Supply chain risk management


Published on

Supply chain risk management (SCRM) is "the implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity".

SCRM attempts to reduce supply chain vulnerability via a coordinated holistic approach, involving all supply chain stakeholders, which identifies and analyses the risk of failure points within the supply chain. Mitigation plans to manage these risks can involve logistics, finance and risk management disciplines; the ultimate goal being to ensure supply chain continuity in the event of a scenario which otherwise have interrupted normal business and thereby profitability.

Published in: Business, Technology
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Opportunity to bring my frame of reference of Project management in Supply chain and its value addition.
  • There are some myths around about supplychain
  • Supply Chain is different from Supply Chain Management – why?
  • Supplier Facing looks at the network of suppliers, their markets and their relationship with the “company”. Customer Facing looks at the network of customers and intermediaries, their markets and their relationships with the “company”. Internal facing looks at the company, their network of assets, processes, products, systems and people as well as the company’s markets. In all cases, a global perspective is essential.
  • - People from all over the world  leave translation to youEven American/English has ambiguityThreat assessments, vulnerability assessments, risk assessments, etc.
  • Threats are everywhereLoss prevention – example of internal and external causes/threatsIdentifying threats is typically the second step of RA. Will examine the first shortly.
  • Categorizing threats helps to develop the correct perspective. As well, the correct persepctive helps to identify threats.Correct persepctive and a focus on your system – client, activity, experiment, business, etc.All threats fall into one of three categories
  • Special kind of threat is fear and terrorism. Root word “terror” – is a threat mostly in the sense of the fear – real or perceived. Risk acceptance or risk avoidance determines actions taken in relation to the fear. In fact, risk of death by terrorist acts is very low. But explosions, hostages, etc. – regardless of cause or perpetrator – can be very high in the right circumstances.Opposite: It can’t happen here.
  • With fear is concept of vulnerability. Terrorism works because of randomness that increases perception of vulnerability and knowledge that the targets are civilians.Vulnerability –or lack of protection/mitigation – in a system is directly related to the a threat. So a threat assessment cannot stand on its own – it must relate to something. Perspective and knowledge of a system and its interdependencies is critical. Find the experts and guide them in the methodology.
  • When a threat and a vulnerability collide, we risk an accident. It may or may not happen. The existence of a pickpocket in a crowd, or the presence of a drunk driver on the road does not guarantee an event but the right circumstances are in place. It still needs a catalyst.
  • Precipitating event. Every arrow is an opportunity to prevent or mitigate the effects of an incident.(Talk to slide)
  • It’s well recognized the more complex a system, the more opportunity for error. The original jeep of WWII (Wiley) was much more reliable than a modern day Cadillac if only for the number of systems – the vulnerability to failure. Again, perspective is your guide in helping experts – the system experts – identify the threats and vulnerabilities
  • A risk assessment attempts to discover the entire range of threats and vulnerabilities – their confluence – looking for “what can go wrong.”
  • Supply chain risk management

    1. 1. Supply Chain Risk Management Essentials Megha Thakkar PMP® Strategic Supply Chain Management, Cipla Ltd.
    2. 2. Agenda • Objective • Introduction • Supply Chain Management (SCM) • SC Risk Management (SCRM) • Developing A Comprehensive Risk Assessment • Conclusion 17th Oct 13 Pharma Project 2
    3. 3. Key Interpretation • Still an art, not a science • Requirements to drive to SCRM performance are coming from everywhere • No industry is immune to the SCRM Imperative • Key issues include: – The need for a common framework and language – Accountability and ownership – Controls 17th Oct 13 3
    4. 4. Let’s start by DISPELLING some MYTHS 17th Oct 13 4
    5. 5. FIRST Supply chain management is neither a synonym for logistics nor as logistics that includes customers and suppliers 17th Oct 13 5
    6. 6. SECOND Supply chain management is not New name for purchasing &/or operations 17th Oct 13 6
    7. 7. FINALLY Supply chain management is not even Combination of purchasing, operations and logistics 17th Oct 13 7
    8. 8. Then? What is supply chain and Supply chain management? 17th Oct 13 8
    9. 9. Which one should we be more concerned with and why? supplier Information (Processes) Goods, Services and information Reverse logistics Payment customer Supply Chain 17th Oct 13 Goods INTEGRATION customer supplier customer Removal supplier Supply Chain Management 9
