7/30/2019 ISM-27

1/201

1 CAPS Research 2012

Workshop Code: DFNew Risk Management Strategies for the Extended Supply Chain

Robert M. Monczka, Ph.D., C.P.M.

Director

Strategic Sourcing and Supply Chain Strategy Research

CAPS Research

Distinguished Research Professor

Arizona State University

Phillip L. Carter, DBA

Executive DirectorCAPS Research

Harold E. Fearon Chain of Purchasing

Professor of Supply Chain Management

Arizona State University

Note: This presentation requires a complimentary verbal discussionCAPS Research

2 CAPS Research 2012

Research Team Members

Robert M. Monczka, Ph.D.CAPS Research and

Arizona State University

Phillip L. Carter, DBACAPS Research and

Arizona State University

William J. MarkhamResearch Associate

CAPS Research

Robert J. Trent, Ph.D.Lehigh University

Janet L. Hartley, Ph.D.Bowling Green State

University

Casey P. McDowellCPM International, LLC

Gary L. Ragatz, Ph.D.Michigan State University

7/30/2019 ISM-27

2/20

2

3 CAPS Research 2012

Todays agenda

Provide an overview of Value Chain Risk Management (VCRM)Research findings

Present current best practices in Value Chain Risk Management

This is the first in a series of research efforts examiningValue Chain Strategies for the Changing Decade

Risk Management

Complete

Information Technology

Innovation

Network Design

Metrics & Measurement

Value-Focused Sourcing

Underway Next Up

Future Topics

Collaboration

Global Sourcing/Outsourcing

Sustainability

Customer-focused Value ChainIntegration

Talent Management

Transformation Strategies

7/30/2019 ISM-27

3/20

3

5 CAPS Research 2012

Research Background

Strategy Rewards Risks

External sourcesof innovation

More ideas, faster

development

IP ownership and

competitiveness issues

New geographic

markets

Revenue growth Unfamiliar laws, customs,

business practices, politics Unfamiliar, untested suppliers

Lean, global,multi-tiered valuechains

Less costly sources

Agility/responsiveness

Unreliable supply lines

Reputational risk

Hidden upstream risks

Todays business models and strategies offer greaterrewards, yet expose companies to greater risks

Managing risk effectively requires a process for achievingacceptable levels of thoughtful and reasoned risks compared to

competitive opportunities.

7/30/2019 ISM-27

4/20

4

7 CAPS Research 2012

Events of the past several years demonstrated just howexposed companies had become to supply risk

Research shows fewcompanies were fully prepared

Only one-third of surveyedcompanies have effective risk

management programs in place (MIT)

More thaneighty percent ofcompanies lacked disaster plans and

secondary sources for keycategories (A.T. Kearney)

Black Swanevents caused unprecedented

supply disruption

Several barriers stand in the way ofadopting a comprehensive supplychain risk management program(Supply Chain Risk Leadership

Council)

This research is intended to help companies better managesupply risk by answering the following questions

What are the leading practices today for supply riskmanagement?

How can companies define, quantify and measure supply risk?

How can supply risk management be integrated into thecompanys strategy and its overall risk management approach?

How can companies use risk-related opportunities as a way tocreate value, not just prevent loss?

What techniques can companies use to ensure that leadingpractices are in place upstream?

How can companies organize for and enable supply riskmanagement?

7/30/2019 ISM-27

5/20

5

Fifteen participating companies represent a wide range ofindustries and competitive situations

Raw MaterialsProcessingOil and Gas

Pharmaceuticals

Consumer PackagedGoods

Automotive

IT Hardware andServicesFinancial

Services

High Tech

DiversifiedManufacturing

Power Systems

Defense/Aerospace

10 CAPS Research 2012

Risk Concepts

7/30/2019 ISM-27

6/20

6

A companys level of risk exposure is influenced by severalfactors

Risk ExposureRisk Appetite

Structural Resiliency

Probability of Negative Event

ImpactofNegativeEvent

Low

High

Low High

Medium

Low

High

Very Low Risk

Very High Risk

12 CAPS Research 2012

Value chain strategic decisions create the opportunity forrewards while also introducing risks

