The challenge of ensuring secure clinics and hospitals for patients and staff
SAPICS 2016 DSchoeman Ver2.3 Final lin
1. @scguydan
Concert Interrupted? – An agenda
for the chief supply chain officer to
develop countermeasures for
supply chain risks and disruptions
Danie Schoeman
4. @scguydan
At a hefty price tag
$56 billion+
2015
2014
2013
>$300 billion
$57 billion
BSI Global Intelligence Reports
0
20
40
60
80
100
120
140
160
CostinUS$billion
33
93
23
5. @scguydan
“In one industry after another, supply chains have been stretched farther than they
have ever been stretched in the past [with] few [that] have much experience
managing supply risks across oceans and continents.” 5
1. BCI Supply Chain Resilience Survey 2014; 2. World Economic Forum Study 2012, Insurance News; 3. UPS Capital: Managing Risk in the Global Supply Chain 2014; 4. Deloitte 2012 Risk
Management Report; 5. Ruud Bosman (2006) - The New Supply Chain Challenge: Risk Management in a Global Economy, Factor Mutual Insurance
90%
We coulda, woulda, shoulda
of respondents report at
least one instance of supply
chain disruption1
of companies DO NOT assess
value and supply chain risk
continuously4
of firms DO NOT quantify
risk when outsourcing
production3
of industry experts surveyed
believe that supply chain
and transport risk
management are greater
priorities in their companies
today than 5 years ago2
81% 79%
90%
have risk managers in their
firms, either in legal or
compliance, but virtually all
of those internal functions
ignores supply chain risk3
DO NOT have full visibility of
their supply chains1
66%
74%
6. @scguydan
The C-Suite is in the hot seat …
CEO, 26%
CFO /
Treasurer,
23%
CRO / Head of
Risk, 19%
Risk Committee
(company level),
15%
Legal /
Compliance, 14%
COO or CAO, 2% Other, 2%
Primary responsibility for risk management
Risk management is now a C-Suite issue, but “45% of executives lacks confidence in
their supply chain risk management programmes.”
Deloitte - Aftershock: Adjusting to the new world of risk management, 2012
7. @scguydan
…yet commitment is low
34.2%
28.6%
40.8%
38.0%
21.1%
28.6%
1.3% 3.3%
2013 2014
Chart Title
None
Low
Medium
High
BCI Supply Chain Resilience Survey 2014
How would you assess the current commitment
(attention and priority) of Top Management in your
organization to managing supply chain risk
proactively?, % of respondents
8. @scguydan
…and immaturity persists
Supply chain risk management remains a relatively immature discipline with only a
minority of companies (9%) fully prepared to address potential challenges from
supply chain disruptions in increasingly complex environments.
• No risk governance structure
• Poor visibility into sources of
supply chain risk and suppliers’
operations
• Limited analysis of potential
threats
• No prior anticipation of
positioning or response
mechanisms
• Risk management processes
are documented and
integrated internally
• Basic threats and vulnerabilities
are analysed
• Scenarios concerning the base
integrated plan are conducted
to position inventory and
capacity buffers
• Postponement product design
principles are explored to
respond to changing demand
• Minimal visibility of changes/
patterns outside the company
• Formal quantitative
methodologies for risk
management
• Collaboration across the supply
chain
• High levels of information
sharing and visibility
• Sensors and predictors used to
proactively position response
mechanisms
• Products and processes
rationalised to reduce
complexity
• Monitoring of resilience levels
among suppliers
• Business continuity plans are
created
• Risk governance is formal but
flexible
• Full alignment between supply
chain partners
• Supply chain is segmented to
match customer value
propositions
• Risk sensors and predictors
supported by real-time
monitoring and analytics
• Supplier segmentation to
identify key risks
• Risk strategies are segmented
according to supplier profiles
and product/ market
characteristics
Level 1
Ad hoc
Level 3
Proactive
Level 2
Integrated
Level 4
Flexible
9%32%42%17%
Less mature More mature
PwC and the MIT Forum for Supply Chain Innovation - Making the right risk decisions to strengthen operations performance, 2013
9. @scguydan
Consequences of supply chain
disruptions are far reaching …
BCI Supply Chain Resilience Survey 2014
5%
7%
7%
7%
18%
18%
24%
27%
34%
35%
38%
41%
45%
48%
59%
Share price fall
Product recall/withdrawal
Regulatory fines for non-compliance
Payment of service credits
Increase in regulatory scrutiny
Loss of regular customers
Product release delay
Stakeholder/shareholder concern
Delayed cash flows
Damage to brand reputation/image
Service outcome impaired
Customer complaints received
Loss of revenue
Increased cost of working
Loss of productivity
11. The world is still not flat, but …
@scguydan
#SAPICS2016
38th Annual Conference & Exhibition
12. @scguydan
The road to globalisation – and
greater risk …
“One of the very trends that has increased supply chain risk – globalisation – also
provides opportunities to manage risk.”
