Supply Chain Risk Management 5 th September 2013 Victoria Bales Strategic Risk Practice.

Supply Chain Risk Management

5th September 2013

Victoria BalesStrategic Risk Practice

2

• Supply chain: what is it?• Supply chain risks• What does good look like?• Tips and tools• Summary and questions • Supply chain exercise

3

What does supply chain mean to you?

Different things to different businesses?

Is it all one-way? Are customers/service users included?

What constitutes a supply chain failure?

Where are you in the chain?

How far down the chain should we look?

Context

• Pressures on businesses and service providers– Save money, add value, be green, be ethical……– Dual sourcing; Asset sharing; Outsourcing; Rapid manufacture

• Supply chain becoming more complex– Fewer and larger key suppliers– More sub-tier suppliers– More single points of failure– Changing risk environment

• Lack of research into how companies respond to supply chain risk incidents: no easy fix

4

What does this mean for you?

Key suppliers becoming fewer and larger

Fewer options More dependence

Less visibilityVS

Broader skill baseMore resources

Key suppliers have more influence More or less resilience?

5

6

What are the risks?

Research has revealed thatfirms recorded at least one supply chain disruption in 2012, with service failures by outsourcers one of the top three causes after IT telecoms failure and adverse weather *

*http://www.thebci.org

three in four

7

Also…

• IT/telecoms outages

• Adverse weather and natural disasters

• Loss of people (illness) (and key skills)

• Transport disruption

• Financial stability/currency volatility

• School/childcare closures

• Information

• Ethics

• Social media: scrutiny, commentary, disinformation etc.

• Corporate Social Responsibility

• Your key suppliers may be facing the same risks you are!

Emerging Global Risks

• Space Junk

• Synergy of Threats

8

What are the consequences?

• Complex supply chain = more impact of disruption

• Fewer/larger key suppliers = more impact of disruption

• Increased reliance on extended supply chain: loss of visibility and accountability

9

Financial: recovery costs; litigation; share value, compensation

Reputation

Damage

Service disruptionLoss of footfallCompetitive edgeRecruitment….

What does an efficient supply chain look like?

• Adds most value

• Incurs least cost

• Spreads risk

• Provides solutions

• Offers resilience

• A warm comfy feeling inside… (assurance!)

• Who does it well?

10

11

Case study: what went well

Project X

•43,000 contracts placed through the whole supply chain

•Engagement with industry and key stakeholders formally and informally at the earliest opportunity

•Over £640 million of supplier risk was either removed or mitigated from the programme.

•Forty-three supplier insolvencies were avoided with zero impact

•Though 11 insolvencies were realised, their impact was minimised and managed through decisive early actions

12

What went less well…

Project Y

•£284 million contract

•Two weeks before delivery date, a major staffing shortfall was admitted

•3,500 contingency staff drafted in

•“a humiliating shambles”

•Two directors resigned

•Who was to blame?

Response is everything

Brand X

• Full range of ready meals withdrawn as a precaution

• This is unacceptable

• Apology, reassurance and information

• “We will buy more British beef”

Brand Y

• One product withdrawn from shelves

• This is a labelling issue

• Your health isn’t at risk

• Product still featured on front page of website

13

Case Studies

• What do the following have in common?

• Baroness Scotland

• Suffolk Nailbar

• Primark

• The Home Office

• China Diner Lowestoft

• So what?

14

Ethical Supply Chains

• How important is Corporate Social Responsibility to you?

• Does your company have a CSR policy or statement?– If so, does it cover supply chain?

• How important is it to your key suppliers?

• What could go wrong?

• Every point of contact has some impact or influence on someone– How serious would it be?

• What is universally ethical? Cultural differences and expectations

15

Information Governance

• What constitutes an “incident”?

• Large gaming network: 77 million accounts hacked: 12 million had unencrypted credit card details

• What are the penalties – and who for? – Who is handling information on behalf of you and your

customers?

16

Risk mitigation

• Risk assessment

• Crisis management: not every risk can be eliminated

• Stronger relationships with suppliers

• Robust procurement processes

• Assurance checks

• Horizon scanning – long view required

• Early warning systems 17

Supply Chain Analysis/Risk Map

• Not in isolation: do in conjunction with your key partners

• Take a reasonably long view of risk

• What are your assurances and how are they monitored?

18

19

• Rbus

Contractual deliveryProcurement through frameworksAlternative providers

?

2020

Customer

This is, of course, how not to do it!

Early Warning Signals

• Supplier grouping: common characteristics who might show similar “symptoms”– Category; industry; geography; size; etc

• Brainstorm a list of distress signals

• Lessons learnt: failure or near miss incident. What signals were exhibited? Were they recognised? Acted upon? Future changes

• Build a timeline: what was displayed before failure/near miss

21

Indicator/Signal Review

Indicator Change of CEONegative publicity

Change of CEONegative publicity

Negative publicity

Audit report

Timeline One month before

Two months before

Three months before

Four months before

Five months before

Signal exhibited?

Yes Yes No No No

Signal on our list?

No Yes Yes No No

22

Supplier Failure/Near Miss Incident

23

Summary

1. Establish what supply chain means to you:– Who, what, how, when, why, where

2. Establish criticality:– How big? How much? How often?– What are the tolerances for disruption?

3. Analyse, assess and map: – Risk assessment and mitigations– Assurances

4. Early warning signs:– And lessons learnt

5. Incident management:– If/when it goes wrong

More information

• The Business Continuity Institute Supply Chain Resiliencehttp://www.thebci.org/index.php/supply-chain-resilience-survey-2012

• Zurich Supply Chain Risk Insightshttp://www.supplychainriskinsights.com

• World Economic Forum Global Risks http://reports.weforum.org/global-risks-2013/

• Chartered Management Institute 2013 Business Continuity Management Surveyhttp://www.managers.org.uk/bcm2013

• BSI Standards PD25222:2011 Guidance on Supply Chain Continuitywww.bsigroup.co.uk

24

Thank You

Any Questions?

Victoria.bales@uk.zurich.com

25

Supply Chain Exercise

Objectives:

To identify key suppliers and dependencies

Assess impact and interest

Risk assess where necessary

Identify mitigating actions

26

Supply Chain Map

27

Stakeholder Analysis

28

29

Low Supply/market complexity (risk) High

Low

Bu

sin

ess

Im

pact

Hig

h

Risk Identification

• Now take one example of a supplier with high interest and/or impact on your matrix

• What do they provide/deliver and how?

• What are the risks to this? Strategic/Operational– A risk = a barrier to achieving objectives

E.G:

• Failure to deliver: causes and impacts

• Financial failure

• Risk to your reputation

• Breach of regulations (H&S etc)

• Exposure to litigation

• Ask them for their risks….?!

30

Risk Identification

31

Geographical

Financial/Economic

Political

Regulatory Climate/

Environmental

Competitive Transport

Managerial/

Professional

Financial Legal Partnership/Contractual

Physical

Technological

Risk Assessment and Prioritisation

32

1

Li

kelih

ood

6

1 Impact 4 1 Impact 4

1

Likelih

ood

6

Risks Identified

Mitigating Actions

• What actions are possible/necessary to mitigate?

• Who is responsible?

• How will you check?

• What assurances do you have?

33

Supplier

34