Meets the business/value chain plan

Does not meet thebusiness/value chain plan

Exceeds the business/value chain plan

Introduce aNew Product

Reward Outcomes

Risk Outcomes

7/30/2019 ISM-27

7/20

7

Strategic risk identification begins at the earliest stage ofnew market entry at Fundflow

Concerns Business continuity disruptions

Legal, reputational damagefrom

Corrupt acts

Inadequate data security

Country X Strategy

Engage a local supplier to identifyand sign-up new debit card

customers

Evaluation Process

Government certification in datasecurity, plus meetingFundflow-specific requirements

In-depth assessment of legaland regulatory compliance

Evaluation of suppliers

continuity plans and existenceof a backup supplier

Complication

BU leader favored low cost (butsmall and unproven) supplier

Outcome

Supplier deemed high risk, butBU leader still favored it

Supplier awarded pilot project

Supply, BU leader and executiveteam will meet to review results

14 CAPS Research 2012

Value chain structural decisions set the level of value chainrisk exposure

Meet the value chain plan

Miss cost plan

SoleSource a

PartValue Chain Structural

Risk Outcomes

Miss delivery plan

Miss technologydevelopment

plan

7/30/2019 ISM-27

8/20

8

The seeds of recent supply crises were planted throughstructural decisions

Headline cause Contributing causes

Natural disasters in Japan and

Thailand

Clustering of suppliers in areas

vulnerable to natural disasters

Poor visibility into upstream

value chains

Supplier financial meltdown Creating new products with

financially weak suppliers

Inadequate monitoring of

suppliers financial health

Unsafe working conditions atsuppliers

Entering new andgeographically dispersed

markets with unknown suppliers

Insufficient attention to

suppliers labor practices

16 CAPS Research 2012

Overall High Level Findings

7/30/2019 ISM-27

9/20

9

17 CAPS Research 2012

Although supply risk management is not broadly mature,this research uncovered several pockets of excellence

OperationalFocus

Strategic andStructural Focus

Contributions toCompetitive

Advantage

Maximum

Minimum

Risk ManagementDevelopment Stages

Minimalattention

BasicModeratelyadvanced

Mostadvanced

Study participants

The 15 companies in the research define value chain riskbroadly, although the scope managed directly varies

While each company in the study defined value chain risk in its own terms,there was significant commonality in the categories of risk they covered

Traditional Categories

Availability of supply: various causes

Exposure to single/sole sources

Quality

Supplier financial stability

Commodity price volatility

Value chain security

Additional Categories

Sustainability requirements

Legal and regulatory impacts

Data protection and security

Political and governmental

actions

Reputational harm

The most progressive of these companies extend the scope of value chainrisk management activities to include strategic risks at the very earlystages of new business/market entry and new product development

Many of the companies focus management attention on first tier suppliers,relying on those to manage upstream supply risk with apparentinadequacies

7/30/2019 ISM-27

10/20

10

A variety of approaches are used for governance,management and integration of corporate and supply risk

Most companies have corporate level risk committees or councils thatestablish policies, monitor a portfolio of key corporate and individualfunctional risks, assign responsibilities and set priorities for resources andinvestment

Responsibility for supply risk management included these variations:

A corporate procurement risk management team to set rules and tools

with individual sites responsible for managing day-to-day risk

Separate supply risk compliance boards for each business unit

Category managers responsible for risk in their categories worldwide

Three main integration processes were identified in the research

Use of standard risk registers to capture, communicate and elevaterisks throughout the organization

Early involvement of supply in product development and new business

opportunities

Risk prioritization based on breadth of impact across the corporation

20 CAPS Research 2012

Metrics and measurements

Risk management has not evolved as quickly as the need foreffective risk management has evolved

No company in the research has developed a comprehensive setof risk KPIs that track levels and changes in value chain risk

The more advanced approaches identified in the study involvecalculated risk scores using risk algorithms