2014 DHL Global Connectedness Index; R Bosman - The New Supply Chain Challenge: Risk Management in a Global Economy, FM Global 2006
13. @scguydan
… increasing complexity
Adapted from G. Linden, K.L. Kraemer, and J. Dedrick (2009), “Who Captures Value in a Global Innovation Network? The Case of Apple’s iPod”, Communications of the ACM, March 2009, Vol.
52, No. 3, pp. 140-144; World Economic Forum Global Risks 2015.
$80
$75
$85
$19
$27
$7
$5
$1
$40
Apple (Margin) Distribution and Retail Major Components
Other Inputs Japan (Margin) USA (Margin)
Taiwan (Margin) Korea (Margin)$80
$75
$85
$19
$27
$7
$5
$1
$40
14. @scguydan
Evolving supply chains to minimise
cost …
of companies had re-
structured their distribution
network in the last year.
of the cases the distribution
re-structuring had involved
relocating distribution centres
to a lower cost country.
More Fewer
National DCs 49.5% 50.5%
Regional DCs 58.5% 41.5%
Global DCs 52.8% 47.2%
of respondents cited the
main reasons for the
distribution re-structuring
were predominantly related
to cost.
indicated that they were
establishing more regional
(multi-country) distribution
hubs.
75% 20%
50%
58%
How has the structure of your
distribution network changed?
European supply chains are evolving to become more product- and/or channel-
specific enabling them to adapt to different customer and product service level
requirements.
Transport Intelligence - Global Distribution Strategies Survey, 2008
15. @scguydan
… causing complexity and fragility
PwC and the MIT Forum for Supply Chain Innovation - Making the right risk decisions to strengthen operations performance, 2013
38%
74%
80%
87%
94%
95%
The relationships between
supply chain entities have
become less transparent
The number of entities in the
supply chain has increased
Products and services have
become less standard
New product introductions
have been more frequent
Changes in the extended
supply chain network occur
more frequently
Dependencies between
supply chain entities* have
increased
Chart Title
Evolution of supply chain complexity over the
past three years
*suppliers, partners, customers Strongly Agree / Agree
16. @scguydan
…with the cost efficiency chasers
losing
Difference in performance resilience measured by percentage of companies that suffered a 3% or higher
impact on their performance indicators as a result of supply chain disruptions in the past twelve months
-6%-5%-6% -21% -8% -14% -26% -24% -32%-33%
PwC and the MIT Forum for Supply Chain Innovation - Making the right risk decisions to strengthen operations performance, 2013
46% 47%
36%
53%
71%
64% 67%
73%
80%
73%
13%
41%
31%
47% 50%
56% 53%
47%
56%
41%
Market value Sales revenueMarket-share Total supply
chain cost
Supply chain
asset
utilisation
Inventory
turns
Customer
service level
Total supply
chain lead
time
Total supply
chain lead
time
variability
Order
fulfilment
lead time
Mature (Level III—Level IV) cost efficient companies Mature (Level III—Level IV) flexible response companies
17. @scguydan
Risk visibility in sub-tiers is lacking
17%
36%
79%
90%
78%
31% 31%
Indirect
suppliers
Indirect
suppliers
Direct suppliers Internal plants
& operations
Direct
customers
Indirect
customers
Indirect
customers
Tier-3 +
supplier
Retailer
End
customer
Whole-
saler
Whole-
saler
Retailer
Retailer
End
customer
End
customer
End
customer
Tier-2
supplier
Tier-1
supplier
Tier-3 +
supplier
Tier-3 +
supplier
Tier-3 +
supplier
Tier-2
supplier
Tier-2
supplier
Tier-1
supplier
OEM
SCMWorld - Innovative Approaches to Supply Chain Risk, 2014
Risk visibility across the value chain
18. @scguydan
…making it the biggest challenge in
moving goods
Transport Intelligence - Supply Chain Risk & Visibility in the Movement of Goods, 2014
3.5%
3.9%
7.7%
8.2%
8.7%
11.0%
13.2%
13.9%
14.4%
15.5%
Meeting the demands of Omni-
channel
Environmental programmes /
CO2 reductions
Complexity of handling
multimodal transportation
Schedule compliance
Speed
Competition
Delivering to schedule
Rising costs
Transport reliability
Supply chain visibility
Chart Title
The key challenges faced in moving goods,
% of respondents
19. Anatomy of a supply chain
disruption
@scguydan
#SAPICS2016
38th Annual Conference & Exhibition
20. @scguydan
What happens with a supply chain
disruption
BusinessPerformanceIndicator
Time
Stable situation/
Business-as-usual
Y Sheffi - The Resilient Enterprise - Overcoming Vulnerability for Competitive Advantage, 2005; B Asbjørnslett - Assessing the vulnerability of supply chains, 2008; David Simchi-Levi - A New
Approach to Manage Supply Chain Risk, HBR, 2015
Disruptive
event
Time of
full impact
First
response
Preparation
for recovery
Recovery
Initial
impact
New stable
situation /
Business-as-usual
Time to Recovery (TTR)
Performance
Impact
(PI)
21. @scguydan
… with the actual residual effect
BusinessPerformanceIndicator
Time
Stable situation/
Business-as-usual
