Security, Compliance & Loss Prevention Part 1.pptx

Security,
Compliance
& Loss
Prevention

Important Dates
▶ Midterm 3/7/2024
▶ Assignment 3/13/2024
▶ Final 3/18/2024
This Photo by Unknown Author is licensed under CC BY-SA-NC

Terminal Learning
Objectives
▶ To understand what risks in
Supply Chain
▶ To examine the activities for
Supply Chain Risk
Management
▶ To understand why time frame
is important for SCRM
▶ To familiarize you with the
core component of SCRM

Risks in Supply Chain
▶ Supply chains are
complex networks that
involve the movement
of goods, information,
and resources across
various stages, from
raw material suppliers
to end consumers.
Several risks can
potentially disrupt or
negatively impact the
efficiency,
effectiveness, and
resilience of supply
chains.

▶ Some of the supply chain
risk include:
• Supply Risks: Based on
disturbances in the flow
between the firm and
supplier, any risk that keeps
the supplier from delivering
inputs reliably.
• Environmental Risks: Risks
that are outside the supply
chain, such as economic
crises, strikes and normative
changes. This Photo by Unknown Author is licensed under CC BY-SA-NC

▶ Some of the supply chain risk
include:
• Demand Risks: Risks
associated with mismatch
between the availability of final
products and demand from
customers, including excess
stocks, mistaken introduction of
new products, variations in
demand, etc.
• Discrete Risks: Among the
risks exogenous to the chain are
discrete events, generally
unforeseeable and with large
negative impacts, such as
terrorist attacks, contagious
disease outbreaks and natural
disasters.

▶ Some of the supply chain risk
include:
• Operational Risks: These risks are
related to technical failures, losses
during the production process,
alterations in production and
technological changes, etc.
• Rupture Risks: These risks are
associated with disruptions caused
by natural catastrophes and human
actions, such as terrorist attacks,
earthquakes, floods, hurricanes, etc.
They can be caused by a single
factor or a set of factors.
• Technological risk: this category
addresses risks that are of greatest
concern in the area of current and
emerging technology.

Global Semiconductor
Shortage
▶ To mitigate these risks,
companies often employ
strategies such as
diversifying suppliers,
implementing robust risk
management plans, utilizing
advanced analytics and
technology for forecasting,
maintaining safety stock, and
enhancing communication
and collaboration within the
supply chain network.

Shortage
▶ The COVID-19 pandemic
caused a surge in demand for
electronic devices such as
laptops, tablets, and gaming
consoles as people shifted to
remote work and online
activities. At the same time, the
pandemic disrupted
semiconductor manufacturing
operations and supply chains,
leading to decreased production
capacities. As economies
reopened and demand for
automobiles rebounded, the
automotive industry also faced
challenges in securing an
adequate supply of
semiconductors due to the
increased demand and
constrained supply.

Shortage
▶ This semiconductor shortage
illustrates how unexpected
events, such as a pandemic,
can lead to supply chain
disruptions that ripple across
multiple industries. It
highlights the importance of
building resilient supply
chains that can adapt to
unexpected shocks and
diversifying sourcing
strategies to mitigate the
impact of such risks.

What does Supply
Chain Risk mean
today?
▶ Not long ago, supply chain risks
were somewhat peripheral
concerns for organizations.
However, today, due to the
expanding diversity of risk factors,
supply chain risk management
has ascended to a central role in
the operational strategies of most
global organizations.
The pandemic served as a critical
wake-up call, but it’s the growing
issues like escalating
cybersecurity threats, data privacy
concerns, and economic inflation
that have propelled supply chain
risk management to the forefront
of business operations. These
elements underscore its
importance in today’s corporate

What does Supply
Chain Risk mean
today?
▶ The evolution of technology,
while beneficial in many
ways, has also contributed to
this heightened concern. As
supplier networks become
increasingly interconnected
and complex, it poses
greater challenges for
companies to identify and
mitigate risks, especially
during disruptions. These
risks are indiscriminate,
potentially impacting any
business, regardless of the
model or efficiency of its
supply chain.

Global Political Unrest
or Geopolitical Risk
▶ Global political unrest
significantly contributes to
supply chain disruptions
worldwide. High-profile conflicts
like the US-China trade war or
the Russia-Ukraine conflict are
prime examples of how global
events can ripple through supply
chains, often with detrimental
effects.
Such geopolitical dynamics
create unpredictable operating
environments, leading to
increased costs, added
complexity, and reduced
efficiency in supply chains. They
also impact global logistics
routes and can escalate cross-
border tensions.