7/30/2019 ISM-27

11/20

11

21 CAPS Research 2012

Global RiskMonitoring Tool

Brigham developed a comprehensive tool to providesupply risk visibility consistently across its units

Scoring algorithm based onin-depth supplymanagement experts inputon risks

Ability to map three tiers upthe value chain

Financial

Risk ratings (high,medium, low) by

Country Logistics hub Transportation link Commodity Supplier location Supplier

Quality

Delivery

Data

22 CAPS Research 2012

A Strategy Framework forManaging Supply Risk

7/30/2019 ISM-27

12/20

12

Supply risk management is a continual process

Value Chain

Risk Management Governance

External/InternalEnvironment

Risk ManagementActivities

VC RiskManagement

Strategies

Accept

Shift

Mitigate

Avoid

ExternalEvents

EventMgmt.

Ongoing risk monitoring

Value ChainDecisions

StructuralRisk

StrategicRisk/Reward

OperationalRisk

Management

RiskID,assessment,monitoring

Business

Model

ExternalTrends

Measurement,Evaluation

and Learnings

24 CAPS Research 2012

Strategic reward-risk tradeoffs create exposure to structuralrisks

Strategic ValueChain

Risk/RewardDecisions

RequireResulting

in

ObjectiveID, assess risks andrewards and achievean acceptable level of

risk with mitigationplans

New StrategicSituations

Risk/RewardAssessment of

StructuralDecisions

Global newmarket/segment entry

New products,

technologies/suppliers Outsourcing,insourcing, verticalintegration

New physical valuechains

Mergers andacquisitions

Strategic supplieralliances

Supplier assessmentand selection

Business concentration

Multi-tier VC visibility VC physical logistics,inventory

Geo/legal/politicalexposure

Relationship structure Contractual provisions Technology/material

choice

IP/data protection Supply market price

and availability Reputational protection

7/30/2019 ISM-27

13/20

13

25 CAPS Research 2012

EventScenarioPlanning

EventContingency

Planning

RiskMonitoring

Risk EventManagement

KnowledgeCapture and

Feedback

Operational risk management requires anticipating andresponding to risk events

Event scenario planninganticipates what could go wrongwithin the current structure of the value chain

What level of exposure?

Market/region-wide Natural disasters Pandemics Armed conflicts Port strikes Terrorism Regulatory changes Government action

Supplier-specific Financial failure Quality Reputational Legal IP

Value chain mapping Single-sole source Geographic clustering Critical items for keyproducts

Low volume/ lowcost/high impact items

Logistical choke points

Supplier performance Audits Scorecards

What types of events?

7/30/2019 ISM-27

14/20

14

Event contingency planningdefines the potential actions tobe taken when events occur

Example Planning Approaches

Rogers Electronics

Analyze continuity of supply (COS) risks and select levers to mitigate

Identify leading indicators of COS problems

Natfarm

Employ playbook to plan mitigation for at-risk suppliers

Carco

Discuss upstream risks with tier 1 suppliers during development

Require suppliers to explain how they will manage those risks

Evaluate the tier 1s procurement capabilities and expects them to

have a process for monitoring their own suppliers

Comco

Evaluate tier 1 suppliers in part on their risk mitigation strategies Stress test the plans by practicing for a range of occurrences

Globaman

Evaluate the risk management processes that tier 1 suppliers have in

place and applies an audit process to verify

Risk monitoringlooks for signals that indicate a risk isimminent or has just occurred

Supplier-specific risks

Value chain risks

Commodity risks

Risk types Monitoring techniques

Third-party financial reporting services

Supplier-provided financials

Pre-selection and ongoing audits

Performance scorecards

Composite leading indicators

Forecasting services

Direct involvement in upstream markets

Media/newsfeeds or upstream markets

Econometric scenario planning

Continuity of supply scorecards

Product origin tracking

7/30/2019 ISM-27

15/20

15

Example: Carco (automotive OEM) employs a multi-dimension approach to monitor supplier financial health

Risk Identification System

Observation

Goal: Anticipatefalling supplier

profitability

On-site observation Management, staff turnover Idle equipment

Production control problems Insufficient maintenance Increases in defects, scrap, cause

unknown defects Increased inspection, sorting

Production in excess of requirements

Additional signals

Request for cost increase Request for advance payment Tier 2 expresses concerns Lack of cost down participation

Ownership changes

Three month trends Financials Quality Delivery

Risk event managementinvolves executing the planned andad-hoc activities that lead to business continuity recovery

ExecutionImplementation

planningSituation assessment

Which suppliers?