Y Sheffi - The Resilient Enterprise - Overcoming Vulnerability for Competitive Advantage, 2005; B Asbjørnslett - Assessing the vulnerability of supply chains, 2008; David Simchi-Levi - A New
Approach to Manage Supply Chain Risk, HBR, 2015
Disruptive
event
Time of
full impact
First
response
Preparation
for recovery
Recovery
Initial
impact New stable
situation /
Business-as-usual
Long-term
impact
Time to Recovery (TTR)
Performance
Impact
(PI)
22. @scguydan
Having a significant impact on
business and financial performance
68%
72%
65%
64%
67%
66%
69%
40%
54%
35%
Order fulfilment lead time
Total supply chain lead time
variability
Total supply chain lead time
Customer service level
Inventory turns
Supply chain asset utilisation
Total supply chain cost
Market-share
Sales revenue
Market value
Chart Title
Percentage of companies that suffered a 3% or higher
negative impact on their performance indicators as a
result of supply chain disruptions in the past twelve
months
PwC and the MIT Forum for Supply Chain Innovation - Making the right risk decisions to strengthen operations performance, 2013
23. @scguydan
Disruptions can happen anywhere in
the supply chain network
“A collapse in one part of the network can have a magnifying effect on every part of
the network. These interrelationships are either not well understood or are ignored
by most companies.” - David Simchi-Levi, professor MIT
Tier 2+ Tier 1 CustomersDistribution Assembly
LTL
FTL
24. @scguydan
With sources of supply chain risks
far beyond the company
Macro environment risks
Have potential effects across the entire supply chain
Exist among enabling functions that support supply chain processes
Functional risks
Human resources Information technology LegalFinance
Economic
Environmental/
Social responsibility
Infrastructure/
Resources
Geopolitical Hazards SecurityRegulatory
Supply Demand
Tier N Tier 1 End usersDistributors3rd party services
Operational risks
DeliverDevelop Plan Source Make Return
Relate to internal process risks
Extended value chain risks
Originate in upstream and downstream supply chain partners
The risks to supply chains today are numerous and constantly evolving, and
emanate both from within and outside of the company.
Deloitte - Supply Chain Resilience: A Risk Intelligent approach to managing global supply chains, 2012
25. From the risk observatory
@scguydan
#SAPICS2016
38th Annual Conference & Exhibition
26. @scguydan
Categorising sources of disruption
to define strategies
Business continuity
• Natural disasters
• Man-made disruptions
• Supplier redundancy &
contingency
Security
• Cargo disruption
• Cargo theft
• Hijacking exposure
• Unmanifested cargo
• Information/cyber
attacks
• Sea piracy
• Supply chain terrorism
• Anti-western terrorism
Brand protection
• Facility traceability
(forced & child labour)
• Compliance to social &
human rights
• Compliance to
environmental, health &
safety
• Counterfeiting
• Intellectual property
violations
Geopolitical
• Political stability
• Economic & financial
stability
• Corruption
• Crime & government
effectiveness
• Employee screening
practices
27. @scguydan
Major causes of supply chain
disruption
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Energy scarcity
Lack of credit (cost, availability)
Currency exchange rate volatility
New laws or regulations
Loss of talent/skills
Environmental incident
Intellectual Property violation
Product quality incident
Health & Safety incident
Act of terrorism
Fire
Business ethics incident
Data breach
Cyber attack
Transport network disruption
Unplanned IT/telecoms outage
Animal disease
Earthquake/tsunami
Insolvency (in the supply chain)
Human illness
Civil unrest/conflict
Industrial dispute
Outsourcer service failure
Adverse weather
High Impact Some Impact Low Impact
Security risks
Business continuity risks
Brand protection risks
Geopolitical risks
29. @scguydan
Natural disasters have become more
pervasive …
EM-DAT: The CRED/OFDA International Disaster Database, 2016
0
100
200
300
400
500
600
1900
1907
1914
1921
1928
1935
1942
1949
1956
1963
1970
1977
1984
1991
1998
2005
2012
TitleNatural disasters reported 1900-2015
30. @scguydan
…at a very high price
Munich Re, NatCatSERVICE, 2016
760
8 000
18 500
16 000
15 300
29 500
300
3 000
60 500
40 000
28 000
30 000
38 000
43 000
44 000
68 500
85 000
100 000
125 000
210 000
Japan - Earthquake (2004)
Chile - Earthquake, tsunami (2010)
Caribbean / USA - Hurricane Ike (2008)
Thailand - Floods, landslides (2011)
United States - Earthquake (1994)
Caribbean / N.A. - Hurricane Sandy (2012)
China - Earthquake (2008)
Japan - Earthquake (1995)
United States - Hurricane Katrina (2005)
Japan - Earthquake, tsunami (2011)
Losses in US$ million original values
Overall value Insured value
0
0
0
0
0
0
0
0
0
0
46
520
170
813
61
210
84 000
6 430
1 720
15 880
Fatalities
Fatalities Dummy
31. @scguydan
Old reliable have come under man-
made disruptions
Heavy manufacturing
(steel, machinery, etc.)