    10. 10. A Simple Supply Chain Example Consumers Raw Material Sources Suppliers Manufacturers Distributors Retailers Customers Material, Information and Funds Flow 17th Oct 13 10
    11. 11. A Supply Chain Example – More Complex Distributors & Warehouses Raw Material and Semi-Finished Products Suppliers Manufacturing Centres Consumers Material, Information and Funds Flow 17th Oct 13 11
    12. 12. Supply Chain Supply chain is NOT a CHAIN of businesses BUT A NETWORK of businesses & relationships. That offers the opportunity to capture the full potential of intra and inter-company integration and management to organize – people, activities, information and resources involved in moving a product from supplier to end-user. 17th Oct 13 12
    13. 13. Supply Chain Management • Supply chain management is a set of approaches utilized to efficiently integrate suppliers, manufacturers, warehouses, and stores, so that product is produced and distributed at the right quantities, to the right locations, and at the right time, in order to minimize system wide costs while satisfying service level requirements.” 17th Oct 13 13
    14. 14. The Supply Chain – Another View Plan Source Suppliers Material Costs 17th Oct 13 Make Manufacturers Deliver Warehouses & Distribution Centers Buy Customers Transportation Transportation Costs Transportation Costs Manufacturing Costs Inventory Costs Costs 14
    15. 15. Why Is SCM Difficult? • Uncertainty is inherent to every supply chain – – – – Travel times Breakdowns of machines and vehicles Weather, natural catastrophe, war Local politics, labor conditions, border issues • The complexity of the problem to globally optimize a supply chain is significant – Minimize internal costs – Minimize uncertainty – Deal with remaining uncertainty 17th Oct 13 15
    16. 16. Supply Chain Risk Management • “Risk management is the process of measuring or assessing risk and then developing strategies to manage the risk. These strategies can involve the transference of risk to another party, risk avoidance or mitigation, and channel risk sharing. • “Risk management is the process of measuring or assessing risk and then developing strategies to manage the risk. These strategies can involve the transference of risk to another party, risk avoidance or mitigation, and channel risk sharing. 17th Oct 13 16
    17. 17. A Business Outlook Company’s Environment Suppliers’ Environment Suppliers Supplier and Market Intelligence Customers’ Environment Company Customer and Market Intelligence Customers Business Intelligence 17th Oct 13 17
    18. 18. … historically and currently problematic Vipnet, 1999 GSM portal launch delayed 1 year due to supplier issues Volcanic eruptions Legal War Manufacturing Strike Culture Boeing, 1997 writes off $2.6 billion, due to supplier parts shortages Management Processes Technology Airbus's A380 super-jumbo 2006 delivery to customers, Sony's 2006, PlayStation 3 almost 2 years late delay gives opportunity to rivals (Microsoft's Xbox 360 and Nintendo's Wii) Sainsbury’s delayed store openings, cost them £millions in lost revenue Supply Chain Risk 17th Oct 13 18
    19. 19. Supply Chain Risk Perspectives Company’s Environment Customers’ Environment Suppliers’ Environment Suppliers Supplier Facing Relationship Risk Supplier Performance Risk Human Resource Risk Supply chain disruption risk Supplier Environment Risk Disaster Risk Supplier Financial Risk Regulatory Risk 17th Oct 13 Company Internal Facing Operational Risk Technical Risk Financial Risk Legal Risk Environmental Risk HR / Health and Safety Risk Customer Facing Customers Market Risk Brand / Reputation Risk Product Liability Risk Environmental Risk 19
    20. 20. Supply Chain Risk and Risk Management Strategies Network Design for Agility (Supplier/Logistics Risk) Revenue management (Demand Risk) Customer Rationalization (Profitability Risk) Demand Supply Contract Management (Compliance Risk) Sales & Operations Planning Social Responsibility (Brand Risk) Hedging strategies (Cost Risk) Supplier Development/Supply Base Monitoring (Capacity Risk) Intellectual Property Management (IP Risk) Product 17th Oct 13 20
    21. 21. Supply Risk Management Road Map H Supply Network Optimization Risk Managed Revenue and Improvements Definition, assessment, advanced prediction, advanced (multi-tier) network monitoring and advanced (multi-tier) network redesign improvement actions. Supply Network Expansion Definition, assessment, advanced prediction, network monitoring and network redesign - improvement actions. Multiple Category Expansion Definition, assessment, basic prediction and category and cross category redesign - improvement actions. Single Category- Pilot Definition, assessment, basic prediction and key supplier focused redesign improvement actions. L L 17th Oct 13 No. of Suppliers under SRM H 21
    23. 23. Terminology • • • • • Threat Vulnerability Accident Risk Consequences The goal is not to be understood. It is to not be misunderstood. 17th Oct 13 23
