The document discusses understanding and managing risk within complex supply chain projects. It outlines different types of risks that can occur, such as financial, operational, strategic and political risks. It also discusses identifying and evaluating risks through methods like risk mapping, workshops and prioritizing risks based on probability and impact. Finally, it discusses implementing risk processes and governance through tools like risk registers, probability impact grids, stage-gate processes, and defining roles for risk management.

1. Understanding and Managing Risk
within Complex Supply Chain Projects
CILT Supply Chain Network
London, UK
Monday 15th June 2009

2. Duracell and Corus suffer
due to steel conflict
(Source: headlines from national newspapers)

3. Car transporter vessel
sinks after collision
(Source: headlines from national newspapers)

4. Recall of Mercedes ML
Models
(Source: headlines from national newspapers)

5. More takeovers and mergers
in the transport sector
(Source: headlines from national newspapers)

6. Strikes in Austria, France
and Italy
(Source: headlines from national newspapers)

7. Distribution halted by IT
system fault
(Source: headlines from national newspapers)

8. EC requires traceability of
food, feed and ingredients
throughout supply chain
(Source: headlines from national newspapers)

9. Research center studies
terrorism's impact on supply
chain
(Source: headlines from national newspapers)

10. Risk is unavoidable

11. Derek Hill
w
A rro
cy
g en
ntin
Co

18. Life before Logistex…

23. Interesting projects…

30. Risk
Not a ment
M an age
Exp ert

31. Agenda

32. • Understanding different types of risks
• Identifying and evaluating risks
• FKI Logistex risk processes and governance

33. Objective of Risk
Management

34. • Not to remove risk
• To raise awareness and visibility of risks
• To manage risks by mitigation actions to
prevent major impact
• To prepare for contingency

35. Improve the predictability
of a project!

37. Project Predictability
250%
200%
Planned Cost (%)
150%
Project Cost
100%
Project End
50%
0%
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Time (months)
Planned

38. Project Predictability
250%
200%
Planned Cost (%)
150%
Project Cost
100%
Project End
50%
0%
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Time (months)
Planned Risk Managed

39. Project Predictability
250%
Project Cost
200%
Planned Cost (%)
150%
Project End
Project Cost
100%
Project End
50%
0%
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Time (months)
Planned Risk Managed Freestyle

40. 1.
Understanding different
types of risks

41. What Is A Risk?
• A potential event with negative consequences that has not
happened yet
– However a risk could also be defined as the event with unforeseen
positive consequences; an Opportunity
• A possibility of loss — not the loss itself!
– A source of problem during a project
– Avoid labeling the cost of a risk as a risk (e.g. Schedule slippage). Find
the sources!
– Strike at the root of the problem, not the leaves!
• Something that makes the project special
• In the widest sense everything is a risk
• There are better ways of handling recurrent problems!

42. Two Basic Classifications
• Known unknowns
– Things that we know we don’t know
• Unknown unknowns
– Risks that surface despite our best efforts

43. Types of Risk
Financial (e.g. gearing/interest rates, liquidity, foreign exchange,
commodity prices, systemic risks etc)
Credit (e.g. customer default, failure of key partner/supplier)
Operational (e.g. business continuity, service quality)
Strategic (e.g. changes in markets, customers, products, M&A, major
capital investments/projects)
Legislative (e.g. HSE, anti-competitive practices, stock market rules)
Political (e.g. Country risk, civil commotions, nationalisation)
Environment (e.g. natural disasters, pollution, global warming impacts,
diseases/pandemics)
3rd Party (e.g. risks of being let down by partners, key suppliers, outsource
providers etc)

44. Logistex Corporate Risk Register
Business Projects
• M&A • Technology
• Capital expenditures • New roles
• Factory moves/closures • Ill defined specifications
• New product development • Sourcing and supply chain
• Supply chain development • Terms and Conditions
• Organizational restructuring • People
• Corporate Social Responsibility • Organisational
• HSE • Estimation
• Environment
• Currency
• Competencies

45. 2.
Identifying and evaluating risks

46. Context
• Project objectives
• Scope, terms costs conditions, an guarantees
• Schedule, location, and plan of project
• Assumptions
• Interfaces and stakeholders
• Definitions

47. Expectations
GAP
= Difference in expectations
End-User = Increased risk
Provider

49. Influences
External
End-User
Provider
Complexity

52. Project Risk Profile
• Profiling output
determines weight of
Bid Approval and
Project Execution
Process

54. Risk Mapping
• Hold a Risk Workshop for
key members of project,
stakeholder, suppliers etc.
HGIH
• Brainstorm types of risk and
PROBABILITY
categorise in terms of size
MEDIUM
of impact.
• Then assess probability of
occurrence and populate
LOW
Prioritising Risk Matrix
opposite.
LOW MEDIUM HGIH
• Risks should be owned and
tracked. IMPACT

55. NASA's illustration showing high impact risk areas for the International Space Station

56. Method
• Describe the Risks
– Brainstorming potential risks
– Walkthrough of the risk identification checklist

57. Method
• Common language
– Clear and accurate description
– Formulated as an “IF..THEN…” statement
• Example 1
– “The equipment will arrive late and we will incur liquidated
damages.”
• Example 2
– “IF customs requires additional paperwork and this delays
the release of the equipment, which delays the installation,
THEN we will incur liquidated damages.”

