Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Supply chain risk management

7,996 views

Published on

Supply chain risk management (SCRM) is "the implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity".

SCRM attempts to reduce supply chain vulnerability via a coordinated holistic approach, involving all supply chain stakeholders, which identifies and analyses the risk of failure points within the supply chain. Mitigation plans to manage these risks can involve logistics, finance and risk management disciplines; the ultimate goal being to ensure supply chain continuity in the event of a scenario which otherwise have interrupted normal business and thereby profitability.

Published in: Business, Technology

Supply chain risk management

  1. 1. Supply Chain Risk Management Essentials Megha Thakkar PMP® Strategic Supply Chain Management, Cipla Ltd.
  2. 2. Agenda • Objective • Introduction • Supply Chain Management (SCM) • SC Risk Management (SCRM) • Developing A Comprehensive Risk Assessment • Conclusion 17th Oct 13 Pharma Project 2
  3. 3. Key Interpretation • Still an art, not a science • Requirements to drive to SCRM performance are coming from everywhere • No industry is immune to the SCRM Imperative • Key issues include: – The need for a common framework and language – Accountability and ownership – Controls 17th Oct 13 3
  4. 4. Let’s start by DISPELLING some MYTHS 17th Oct 13 4
  5. 5. FIRST Supply chain management is neither a synonym for logistics nor as logistics that includes customers and suppliers 17th Oct 13 5
  6. 6. SECOND Supply chain management is not New name for purchasing &/or operations 17th Oct 13 6
  7. 7. FINALLY Supply chain management is not even Combination of purchasing, operations and logistics 17th Oct 13 7
  8. 8. Then? What is supply chain and Supply chain management? 17th Oct 13 8
  9. 9. Which one should we be more concerned with and why? supplier Information (Processes) Goods, Services and information Reverse logistics Payment customer Supply Chain 17th Oct 13 Goods INTEGRATION customer supplier customer Removal supplier Supply Chain Management 9
  10. 10. A Simple Supply Chain Example Consumers Raw Material Sources Suppliers Manufacturers Distributors Retailers Customers Material, Information and Funds Flow 17th Oct 13 10
  11. 11. A Supply Chain Example – More Complex Distributors & Warehouses Raw Material and Semi-Finished Products Suppliers Manufacturing Centres Consumers Material, Information and Funds Flow 17th Oct 13 11
  12. 12. Supply Chain Supply chain is NOT a CHAIN of businesses BUT A NETWORK of businesses & relationships. That offers the opportunity to capture the full potential of intra and inter-company integration and management to organize – people, activities, information and resources involved in moving a product from supplier to end-user. 17th Oct 13 12
  13. 13. Supply Chain Management • Supply chain management is a set of approaches utilized to efficiently integrate suppliers, manufacturers, warehouses, and stores, so that product is produced and distributed at the right quantities, to the right locations, and at the right time, in order to minimize system wide costs while satisfying service level requirements.” 17th Oct 13 13
  14. 14. The Supply Chain – Another View Plan Source Suppliers Material Costs 17th Oct 13 Make Manufacturers Deliver Warehouses & Distribution Centers Buy Customers Transportation Transportation Costs Transportation Costs Manufacturing Costs Inventory Costs Costs 14
  15. 15. Why Is SCM Difficult? • Uncertainty is inherent to every supply chain – – – – Travel times Breakdowns of machines and vehicles Weather, natural catastrophe, war Local politics, labor conditions, border issues • The complexity of the problem to globally optimize a supply chain is significant – Minimize internal costs – Minimize uncertainty – Deal with remaining uncertainty 17th Oct 13 15
  16. 16. Supply Chain Risk Management • “Risk management is the process of measuring or assessing risk and then developing strategies to manage the risk. These strategies can involve the transference of risk to another party, risk avoidance or mitigation, and channel risk sharing. • “Risk management is the process of measuring or assessing risk and then developing strategies to manage the risk. These strategies can involve the transference of risk to another party, risk avoidance or mitigation, and channel risk sharing. 17th Oct 13 16
