272 • Supply Chain Risk Management: An Emerging Discipline
An assessment of IBM’s current state revealed that while some risks
guidelines and processes were in place, risk assessment was largely a man-
ual, and at times overly subjective, process. What constituted high risk to
one individual or team might really be construed as medium risk to another.
Furthermore, the approach to collecting data to support risk assessments
was not especially rigorous.
e company searched the marketplace to identify commercially avail-
able solutions to evaluate suppliers in terms of nancial risk, operational
excellence, and product integrity. Aer six months the IBM team con-
cluded that no comprehensive tool was available to satisfy its requirements.
While many tools considered some aspect of what IBM was looking for,
none brought everything together in a comprehensive way.
What do you do aer searching the market and nding that no com-
mercially viable approach is available to t your needs? IBM determined
it would be better o developing a tool internally supported by existing
IBM products, including its Cognos analytics tool and ILOG event man-
agement capabilities. e resulting Total Risk Assessment (TRA) soware
tool provides automated alerts to commodity managers, purchasers, and
others at IBM about potential risks in the supply chain. It also includes
complex algorithms to quantitatively evaluate risk.
IBM’s Risk Management Tool
IBM’s primary goal when developing the TRA soware was to have the
ability to assess risk systematically to become more predictive and less
reactive. is tool incorporates data from an existing IBM database that
tracks supplier nancial data and status, uses a third- party data source
that provides information on worldwide news and events, and receives
inputs from IBM procurement managers and others as they provide
responses to a set of structured questions. It is also driven by periodic
assessments of all suppliers and leverages many of IBM’s in- house predic-
tive analytic engines to calculate probabilities of risk occurrences, deter-
mine the likelihoods of events, and develop alert dashboards.
e risk management tool provides a comprehensive risk assessment
and ongoing mitigation approach to protect against loss of revenue and
prots by minimizing the likelihood and severity of supply chain dis-
ruptions. e tool manages and updates 13 categories of risk across ve
elements: country, hub, supplier, supplier site, and commodity. All new
suppliers are assessed through this tool prior to awarding business with
Learning from Risk Management Leaders • 273
higher- risk suppliers encouraged to develop risk mitigation plans before
receiving material approval.
e proprietary algorithms used to calculate risk scores from the inputs
coming into the system are critical to this tool’s success. e TRA tool pro-
vides a numeric score and graphically represents dierent risk categories
as being low, medium, or high risk, thereby providing guidance to supply
managers who must develop contingency or risk management strategies
appropriate to those ratings. e tool provides a wide range of functionality:
• Catalogs full supplier risk exposure across multiple commodities
• Performs probability- based risk assessments
• Develops roadmap guides for risk mitigation strategies for execu-
tive approval
• Establishes control limits for each risk element
• Highlights new business processes and risk escalation pathways
• Monitors global risks against specied “risk appetite” corporate
thresholds
• Updates and provides feedback to executives as risk exposures elevate
• Supports the Supply Commodity Councils as crisis situations occur
Constructing the databases to support this tool had an early benet.
When an earthquake and subsequent tsunami struck Japan, IBM was able
to identify within hours the supplier sites that might be at risk from among
hundreds of its Asian suppliers. Other companies required days and even
weeks to arrive at a complete picture of their risk exposure. Linking the
TRA system to another system that tracks on- hand inventory allowed
IBM to secure supply from aected areas faster than competitors, provid-
ing IBM with uninterrupted supply to customers.
IBM has noted several initial benets from its homegrown solution.
Some of these benets include the tool’s ability to uncover multiple risks,
assess the likelihood and impact of those risks, and address those risks with
formal mitigation plans. e tools also provides a consistent risk man-
agement approach across all brands and commodities and provides the
executive team with trends and patterns that have been revealed through
systematic risk analysis.
A decade from now there will be an impressive number of risk man-
agement tools commercially available. Today, however, is a dierent story.
Progressive companies like IBM realize they can’t wait for the day when
commercially available tools arrive. e time to act is now.
274 • Supply Chain Risk Management: An Emerging Discipline
USING SUPPLY CHAIN MAPPING
TO MANAGE RISK AT CISCO
An emerging risk management technique focuses on mapping the nodes
within a company’s supply chains (refer to Chapter12 for a discussion of
supply chain mapping). ese nodes include production sites, warehouses
and distribution centers, contract manufacturers, suppliers, and custom-
ers. Frankly, there is no shortage of nodes and entities across a complex
supply chain. One leading- edge approach connects these nodes within a
map with lines that indicate product volume and total price or margin, and
then superimposes these with a risk index on every connection. Various
tools support the calculation of the risk index, including failure modes
and eects analysis (FMEA), Time- to- Recovery (T- t-R) metrics, and a
Resiliency Index. Some approaches use red, yellow, or green symbols to
indicate high, medium, or low risk. e resulting map, when constructed
properly, produces a compelling picture.
e next step in this process involves a detailed look at the high- risk
connections with the development of risk mitigation plans. However,
leading companies don’t stop there. Cisco, a leading producer of network-
ing equipment, has taken its mapping process to an entirely new level. is
next level integrates worldwide threats (weather, political, hazards, etc.)
and superimposes any threats continuously on the map using data from
companies such as NC4. Many risk management leaders, including Cisco,
Bayer Crop Science, and Flextronics utilize supply chain maps and these
24/7 threat events to drive their tactical and operational risk discussions.