    24. 24. Threat – Hazard - Danger • A condition that is a prerequisite to a mishap, accident, or emergency May be INTERNAL or EXTERNAL 17th Oct 13 24
    25. 25. Threat Classification • Natural Hazards • Anthropogenic (man-caused) Threats • Technological or Accidental Threats From Avoiding Disaster, ©2002, John Laye, FBCI Publisher: John Wiley & Sons, Hoboken, NJ, USA 17th Oct 13 25
    26. 26. Threat – Fear/Terrorism Perpetrators must have: INTENT + CAPABILITY Measurable? Uncertainty  Fear  Risk (Real or Perceived) 17th Oct 13 26
    27. 27. Vulnerability • A characteristic of a system that allows a threat event to materialize Always INTERNAL And Always in RELATION to a threat 17th Oct 13 27
    28. 28. Accident - Emergency • • • • A function of vulnerability Relates to Cause 1st significant deviation from the norm Reactive Risk Assessment 17th Oct 13 28
    29. 29. Anatomy of an Incident Hazard Event Controlled Conditions Deviation Impact Parameter Excursion Initiating Action Mishap Consequence UncontrolledCond ition Adapted from Department of Energy Handbook, 1100-96 17th Oct 13 29
    30. 30. Complex Systems • Failure in one part (by any threat) may coincide or induce failure in an entirely different part  unforeseeable combination resulting in cascading failures. • Cascading failures can accelerate out of control. • Potentially limitless combinations in complex systems. • Accidents are inevitable  “normal” 17th Oct 13 30
    31. 31. Risk • Future Effect • Combination of Severity and Likelihood • Undesirable (Insurance Co. view) 17th Oct 13 31
    32. 32. How do we assess? • 3 steps to the Assessment process – Identification • What might go wrong? • Must clearly define the risk in question – Analysis • What is the likelihood? • How bad would it be? – Evaluation • What are the levels of risk criteria? • Defined in advance 17th Oct 13 32
    33. 33. Risk Assessment • A systematic process for organizing information to support a risk decision that is made within a risk management process. The process consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards. 17th Oct 13 33
    34. 34. Risk Control • Risk control includes decision making to reduce and/or accept risks. – The purpose of risk control is to reduce the risk to an acceptable level. – The amount of effort used for risk control should be proportional to the significance of the risk. – The user shall use different processes for understanding the optimal level of risk control including cost-benefit analysis. 17th Oct 13 34
    35. 35. Risk Reduction • By the implementation of risk reduction measures, – new risks may be introduced into the system – the significance of other existing risks might be increased. – Hence, it might be appropriate to revisit the risk assessment to identify and evaluate any possible change in risk. 17th Oct 13 35
    36. 36. Risk Acceptance • Risk acceptance is a decision to accept risk. – Risk acceptance can be a formal decision to accept the residual risk or it can be a passive decision in which residual risks are not specified. – This acceptable level will depend on many parameters and should be decided on a case-by-case basis. 17th Oct 13 36
    37. 37. Risk Review • The results of the risk management process shall be reviewed to take into account new knowledge and experience. • Once a risk management process has been initiated, that process should continue to be utilized for events that might impact the original risk management decision whether these are planned E.g., results of product review, inspections, audits, change control) or unplanned (e.g., root cause from failure investigations, recall). • Risk management shall be an ongoing quality management process and a mechanism to perform periodic review of events shall be implemented. The frequency of the review should be based upon the level of risk. Risk review might include reconsideration of risk acceptance decisions 17th Oct 13 37
    38. 38. Tools and Techniques for Risk Review • Ishikawa Model • SCOR model • Failure Mode Effects Analysis (FMEA) 17th Oct 13 38
    39. 39. Failure Mode Effects Analysis (FMEA) • FMEA is a prevention tool used to assess, manage, and reduce risk associated with failure or potential failure of products, processes, services, and other systems. • A quantitative characterization of failures is then undertaken • This is comprised of the assignment of probabilities to three factors - the likelihood of occurrence, the likelihood of detection of failures and the severity of a failure. • As part of this assessment each characteristic is assigned a value. These values are then multiplied with the resultant risk priority number (RPN). 17th Oct 13 39
    40. 40. Occurrence RANKING 1 2 3 4 5 17th Oct 13 CRITERA Remote probability of failure. One occurrence every one to three years or one occurrence in one million events. Low probability of failure. One occurrence every six months to one year or one occurrence in 10000 events Moderate probability of failure. One occurrence every three months or three occurrences in 1000 events High probability of failure. One occurrence per week or a probability of 5 occurrences in 100 events Very High probability of failure 40
