Supply Chain Risk Management
5th September 2013
Victoria BalesStrategic Risk Practice
2
• Supply chain: what is it?• Supply chain risks• What does good look like?• Tips and tools• Summary and questions • Supply chain exercise
3
What does supply chain mean to you?
Different things to different businesses?
Is it all one-way? Are customers/service users included?
What constitutes a supply chain failure?
Where are you in the chain?
How far down the chain should we look?
Context
• Pressures on businesses and service providers– Save money, add value, be green, be ethical……– Dual sourcing; Asset sharing; Outsourcing; Rapid manufacture
• Supply chain becoming more complex– Fewer and larger key suppliers– More sub-tier suppliers– More single points of failure– Changing risk environment
• Lack of research into how companies respond to supply chain risk incidents: no easy fix
4
What does this mean for you?
Key suppliers becoming fewer and larger
Fewer options More dependence
Less visibilityVS
Broader skill baseMore resources
Key suppliers have more influence More or less resilience?
5
6
What are the risks?
Research has revealed thatfirms recorded at least one supply chain disruption in 2012, with service failures by outsourcers one of the top three causes after IT telecoms failure and adverse weather *
*http://www.thebci.org
three in four
7
Also…
• IT/telecoms outages
• Adverse weather and natural disasters
• Loss of people (illness) (and key skills)
• Transport disruption
• Financial stability/currency volatility
• School/childcare closures
• Information
• Ethics
• Social media: scrutiny, commentary, disinformation etc.
• Corporate Social Responsibility
• Your key suppliers may be facing the same risks you are!
Emerging Global Risks
• Space Junk
• Synergy of Threats
8
What are the consequences?
• Complex supply chain = more impact of disruption
• Fewer/larger key suppliers = more impact of disruption
• Increased reliance on extended supply chain: loss of visibility and accountability
9
Financial: recovery costs; litigation; share value, compensation
Reputation
Damage
Service disruptionLoss of footfallCompetitive edgeRecruitment….
What does an efficient supply chain look like?
• Adds most value
• Incurs least cost
• Spreads risk
• Provides solutions
• Offers resilience
• A warm comfy feeling inside… (assurance!)
• Who does it well?
10
11
Case study: what went well
Project X
•43,000 contracts placed through the whole supply chain
•Engagement with industry and key stakeholders formally and informally at the earliest opportunity
•Over £640 million of supplier risk was either removed or mitigated from the programme.
•Forty-three supplier insolvencies were avoided with zero impact
•Though 11 insolvencies were realised, their impact was minimised and managed through decisive early actions
12
What went less well…
Project Y
•£284 million contract
•Two weeks before delivery date, a major staffing shortfall was admitted
•3,500 contingency staff drafted in
•“a humiliating shambles”
•Two directors resigned
•Who was to blame?
Response is everything
Brand X
• Full range of ready meals withdrawn as a precaution
• This is unacceptable
• Apology, reassurance and information
• “We will buy more British beef”
Brand Y
• One product withdrawn from shelves
• This is a labelling issue
• Your health isn’t at risk
• Product still featured on front page of website
13
Case Studies
• What do the following have in common?
• Baroness Scotland
• Suffolk Nailbar
• Primark
• The Home Office
• China Diner Lowestoft
• So what?
14
Ethical Supply Chains
• How important is Corporate Social Responsibility to you?
• Does your company have a CSR policy or statement?– If so, does it cover supply chain?
• How important is it to your key suppliers?
• What could go wrong?
• Every point of contact has some impact or influence on someone– How serious would it be?
• What is universally ethical? Cultural differences and expectations
15
Information Governance
• What constitutes an “incident”?
• Large gaming network: 77 million accounts hacked: 12 million had unencrypted credit card details
• What are the penalties – and who for? – Who is handling information on behalf of you and your
customers?
16
Risk mitigation
• Risk assessment
• Crisis management: not every risk can be eliminated
• Stronger relationships with suppliers
• Robust procurement processes
• Assurance checks
• Horizon scanning – long view required
• Early warning systems 17
Supply Chain Analysis/Risk Map
• Not in isolation: do in conjunction with your key partners
• Take a reasonably long view of risk
• What are your assurances and how are they monitored?
18
19
• Rbus
Contractual deliveryProcurement through frameworksAlternative providers
?
2020
Customer
This is, of course, how not to do it!
Early Warning Signals
• Supplier grouping: common characteristics who might show similar “symptoms”– Category; industry; geography; size; etc
• Brainstorm a list of distress signals
• Lessons learnt: failure or near miss incident. What signals were exhibited? Were they recognised? Acted upon? Future changes
• Build a timeline: what was displayed before failure/near miss
21
Indicator/Signal Review
Indicator Change of CEONegative publicity
Change of CEONegative publicity
Negative publicity
Audit report
Timeline One month before
Two months before
Three months before
Four months before
Five months before
Signal exhibited?
Yes Yes No No No
Signal on our list?
No Yes Yes No No
22
Supplier Failure/Near Miss Incident
23
Summary
1. Establish what supply chain means to you:– Who, what, how, when, why, where
2. Establish criticality:– How big? How much? How often?– What are the tolerances for disruption?
3. Analyse, assess and map: – Risk assessment and mitigations– Assurances
4. Early warning signs:– And lessons learnt
5. Incident management:– If/when it goes wrong
More information
• The Business Continuity Institute Supply Chain Resiliencehttp://www.thebci.org/index.php/supply-chain-resilience-survey-2012
• Zurich Supply Chain Risk Insightshttp://www.supplychainriskinsights.com
• World Economic Forum Global Risks http://reports.weforum.org/global-risks-2013/
• Chartered Management Institute 2013 Business Continuity Management Surveyhttp://www.managers.org.uk/bcm2013
• BSI Standards PD25222:2011 Guidance on Supply Chain Continuitywww.bsigroup.co.uk
24
Supply Chain Exercise
Objectives:
To identify key suppliers and dependencies
Assess impact and interest
Risk assess where necessary
Identify mitigating actions
26
Supply Chain Map
27
Stakeholder Analysis
28
29
Low Supply/market complexity (risk) High
Low
Bu
sin
ess
Im
pact
Hig
h
Risk Identification
• Now take one example of a supplier with high interest and/or impact on your matrix
• What do they provide/deliver and how?
• What are the risks to this? Strategic/Operational– A risk = a barrier to achieving objectives
E.G:
• Failure to deliver: causes and impacts
• Financial failure
• Risk to your reputation
• Breach of regulations (H&S etc)
• Exposure to litigation
• Ask them for their risks….?!
30
Risk Identification
31
Geographical
Financial/Economic
Political
Regulatory Climate/
Environmental
Competitive Transport
Managerial/
Professional
Financial Legal Partnership/Contractual
Physical
Technological
Risk Assessment and Prioritisation
32
1
Li
kelih
ood
6
1 Impact 4 1 Impact 4
1
Likelih
ood
6
Risks Identified
Mitigating Actions
• What actions are possible/necessary to mitigate?
• Who is responsible?
• How will you check?
• What assurances do you have?
33
Supplier
34