7/30/2019 ISM-27
1/201
1 CAPS Research 2012
Workshop Code: DFNew Risk Management Strategies for the Extended Supply Chain
Robert M. Monczka, Ph.D., C.P.M.
Director
Strategic Sourcing and Supply Chain Strategy Research
CAPS Research
Distinguished Research Professor
Arizona State University
Phillip L. Carter, DBA
Executive DirectorCAPS Research
Harold E. Fearon Chain of Purchasing
Professor of Supply Chain Management
Arizona State University
Note: This presentation requires a complimentary verbal discussionCAPS Research
2 CAPS Research 2012
Research Team Members
Robert M. Monczka, Ph.D.CAPS Research and
Arizona State University
Phillip L. Carter, DBACAPS Research and
Arizona State University
William J. MarkhamResearch Associate
CAPS Research
Robert J. Trent, Ph.D.Lehigh University
Janet L. Hartley, Ph.D.Bowling Green State
University
Casey P. McDowellCPM International, LLC
Gary L. Ragatz, Ph.D.Michigan State University
7/30/2019 ISM-27
2/20
2
3 CAPS Research 2012
Todays agenda
Provide an overview of Value Chain Risk Management (VCRM)Research findings
Present current best practices in Value Chain Risk Management
This is the first in a series of research efforts examiningValue Chain Strategies for the Changing Decade
Risk Management
Complete
Information Technology
Innovation
Network Design
Metrics & Measurement
Value-Focused Sourcing
Underway Next Up
Future Topics
Collaboration
Global Sourcing/Outsourcing
Sustainability
Customer-focused Value ChainIntegration
Talent Management
Transformation Strategies
7/30/2019 ISM-27
3/20
3
5 CAPS Research 2012
Research Background
Strategy Rewards Risks
External sourcesof innovation
More ideas, faster
development
IP ownership and
competitiveness issues
New geographic
markets
Revenue growth Unfamiliar laws, customs,
business practices, politics Unfamiliar, untested suppliers
Lean, global,multi-tiered valuechains
Less costly sources
Agility/responsiveness
Unreliable supply lines
Reputational risk
Hidden upstream risks
Todays business models and strategies offer greaterrewards, yet expose companies to greater risks
Managing risk effectively requires a process for achievingacceptable levels of thoughtful and reasoned risks compared to
competitive opportunities.
7/30/2019 ISM-27
4/20
4
7 CAPS Research 2012
Events of the past several years demonstrated just howexposed companies had become to supply risk
Research shows fewcompanies were fully prepared
Only one-third of surveyedcompanies have effective risk
management programs in place (MIT)
More thaneighty percent ofcompanies lacked disaster plans and
secondary sources for keycategories (A.T. Kearney)
Black Swanevents caused unprecedented
supply disruption
Several barriers stand in the way ofadopting a comprehensive supplychain risk management program(Supply Chain Risk Leadership
Council)
This research is intended to help companies better managesupply risk by answering the following questions
What are the leading practices today for supply riskmanagement?
How can companies define, quantify and measure supply risk?
How can supply risk management be integrated into thecompanys strategy and its overall risk management approach?
How can companies use risk-related opportunities as a way tocreate value, not just prevent loss?
What techniques can companies use to ensure that leadingpractices are in place upstream?
How can companies organize for and enable supply riskmanagement?