Where in value chain?

What impact on the

business?

What contingency

plans?

Detailed actions

Teams and

responsibilities

Communications

Rapid response

Stabilization or transition

Recovery

Keys to success included preparation, rapid and accurate information,and trained and empowered people

Tsunami recovery:Assessment in 2 days

Contingency plans deployed

No disruptions

Fire at suppliers plant:On site in 4.5 hours

Molds cleaned/moved within 48 hours

One day production lost at single plant

Research examples

7/30/2019 ISM-27

16/20

16

Knowledge capture and feedbackimproves futureoperational risk management efforts

Measuring,Evaluating and

Documenting theEvent

Strengthen future contingency planning andevent management when similar events occur

Identify and incorporate general processimprovements for supply risk management

Natfarms procurement staff uses past playbooks available,

documenting the specific contingency plan and the history of its

implementation as a reference when developing future playbooks

Carco maintains a best practices/lessons learned document on supplier

risk management which is continually updated based on post-event de-briefings

Globaman credits their improved ability to deal with Thailand flooding on

the actions taken and process improvements made during the Japan

tsunami.

32 CAPS Research 2012

Future Vision of Supply RiskManagement

7/30/2019 ISM-27

17/20

17

33 CAPS Research 2012

Because exposure to value chain risk continues toincrease, new and innovative approaches will emerge

Risk management will become an embedded part of supplymanagement

The need for effective risk management will force companies tolook past tier one suppliers

Total cost of ownership (TCO) models will increasingly becomepart of the risk assessment process across the value chain

Value chain risk metrics will shift from reactive to predictiveindicators

Supply Risk Management

34 CAPS Research 2012

Because exposure to value chain risk continues toincrease, new and innovative approaches will emerge

Value chain risk metrics will become integrated into the companysbalanced scorecard

Risk management approaches will rely more on prevention and

less on mitigation

Transparency and real-time data updates will increasingly replacereactive and batch-data updates

Continuous improvement of risk management capabilities will be amajor corporate priority model to an enterprise-wide excellencemodel

Supply Risk Management

7/30/2019 ISM-27

18/20

18

35 CAPS Research 2012

Value Chain Risk ManagementBest Practices

36 CAPS Research 2012

Traits of a composite most advanced company

Executive level risk committees and reviews of risks and mitigationplans

Clearly defined risk categories tied to company strategy

Risk registers in use to identify and communicate risks &probabilities/impact across functions and business units

Company-wide focus on risk management audits and company-wide improvement with dedicated resources

Increasing risk appetite and managing risk/reward to achievecompany goals & competitive advantage

7/30/2019 ISM-27

19/20

19

37 CAPS Research 2012

Traits of a composite most advanced company

Risk identification and mitigation begins at the earliest stages ofnew business and product development and becomes part ofcompany-wide culture

Emphasis on risk prevention with real-time data collection

Extended value chain visibility with collaborative risk managementefforts with key suppliers/ customers

Increasingly sophisticated risk management tools: scenarioplanning, contingency planning, predictive analytics, simulation

Trained and enabled quick-strike and on-going value chainresponse teams and communications/ actions in response to crisisevents

38 CAPS Research 2012

Three forthcoming reports (May 2012)

Risk Management across the Extended Value Chain

Implementing Value Chain Risk Management: Case Study Findings

Risk Management across the Extended Value Chain: ExecutiveReport

7/30/2019 ISM-27

20/20

39 CAPS Research 2012

Questions and Discussion