180 • Supply Chain Risk Management: An Emerging Discipline
risk register system to rst evaluate if their business unit or region has ever
dealt with this type of risk before. If so, they immediately review all the
pertinent information stored in the system in terms of how the business
unit or region “treated” that risk and how long it took to mitigate the risk.
If the unit or region has never encountered the risk, they search the world-
wide risk register system to see if another unit has encountered this risk.
If the corporation has never encountered the risk, a call to the SCRM cor-
porate group is made, and collectively the teams begin the mitigation and
management process. Without a diligent approach to risk taxonomy, the
organization would not be able to quickly and eectively mitigate risks
across the enterprise and around the globe.
BENEFITS OF ERM AND GRC FRAMEWORKS
An exciting benet of utilizing ERM as an SCRM framework comes from
AON (a leading global provider of risk management, insurance and rein-
surance brokerage, human resources, and outsourcing services) and the
Strategic Risks are generally out of our
control and must be factored into business
planning
Operational Risks are generally within our
control and must be factored into business
operations
We identify, assess, mitigate, and manage
External (Strategic) Risks and
Internal (Operational) Risks
through risk classication and categorization
Buy Make Move Sell
Examples of Risk Categories
:
Water
Raw materials
Ingredients
Packaging
Manufacturing processes
Natural hazards
Energy
Environmental
FIGURE 9.4
Risk classication at Coca- Cola. Source: MIT/ Coca- Cola presentation by Dr. Bruce
Arntzen, director Global SCALE Risk Initiative—MIT, and John J. Brown, director risk
management—Coca- Cola, “Current and Future State of Corporate Supply Chain Risk
Management,” Supply Chain World North America, May25, 2011.
Emerging Risk Management Frameworks for Success • 181
Wharton School of the University of Pennsylvania. Using annual nan-
cial results and Bloomberg market data for 361 publicly traded compa-
nies, these researchers found a statistical link between higher levels of risk
maturity and higher relative stock price returns along with lower levels of
stock price volatility and higher relative levels of return on equity perfor-
mance.
14
e companies rated highest in maturity exhibited +18% stock
return performance as opposed to the lowest rated companies, who dem-
onstrated a negative stock return of –10%. A second performance indica-
tor was return on equity.
Companies with the highest risk rating exhibited a return on equity
of +37%, while organizations with the lowest rating produced a negative
return of –11%. is dierential between best and worst is the most dra-
matic metric in the study. And the researchers didn’t stop there. ey took
the nancial data and subjected that data to “stress resting” by simulating
how securities would respond in the immediate aermath of signicant
risk events to the nancial markets based on historical data.
e researchers essentially conducted “shock therapy” on the data for
companies in the study by modeling the Japanese earthquake and tsu-
nami in 2011. Organizations with the highest maturity rating exhibited
a stock price return of –0.3% over a certain period compared with orga-
nizations with the lowest rating exhibiting a return of –3.4%. We feel this
speaks volumes for why companies should spend time and resources on
ERM and other risk management frameworks. Although risk manage-
ment can be a hard sell, these numbers are convincing when it comes to a
solid SCRM ROI.
An additional study published by RIMS asked 564 organizations to
participate in an in- depth assessment of ERM. e participants com-
pared their ERM activities against a comprehensive set of best practices
and readiness indicators inside a risk maturity model. e premise of the
study was the belief that better- managed companies tend to have higher
credit ratings and higher ERM competency. Credit ratings for participat-
ing companies were compared using statistical analysis to measure the
relationship between credit rating scores and risk maturity model scores.
e correlation coecient was calculated for each model factor and found
to be positive. e researchers also conducted statistical analyses that
compared the model scores of two groups, those using ERM and those not
using ERM. e researchers found statistical dierences between the two
182 • Supply Chain Risk Management: An Emerging Discipline
groups that supported the value of ERM. Overall, the researchers’ report
concluded the following:
• Organizations with formalized ERM programs have higher risk
maturity model scores (as we would expect).
• Organizations with higher risk model scores have higher credit
ratings.
• Organizations without formalized ERM programs have lower risk
maturity model scores.
• Organizations without formalized ERM programs have lower
credit ratings.
Additional benets from utilizing ERM as a risk framework from the
RIMS study include the following:
• Companies can avoid potential future rating agency downgrades
and increased cost of capital since Standard & Poor’s and many other
rating agencies have incorporated ERM into their business models.
• Companies can minimize the personal liability of board mem-
bers and risk of criminal charges against executives for failure to
act responsibly in making Sarbanes– Oxley quarterly certications
against fraud.
