Supply Chain Risk Management Ken Lawlis Supply Chain/Project Management Professional.

Supply Chain Risk Management

Ken LawlisSupply Chain/Project Management

Professional

2

Agenda

1. Introduction2. University of Bath Video – Supply Chain Risk Management (duration 4:38)3. Canadian Professional Logistics Institute – Risk and Resilience Conference 4. Threat, Vulnerability, Risk & Resilience – Defined 5. Practical Guide to Risk Management (PwC) 6. Kirov’s Supply Chain Risk Register – Overview7. Kirov’s Tools for Risk Assessment8. From Risk to Resilience – Deloitte’s Model for Identifying, Assessing and

Mitigating Supply Chain Risk9. Conclusions - Tom Teixeira, Supply Chain Risk in a Global Economy (duration 4:19)10. Suggested/Further Reading

2015-06-24

3

INTRO – Biographical Data – Ken Lawlis

• 40 years in Supply Chain Management (Coca-Cola, National Grocers/Loblaws, CSC, PSC, AARLIS Consulting Inc., CIHI – have returned to private consulting

• Most of my career has been focussed on Public Safety• Masters candidate in IPIS – (sponsored by Department of Civil and Environmental Engineering

and the Norman Paterson School of International Affairs at Carleton University)• PMP• MCPM – Masters Certificate in Project Management• P.Log.• Member of: APICS, Canadian Professional Logistics Institute, PMI, Project Management

Association of Canada (PMAC), Canadian Public Procurement Council, Canadian Advanced Technology Alliance (CATA) – Cyber Crime Cyber Terrorism Working Group

• Graduate Studies in the MA program in Public Policy & Administration• BA (Hons) Political Science – focus: Economics and International Affairs• Executive training – Queen’s University, Carleton University, the Canadian Professional

Logistics Institute, Public Works and Government Services Canada (Procurement, EDP Project Management, Negotiations, Strategic Planning)

2015-06-24

4

Supply Chain Risk Management Video

https://youtu.be/cq1PL1eo4ZUProfessor Brian Squire, Information, Decision and Operations Group, Supply Chain Risk Management – University of Bath – September 6, 2013 – duration 4:38

2015-06-24

https://youtu.be/cq1PL1eo4ZU

5

National Conference on Supply Chain Risk and ResilienceThe Logistics Institute – April 16, 2015

2015-06-24

6


2015-06-24

7


2015-06-24

8


2015-06-24

9


2015-06-24

10

Presentation Materials

• The presentation materials from the Canadian Professional Logistics Institute’s April 16, 2015 Conference on Supply Chain Risk & Resilience may be accessed at:

http://www.loginstitute.ca/event-risk-and-resilience-conference.html

2015-06-24



11

Threat

The presence of a hazard and an exposure pathway - threats may be natural or human-induced, either accidental or intentional (source: Federal Emergency Response Plan (2009) – Public Safety Canada)

2015-06-24

12

Vulnerability

A characteristic or attribute of an asset which renders it susceptible to the effects of an incident. Vulnerability informs both the likelihood and consequences of an incident (source: Risk Management Guide for Critical Infrastructure Sectors, Public Safety Canada)

2015-06-24

13

What is Risk?

Risk refers to the uncertainty that surrounds future incidents and outcomes. It is a function of the likelihood and consequences of an incident – the higher likelihood and/or the greater the consequences, the greater the risk (source: TBS Integrated Risk Management Framework)

2015-06-24

14

Risk Management

…is systematically setting the best course of action under uncertainty by identifying, assessing, understanding, acting on and communicating risk issues (source: TBS Integrated Risk Management Framework)

2015-06-24

15

Resiliency

Resilience is seen as the ability to accommodate abnormal threats and events, be they terrorist attacks, or perturbations from climate change, or natural disasters such as earthquakes or floods, or economic shocks. Most definitions, particularly those involving individuals, communities and organizations also refer to identifying, assessing and communicating the risk from such threats and events.

http://torrensresilience.org/resilience-and-risk2015-06-24

http://torrensresilience.org/resilience-and-risk



16

Risk & ResiliencyThe traditional definition of risk is a measure that reflects the probability and the magnitude of an adverse effect. More recently a broader and more balanced definition has been adopted by the risk management community which recognizes that individuals and organizations take risk to achieve potential benefits. Individuals, communities and organizations which are prepared and ready for an abnormal event, tend to be more resilient. Understanding the probability and the magnitude of potential threats enables an organization to make decisions on how best to reduce the probability and/or impact of such threats, to transfer the risk by taking out adequate insurance, or indeed to do nothing and be ready to accept the potential consequences.