59. Method
• Analyze and Prioritize Risks
– Walkthrough risk sheet and estimate the
probability and cost impact of each risk
– Calculate risk rating of each risk (e.g. probability *
impact)
– Concentrate on Key Risks

60. Probability
What Is the Probability the Risk Will Happen?
Level Your Approach and Processes...
1 Not Likely: …will effectively avoid or mitigate this risk based on
standard practices.
2 Low Likelihood: …have usually mitigated this type of risk with minimal
oversight in similar cases.
3 Likely: …may mitigate this risk, but workarounds will be
required.
4 Highly Likely: ...cannot mitigate this risk, but a different approach
might
5 Near Certainty: ...cannot mitigate this type of risk; no known processes
or workarounds are available

61. Impact
Given the risk is realised, what would be the magnitude of the Impact?
Level Technical Schedule Cost
1 Minimal or no impact Minimal or no impact Minimal or no impact
2 Minor pert shortfall, Additional activities Budget increase of less
same approach retained required; able to meet than 1%
key dates
3 Mod pert shortfall, but Minor schedule slip; Budget increase of less
workarounds available will miss need date than 5%
4 Unacceptable; but Program critical path Budget increase of less
workarounds available affected than 10%
5 Unacceptable; no Cannot achieve key Budget increase of less
alternatives exist program milestone than 10%

63. RISK
Reject / Transfer / Reduce Reduce
Accept
Eliminate Insure Probability Impact
Actions

64. Mitigation and Contingency Planning
• List Mitigation Actions
– Start with most severe risks
– List possible actions to reduce probability and/or
cost
– Some risks can be avoided
• Contingency Planning
– Only for the most severe risks that cannot be
mitigated
– List actions to take should the risk mature

65. Risk Provisions
• Provision = (Probability x Impact) + Mitigation cost
• Mitigation cost may out way the Impact cost
– Manage to the Risk

67. Project Risk Register

68. Key Risk
• A Key Risk Overview (KRO) is required
• Detailed plan of mitigation actions
• Embed responsiveness

69. Key Risk Overview

70. Risks require active
management

71. • Eliminate the risk NOW - scope, terms & conditions, reject.
• Do something NOW to transfer the risks - Insurer, customer,
supplier.
• Do something NOW to reduce the probability of the risks
occurring.
• Plan contingency actions NOW to reduce the impact if the
risk occurs.
• Set up fallback plans NOW to limit the impact for
implementation before the risk occurs.
• Get everybody’s agreement if you will just accept the risk.

72. 3.
Processes and governance

74. Probability Impact Grid (PIG)
1
2
HGIH
8
3
PROBABILITY
12 5
11 4
MEDIUM
10
14 6
13 9
10
OTHER 15
7
LOW
RISKS
LOW MEDIUM HGIH
IMPACT

75. Monitor
• Re-Assess Risks regularly
– Has probability and damage of controlled risks
changed?
– New risks identified? Analyse them

76. Stage-Gate Process

77. Continuity and Consistency
• Monthly and Gate Based Reviews
1
2
HGIH
8
3
PROBABILITY
12 5
11 4
MEDIUM
10
14 6
13 9
10
OTHER 15
7
LOW
RISKS
LOW MEDIUM HGIH
IMPACT

78. Who is involved in Risk Management?
• Customer
• End-user
• Project Team
• Management
• Product Management
• Related Projects
• Subcontractors and Suppliers

79. Roles in Risk Management
• Business Unit
• Project Team
• Risk Action Owner
• Risk Coordinator
• Steering Group

80. Risk Roll up & Action Flow-down
Corporate
Risk Action Risk Roll-up
Flow-down Business Unit
Business
Project
Task
• Risk Escalation
– Risks outside the control of the area or affecting next levels objectives
• Risk Action Flow-down
– Actions to ensure business objectives are met (Business Plan
Deployment)

81. (Near the end….)

83. Risk management should…
• be an integral part of organisational processes
• be systematic and structured
• be based on the best available information
• take into account human factors
• be transparent and inclusive
• be dynamic, and responsive to change
• be tailored
• deliver better projects

84. derek.hill@fkilogistex.com
07940 764844

85. Discussion…
• What risks does your business or team face?
• How do you deal with them?
• What lessons (good or bad) can you share?