7/30/2019 ISM-27
5/20
5
Fifteen participating companies represent a wide range ofindustries and competitive situations
Raw MaterialsProcessingOil and Gas
Pharmaceuticals
Consumer PackagedGoods
Automotive
IT Hardware andServicesFinancial
Services
High Tech
DiversifiedManufacturing
Power Systems
Defense/Aerospace
10 CAPS Research 2012
Risk Concepts
7/30/2019 ISM-27
6/20
6
A companys level of risk exposure is influenced by severalfactors
Risk ExposureRisk Appetite
Structural Resiliency
Probability of Negative Event
ImpactofNegativeEvent
Low
High
Low High
Medium
Low
High
Very Low Risk
Very High Risk
12 CAPS Research 2012
Value chain strategic decisions create the opportunity forrewards while also introducing risks
Meets the business/value chain plan
Does not meet thebusiness/value chain plan
Exceeds the business/value chain plan
Introduce aNew Product
Reward Outcomes
Risk Outcomes
7/30/2019 ISM-27
7/20
7
Strategic risk identification begins at the earliest stage ofnew market entry at Fundflow
Concerns Business continuity disruptions
Legal, reputational damagefrom
Corrupt acts
Inadequate data security
Country X Strategy
Engage a local supplier to identifyand sign-up new debit card
customers
Evaluation Process
Government certification in datasecurity, plus meetingFundflow-specific requirements
In-depth assessment of legaland regulatory compliance
Evaluation of suppliers
continuity plans and existenceof a backup supplier
Complication
BU leader favored low cost (butsmall and unproven) supplier
Outcome
Supplier deemed high risk, butBU leader still favored it
Supplier awarded pilot project
Supply, BU leader and executiveteam will meet to review results
14 CAPS Research 2012
Value chain structural decisions set the level of value chainrisk exposure
Meet the value chain plan
Miss cost plan
SoleSource a
PartValue Chain Structural
Risk Outcomes
Miss delivery plan
Miss technologydevelopment
plan
7/30/2019 ISM-27
8/20
8
The seeds of recent supply crises were planted throughstructural decisions
Headline cause Contributing causes
Natural disasters in Japan and
Thailand
Clustering of suppliers in areas
vulnerable to natural disasters
Poor visibility into upstream
value chains
Supplier financial meltdown Creating new products with
financially weak suppliers
Inadequate monitoring of
suppliers financial health
Unsafe working conditions atsuppliers
Entering new andgeographically dispersed
markets with unknown suppliers
Insufficient attention to
suppliers labor practices
16 CAPS Research 2012
Overall High Level Findings
7/30/2019 ISM-27
9/20
9
17 CAPS Research 2012
Although supply risk management is not broadly mature,this research uncovered several pockets of excellence
OperationalFocus
Strategic andStructural Focus
Contributions toCompetitive
Advantage
Maximum
Minimum
Risk ManagementDevelopment Stages
Minimalattention
BasicModeratelyadvanced
Mostadvanced
Study participants
The 15 companies in the research define value chain riskbroadly, although the scope managed directly varies
While each company in the study defined value chain risk in its own terms,there was significant commonality in the categories of risk they covered
Traditional Categories
Availability of supply: various causes
Exposure to single/sole sources
Quality
Supplier financial stability
Commodity price volatility
Value chain security
Additional Categories
Sustainability requirements
Legal and regulatory impacts
Data protection and security
Political and governmental
actions
Reputational harm
The most progressive of these companies extend the scope of value chainrisk management activities to include strategic risks at the very earlystages of new business/market entry and new product development
Many of the companies focus management attention on first tier suppliers,relying on those to manage upstream supply risk with apparentinadequacies
7/30/2019 ISM-27
10/20
10
A variety of approaches are used for governance,management and integration of corporate and supply risk
Most companies have corporate level risk committees or councils thatestablish policies, monitor a portfolio of key corporate and individualfunctional risks, assign responsibilities and set priorities for resources andinvestment
Responsibility for supply risk management included these variations:
A corporate procurement risk management team to set rules and tools
with individual sites responsible for managing day-to-day risk
Separate supply risk compliance boards for each business unit
Category managers responsible for risk in their categories worldwide
Three main integration processes were identified in the research
Use of standard risk registers to capture, communicate and elevaterisks throughout the organization
Early involvement of supply in product development and new business
opportunities
Risk prioritization based on breadth of impact across the corporation
20 CAPS Research 2012
Metrics and measurements
Risk management has not evolved as quickly as the need foreffective risk management has evolved
No company in the research has developed a comprehensive setof risk KPIs that track levels and changes in value chain risk
The more advanced approaches identified in the study involvecalculated risk scores using risk algorithms
7/30/2019 ISM-27
11/20
11
21 CAPS Research 2012
Global RiskMonitoring Tool
Brigham developed a comprehensive tool to providesupply risk visibility consistently across its units
Scoring algorithm based onin-depth supplymanagement experts inputon risks
Ability to map three tiers upthe value chain
Financial
Risk ratings (high,medium, low) by
Country Logistics hub Transportation link Commodity Supplier location Supplier
Quality
Delivery
Data
22 CAPS Research 2012
A Strategy Framework forManaging Supply Risk
7/30/2019 ISM-27
12/20
12
Supply risk management is a continual process
Value Chain
Risk Management Governance
External/InternalEnvironment
Risk ManagementActivities
VC RiskManagement
Strategies
Accept
Shift
Mitigate
Avoid
ExternalEvents
EventMgmt.