  17. 17. A Business Outlook Company’s Environment Suppliers’ Environment Suppliers Supplier and Market Intelligence Customers’ Environment Company Customer and Market Intelligence Customers Business Intelligence 17th Oct 13 17
  18. 18. … historically and currently problematic Vipnet, 1999 GSM portal launch delayed 1 year due to supplier issues Volcanic eruptions Legal War Manufacturing Strike Culture Boeing, 1997 writes off $2.6 billion, due to supplier parts shortages Management Processes Technology Airbus's A380 super-jumbo 2006 delivery to customers, Sony's 2006, PlayStation 3 almost 2 years late delay gives opportunity to rivals (Microsoft's Xbox 360 and Nintendo's Wii) Sainsbury’s delayed store openings, cost them £millions in lost revenue Supply Chain Risk 17th Oct 13 18
  19. 19. Supply Chain Risk Perspectives Company’s Environment Customers’ Environment Suppliers’ Environment Suppliers Supplier Facing Relationship Risk Supplier Performance Risk Human Resource Risk Supply chain disruption risk Supplier Environment Risk Disaster Risk Supplier Financial Risk Regulatory Risk 17th Oct 13 Company Internal Facing Operational Risk Technical Risk Financial Risk Legal Risk Environmental Risk HR / Health and Safety Risk Customer Facing Customers Market Risk Brand / Reputation Risk Product Liability Risk Environmental Risk 19
  20. 20. Supply Chain Risk and Risk Management Strategies Network Design for Agility (Supplier/Logistics Risk) Revenue management (Demand Risk) Customer Rationalization (Profitability Risk) Demand Supply Contract Management (Compliance Risk) Sales & Operations Planning Social Responsibility (Brand Risk) Hedging strategies (Cost Risk) Supplier Development/Supply Base Monitoring (Capacity Risk) Intellectual Property Management (IP Risk) Product 17th Oct 13 20
  21. 21. Supply Risk Management Road Map H Supply Network Optimization Risk Managed Revenue and Improvements Definition, assessment, advanced prediction, advanced (multi-tier) network monitoring and advanced (multi-tier) network redesign improvement actions. Supply Network Expansion Definition, assessment, advanced prediction, network monitoring and network redesign - improvement actions. Multiple Category Expansion Definition, assessment, basic prediction and category and cross category redesign - improvement actions. Single Category- Pilot Definition, assessment, basic prediction and key supplier focused redesign improvement actions. L L 17th Oct 13 No. of Suppliers under SRM H 21
  22. 22. DEVELOPING A COMPREHENSIVE RISK ASSESSMENT 17th Oct 13 22
  23. 23. Terminology • • • • • Threat Vulnerability Accident Risk Consequences The goal is not to be understood. It is to not be misunderstood. 17th Oct 13 23
  24. 24. Threat – Hazard - Danger • A condition that is a prerequisite to a mishap, accident, or emergency May be INTERNAL or EXTERNAL 17th Oct 13 24
  25. 25. Threat Classification • Natural Hazards • Anthropogenic (man-caused) Threats • Technological or Accidental Threats From Avoiding Disaster, ©2002, John Laye, FBCI Publisher: John Wiley & Sons, Hoboken, NJ, USA 17th Oct 13 25
  26. 26. Threat – Fear/Terrorism Perpetrators must have: INTENT + CAPABILITY Measurable? Uncertainty  Fear  Risk (Real or Perceived) 17th Oct 13 26
  27. 27. Vulnerability • A characteristic of a system that allows a threat event to materialize Always INTERNAL And Always in RELATION to a threat 17th Oct 13 27
  28. 28. Accident - Emergency • • • • A function of vulnerability Relates to Cause 1st significant deviation from the norm Reactive Risk Assessment 17th Oct 13 28
  29. 29. Anatomy of an Incident Hazard Event Controlled Conditions Deviation Impact Parameter Excursion Initiating Action Mishap Consequence UncontrolledCond ition Adapted from Department of Energy Handbook, 1100-96 17th Oct 13 29
  30. 30. Complex Systems • Failure in one part (by any threat) may coincide or induce failure in an entirely different part  unforeseeable combination resulting in cascading failures. • Cascading failures can accelerate out of control. • Potentially limitless combinations in complex systems. • Accidents are inevitable  “normal” 17th Oct 13 30