2015-06-24



17

Risk MitigationIt will never be possible to completely remove the probability of a disruptive event. Supply Chain leaders are expected to have processes which aim to identify, analyse and evaluate risks and through consultation, agree upon levels of residual and tolerable risk, and to take decisions on mitigating the risks.

If risk mitigation is conducted in a formal and open manner, organizations are much more willing to accept the consequences of a disruptive event as people are then aware that all reasonable action was taken to reduce the probability and/or impact. In such circumstances, businesses/organizations will more readily recover and return to normality. They are more resilient.


2015-06-24




18

Simple Graphical Representation of Resilience

2015-06-24

19

PwC Risk Response Strategies

2015-06-24

Figure 6. Risk response strategies

High

M e d

L ow

Low Med High

Likelihood

Imp

act

Avo id

R educe a n d /o r share

A cc e p t

20

Risk Assessment Methodology

2015-06-24

21

Kirov’s Risk Register Acknowledgement

• Krasimir Kirov holds a Master Degree in Industrial Management and is a Certified Supply Chain Professional (CSCP) and member of APICS. He is a certified Lean Six Sigma Black Belt and certified in Sales and Operations Planning by the S & Op Institute. His book, entitled: Supply Chain Risk Management: Minimize Disruptions, Reduce Risk and Make Your Supply Chain Resilient is a great read. The risk register that follows was provided gratis to those who purchased his book, along with a wide variety of tools to characterize, identify and mitigate SC risk.

2015-06-24

22

Kirov’s Risk RegisterExternal, End to End Supply Chain Risks

1. Natural Disasters• Epidemics• Earthquakes• Tsunamis• Volcanoes• Weather disasters (hurricanes, tornados,

storms, blizzards, floods, droughts)

2015-06-24

23


2. Accidents• Fires• Explosions• Structural failures• Hazardous spills

2015-06-24

24


3. Sabotage, Terrorism, Crime, and War• Computer attacks• Product tampering• Intellectual theft• Physical theft• Bombings• Biological and chemical weapons• Blockades2015-06-24

25


4. Government Compliance and Political Uncertainty• Taxes, customs, and other regulations• Compliance issues• Regulatory financial reporting (e.g., Sarbanes-

Oxley)• Operations• Logistics / Trade• Regulatory Approvals - Marketing Approvals

2015-06-24

26


4. Government Compliance and Political Uncertainty• Public Health• Environmental requirements• Trade restrictions (e.g., Buy American Act)• Regulatory Audit history• Currency fluctuations• Political unrest• Boycotts

2015-06-24

27


5. Labour Unavailability and Shortage of Skills• Availability• Quality• Cost• Unrest• Strikes and slowdowns

2015-06-24

28


6. Industry-wide (i.e., Market) Challenges• Capacity constraints• Unstable prices• Lack of competition• Entry barriers• Capital requirements• Specific assets

2015-06-24

29


6. Industry-wide (i.e., Market) Challenges• Process patents• Shrinking industry• Low supplier profitability• Certification• Cost trends• Recessions/Inflation

2015-06-24

30


7. Lawsuits• Environmental• Health and safety• Intellectual property

2015-06-24

31


8. Technological Trends• Emerging technologies (pace/direction)• Obsolescence• Other technological uncertainty

2015-06-24

32

Kirov’s Risk RegisterSupplier Risks: External, Contract Manufacturers

or Internal Business Unit

1. Physical and Regulatory Risks• Key Suppliers Located in High Risk Areas• Material Unavailability/Poor Planning

– Raw materials– Other materials

• Legal Noncompliance / Ethical practices– Labour practices– Safety practices & performance– Environmental practices– History & outcomes of lawsuits– Tax practices

2015-06-24

33



1. Physical and Regulatory Risks• Regulatory Noncompliance

– Customs/trade– Security clearance requirements– History & outcomes of regulatory audits– Regulatory certification requirements (e.g., Food &

Drug Administration, Federal Aviation Administration)– Critical disclosure – International Traffic & Arms

Regulations

2015-06-24

34



2. Production Problems• Capacity

– Too little, too much, or diminishing– Order and shipping times– Out of stock (i.e., no/low inventory)– Performance history, equipment age & downtime

(manufacturing & testing equipment)– Repair cycle time

2015-06-24

35



2. Production Problems• Inflexible Production Capabilities (Long setup

times)• Technological Inadequacies or Failures

– Incompatible information systems– Slow adoption of new technology

2015-06-24

36



2. Production Problems• Poor Quality

– Defects / contamination in manufactured product– Mislabeling of items– Lack of training or knowledge