Ongoing risk monitoring
Value ChainDecisions
StructuralRisk
StrategicRisk/Reward
OperationalRisk
Management
RiskID,assessment,monitoring
Business
Model
ExternalTrends
Measurement,Evaluation
and Learnings
24 CAPS Research 2012
Strategic reward-risk tradeoffs create exposure to structuralrisks
Strategic ValueChain
Risk/RewardDecisions
RequireResulting
in
ObjectiveID, assess risks andrewards and achievean acceptable level of
risk with mitigationplans
New StrategicSituations
Risk/RewardAssessment of
StructuralDecisions
Global newmarket/segment entry
New products,
technologies/suppliers Outsourcing,insourcing, verticalintegration
New physical valuechains
Mergers andacquisitions
Strategic supplieralliances
Supplier assessmentand selection
Business concentration
Multi-tier VC visibility VC physical logistics,inventory
Geo/legal/politicalexposure
Relationship structure Contractual provisions Technology/material
choice
IP/data protection Supply market price
and availability Reputational protection
7/30/2019 ISM-27
13/20
13
25 CAPS Research 2012
EventScenarioPlanning
EventContingency
Planning
RiskMonitoring
Risk EventManagement
KnowledgeCapture and
Feedback
Operational risk management requires anticipating andresponding to risk events
Event scenario planninganticipates what could go wrongwithin the current structure of the value chain
What level of exposure?
Market/region-wide Natural disasters Pandemics Armed conflicts Port strikes Terrorism Regulatory changes Government action
Supplier-specific Financial failure Quality Reputational Legal IP
Value chain mapping Single-sole source Geographic clustering Critical items for keyproducts
Low volume/ lowcost/high impact items
Logistical choke points
Supplier performance Audits Scorecards
What types of events?
7/30/2019 ISM-27
14/20
14
Event contingency planningdefines the potential actions tobe taken when events occur
Example Planning Approaches
Rogers Electronics
Analyze continuity of supply (COS) risks and select levers to mitigate
Identify leading indicators of COS problems
Natfarm
Employ playbook to plan mitigation for at-risk suppliers
Carco
Discuss upstream risks with tier 1 suppliers during development
Require suppliers to explain how they will manage those risks
Evaluate the tier 1s procurement capabilities and expects them to
have a process for monitoring their own suppliers
Comco
Evaluate tier 1 suppliers in part on their risk mitigation strategies Stress test the plans by practicing for a range of occurrences
Globaman
Evaluate the risk management processes that tier 1 suppliers have in
place and applies an audit process to verify
Risk monitoringlooks for signals that indicate a risk isimminent or has just occurred
Supplier-specific risks
Value chain risks
Commodity risks
Risk types Monitoring techniques
Third-party financial reporting services
Supplier-provided financials
Pre-selection and ongoing audits
Performance scorecards
Composite leading indicators
Forecasting services
Direct involvement in upstream markets
Media/newsfeeds or upstream markets
Econometric scenario planning
Continuity of supply scorecards
Product origin tracking
7/30/2019 ISM-27
15/20
15
Example: Carco (automotive OEM) employs a multi-dimension approach to monitor supplier financial health
Risk Identification System
Observation
Goal: Anticipatefalling supplier
profitability
On-site observation Management, staff turnover Idle equipment
Production control problems Insufficient maintenance Increases in defects, scrap, cause
unknown defects Increased inspection, sorting
Production in excess of requirements
Additional signals
Request for cost increase Request for advance payment Tier 2 expresses concerns Lack of cost down participation
Ownership changes
Three month trends Financials Quality Delivery
Risk event managementinvolves executing the planned andad-hoc activities that lead to business continuity recovery
ExecutionImplementation
planningSituation assessment
Which suppliers?