▶ Geopolitical risks aren’t limited to the
global stage; they also pose
significant challenges within
individual countries. For instance, a
global issue such as the US-China
trade war can have far-reaching
effects, causing a domino effect that
impacts supply chains in countries
like India or the UK. This
interconnectedness means that
global geopolitical unrest invariably
affects each nation.
Domestically, internal political
dynamics, including conflicts between
political parties, rallies, worker
strikes, and other events, significantly
disrupt supply chains. Despite these
obstacles, companies find ways to
maintain operational continuity. A key
to resilience lies in not overly relying
on a single supplier for a large portion
of your products.

▶ By diversifying the supplier
base, companies can make
more flexible decisions and
allocate resources optimally
within their supply chains,
staying proactive in the face
of risks.
Employing technologies like
AI and predictive analytics
can enhance supply chain
agility. By swiftly identifying
the most favorable links
within the supply chain,
businesses can mitigate
risks and adapt to changing
circumstances more
effectively.

Economic Challenges
and Dealing with
Inflation
▶ Inflation has long been a significant
factor influencing supply chain risks
across various industries. During the
pandemic, global supply chains
experienced a surge in demand for
consumer products. However, meeting
this demand became increasingly
challenging as lockdowns worldwide
disrupted logistical operations, leading
to higher production and transportation
costs.
Additionally, the pandemic-induced
labor shortage, compounded by the
need for strict health standards,
created complex management
scenarios within supply chains. This
ongoing labor shortage is a critical
concern, leading to slower production
rates, disrupted distribution, delayed
deliveries, and ultimately, customer
dissatisfaction.

Economic Challenges
and Dealing with
Inflation
▶ From an economical
perspective as a supply chain
risk factor, the rising costs of
raw materials, freight, and labor,
which are not anticipated to
return to pre-pandemic levels,
continue to exert pressure on
manufacturing costs.
These escalating costs
represent a significant challenge
for companies, compelling them
to rethink and restructure their
supply chain strategies to
maintain profitability and
efficiency in an inflation-
impacted economic
environment.

Disruptions due to
climate change and
being complaint with
ESG standards
▶ In the 21st century, the stark
realities of climate change have
imposed significant challenges
on supply chains, forcing them
to adapt to new environmental
norms.
The increasing frequency and
severity of climate-related
hazards, such as extreme
weather events, are expected to
cause more disruptions in global
supply chains. These
disruptions can interrupt
production, raise costs and
prices, and negatively affect
corporate revenues.

Disruptions due to
climate change and
ESG standards
▶ The complex system of interdependent
supply chains, supporting world trade in
goods worth almost $20 trillion annually, is
particularly vulnerable to these climate
hazards. Extreme weather events, made
more frequent and/or severe by climate
change, increase the likelihood of supply
chain disruptions beyond the resilience of
current manufacturing assets.
Specific supply chains, such as those for
semiconductors and rare earth metals, are
highly concentrated in geographies with an
increasing probability of relevant climate
hazards.
Implementing sustainable practices is
increasingly seen as a vital strategy for
mitigating risks associated with climate
change. However, this requires significant
upfront investments, which can be
challenging for organizations with tight
budgets.

Disruptions due to
climate change and
ESG standards
▶ While keeping climatic conditions in mind
companies are constantly pushed towards
adapting a sustainable approach when
working with suppliers. Investors and
customers in today’s marketplace demand
for companies to adapt to ESG and
sustainability standards and maintain the
practice within their supplier network.
This approach can lead to a much greener
sourcing practice but on the other hand can
also hamper supplier diversification and
can harm the company by limiting them to
only work with suppliers with the
capabilities to follow sustainable norms.
To thrive in this era of climatic uncertainty,
it’s imperative for suppliers to embrace
sustainability practices. This alignment is
not only crucial for their survival but also
instrumental in helping companies achieve
their sustainability goals.

Evolving Cyber Threat
Landscape
▶ The cyber threat landscape, particularly
between companies and their third-
party suppliers, is undergoing rapid
evolution. As global supplier networks
become increasingly interconnected, it’s
critical to carefully consider how
proprietary data is shared with
suppliers.
The complex nature of these networks,
often involving numerous fourth parties,
presents an ideal target for hackers due
to reduced traceability and
transparency. An appropriate example
is the Okta hack that took place in
January 2022.
In this cybersecurity incident, hackers
exploited vulnerabilities in the supplier’s
system to infiltrate the broader supply
chain network. Their goal wasn’t just to
extract data from the vendor but to
access the primary company (Okta) to
breach its system and steal customer
data.