  31. 31. Risk • Future Effect • Combination of Severity and Likelihood • Undesirable (Insurance Co. view) 17th Oct 13 31
  32. 32. How do we assess? • 3 steps to the Assessment process – Identification • What might go wrong? • Must clearly define the risk in question – Analysis • What is the likelihood? • How bad would it be? – Evaluation • What are the levels of risk criteria? • Defined in advance 17th Oct 13 32
  33. 33. Risk Assessment • A systematic process for organizing information to support a risk decision that is made within a risk management process. The process consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards. 17th Oct 13 33
  34. 34. Risk Control • Risk control includes decision making to reduce and/or accept risks. – The purpose of risk control is to reduce the risk to an acceptable level. – The amount of effort used for risk control should be proportional to the significance of the risk. – The user shall use different processes for understanding the optimal level of risk control including cost-benefit analysis. 17th Oct 13 34
  35. 35. Risk Reduction • By the implementation of risk reduction measures, – new risks may be introduced into the system – the significance of other existing risks might be increased. – Hence, it might be appropriate to revisit the risk assessment to identify and evaluate any possible change in risk. 17th Oct 13 35
  36. 36. Risk Acceptance • Risk acceptance is a decision to accept risk. – Risk acceptance can be a formal decision to accept the residual risk or it can be a passive decision in which residual risks are not specified. – This acceptable level will depend on many parameters and should be decided on a case-by-case basis. 17th Oct 13 36
  37. 37. Risk Review • The results of the risk management process shall be reviewed to take into account new knowledge and experience. • Once a risk management process has been initiated, that process should continue to be utilized for events that might impact the original risk management decision whether these are planned E.g., results of product review, inspections, audits, change control) or unplanned (e.g., root cause from failure investigations, recall). • Risk management shall be an ongoing quality management process and a mechanism to perform periodic review of events shall be implemented. The frequency of the review should be based upon the level of risk. Risk review might include reconsideration of risk acceptance decisions 17th Oct 13 37
  38. 38. Tools and Techniques for Risk Review • Ishikawa Model • SCOR model • Failure Mode Effects Analysis (FMEA) 17th Oct 13 38
  39. 39. Failure Mode Effects Analysis (FMEA) • FMEA is a prevention tool used to assess, manage, and reduce risk associated with failure or potential failure of products, processes, services, and other systems. • A quantitative characterization of failures is then undertaken • This is comprised of the assignment of probabilities to three factors - the likelihood of occurrence, the likelihood of detection of failures and the severity of a failure. • As part of this assessment each characteristic is assigned a value. These values are then multiplied with the resultant risk priority number (RPN). 17th Oct 13 39
  40. 40. Occurrence RANKING 1 2 3 4 5 17th Oct 13 CRITERA Remote probability of failure. One occurrence every one to three years or one occurrence in one million events. Low probability of failure. One occurrence every six months to one year or one occurrence in 10000 events Moderate probability of failure. One occurrence every three months or three occurrences in 1000 events High probability of failure. One occurrence per week or a probability of 5 occurrences in 100 events Very High probability of failure 40
  41. 41. Severity • Severity (S) refers to an assessment of the seriousness of a failure as it affects the end user. • A higher severity rating may be assigned to process steps that involved manual operations or interventions as compared to done by automatic machine The higher rating is necessary because of quality failure or introduction of contamination during these steps will result in a higher risk to the product safety and the end-user. 17th Oct 13 41