Where in value chain?
What impact on the
business?
What contingency
plans?
Detailed actions
Teams and
responsibilities
Communications
Rapid response
Stabilization or transition
Recovery
Keys to success included preparation, rapid and accurate information,and trained and empowered people
Tsunami recovery:Assessment in 2 days
Contingency plans deployed
No disruptions
Fire at suppliers plant:On site in 4.5 hours
Molds cleaned/moved within 48 hours
One day production lost at single plant
Research examples
7/30/2019 ISM-27
16/20
16
Knowledge capture and feedbackimproves futureoperational risk management efforts
Measuring,Evaluating and
Documenting theEvent
Strengthen future contingency planning andevent management when similar events occur
Identify and incorporate general processimprovements for supply risk management
Natfarms procurement staff uses past playbooks available,
documenting the specific contingency plan and the history of its
implementation as a reference when developing future playbooks
Carco maintains a best practices/lessons learned document on supplier
risk management which is continually updated based on post-event de-briefings
Globaman credits their improved ability to deal with Thailand flooding on
the actions taken and process improvements made during the Japan
tsunami.
32 CAPS Research 2012
Future Vision of Supply RiskManagement
7/30/2019 ISM-27
17/20
17
33 CAPS Research 2012
Because exposure to value chain risk continues toincrease, new and innovative approaches will emerge
Risk management will become an embedded part of supplymanagement
The need for effective risk management will force companies tolook past tier one suppliers
Total cost of ownership (TCO) models will increasingly becomepart of the risk assessment process across the value chain
Value chain risk metrics will shift from reactive to predictiveindicators
Supply Risk Management
34 CAPS Research 2012
Because exposure to value chain risk continues toincrease, new and innovative approaches will emerge
Value chain risk metrics will become integrated into the companysbalanced scorecard
Risk management approaches will rely more on prevention and
less on mitigation
Transparency and real-time data updates will increasingly replacereactive and batch-data updates
Continuous improvement of risk management capabilities will be amajor corporate priority model to an enterprise-wide excellencemodel
Supply Risk Management
7/30/2019 ISM-27
18/20
18
35 CAPS Research 2012
Value Chain Risk ManagementBest Practices
36 CAPS Research 2012
Traits of a composite most advanced company
Executive level risk committees and reviews of risks and mitigationplans
Clearly defined risk categories tied to company strategy
Risk registers in use to identify and communicate risks &probabilities/impact across functions and business units
Company-wide focus on risk management audits and company-wide improvement with dedicated resources
Increasing risk appetite and managing risk/reward to achievecompany goals & competitive advantage
7/30/2019 ISM-27
19/20
19
37 CAPS Research 2012
Traits of a composite most advanced company
Risk identification and mitigation begins at the earliest stages ofnew business and product development and becomes part ofcompany-wide culture
Emphasis on risk prevention with real-time data collection
Extended value chain visibility with collaborative risk managementefforts with key suppliers/ customers
Increasingly sophisticated risk management tools: scenarioplanning, contingency planning, predictive analytics, simulation
Trained and enabled quick-strike and on-going value chainresponse teams and communications/ actions in response to crisisevents
38 CAPS Research 2012
Three forthcoming reports (May 2012)
Risk Management across the Extended Value Chain
Implementing Value Chain Risk Management: Case Study Findings
Risk Management across the Extended Value Chain: ExecutiveReport
7/30/2019 ISM-27
20/20
39 CAPS Research 2012
Questions and Discussion