    41. 41. Severity • Severity (S) refers to an assessment of the seriousness of a failure as it affects the end user. • A higher severity rating may be assigned to process steps that involved manual operations or interventions as compared to done by automatic machine The higher rating is necessary because of quality failure or introduction of contamination during these steps will result in a higher risk to the product safety and the end-user. 17th Oct 13 41
    42. 42. Severity RANKING CRITERA 1 Product quality is not affected 2 Very Low severity. A lesser deviation from the requirements which calls for moderate action (i.e. higher frequency of tests of the final products, additional tests, etc.) 3 Low severity. A deviation from the requirements which calls for strong action (i.e. quarantining of a batch, product recall, OOS-Situation etc.) 4 High severity. Affect to the patient in some way. 5 Very High severity. Threat to the life of patient 17th Oct 13 42
    43. 43. Detection • Detection (D) refers to the ability to detect the failure mode for contamination risk prior to the customer receiving the finished product. • The rating scale for determining the detection level is shown in Table 17th Oct 13 43
    44. 44. Detection RANKING CRITERA 1 Assured detection of failure mode. The defect is obvious or there is 100% automatic inspection with regular calibration and preventive maintenance of the inspection equipment 2 Chances of Detection are high. An effective Statistical Process Control (SPC) program is in place 3 Detection possibility is moderate. Some SPC is used in process and the product is final inspected off-line 4 Difficult to detect .Product or failure is accepted on the basis of no defectives in a sample 5 The failure is not inspected or the failure is not detectable 17th Oct 13 44
    45. 45. Risk Score Risk Priority Number = O x S x D Where O= Occurrence S = Severity D= Detection Risk priority number evaluates the overall risk. Helps to identify focus area to help improve overall system reliability 17th Oct 13 45
    46. 46. Steps of FMEA • • • • • • • • • • Step 1: Review of the process (Process mapping) Step 2: Determine failure mode Step 3: Determine potential risk of the failure modes Step 4: Evaluate severity of the risks (S) Step 5: Evaluate probability of the failure modes (P) Step 6: Evaluate the detection of the failure modes and/or risks (D) Step 7: Calculate Risk Priority Numbers (RPN) Step 8: Prioritize the failure modes need to be mitigated Step 9: Decide elimination and/ or avoidance of the failure modes Step 10: Re-calculate the RPNs after mitigation 17th Oct 13 46
    47. 47. Risk Matrix Probability High Medium High Medium Low Severity Risk Class ONE Risk Class TWO Risk Class THREE Low 17th Oct 13 47
    48. 48. Risk Matrix High Medium Low Detection HIGH priority Risk Classification MEDIUM priority 17th Oct 13 ONE LOW priority TWO THREE 48
    49. 49. Risk evaluation - Risk Severity / Probability Classification X1 X4 X4 X5 X5 4. Probable Probability Classification 5. Frequent X1 X3 X4 X4 X5 3. Occasional X1 X2 X3 X4 X4 2. Remote X1 X2 X2 X3 X4 1. Improbable X1 X1 X1 X1 X1 RATING 1 - None 2 - Negligible 3 - Marginal 4 - Critical 5 - Catastrophic Risk Severity 17th Oct 13 49
    50. 50. Risk Severity+Probability Vs Detection X1 X4 X4 X5 X5 X4 X1 X3 X4 X4 X5 X3 X1 X2 X3 X4 X4 X2 X1 X2 X2 X3 X4 X1 X1 X1 X1 X1 X1 RATING Risk Severity + Probability X5 1 - Assured 2 - High 3 - Moderate 4 - Difficult 5 - Not detectable Detection 17th Oct 13 50
    51. 51. Risk Management – Action plan Level of Risk Category Action X1 No action reqd. X2 Training X3 Cost effective / selective controls X4 Control irrespective of cost involved X5 Immediate change of process design/ Control required No risk Small risk Moderate Risk Unacceptable Risk Severe 17th Oct 13 51
    52. 52. Risk Assessment - Warehouse Reference Risk Occurrence Severity Detection O S D Risk priority Number OxSxD Category 1.1 Receipt of Wrong material 1 5 1 5 X1 1.2 Receipt of damaged packs or containers 2 4 1 8 X3 1.3 Receipt of Hazardous material 1 1 1 1 X1 1.4 Receipt of container without Label 1 5 1 5 X1 2.1 Wrong material sampled. 1 5 1 5 X1 2.2 Sampling from damaged packs or containers 2 4 1 8 X3 2.3 Contamination of materials during sampling 1 5 1 5 X1 2.4 Sampling from Hazardous material 1 1 1 1 X1 17th Oct 13 52
    53. 53. Check List • • • • • • How can each part possibly fail ? What mechanisms might produce these modes of failure? What could the effects be if these failures did occur ? Is the failure in the safe or unsafe direction ? How is the failure detected ? What inherent provisions are provided in the design to compensate for the failure? 17th Oct 13 53
    54. 54. Any Questions? 17th Oct 13 54
    55. 55. Thank You Megha Thakkar, PMP ® Email: LinkedIn Profile: 55