• Lead Times– Backlogs– Unresponsive– Unreliable– Variable

2015-06-24

37



3. Financial Losses and Premiums• Degree of Competition/Profitability

– Downstream integration or too much competition– Little/no competition - sole source– Mergers & Acquisitions

• Financial Viability– Inability to sustain in a downturn– Bankruptcy– Withdrawal from the market

2015-06-24

38



4. Management Risks• Inadequate Risk Management Planning

– Lack of business continuity plans– Lack of requirements for supplier's supplier business

continuity plans• Management Quality

– High turnover– Dishonesty– Poor labour relations– Poor metric scorecards

2015-06-24

39



4. Management Risks• Substituting inferior or illegal materials/parts

– Failing to perform required treatments/tests– Submitting inaccurate/false invoices

• Lack of Continuous Improvement– Unwillingness– Cost escalation– Opaque processes– Opportunistic behavior

2015-06-24

40



4. Management Risks– Inflation of purchase costs

• Dependence on One or a Few Customer(s)• Poor Communication

– Internal– External– Transparency of data & operations

2015-06-24

41



5. Upstream Supply Risks(i.e., Subcontractors and their Subcontractors)• Any of the above external/supplier risks• Lack of visibility into subcontractors• No or poor relationships with subcontractors• Diminishing sources of supply• Transition “costs” for new suppliers

2015-06-24

42

Kirov’s Risk RegisterDistribution Risks/Disruptions:

Inbound or Outbound

1. Infrastructure Unavailability• Roads• Rails• Ports• Air capacity/availability

2015-06-24

43


Inbound or Outbound

2. Assets - Lack of Capacity or Accidents• Containers• Trucks• Rail cars• Ships• Airplanes

2015-06-24

44


Inbound or Outbound

3. Labor Unrest/Unavailability• Truck drivers• Rail operators• Longshoremen• Pilots

2015-06-24

45


Inbound or Outbound

4. Cargo Damage/Theft/Tampering• Physical damage• Theft and other security problems• Tracking the damage• Environmental controls (e.g., temperature,

humidity)

2015-06-24

46


Inbound or Outbound

5. Warehouse Inadequacies• Lack of capacity• Inaccessibility• Damage• Environmental controls (e.g., temperature,

humidity)• Lack of security

2015-06-24

47


Inbound or Outbound

6. IT System Inadequacies/Failures7. Long, Multi-Party Supply Pipelines• Increased chance of all problems above• Longer lead time

2015-06-24

48

Kirov’s Risk RegisterInternal Enterprise Risks

1. Operational Risk• Loss of Inventory (damage, obsolescence)• Equipment loss, mechanical failures• Process Issues

– Process reliability– Process robustness– Lead time variability– Inflexible Production Capabilities (long set up

times, etc.)2015-06-24

49


1. Operational Risk• Capacity• Too little, too much, or diminishing• Order and shipping times• Out of stock (i.e., no/low inventory)• Performance history, equipment age &

downtime (manufacturing & testing equipment)• Repair cycle time

2015-06-24

50


1. Operational Risk• Poor Quality• Defects in manufactured product• Failure to maintain equipment• Lack of training or knowledge• Environmental performance to permits / other

2015-06-24

51


2. Government Compliance and Political Uncertainty• Taxes, customs, and other regulations• Currency fluctuations• Political unrest• Boycotts

2015-06-24

52


3. Demand Variability/Volatility• Drawdown of the stockpile• Exceeding maintenance replacement rate• Shelf life expiration• Surges exceed production, repair, or

distribution• Shortfalls

2015-06-24

53


4. Personnel Availability/Skills Shortfalls• Sufficient number• Sufficient knowledge, skills, experience• Union contract expiry• High turnover rate

2015-06-24

54


5. Design Uncertainty• Changes to requirements• Lack of technical detail• Lack of verification of product• Changes to product configuration• Poor specifications• Reliability estimates of components• Access to technical data• Failure to meet design milestones• Design for supply chain (e.g., obsolescence, standardization,

and commonality)2015-06-24

55


6. Planning Failures• Forecast reliability/schedule availability• Planning data accuracy• Global visibility of plans & inventory positions• Competition/bid process• Acquisition strategy• Manufacturability of a design• Program maturity• Subcontracting agreements2015-06-24

56


7. Financial Uncertainty/Losses• Funding availability• Work scope/plan creep• Knowledge of supplier costs• Strategic risk

2015-06-24

57


8. Facility Unavailability/Unreliability/ Capacity• Facility breakdown• Mechanical failures• Sites located in high risk areas• Adequate capacity