Here is an example of how Cisco utilizes this approach. In May 2008,
Chengdu, China, experienced a magnitude 7.9 earthquake. Cisco con-
ducted a full impact analysis that evaluated supplier sites, parts, and prod-
ucts in the Cisco supply chain. Within a day of the event, assessments
revealed that Cisco had 20 suppliers in the aected area. Within two days
of the quake, Cisco’s SCRM Group initiated a crisis survey forwarded to
the supplier’s emergency contacts.
As a result of these eorts, two suppliers were identied as at- risk. e
rst supplier, a single- source supplier, represented a signicant revenue
risk to Cisco. is supplier was already agged for review due to the risks
associated with using a single source. In fact, Cisco had already qualied a
second source. e second supplier was smaller in revenue risk but expe-
rienced signicant damage to its facility. Cisco sent its Crisis Management
Learning from Risk Management Leaders • 275
Team to help the supplier recover from the physical damage. e result
was a faster Time- to- Recovery (T- t-R) compared with competitors. When
each day means millions of dollars in lost revenues, taking risk manage-
ment to a higher level means being faster and better than competitors.
And at Cisco, that means taking an approach such as supply chain map-
ping and extending its functionality to support real- time threat visibility
and risk response.
SURVIVING A NEAR- DEATH EXPERIENCE AT DELPHI
A company that can see its own demise coming tends to view the need
for change a bit dierently than a company that is looking at a secure
future. Even before the 2008 nancial meltdown, Delphi, a major rst- tier
supplier to the automotive industry, knew it was in trouble as it led for
bankruptcy protection in 2005. is company became familiar with just
about every category of risk.
Delphi is a dierent company today aer roaring back from bankruptcy.
At a corporate level, Delphi’s return on invested capital (ROIC) is now
34% compared with an 18% industry average. Prots are stronger and are
now the expectation rather than the exception. As Delphi’s CEO explains,
“ere is no commodity here. We physically monitor every piece of busi-
ness we book to make sure it is equal to or better that what we have today.
If the order doesn’t raise the return on invested capital, then we probably
aren’t going to do it.”
4
e company now enjoys the luxury of evaluating
the eect of new orders on its ROIC measure to determine whether an
order is worth accepting. You know things are better when you can pick
and choose what business you want to pursue.
As part of its restructuring eort, Delphi reduced its product lines from
119 to 33, reduced its technical centers from 33 to 15 worldwide, and cut
its workforce from 185,200 to 118,000. And the company now focuses on
higher- margin, innovative products, particularly in a product segment it
calls “active safety.” It has also reduced its dependence on General Motors,
which made up 54% of Delphi’s sales in 2004 compared with 23% currently.
As part of its broad approach to reinventing itself, Delphi has become
a leader in total cost modeling.
5
(Recall from Chapter13 the importance
of total cost analysis when managing risk.) e need to accurately under-
stand the total cost of doing business with suppliers that are located all
276 • Supply Chain Risk Management: An Emerging Discipline
over the world is probably on every manager’s wish list. Delphi’s Cost
Management group (a function within Supply Management) took the ini-
tiative to develop a desktop tool that is user friendly, requires few manual
inputs, and has reduced the time required to estimate the total cost of buy-
ing a part from ve days to several minutes. And perhaps best of all, the
training required to use the tool takes only 40 minutes. is is important
because there is a clear relationship between the complexity of a system
and internal acceptance of that system.
e Cost Management group worked with logistics, manufactur-
ing, engineering, and R&D when developing the model. Development
required collecting information about transportation and logistics costs,
capital costs, and currency and risk issues. An important part of any total
cost model is the identication of the relevant costs that will populate
the model. Perhaps most importantly, the development team took almost
18months to validate the model’s accuracy, primarily by subjecting it to
real- life sourcing scenarios. (Recall from Chapter13 our discussion of
the importance of measurement validity.) e tool is accepted internally
because it replaced a much more cumbersome system and has demon-
strated itself to be accurate and reliable.
e risk of a near- death experience resulted in dramatic changes at
Delphi. ese changes clearly aected how the company looks at and
responds to risk. Like many companies, Delphi realizes that a proactive
approach to risk management means not having to wait for someone else
to develop the tools and techniques required to be an industry leader.
MANAGING STRATEGIC RISK THROUGH
COLLABORATIVE COST MANAGEMENT
Few would argue that the future of defense contractors is a bit bleak. With
budget constraints aecting every Western country, this segment of the
economy clearly faces strategic risks. is case highlights one defense con-
tractor’s eorts at developing a collaborative approach to managing costs.
6
e cost management process featured here moves beyond anything pre-
viously developed at this company and combines elements of value analy-
sis, value stream mapping, project management, total cost management,
Six Sigma, innovation management, early supplier involvement, and risk
management into a coherent cost management process.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.