Landscape
▶ This episode highlights the extent
to which a supplier’s cybersecurity
measures (or lack thereof) can
expose your organization to risks.
Ensuring robust cybersecurity isn’t
just about protecting your own
systems; it’s equally important to
verify that suppliers are also
implementing stringent
cybersecurity measures.
In present day companies are
using technologies like Internet of
Things (IoT) in supply chain
management. Though these
technologies will widen the ease
of managing a supply chain
network for companies, on the
other hand, these technologies
can open up new ways for
hackers to attack.

Landscape
▶ This necessitates a robust governance
framework and risk management
approach. While AI-driven security
solutions and threat intelligence can
significantly bolster your ability to
predict and identify cyber threats, it’s
worth noting that these technologies
are also being exploited by
cybercriminals to refine their attack
methods.
To keep safe from these growing
threats, it’s important for companies to
work together with their partners. They
need to create a strong security plan
that includes always being on the
lookout, choosing where to focus
based on how big the risk is, teaching
employees about security, using
strong passwords and security checks,
keeping their systems up-to-date, and
making sure everyone in the supply
chain knows how important security is.

Supply Chain Risk
▶ The disruption caused by the
COVID-19 pandemic, which
began in late 2019 and
continues to impact global
supply chains.
Companies had to quickly
adapt to these challenges by
diversifying suppliers,
building more resilient supply
chain networks, adopting
digital solutions for remote
work and communication,
revisiting inventory
strategies, and re-evaluating
their overall risk
management approaches.

Supply Chain Risk
▶ The COVID-19 pandemic led to various
supply chain challenges, including:
• Production Disruptions: Many
manufacturing facilities and factories
around the world were forced to close
temporarily or operate at reduced
capacity due to lockdowns and
restrictions. This led to delays in
production and shortages of goods.
• Logistical Disruptions: Lockdowns,
border closures, and reduced
transportation capacity resulted in
disruptions to the movement of goods,
impacting the timely delivery of products
to consumers.
• Labor Shortages: Restrictions on
movement and concerns about safety led
to labor shortages in various industries,
affecting production and distribution.
• Demand Variability: Consumer behavior
changed rapidly due to lockdowns,
remote work, and economic uncertainty,
leading to unpredictable shifts in demand
for certain products.
This Photo by Unknown Author is licensed under CC BY-SA

Supply Chain Risk
▶ The COVID-19 pandemic led to various
supply chain challenges, including:
• Supplier Disruptions: Many suppliers,
especially those located in areas heavily
affected by the pandemic, faced challenges
in meeting production and delivery
commitments.
• Regulatory Changes: Changes in
regulations and trade policies affected the
movement of goods and increased
administrative burdens for companies.
• Inventory Challenges: Companies that
relied on just-in-time inventory
management struggled to adapt to sudden
shifts in demand and supply.
• Global Economic Impact: The
pandemic's impact on economies led to
financial instability, affecting consumer
spending and business investments.
• Medical Supply Chain Strain: The
healthcare industry faced shortages of
critical medical supplies, equipment, and
pharmaceuticals due to increased demand
and supply chain disruptions.

Activities for Supply
Chain Risk
Management
▶ Supply chain risk management
involves a series of activities
aimed at identifying, assessing,
mitigating, and responding to
potential risks that could disrupt
the smooth operation of the
supply chain.
Remember that supply chain
risk management is an ongoing
process that requires proactive
planning, flexibility, and
adaptability to changing
circumstances. The goal is to
build a resilient supply chain
that can withstand disruptions
and recover quickly when they
occur.
This Photo by Unknown Author is licensed under CC BY-NC

Chain Risk
Management
▶ Here are the key activities involved in
supply chain risk management:
1. Risk Identification: The first phase of
the risk management lifecycle is to
establish a risk profile and then enact
active monitoring to keep it up to data
2. Risk Assessment: Understand what
impact a risk event could have on your
business.
3. Risk Mitigation/Control/Monitoring:
Define both preventive action plans
and reactive action plans. These are
what provide the basis for addressing
risk using appropriate measures to
secure supply and protect brand.
This Photo by Unknown Author is licensed under CC BY

Chain Risk
Management
▶ Additional activities involved in supply chain
risk management include:
• Risk Quantification: Quantify the potential
financial, operational, and reputational
impacts of different risks to understand their
potential costs.
• Scenario Planning: Develop scenarios that
outline potential risk events and their
consequences. This helps in understanding
the range of possible outcomes and
preparing for them.
• Diversification and Redundancy: Reduce
the impact of supply chain disruptions by
diversifying suppliers, sources, and
manufacturing locations. Having backup
plans and alternative suppliers can increase
resilience.
• Supplier Risk Management: Assess and
monitor the financial stability, quality
assurance processes, ethical practices, and
contingency plans of key suppliers.