2015-06-24

58


9. Testing Unavailability / Inferiority / Capacity• Unreliable test equipment• Operational test qualifications• Operational test schedule• Integration testing• Transition from first test to mass production

2015-06-24

59


10. Enterprise Underperformance/Lack of Value• Customer satisfaction/loyalty• Liability• Cost/profit• Customer demand• Uniqueness• Substitutability• Systems integration• Other application/product value2015-06-24

60


11. Supplier Relationship Management (SRM) Use• Contract/supplier management availability

and expertise• In-house SRM expertise• Lack of internal and external

communication/coordination• Supplier development and continuous

improvement

2015-06-24

61

Deloitte’s Risk Model

2015-06-24

62

Video - Conclusion

https://youtu.be/-zIyGpRar24Tom Teixeira, Supply Chain Risk in a Global Economy – Willis TV – November 18, 2013 – duration 4:19

2015-06-24

https://youtu.be/-zIyGpRar24

63

Suggested Reading/Bibliography

APICS. Dictionary 14th Edition, the Essential Supply Chain Reference, Chicago: APICS, 2013.

APICS. Certified Supply Chain Professional (CSCP) Learning System, 2012 version, Chicago: APICS, 2012.

CACI International Inc. (CACI) and the U.S. Naval Institute. Cyber Threats to National Security: Countering Challenges to the Global Supply Chain, A summary of personal remarks made by participants at the March 2, 2010 symposium.http://asymmetricthreat.net/docs/asymmetric_threat_4_paper.pdf, accessed March 23, 2015.

Canada, National Strategy for Critical Infrastructure, Her Majesty the Queen in Right of Canada, 2009.

Carleton University. Welcome to Big Data: Introducing Carleton University’s Institute for Data Science, personal notes and recollections of Ken Lawlis who attended Data Day as a Representative of the CATA Alliance and MIPIS, Data Day was held, April 1, 2015.

Committee of Sponsoring Organizations of the Treadway Commission (COSO), by Dr. Patchin Curtis and Mark Carey, Deloitte & Touche LLP, Thought Leadership in ERM, Risk Assessment in Practice, COSO: October 2012. https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Governance-Risk-Compliance/dttl-grc-riskassessmentinpractice.pdf

2015-06-24

https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Governance-Risk-Compliance/dttl-grc-riskassessmentinpractice.pdf




64


Deloitte Development LLC. Supply Chain Resilience: A Risk Intelligent Approach to Managing Global Supply Chains, New York: Deloitte Development LLC, 2012.

Department of Homeland Security website, http://www.dhs.gov/critical-infrastructure-sectors, accessed March 23, 2015.

Findlay, Valarie. Cyber-Threats, Terrorism and the Counter-Terror Model Research Study, University of St. Andrew’s, The Handa Centre for the Study of Terrorism and Political Violence, [email protected] / [email protected], May 2014.

Fernandez, Pascal. Supply Chain Collaboration Maturity - What Difference Does it Make? A presentation to APICS/Supply Chain Council on October 2, 2014.

IBM Global Technology Services. IBM Security Services 2014 Cyber Security Intelligence Index: Analysis of Cyber Attack and Incident Data from IBM’s Worldwide Security Operations, Somers, NY: IBM, June 2014.

IBM Global Technology Services. Resilience in the Era of Enterprise Cloud Computing: Design Considerations for Forward Thinking Organizations, Somers, NY: IBM, July 2014.

Manners-Bell, John. Supply Chain Risk: Understanding Emerging Threats to Global Supply Chains, London: Kogan Page Ltd., 2014.

2015-06-24

65


ISASA. An Introduction to the Business Model for Information Security, Rolling Meadows, IL: ISACA, 2009.

Kirov, Krasimir. Supply Chain Risk Management: Minimize Disruptions, Reduce Risk and Make Your Supply Chain Resilient, self-published, purchased on amazon.ca, April 8, 2014.http:// operationalexcellencetraining.com/ (Operational Excellence Series Book 6) (Kindle Locations 3-7). Kindle Edition.

Maleski, Mark, et. al., Cyber Threat Metrics, Sandia Report, SAND2012-2427, Albuquerque, NM: Sandia National Laboratories, March 2012. http://www2.gwu.edu/~nsarchiv/NSAEBB/NSAEBB424/docs/Cyber-065.pdf , accessed March 23, 2015.

Marchese, Kelly and Jerry O’Dwyer. From Risk to Resilience: Using Analytics and Visualization to Reduce Supply Chain Vulnerability, Deloitte Review, Issue 14, 2014.http://dupress.com/articles/dr14-risk-to-resilience/, accessed March 23, 2015.

