, event, or idiosyncratic.
24
Systemic
risks pertain to widespread risks that impact most players in an indus-
try. Chinese wage ination and currency reevaluations are risks that will
aect a large number of players from many dierent industries. Event risks
include narrow or localized events that impact participants selectively. An
earthquake in Taiwan, for example, may selectively impact semiconduc-
tor foundry operations. Or, a tornado in Oklahoma only impacts directly
a certain part of the United States. Idiosyncratic risk pertains to highly
localized events that impact very few players. A delayed truck delivering
18 • Supply Chain Risk Management: An Emerging Discipline
goods to a single retail store is an example of a risk that has a limited aect
in terms of its impact.
Still another way to look at risk involves hard versus so risks. Hard risks
are easily measurable and tangible, such as risks that aect assets, inven-
tory, and facilities. With hard risks a company can identify reasonably
precise losses if a risk materializes and a reasonable history of occurrences
and probability exists. So risks are more dicult to measure or identify.
Because so risks are usually present to some degree, they increase the
overall probability of risk occurrence but in ill- dened or imprecise ways.
An analogy here involves total cost models. Some costs are easily identi-
able and quantiable (transportation costs and unit price, for example)
while other costs are “hidden” and dicult to calculate (the cost of com-
munication and time- related problems when dealing with remote Chinese
suppliers). ese hidden costs (which are analogous to so risks) still
increase the true total cost, although in ill- dened or imprecise ways.
Still an additional way to think about risk is in terms of known and
unknown risks. Known risks are specic risks that we have encountered
previously or can foresee or anticipate with a reasonably good estimate of
occurrence. During risk analysis and planning known risks are good can-
didates for practicing risk prevention. Unknown risks consist of unfore-
seen combinations of outcomes or events that produce a risk. is includes
unexpected or unanticipated surprises. Managing unknown risks will
benet from strong risk mitigation plans.
GENERIC RISK MANAGEMENT APPROACHES
Literally hundreds of activities, tools, and approaches have the potential
to be part of a company’s risk management portfolio. At a very high level
we can organize these approaches by their primary risk objective, which
includes mitigating, avoiding, preventing, accepting, or sharing risk.
Risk Mitigation
Some will use the term risk mitigation to describe almost everything that
is undertaken in the name of risk management, including preventive
actions. According to its most basic denition, mitigate means to lessen
Supply Chain Risk Management: Setting the Stage • 19
the impact of something. at “something” could be the eect of a risk
event such as a supplier re or supply chain quality problem. In a broader
sense, mitigation can also be the result of action taken to either reduce the
likelihood of a risk occurring or minimize the extent of its impact. is
broader perspective is why many sources refer to just about any risk man-
agement initiative as risk mitigation.
When speaking in broad terms about how to manage risk, we will use
the term risk management rather than risk mitigation. We view mitigation
more in terms of responding to risk events rather than preventing risk.
Prevention is a risk management response that is largely separate from
mitigation. Mitigation or risk responsiveness is essential when unknown
risks are present. Not everything can be anticipated or prevented.
Risk Avoidance
Avoidance involves exiting those activities that give rise to a risk. A com-
pany may decide (and many have) that sourcing a material from a certain
supplier is too risky, so it avoids that supplier. Or, a certain line of products
is not earning enough prot, so a company decides to stop making those
items (or sell the brand to another company). With avoidance, a com-
pany has made a conscious decision to reduce, perhaps even eliminate, its
risk exposure.
Risk Prevention
Prevention involves taking action to ensure that a risk does not become a
risk event or, if it does become an event, that it will have an inconsequential
eect. is approach to managing risk is oen preferable when dealing
with known risks. Prevention is dierent from avoidance in that a com-
pany did not exit something as a means of addressing risk. We expect
a greater focus on prevention as supply chain managers become more
focused on anticipating and averting risk rather than experiencing and
responding to risk. We have heard numerous business leaders comment
that their rms, while good at responding to risk events, need to do a bet-
ter job preventing the risk event in the rst place.
At a personal level most of us understand the concept of prevention,
particularly as it relates to our personal health. We know that if we watch
our weight, exercise, avoid smoking and excessive alcohol, avoid harmful
20 • Supply Chain Risk Management: An Emerging Discipline
drugs, drive prudently, and eat correctly, we may prevent a host of seri-
ous ailments.
We will clearly dierentiate between mitigation and prevention activi-
ties as we try to anticipate and then take steps to ensure that a risk does not
become a reality. A primary argument put forth in this book is that most
companies are conversant or even qualied in terms of risk responsiveness
(mitigation) but not nearly as advanced when it comes to prevention.
Risk Acceptance
Acceptance means to take on and assume a risk. SCRM may not be a
priority at a company, so therefore no specic risk management action
is taken. In this case acceptance occurs essentially by default. A second
reason for risk acceptance is that a cost/ benet analysis reveals that the
cost of addressing a risk outweighs the expected impact of the risk. A third
reason is that no practical way exists to prevent, share, or mitigate the
risk. is is usually an acknowledgment that, at least in the short run, no
viable action or alternative is available that will eectively address a risk.
No practical choice exists except to assume the risk.
Risk Sharing
Risk sharing involves transferring or sharing a portion of a risk to reduce
or mitigate it. Sharing product development costs with suppliers or buying
insurance is a risk- sharing method. We all practice risk sharing when we
buy home, car, or life insurance. Financial managers enjoy the benets of
risk sharing when they engage with other traders to hedge commodities
and currencies. And supply chain managers oen write contracts with sup-
pliers that feature some level of currency or commodity risk sharing.
Risk pooling is an important form of risk sharing. A risk pool involves
insurance companies controlling the risk of insuring against catastrophic
events or extending insurance to individuals or businesses that are likely
to create sizable claims. If a claim arises from a natural disaster or cata-
strophic weather event, the companies spread losses among all members
of the risk pool. Single members of the risk pool are protected from large
claims that would bankrupt the insurance company, leaving their claim-
ants with nothing.
25
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.