Chain Risk
Management
▶Here's why time frame is crucial in
• Proactive Risk Identification:
Understanding the time frame allows
organizations to identify risks well in
advance. Some risks, such as
changing regulatory requirements or
shifts in consumer preferences, may
have longer lead times for preparation.
• Timely Mitigation and Response:
Depending on the time frame,
organizations can implement
appropriate mitigation strategies before
a risk materializes. Shorter-term risks,
like weather-related disruptions, require
quick response, while longer-term
risks, such as supply shortages due to
geopolitical events, may require more
strategic adjustments.

Chain Risk
Management
▶Here's why time frame is crucial in
• Resource Allocation: Organizations
need to allocate resources effectively
based on the urgency and impact of
different risks. Knowing the time frame
allows them to prioritize which risks to
focus on first.
• Contingency Planning: Developing
contingency plans requires time to
outline specific actions and strategies
for various risk scenarios. Having well-
prepared plans in advance can
significantly reduce the impact of
disruptions when they occur.
• Lead Time for Supplier
Development: If a company identifies
that a key supplier may face potential
disruptions, it might need time to

Chain Risk
Management
▶ Additional activities involved in supply
chain risk management include:
• Contingency Planning: Develop
detailed contingency plans that outline
specific actions to take when specific risks
occur. These plans can help minimize the
impact of disruptions.
• Business Continuity Planning: Outline
strategies to keep essential business
operations running in the face of disruptions.
This includes identifying critical processes,
resources, and alternative solutions.
• Insurance and Risk Transfer: Consider
insurance policies that cover supply chain
disruptions, business interruptions, and other
related risks.

Chain Risk
Management
▶ Additional activities involved in supply
chain risk management include:
• Continuous Improvement: Regularly
review and update risk management
strategies based on feedback, lessons
learned from past disruptions, and changes
in the business environment.
• Crisis Response: Develop
communication plans and response
strategies to address disruptions in real-time,
minimize their impact, and communicate
effectively with stakeholders.
• Training and Education: Educate
employees and partners about risk
management procedures, ensuring that
everyone understands their roles and
responsibilities in mitigating and responding
to supply chain risks.

Time Frame in Supply
Chain Risk
Management
▶ Time frame is important in supply
chain risk management because
different risks have varying lead times,
potential impacts, and windows of
opportunity for mitigation and
response. Considering time frames
helps organizations develop effective
strategies to address risks and
disruptions in a timely manner.
the time frame is a critical factor in
supply chain risk management as it
guides the pace and intensity of risk
mitigation efforts, helps allocate
resources effectively, enables
proactive planning, and determines the
suitability of various response
strategies. Different risks require
different time horizons for effective
management, and organizations
should tailor their approaches
accordingly.

Chain Risk
Management
▶Here's why time frame is crucial in supply chain risk
management:
• Proactive Risk Identification: Understanding the
time frame allows organizations to identify risks well
in advance. Some risks, such as changing
regulatory requirements or shifts in consumer
preferences, may have longer lead times for
preparation.
• Timely Mitigation and Response: Depending on
the time frame, organizations can implement
appropriate mitigation strategies before a risk
materializes. Shorter-term risks, like weather-
related disruptions, require quick response, while
longer-term risks, such as supply shortages due to
geopolitical events, may require more strategic
adjustments.
• Resource Allocation: Organizations need to
allocate resources effectively based on the urgency
and impact of different risks. Knowing the time
frame allows them to prioritize which risks to focus
on first.
• Contingency Planning: Developing contingency
plans requires time to outline specific actions and
strategies for various risk scenarios. Having well-
prepared plans in advance can significantly reduce
the impact of disruptions when they occur.