  42. 42. Severity RANKING CRITERA 1 Product quality is not affected 2 Very Low severity. A lesser deviation from the requirements which calls for moderate action (i.e. higher frequency of tests of the final products, additional tests, etc.) 3 Low severity. A deviation from the requirements which calls for strong action (i.e. quarantining of a batch, product recall, OOS-Situation etc.) 4 High severity. Affect to the patient in some way. 5 Very High severity. Threat to the life of patient 17th Oct 13 42
  43. 43. Detection • Detection (D) refers to the ability to detect the failure mode for contamination risk prior to the customer receiving the finished product. • The rating scale for determining the detection level is shown in Table 17th Oct 13 43
  44. 44. Detection RANKING CRITERA 1 Assured detection of failure mode. The defect is obvious or there is 100% automatic inspection with regular calibration and preventive maintenance of the inspection equipment 2 Chances of Detection are high. An effective Statistical Process Control (SPC) program is in place 3 Detection possibility is moderate. Some SPC is used in process and the product is final inspected off-line 4 Difficult to detect .Product or failure is accepted on the basis of no defectives in a sample 5 The failure is not inspected or the failure is not detectable 17th Oct 13 44
  45. 45. Risk Score Risk Priority Number = O x S x D Where O= Occurrence S = Severity D= Detection Risk priority number evaluates the overall risk. Helps to identify focus area to help improve overall system reliability 17th Oct 13 45
  46. 46. Steps of FMEA • • • • • • • • • • Step 1: Review of the process (Process mapping) Step 2: Determine failure mode Step 3: Determine potential risk of the failure modes Step 4: Evaluate severity of the risks (S) Step 5: Evaluate probability of the failure modes (P) Step 6: Evaluate the detection of the failure modes and/or risks (D) Step 7: Calculate Risk Priority Numbers (RPN) Step 8: Prioritize the failure modes need to be mitigated Step 9: Decide elimination and/ or avoidance of the failure modes Step 10: Re-calculate the RPNs after mitigation 17th Oct 13 46
  47. 47. Risk Matrix Probability High Medium High Medium Low Severity Risk Class ONE Risk Class TWO Risk Class THREE Low 17th Oct 13 47
  48. 48. Risk Matrix High Medium Low Detection HIGH priority Risk Classification MEDIUM priority 17th Oct 13 ONE LOW priority TWO THREE 48
  49. 49. Risk evaluation - Risk Severity / Probability Classification X1 X4 X4 X5 X5 4. Probable Probability Classification 5. Frequent X1 X3 X4 X4 X5 3. Occasional X1 X2 X3 X4 X4 2. Remote X1 X2 X2 X3 X4 1. Improbable X1 X1 X1 X1 X1 RATING 1 - None 2 - Negligible 3 - Marginal 4 - Critical 5 - Catastrophic Risk Severity 17th Oct 13 49
  50. 50. Risk Severity+Probability Vs Detection X1 X4 X4 X5 X5 X4 X1 X3 X4 X4 X5 X3 X1 X2 X3 X4 X4 X2 X1 X2 X2 X3 X4 X1 X1 X1 X1 X1 X1 RATING Risk Severity + Probability X5 1 - Assured 2 - High 3 - Moderate 4 - Difficult 5 - Not detectable Detection 17th Oct 13 50
  51. 51. Risk Management – Action plan Level of Risk Category Action X1 No action reqd. X2 Training X3 Cost effective / selective controls X4 Control irrespective of cost involved X5 Immediate change of process design/ Control required No risk Small risk Moderate Risk Unacceptable Risk Severe 17th Oct 13 51
  52. 52. Risk Assessment - Warehouse Reference Risk Occurrence Severity Detection O S D Risk priority Number OxSxD Category 1.1 Receipt of Wrong material 1 5 1 5 X1 1.2 Receipt of damaged packs or containers 2 4 1 8 X3 1.3 Receipt of Hazardous material 1 1 1 1 X1 1.4 Receipt of container without Label 1 5 1 5 X1 2.1 Wrong material sampled. 1 5 1 5 X1 2.2 Sampling from damaged packs or containers 2 4 1 8 X3 2.3 Contamination of materials during sampling 1 5 1 5 X1 2.4 Sampling from Hazardous material 1 1 1 1 X1 17th Oct 13 52
  53. 53. Check List • • • • • • How can each part possibly fail ? What mechanisms might produce these modes of failure? What could the effects be if these failures did occur ? Is the failure in the safe or unsafe direction ? How is the failure detected ? What inherent provisions are provided in the design to compensate for the failure? 17th Oct 13 53
  54. 54. Any Questions? 17th Oct 13 54
  55. 55. Thank You Megha Thakkar, PMP ® Email: kotak.megha@gmail.com LinkedIn Profile: http://in.linkedin.com/in/mthakkar/ 55

×