25%
Electronics
17%
Garment
and Textiles
17%
Consumer Goods
and Retail
11%
Food
7%
Footwear
6%
Automotive
5%
Pharmaceutical
2%
Other
10%
Chart TitleStrikes by Industry in China, 2015
Labour unrest in China grows with factory strikes increasing by 58.3 percent in 2015,
as factory owners struggled to pay workers due to a slumping economy, leading to
protests and walk-offs.
BSI - Business Continuity Risk Index, 2016
32. @scguydan
And even increasingly popular
destinations are succumbing
34
121
147
108
118
2011 2012 2013 2014 2015
StrikesGarment Sector Strikes in Cambodia, 2011-2015
Historically wages have been a major cause of strikes in Cambodia, but workers in
recent strikes have also cited more specific grievances such as the cost of living,
labour contracts, and working conditions.
BSI - Business Continuity Risk Index, 2016; Photo: Luc Forsyth
34. @scguydan
Supply chain partner failure is the
major supply chain network problem
3%
5%
13%
10%
13%
13%
24%
19%
8%
12%
9%
13%
14%
14%
13%
19%
Downstream logistics
partners
Indirect customers
Upstream logistics partners
Company-owned support
functions
Direct customers
Tier 2 suppliers
Tier 1 (direct) suppliers or
third parties
Company-owned supply chain
operations
Chart Title
Ranked #1 Ranked #2
Locations in the supply chain of the most costly
outcomes of risk events over last three years
38%
37%
27%
22%
17%
27%
23%
11%
Deloitte - The Ripple Effect - How manufacturing and retail executives view the growing challenge of supply chain risk, 2013
The most costly disruptions are caused by own supply chain, then failure at Tier 1
and Tier 2 suppliers. According to BCI respondents, 11.5% of disruptions are caused
by suppliers at Tier 3 and lower. 3PLs are the third highest reason for failure.
36. @scguydan
34%
35%
41%
44%
53%
68%
90%
Conveyances not inspected
Failure to screen business
partners
Containers, trailers, pallets,
etc. not secured/properly
inspected prior to loading
Lack of seal procedures
Inadequate transportation
monitoring
Security procedures not
followed (lack of checks,
balances, accountability)
Involved “trucks” as the mode
of transportation for
breached cargo
Major factors contributing to cargo
breaches
C-TPAT Program Study June 2009
37. @scguydan
Global cargo theft risk levels
FreightWatch International
Risk level of
cargo theft
Highest level
Lowest level
38. @scguydan
Cargo theft in South Africa
Crime Stats SA - Crime Stats Simplified
Robbery: non-residential
Number of incidents
2014 2015
18 476 19 170
3.8%
39. @scguydan
Hijacking exposure in South Africa
Truckjacking
Number of incidents
2014 2015
989 1 279
29.3%
Crime Stats SA - Crime Stats Simplified
41. @scguydan
Home
Chore automation
and security
$200B−350B
…and the Internet of Things (IoT)
brings huge opportunity …
Human
Health and
fitness
$170B−1.6T
Offices
Security and
energy
$70B−150B
Factories
Operations and
equipment optimization
$1.2T−3.7T
Vehicles
Autonomous vehicles and
condition-based maintenance
$210B−740B
Outside
Logistics and navigation
$560B−850B
Cities
Public health
and transportation
$930B−1.7T
Worksites
Operations optimization/
health and safety
$160B−930B
Retail environments
Automated checkout
$410B−1.2T
Enable new business
models
For example, remote
monitoring enables anything-
as-a-service
Transform business
processes
Predictive maintenance, better
asset utilization, higher
productivity
Types of opportunities
9 settings
gave us a cross-sector view of
a total potential impact of
$3.9 trillion–11.1 trillion
per year in 2025
McKinsey Global Institute (MGI): The internet of things: mapping the value beyond the hype, 2015
42. @scguydan
0.1%
0.7%
0.8%
3.9%
4.1%
15.3%
20.6%
25.1%
29.4%
Payment card skimmers
Point of sale intrusions
Cyber espionage
Denial of service attacks
Web app attacks
Physical theft and loss
Insider and privilege…
Crime ware
Miscellaneous errors
… but it also creates great peril
Almost all cyber attacks can be
classified by 9 patterns
Verizon 2015 Data Breach Investigations Report
43. @scguydan
Typical cyber attack incidents for
transport & logistics
24% 16% 16%Transportation
Cyber-espionage Insider and privilege misuse Web app attacks
WEB APP ATTACKS
When attackers use stolen
credentials or exploit
vulnerabilities in web
applications — such as content
management systems (CMS) or
e-commerce platforms.
INSIDER AND PRIVILEGE MISUSE
This is mainly by insider’s misuse,
but outsiders (due to collusion)
and partners (because they are
granted privileges) show up as
well. Potential culprits come from
every level of the business, from
the frontline to the boardroom.
CYBER-ESPIONAGE
When state-affiliated actors
breach an organization, often via
targeted phishing attacks, and
after intellectual property.
