CRISES LEARNINGS MODIFY ANALYTICS MODIFY SCREENING ID NEW SIGNAL SOURCES

RISK ANALYTICS & RISK ANALYTICS & DECISION SUPPORTDECISION SUPPORT

ANALYZEEVALUATEPRIORITIZE

RISK IDENTIFICATION PROCESSESRISK IDENTIFICATION PROCESSES

B. S. C. RISKS (VIA TEAMS AND SURVEYS) C. PROJECT RISKS (PM SYSTEMS AND OTHER)

A. EMERGING AND UNKNOWN RISK SIGNALS

D. RISK TREATMENT EFFECTIVENESS OUTPUTS

IMPLEMENT ACTIONS AND/ORIMPLEMENT ACTIONS AND/ORFACTOR RISKS INTO PLANNINGFACTOR RISKS INTO PLANNING**

Deep dive analysis of specific strategic risk Implement risk treatment for new operational risk Take action to leverage upside of an emerging risk Modify strategy based on risk landscape

MONITOR RISK MONITOR RISK TREATMENT TREATMENT

EFFECTIVENESSEFFECTIVENESS

INSTALL MONITORING POINTSSYSTEMATIZE MONITORING

RISK MANAGEMENT FRAMEWORK

* examples of possible actions, not all-inclusive

SUPPLY CHAIN RISK DASHBOARDSUPPLY CHAIN RISK DASHBOARD

HOLISTIC VIEW OF HOLISTIC VIEW OF RISKSRISKS

SUPPLY CHAIN RISK WORLD

MATERIALQUALITY

ENERGYUSE

WATERUSE

INBOUNDLOGISTICS

OUTBOUNDLOGISTICSWORKER

SAFETY

ENVIRONMENTALCOMPLIANCE

CONVERSIONEFFICIENCY

COST

NATURAL

HAZARDSNGO’s

& SIG’sPUBLIC

PERCEPTIONREGULATORYACTIONS

COUNTRYSTABILITY

PRODUCTQUALITY

PRODUCTSAFETY

PACKAGING

WASTE

WATERAVAILABILITYWATER

QUALITY

CLIMATECHANGE PACKAGING

VOLUME

MATERIALAVAILABILITY

PRODUCTSECURITY

Unique and common risk events exist across the supply chain and at each organizational level Identified risk events are analyzed for probability and consequence, thereby defining the risk level Assessed risks are evaluated and risk treatment options are developed Risk treatment is optimized, implemented and monitored

Note: risks listed above are indicative of the scope of supply chain risks and risk areas, and

may not include all risks

Strategic risks are generally out of our direct control, and must be

factored into business planning.

Operational risks are generally within our direct control, and must be factored into business operations.

RISK MANAGEMENT DEPLOYMENT

CO

UN

TR

YR

ISK

SB

US

INE

SS

UN

ITR

ISK

S

GR

OU

PR

ISK

S

CORPORATE

RISKS

RIS

KS

AR

E A

SSE

SSE

D A

ND

OP

TIM

IZE

D A

T T

HE

LO

CA

LL

Y R

EL

EV

AN

T

LE

VE

L,

AN

D A

GG

RE

GA

TE

D U

PW

AR

DS

TH

RO

UG

H T

HE

OR

GA

NIZ

AT

ION

Develop Initial Risk Register

Use historical and current risk assessments, maybe supplemented by surveys Perform high-level ranking and screening to identify significant risks

Perform Risk Analyses

Bow-tie method to identify causes, consequences Identify existing and new risk treatments Establish risk owner and action items Link to other risks in system Refine risk register

Quarterly Risk Team Reviews

Review action item status Review emerging and new risks Review effectiveness of existing risk treatment Perform new or review existing risk analyses Update and refine risk register

Factor Risks into Business Planning

Ensure strategic and operational risks are considered in annual business planning Use risk information in on-going business processes

A R

isk

Reg

iste

r is

cre

ated

an

d m

anag

ed a

t ea

ch le

vel a

nd

en

tity

,an

d id

enti

fied

ris

ks

are

inco

rpor

ated

into

on

-goi

ng

bu

sin

ess

rou

tin

es

One-time

Initial analyses,then as-needed

Quarterly meetingsto supplementbusiness meetings

Annual basisaligned withbusiness planning

AT EACH LEVEL AND ENTITY