Chain Risk
Management
▶Here's why time frame is crucial in supply chain
risk management:
• Lead Time for Supplier Development: If a
company identifies that a key supplier may
face potential disruptions, it might need time
to develop alternate suppliers or work with the
existing supplier to enhance their resilience.
• Demand Planning: Understanding the time
frame of risks helps in adjusting demand
planning and inventory management
strategies to meet potential fluctuations in
demand.
• Supply Chain Restructuring: If a risk is
anticipated to have a long-term impact, such
as changes in trade policies, companies
might need to restructure their supply chains
or manufacturing locations, which requires a
longer planning horizon.
• Communication and Collaboration: Time
frame considerations are important for
effective communication and collaboration
within the supply chain network. Stakeholders
need time to coordinate actions and respond

Chain Risk
Management
▶Here's why time frame is crucial in supply
chain risk management:
• Financial Planning: Longer-term risks
often require budgeting for additional
resources, investments in technology, or
changes in sourcing strategies. Adequate
lead time allows for proper financial
planning.
• Response Time for Crisis Management:
For sudden and unexpected disruptions,
such as natural disasters, organizations
need to respond quickly. Understanding the
time frame helps in initiating crisis
management protocols promptly.
• Customer Expectations: Time frames
impact customer expectations and
commitments. Transparent communication
about potential disruptions and estimated
resolution times can help manage customer
satisfaction.
• Regulatory Compliance: Changes in
regulations often have specific

Core Component of
SCRM
▶ Supply Chain Risk Management
(SCRM) involves several core
components that collectively help
organizations identify, assess,
mitigate, and respond to risks within
their supply chains.
These core components work
together to establish a
comprehensive and effective supply
chain risk management framework
that helps organizations navigate
uncertainties, minimize disruptions,
and maintain the smooth operation
of their supply chains.

Core Component of
SCRM
▶ The core components of SCRM include:
• Risk Identification: This involves systematically
identifying potential risks that could disrupt the
supply chain. Risks can stem from various
sources, including suppliers, logistics,
operations, demand, geopolitical events, natural
disasters, and regulatory changes.
• Risk Assessment and Prioritization: Once
risks are identified, they need to be assessed
based on their potential impact and likelihood of
occurrence. Prioritization helps allocate
resources to address the most critical risks first.
• Risk Mitigation Strategies: Develop strategies
to mitigate or reduce the impact of identified
risks. This can include diversifying suppliers,
creating redundancy in critical processes,
maintaining safety stock, and implementing
technology solutions for better visibility.
• Contingency Planning: Develop detailed
contingency plans that outline specific actions to
take when certain risks occur. Contingency plans
help ensure that the organization is prepared to
respond swiftly and effectively to disruptions.

Core Component of
SCRM
• Supplier Risk Management: Assess and
monitor the risks associated with suppliers,
including financial stability, ethical practices,
and quality assurance processes. This
ensures that suppliers are capable of meeting
their commitments.
• Demand Forecasting and Planning:
Accurate demand forecasting allows
organizations to anticipate changes in
customer demand, helping to adjust
production and inventory levels accordingly.
• Communication and Collaboration:
Establish effective communication channels
within the supply chain network to facilitate
quick response and information sharing during
disruptions. Collaboration with suppliers and
partners is crucial for timely problem-solving.
• Technology Integration: Leverage
technology solutions such as supply chain
management software, IoT devices, and data
analytics to enhance visibility, traceability, and
real-time monitoring of supply chain activities.

Core Component of
SCRM
• Continuous Improvement: Regularly review
and update risk management strategies
based on feedback, lessons learned from
past disruptions, and changes in the business
environment.
• Scenario Planning: Develop scenarios that
outline potential risk events and their
consequences. Scenario planning helps
organizations understand the range of
possible outcomes and prepare accordingly.
• Business Continuity Planning: Identify
critical business processes, resources, and
alternative solutions to ensure that essential
operations can continue in the face of
disruptions.
• Training and Education: Educate
employees and partners about risk
management procedures to ensure everyone
understands their roles and responsibilities in
mitigating and responding to supply chain
risks.

Core Component of
SCRM
▶ The core components of SCRM
include:
• Performance Monitoring and
Measurement: Continuously monitor
the effectiveness of risk management
strategies and measure key
performance indicators to ensure the
supply chain remains resilient.
• Regulatory Compliance: Consider
the regulatory environment and
ensure that the supply chain
operations are aligned with relevant
laws and regulations.
• Stakeholder Engagement: Engage
with internal and external stakeholders
to gather insights, collaborate on risk
management strategies, and ensure a
holistic approach to supply chain
resilience.