Verizon 2015 Data Breach Investigations Report
72%
ON AVERAGE of the incidents in an industry can be described by just
three of the nine patterns.
44. @scguydan
Cyber attacks are physical
Verizon 2014 & 2015 Data Breach Investigations Report
of insider and
privilege misuse
attacks used the
corporate LAN.
of theft / loss
happened at work.
of miscellaneous
errors involved
printed documents.
49%
85%
55%
A significant amount of cyber attacks are actually through physical means and can
be mitigated through physical security systems.
45. @scguydan
Look inside your company for cyber
attack origins
31%
29%
16%
13%
12%
22%
12%
13%
23%
7%
5%
24%
35%
30%
18%
15%
13%
24%
15%
16%
24%
7%
6%
18%
Unknown
Domestic intelligence service
Foreign nation-states
Competitors
Activists / activist organisations / hacktivist
Organised crime
Hackers
Suppliers / business partners
Former service providers / consultants / contractors
Current service providers / consultants / contractors
Former employees
Current employees
Likely sources of incidents
All industries in all regions Transportation & Logistics
PWC Global State of Information Security Survey 2015
46. @scguydan
…making screening and vetting
business critical
PWC Global State of Information Security Survey 2015
47%
48%
55%
54%
52%
57%
58%
69%
51%
54%
55%
56%
56%
59%
60%
73%
Accurate inventory of where personal data for employees and
customers are collected, transmitted and stored
Employee Chief Information Security Officer in charge of
security
Information security strategy that is aligned to the specific
needs of the business
Employee security awareness training programme
Secure access-control measures
Priviledged user access
Conduct personnel background checks
Require 3rd parties to comply with our privacy policies
Security safeguards in place
All industries in all regions Transportation & Logistics
49. @scguydan
Countries effected by terrorism
disruptions
Institute for Economics and Peace , 2015
The impact
of terrorism
Highest impact
of terrorism
Lowest impact
of terrorism
51. @scguydan
7%
10%
17%
19%
15%
32%
10%
11%
15%
17%
25%
22%
Social responsibility failure
Regulatory non-compliance
and/or worker-safety failure
Product quality failure
Physical product flow
disruption
Sudden demand change
Margin erosion
Chart Title
Ranked#1 Ranked#2
Brand reputation is the most costly
outcome of disruption ….
34%
19%
15%
32%
36%
17%
25%
22%
Brand reputation damage
Physical product flow
disruption
Sudden demand change
Margin erosion
Chart Title
Ranked#1 Ranked#2
Most costly outcomes of risk events in the
supply chain
Most costly outcomes of risk events in the
supply chain
54%
40%
32%
17%
36%
21%
54%
40%
70%
36%
52. @scguydan
Wearing human rights is cheap
0.18 0.27 1.15
1.2 2.19
3.4
3.61
4.63
12.37
29
Sellingprice
Paytogarmentworker
Overheadcost
ProfitfactoryBangladesh
Intermediary
Transportcost
Materialcost
Brandprofit
Valueaddedtax
Retail*
Share in Euro:
Share in %: 42.616.00.6100 0.9 4.0 4.1 7.6 11.7 12.5
Share of value – T-shirt from
Bangladesh sold in Germany
*Includes all costs at a
retail level including staff,
rent, store profit, etc.
WEF: Beyond Supply Chains, Empowering Responsible Value Chains, 2015
53. @scguydan
Bitter aftertaste of child labour in the
cocoa supply chain
• Small, family farms (>750 000)
• Independent operation
• Few cooperatives (<2% of crop)
• Privately-funded operators
• Pisteurs, Traitants
• Fewer quality linkages
• Various participants, including
international companies
• Includes semi-finished goods
• Beans, small family farm
products into global market
• Further manufacturing of
products
• Retail outlets, restaurants,
small businesses
• Final customer
Global Market
Manufacturers
Farmers
Collectors
Transporters
Processors
Exporters
Customers
Consumers
Other Beans
Cocoa Supply Chain - Côte d'Ivoire
Center for Reflection, Education and Action (CREA)
54. @scguydan
Counterfeiting - a global $600 billion
epidemic
Czech Republic Turkey
Nigeria
Nigeria loses N200
billion annually to sales
and circulation of
adulterated lubricants
Saudi Arabia
50% of deaths in
automobile accidents
caused by counterfeit parts
Philippines
Korea
France Georgia
USA
Brazil
Paraguay
Counterfeiting costs US
businesses between
$200 and $250 billion
dollars annually
One of the main
sources of counterfeit
agro-chemicals
Alcoholic drink counterfeiting
widely reported in Paraguay
Sub-standard wines found in
premium brand bottles
30 people died in 2012
from consuming
counterfeit Rum
containing methanol
Pakistan
Authorities
fighting
counterfeit
motor-oil supply
High volume producer
of counterfeit bags
and other fashion
items
China
High volume producer of counterfeit
branded clothing and leather goods
One of the main sources globally
of counterfeit cosmetics
• 400 billion counterfeit
cigarettes produced every
year
• Counterfeit baby food
found in original
packaging
India
One of the main
contributors to
global counterfeit
medicines epidemic
Increasing problems
with counterfeit soft
drink production
HH Global - Brand Protection & Anti-Counterfeiting
56. @scguydan
Countries effected by disruptions
due to political instability
World Bank, 2015
Level of
political stability
Politically
most stable
Politically
least stable
62. @scguydan
A systematic approach to supply
chain risk is required
Identify Quantify
MitigateRespond
What types of risk are we
exposed to and where are
they in our supply chain?