MLA Handbook for Writers of Research Papers, 7th Edition, New York: The Modern Language Association of America, 2009.

2015-06-24

66


Norman, Thomas L. Risk Analysis and Security Countermeasure Selection, Boca Raton: CRC Press, 2010.

Peck, Helen. Supply Chain Vulnerability, Risk, Robustness & Resilience, PowerPoint Presentation, a synopsis of Mangan, Lalwani and Butcher’s work published in: Global Logistics and Supply Chain Management, Hoboken, NJ: John Wiley & Sons, 2008.

Ponemon Institute. 2014 Cost of Data Breach Study: Global Analysis, Benchmark research sponsored by IBM and independently conducted by Ponemon Institute LLC., Traverse City, MI: 2014.

PwC. A Practical Guide to Risk Assessment: How Principles-Based Assessment Enables Organizations to Take the Right Risks, PwC: December 2008.http://www.pwc.com/en_us/us/issues/enterprise-risk-management/assets/risk_assessment_guide.pdf

PwC. From Vulnerable to Valuable: How Integrity Can Transform a Supply Chain – Achieving Operational Excellence Series, PwC : December 2008.http://www.pwc.com/en_US/us/supply-chain-management/assets/pwc-sci-112008.pdf

Rice, James B. and Spayd, Philip W. Investing in Supply Chain Security: Collateral Benefits, Washington, DC: IBM Center for the Business of Government, May 2005.

Schuh, Christian., et al., Supplier Relationship Management: How to Maximize Vendor Value and Opportunity, New York: A. T. Kearney Inc., 2014.

2015-06-24

http://www.pwc.com/en_us/us/issues/enterprise-risk-management/assets/risk_assessment_guide.pdf

http://www.pwc.com/en_US/us/supply-chain-management/assets/pwc-sci-112008.pdf

67


Schuh, Christian. et al., The Purchasing Chessboard: 64 Methods to Reduce Cost and Increase Value with Vendors, New York: A. T. Kearney Inc., 2009 (Kindle Locations 2-4). Kindle Edition.

Telecommunications Industry Association (TIA). Securing the Network: Cybersecurity Recommendations for Critical Infrastructure and the Global Supply Chain, Portable Document File (pdf) document on the TIA website, date of publication: July 20, 2012.http://www.tiaonline.org/sites/default/files/pages/TIA%20Cybersecurity%20White%20Paper-Critical%20Infrastructure%20%26%20Global%20Supply%20Chain_0.pdf, accessed March 23, 2015

2015-06-24

68

Supply Chain Risk Management Videoshttps://youtu.be/bbZiGYmTbcw

Emeritus Professor Martin Christopher, Marketing and Logistics, SCM Key Challenges – Cranfield University School of Business – duration 8:31

https://youtu.be/lTAbPvivDxsPeter Foster, Cyber Breach Response Plans – Willis TV – June 19, 2015 – duration 2:54

https://youtu.be/ISrjWW9_O0ISharon Lindstrom, Managing Supply Chain Disruptions: How are Manufacturers Today Viewing Supply Chain Risk – Protiviti Risk and Business Consulting – November 12, 2012 – duration 3:14

https://youtu.be/cq1PL1eo4ZUProfessor Brian Squire, Information, Decision and Operations Group, Supply Chain Risk Management – University of Bath – September 6, 2013 – duration 4:38

https://youtu.be/-zIyGpRar24Tom Teixeira, Supply Chain Risk in a Global Economy – Willis TV – November 18, 2013 – duration 4:19

https://youtu.be/QlZ6TyUaYpwProfessor Richard Wilding, Supply Chain Risk Reduction – Cranfield University School of Business – June 16, 2008 - duration 5:57

https://youtu.be/9AbCuAexUgUJoe Yacura, Supply Chain: Understanding Risk Factors – Information Systems Group (ISG) – duration 7:58 for segment on cyber security (play 15:17 to 23:15) – total duration 28:45

2015-06-24

https://youtu.be/bbZiGYmTbcw

https://youtu.be/lTAbPvivDxs

https://youtu.be/ISrjWW9_O0I

https://youtu.be/cq1PL1eo4ZU

https://youtu.be/-zIyGpRar24

https://youtu.be/QlZ6TyUaYpw

https://youtu.be/9AbCuAexUgU

Supply Chain Risk Management Ken Lawlis Supply Chain/Project Management Professional.

Documents

Transcript of Supply Chain Risk Management Ken Lawlis Supply Chain/Project Management Professional.