• Companies can meet regulators’ expectations leveraging ERM and
in turn minimize incremental compliance costs that can negatively
impact the bottom line.
Finally, we’d like to share some relevant statistics on benets derived
from utilizing GRC as a risk framework from the Aberdeen study refer-
enced earlier in the chapter.
15
is study reveals that top- performing com-
panies that leverage the GRC framework experienced a 34% reduction in
risk value and a 23% reduction in compliance- related costs over a two- year
period. ose who lag in the use of GRC are much more likely than best-
in- class companies to lose money on compliance investment, while best- in-
class GRC companies are much more likely to obtain a positive ROI from
their compliance initiatives. And best- in- class GRC companies are 54%
more likely than their competitors to systematically evaluate business pro-
cesses for compliance and 29% more likely than their competitors to con-
duct quantied risk assessments. ese are compelling statistics.
Emerging Risk Management Frameworks for Success • 183
CONCLUDING THOUGHTS
Part of the reason for discussing risk frameworks and taxonomies is to
illustrate the evolving nature of SCRM into a bona de business discipline.
How else can we tell that SCRM is evolving into a legitimate discipline?
Research organizations are developing supply chain risk frameworks and
taxonomies and supporting these with research and metrics of success;
academic organizations are starting to teach the concepts and providing
additional research; and standards organizations are codifying standards
around terms, denitions, processes, protocols, and measures of success.
Furthermore, large consulting rms are writing white papers on supply
chain risk management as Fortune 500 companies are executing those
concepts to mitigate and even prevent supply chain risk. When this all
occurs each and every day, it is safe to conclude that this thing called sup-
ply chain risk management just might be the real deal.
Summary of Key Points
• Frameworks provide a frame of reference for disciplines to operate
successfully, whether in operations, nance, distribution, banking,
or academia.
• ERM is a management framework that is critical to the success of
SCRM. It can be leveraged to support the identication, assessment,
mitigation, and management of strategic, tactical, and operational risks.
• GRC is another framework being embraced by many organizations
to support SCRM initiatives. is framework should be considered
an overarching approach to managing enterprise risk.
• e ISO organization and standards have been around since the
1940s. It’s encouraging when a standards organization, made up of
professionals from around the globe, begins to embrace a concept
such as SCRM with new standards for terminology, best practices,
security, and resiliency.
• A risk taxonomy is the practice and science of naming, classifying,
and dening relationships between resources, risks, goals, and busi-
ness processes within an enterprise. Without risk taxonomies or a
risk breakdown structure or operational risk event classication, it is
dicult to compare dierent types of risks across the enterprise. is
critical, yet sometimes neglected, success factor to SCRM provides a
184 • Supply Chain Risk Management: An Emerging Discipline
common set of standards or a methodology to manage relationships
between dierent types of data and risks.
• Bottom- line benets, including hard and so ROIs demonstrate dra-
matically why organizations embrace risk frameworks to ensure a
successful risk management journey.
ENDNOTES
1. Accessed from Webster’s Dictionary.
2. Accessed from APICS Dictionary.
3. Accessed from Enterprise Risk Management—Integrated Framework. 2004. http://
www.coso.org/ documents/ coso_erm_executivesummary.pdf.
4. Teach, Edward. “e Upside of ERM.” CFO, November 2013: 44.
5. Accessed from SCOR, e Supply Chain Council, https://supply- chain.org.
6. Accessed from Husdal SCRM Blog, http://www.husdal.com/2010/11/04/iso-28002-
supply- chain- resilience/, 2013.
7. Lamm, Blount. “Under Control: Governance across the Enterprise.” Accessed from
http://www.amazon.com/2013.
8. Aberdeen Group. “Eective GRC Management: Strategies for Mitigating Risks and
Sustaining Growth in a Tough Economy Report.” May 2012.
9. Aberdeen Group, May 2012.
10. As cited in Aberdeen Group, May 2012.
11. Daniels, Yanika, and Timothy Kenny. May 2008. “Leveraging Risk Management
in the Sales & Operations Planning Process.” Submitted for MS of Engineering in
Logistics, Massachusetts Institute of Technology Engineering School, Certied by
Dr.Larry Lapide.
12. Sleeping Better with ERM. RIMS Magazine, 60, 7 (September 2013): 18-9.
13. Brewer, Curtis, Director of Forecasting for Bayer Crop Sciences. “Injecting Risk
Management into the S&OP Process.” IBF Conference, 2011.
14. Accessed from AON Risk Maturity Index Insight Report, November 2013.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.