What financial impact could
these risks have on our sales
and profitability?
How quickly can we recover
from a disruptive event and
return to normal operations?
What strategies/tactics do we
have in place to minimise the
disruption to our business?
Supply Chain
Risk
Effective supply chain risk management is not a static exercise or a linear process. It
requires constant monitoring, ongoing assessment and the periodic re-evaluation of
contingency plans, whether or not they have actually been implemented.
SCMWorld - Innovative Approaches to Supply Chain Risk, 2014
63. @scguydan
Identifying and assessing risk
19%
25%
38%
40%
42%
47%
48%
54%
58%
61%
72%
Social media monitoring
Business impact surveys
Real-time data
monitoring/analytics
Segmentation of suppliers /
customer value propositions
Intuition or management
insight
Third-party
research/intelligence
Scenario planning/business
simulations
Risk mapping
Regular/open dialogue with
customers
Analysis of historical data
Regular/open dialogue with
suppliers
Chart Title
SCMWorld - Innovative Approaches to Supply Chain Risk, 2014
Methods used to identify risk exposure
% of respondents
64. @scguydan
Data driven … a stark contrast to the
normal intuition-based approach
The power of predictive
analytics
Visual mapping and social
media
Innovators in supply chain risk use these tools and techniques within an enterprise-
wide “culture of data driven decision making” that informs and shapes their risk
mitigation strategies. When you are dealing with complex networks that have
evolved over time, intuition can be misleading and take you in completely the wrong
direction.” - David Simchi-Levi professor MIT
SCMWorld - Innovative Approaches to Supply Chain Risk, 2014
65. @scguydan
Tools of the risk trade …
29%
32%
35%
36%
42%
42%
44%
45%
Business simulation
Worst-case scenario
modelling
Risk sensing data
Predictive modelling
Risk intelligence data
Supply chain
mapping/visualization
Supply chain operational
modelling
Financial risk modelling
Chart Title
Types of data/visualization/analytical tools
used to manage risk within the supply chain
Deloitte - The Ripple Effect - How manufacturing and retail executives view the growing challenge of supply chain risk, 2013
66. @scguydan
Identifying and assessing risk -
illustration
Gartner - Case Study: Cisco Addresses Supply Chain Risk Management, 2010
How Cisco mapped the 2011 disaster in Japan
No impact-low risk profile
Significant impact reported-mitigate with higher priority
Some impact reported-monitor and/or mitigate
Capacity disabled or assumed highest risk-mitigate with highest
priority
67. @scguydan
Available supply chain risk solutions
and services
ChainLink Research - Supply Chain Risk Solutions: A Market Overview, 2013
Supply chain
& business
continuity
consultants
Supplier audit
and monitoring
services
Supplier quality
management
Contract, SLA
management
Supplier
performance
management
Hedging
tools and
instruments
Trading partner
/ IT security/
identity
management
Supplier data
subscription
services
Cargo security
Sustainability/
CSR platforms,
product analytics
Supply chain
insurance
Event
monitoring &
alerting
services
Anti-
counterfeiting
solutions
Cold chain
Business
continuity
management
Design
collaboration/
IP protection
Inventory
optimisation,
demand
management
Governance,
risk management
& compliance
Supplier risk and
compliance
Logistics,
visibility, TMS
Traceability,
chain of custody
Supply chain
mapping and
monitoring
68. @scguydan
Natural disasters
Geopolitical risks
Epidemics
Terrorist attacks
Environmental risks
Volatile fuel prices
Rising labour costs
Currency fluctuations
Counterfeit parts and products
Port delays
Market changes
Suppliers’ performance
Forecasting accuracy
Execution problems
Quantifying and prioritising risk
This may work reasonably well in the case of recurring operational risks – the
“controllable” or “known-unknown” risks where historical data is available, but not
for the “uncontrollable” or “unknown-unknown” risks.
Unknown-
Unknown Uncontrollable
Known-
Unknown
Controllable
Likelihoodofoccurrence
Business impact
ModerateMinor Major Critical
Possible
Likely
Highly likely
Unlikely
A typical risk evaluation matrix Sources of supply chain risk
SCMWorld - Innovative Approaches to Supply Chain Risk, 2014; David Simchi-Levi, et al. - Identifying Risks and Mitigating Disruptions in the Automotive Supply Chain (Ford case study)
69. @scguydan
The Risk Exposure Index as an
alternative
BusinessPerformanceIndicator
Time
Stable situation/
Business-as-usual
Y Sheffi - The Resilient Enterprise - Overcoming Vulnerability for Competitive Advantage, 2005; B Asbjørnslett - Assessing the vulnerability of supply chains, 2008; David Simchi-Levi - A New
Approach to Manage Supply Chain Risk, HBR, 2015
Disruptive
event
Time of
full impact
First
response
Preparation
for recovery
Recovery
Initial
impact
New stable
situation /
Business-as-usual
Time to Recovery (TTR)
Performance
Impact
(PI)
The Risk Exposure Index allows companies to understand the dependencies within
their supply chains, estimate hard-dollar impacts and prioritise their risk mitigation
efforts.
70. @scguydan
The Risk Exposure Index illustrated
Time-To-Recover (TTR): The time it takes to recover to full functionality after a disruption
Performance Impact (PI): Impact of a disruption for the duration of TTR on a given
performance measure
Risk Exposure Index (REI): Normalizes the PI by the maximum PI over all disruption scenarios
Tier 2+ Tier 1 CustomersDistribution Assembly
TTR =2 Weeks
PI = $400m
2 Weeks
$300m 2 Weeks
$100m
2 Weeks
$400m
2 Weeks
$2.5bn
1 Week
$100m
2 Weeks
$1.5bn
LTL
FTL
Adapted from David Simchi-Levi, et al. - Identifying Risks and Mitigating Disruptions in the Automotive Supply Chain (Ford case study)
71. @scguydan
The Risk Exposure Index illustrated
Time-To-Recover (TTR): The time it takes to recover to full functionality after a disruption
Performance Impact (PI): Impact of a disruption for the duration of TTR on a given
performance measure
Risk Exposure Index (REI): Normalizes the PI by the maximum PI over all disruption scenarios
Tier 2+ Tier 1 CustomersDistribution Assembly
TTR =2 Weeks
PI = $400m
2 Weeks
$300m 2 Weeks
$100m
2 Weeks
$400m
2 Weeks
$2.5bn
1 Week
$100m
2 Weeks
$1.5bn
LTL
FTL
Adapted from David Simchi-Levi, et al. - Identifying Risks and Mitigating Disruptions in the Automotive Supply Chain (Ford case study)
72. @scguydan
The Risk Exposure Index illustrated
Time-To-Recover (TTR): The time it takes to recover to full functionality after a disruption
Performance Impact (PI): Impact of a disruption for the duration of TTR on a given
performance measure
Risk Exposure Index (REI): Normalizes the PI by the maximum PI over all disruption scenarios
Tier 2+ Tier 1 CustomersDistribution Assembly
TTR =2 Weeks
PI = $400m
2 Weeks
$300m 2 Weeks
$100m
2 Weeks
$400m
2 Weeks
$2.5bn
1 Week
$100m
2 Weeks
$1.5bn
LTL
FTL
Adapted from David Simchi-Levi, et al. - Identifying Risks and Mitigating Disruptions in the Automotive Supply Chain (Ford case study)
73. @scguydan
The Risk Exposure Index illustrated
Time-To-Recover (TTR): The time it takes to recover to full functionality after a disruption
Performance Impact (PI): Impact of a disruption for the duration of TTR on a given
performance measure
Risk Exposure Index (REI): Normalizes the PI by the maximum PI over all disruption scenarios
Tier 2+ Tier 1 CustomersDistribution Assembly
TTR =2 Weeks
REI = 0.16
2 Weeks
0.12 2 Weeks
0.04
2 Weeks
0.16
2 Weeks
1.0
1 Week
0.04
2 Weeks
0.6
LTL
FTL
Adapted from David Simchi-Levi, et al. - Identifying Risks and Mitigating Disruptions in the Automotive Supply Chain (Ford case study)
74. @scguydan
41%
59%
Companies
that do not
segment
their risk
strategy
Companies
that segment
their risk
strategy
Mitigating risk and speeding
recovery
55%
70% 70%
64%
73%
88% 90%
80% 82% 80%
11%
32%
17%
46%
52% 50% 46% 50%
59%
46%
Mature companies that do not segment their risk management strategy
Mature companies that segment their risk management
Mature companies that invest in risk segmentation are more resilient to disruptions
than mature companies that don’t.
-18%-53%-38% -21% -38% -44% -30% -23% -34%-44%
Difference in performance resilience measured by percentage of companies that suffered a 3% or higher
impact on their performance indicators as a result of supply chain disruptions in the past twelve months
PwC and the MIT Forum for Supply Chain Innovation - Making the right risk decisions to strengthen operations performance, 2013
75. @scguydan
Mitigating risk and speeding
recovery – segmentation illustration
• Partnerships
• Risk-sharing contracts
• Track performance
• Share experience
• Business continuity
plans
• Inventory
• Long-term contracts
• Inventory
• Dual sourcing/sites
• Flexibility
• Standard components
• Track performance
Financial impact
Totalspend
High
HighLow
20% of suppliers
80% of spend
Using supplier segmentation to drive
mitigation actions
Mature companies that invest in risk segmentation are more resilient to disruptions
than mature companies that don’t.
David Simchi-Levi
77. @scguydan
43%
55%
56%
60%
70%
Concentrating the CSCO’s priorities
Cost Containment
Supply Chain Visibility
Globalization
Customer Intimacy
Risk Management
IBM - The Smarter Supply Chain of the Future - Insights from the Global Chief Supply Chain Officer Study 2010
78. @scguydan
27%
33%
41%
48%
54%
59%
59%
60%
72%
72%
78%
79%
82%
Other actions
Use postponement or delayed differentiation strategy
Use regional strategy only
Use component substitution strategy
Pursue near-shoring manufacturing strategy
Establish distribution centres in multiple regions
Increase inventory levels and safety stock
Apply forward buying/hedging strategy
Pursue demand collaboration with customers
Pursue (1st and 2nd tier) supplier collaboration
Use both regional and global strategy
Implement dual sourcing strategy
Create and implement a business continuity plan
Chart Title
Risk mitigation strategies
Actions companies take to mitigate supply chain risk
PwC and the MIT Forum for Supply Chain Innovation - Making the right risk decisions to strengthen operations performance, 2013
79. @scguydan
Risk mitigation strategies
9%
10%
12%
15%
15%
15%
18%
19%
19%
21%
23%
24%
Purchasing business interruption insurance
Increasing hedging against currency or commodity volatility
Participating in lobbying efforts to influence legislation
Developing the capability to more rapidly deploy pipeline…
Increasing the ability to protect the brand reputation and…
Creating a more flexible workforce
Enhancing the ability to intelligently collect and react to…
Enhancing the ability to dynamically change product flow
Building the ability to rapidly adapt the supply network
Building the ability to rapidly adapt the production or…
Developing business continuity and risk contingency plans
Building stronger extended value chain relationships
Chart Title
Most effective strategies for preventing and recovering from negative outcomes of supply chain
risk events
Deloitte - The Ripple Effect - How manufacturing and retail executives view the growing challenge of supply chain risk, 2013
80. @scguydan
The main themes
• Proper developed supply chain strategy
considering various trade-offs
• Proactive vertical collaboration in the
extended value chain
• Network visibility and flexibility
• Business continuity planning
81. @scguydan
What happens when business
continuity planning is in place
BusinessPerformanceIndicator
Time
Stable situation/
Business-as-usual
Y Sheffi - The Resilient Enterprise - Overcoming Vulnerability for Competitive Advantage, 2005; B Asbjørnslett - Assessing the vulnerability of supply chains, 2008; Wipro Consulting Services -
Supply Chain Vulnerability in Times of Disaster, 2012; David Simchi-Levi - A New Approach to Manage Supply Chain Risk, HBR, 2015
Disruptive
event
New stable
situation /
Business-as-usual
Time to Recovery (TTR)1
Effect of
visibility
systems
Time to Recovery (TTR)2
Effect of swift
action as per BCP
Preparation
for recovery2
Recovery1
Recovery2
Initial
impact
First
response
Preparation
for recovery1
82. @scguydan
Add some best practices
• Supply chain security efforts such as TAPA, C-TPAT, AEO and
Maritime ISPS
• Business continuity management standards such as ISO
22301:2012, ISO/IEC 27001 information security management and
ISO 28000 2007 supply chain security management standard
• Supply chain security intelligence resources, including trade and
compliance intelligence, global supply chain security risk data and
analysis
• Real-time trade interruption updates and reports on major
disruption incidents
• Country-specific reports on supply chain terrorism, cargo
disruption, business and political climate, population and culture,
economy and trade, transportation infrastructure, general
governance, export control governance, employer security practices,
and customs-trade supply chain security programs
• Thorough vetting of your supply chain and participating firms’
supplier base
84. @scguydan
The CSCO Agenda
• Never say never – it can happen to you
• Know your network – 3 to 4 tiers deep
• Flexibility trumps cost towards resilience
• It’s not a guessing game – its data driven
based on intelligence of specific risks
• Supply chain visibility and supply chain
risk walk hand in hand
• Learn from best practice and others
85. @scguydan
What are the three things you hope
to achieve?
“Demosthenes, the greatest of
Athenian orators, was asked
what the three tests of a great
speech were. “Action, action
and action‟ was his reply.”
James C. Humes
86. @scguydan
Danie Schoeman
+27 82 940 6028
danie@danieschoeman.com
www.danieschoeman.com
There’s more to talk about, so let’s
have coffee …
88. @scguydan
Disclaimer
This document has been prepared by Danie Schoeman and
Company to provide background information on the subjects
mentioned herein, the forecasts, opinions and expectations are
entirely those of Danie Schoeman and Company. This
presentation was prepared with the utmost due care and
consideration for accuracy and factual information; the forecasts,
opinions and expectations are deemed to be fair and
reasonable. However there can be no assurance that future
results or events will be consistent with any such forecasts,
opinions and expectations. Therefore the authors will not incur
any liability for any loss arising from any use of this presentation
or its contents or otherwise arising in connection herewith.
Neither will the sources of information or any other related
parties be held responsible for any form of action that is taken as
a result of the proliferation of this document.