A Structured Aprocach
to SCRM
▶ Organizations can think of their
risks in terms of known and
unknown risks.
• Known risks can be identified
and are possible to measure
and manage over time.
• Unknown risks are those that
are impossible or very difficult
to foresee.

A Structured Approach
to SCRM
▶ Known risks - A supplier
bankruptcy leading to a
disruption in supply would be
a known risk. Its likelihood can
be estimated based on the
supplier’s financial history,
and its impact on your
organization can be quantified
through consideration of the
products and markets the
supplier would disrupt. Newer
risks such as cybersecurity
vulnerabilities in the supply
chain are also now
quantifiable through systems
that use outside-in analysis of
a company’s IT systems to
quantify cybersecurity risks.

to SCRM
▶ Known risks - Organizations
should invest time with a
cross-functional team to
catalog a full scope of risks
they face, building a risk-
management framework that
determines which metrics are
appropriate for measuring
risks, “what good looks like”
for each metric, and how to
rigorously track and monitor
these metrics. This team can
also identify gray areas where
risks are hard to understand
or define (e.g., tiers of the
supply chain where no
visibility exists). This analysis
can dimensionalize the scale
and scope of unknown risks.

to SCRM
▶ Unknown risks - Consider
the sudden eruption of a
long dormant volcano that
disrupts a supplier you
didn’t know was in your
supply chain, or the
exploitation of a
cybersecurity vulnerability
buried deep the firmware of
a critical electronic
component. Predicting
scenarios like these is
likely impossible for even
the most risk-conscious
managers.

to SCRM
▶ Unknown risks - For
unknown risks, reducing
their probability and
increasing the speed of
response when they do
occur is critical to
sustaining competitive
advantage. Building strong
layers of defense combined
with a risk-aware culture
can give an organization
this advantage.

Managing known risks
▶ Organizations can use a
combination of structured
problem solving and
digital tools to effectively
manage their known-risk
portfolio through four
steps:
1. Identify and document
risks
2. Build a supply-chain
risk-management
framework
3. Monitor risk
4. Institute governance
and regular review

Identify and document
risks
▶ A typical approach for risk
identification is to map out and
assess the value chains of all
major products. Each node of
the supply chain—suppliers,
plants, warehouses, and
transport routes—is then
assessed in detail (Exhibit 1).
Risks are entered on a risk
register and tracked rigorously
on an ongoing basis. In this
step, parts of the supply chain
where no data exist, and
further investigation is
required should also be
recorded.

Build a supply-chain
risk-management
framework
▶ Every risk in the register should
be scored based on three
dimensions to build an integrated
risk-management framework:
impact on the organization if the
risk materializes, the likelihood of
the risk materializing, and the
organization’s preparedness to
deal with that specific risk.
Tolerance thresholds are applied
on the risk scores reflecting the
organization’s risk appetite.
It is critical to design and use a
consistent scoring methodology to
assess all risks. This allows for
prioritizing and aggregating
threats to identify the highest-risk
products and value-chain nodes
with the greatest failure potential.

Monitor risk
▶ Once a risk-management framework
is established, persistent monitoring
is one of the critical success factors
in identifying risks that may damage
an organization. The recent
emergence of digital tools has made
this possible for even the most
complex supply chains, by
identifying and tracking the leading
indicators of risk. For example, a
large organization operating in a
regulated industry identified 25
leading indicators of quality issues
at its plants and contract
manufacturers, ranging from
structural drivers including
geographical location and number
of years in operation to operational
performance metrics, such as “right
first time” and deviation cycle times.
These 25 indicators were carefully
weighted to develop a quality risk-
exposure score, and then tracked
on a regular cadence.

Monitor risk
▶ Successful monitoring
systems are customized to an
organization’s needs,
incorporating impact,
likelihood, and preparedness
perspectives. Hence, while
one organization may track
deviations on manufacturing
lines to predict quality issues,
another may follow real-time
Caribbean weather reports to
monitor hurricane risk at its
plants in Puerto Rico.
Regardless, it is critical to
have an early warning system
to track top risks to maximize
the chances of mitigating, or
at the very least limiting, the
impact from their occurrence.

Institute governance
and regular review
▶ The final critical step is to set up a
robust governance mechanism to
periodically review supply chain
risks and define mitigating actions,
improving the resilience and agility
of the supply chain.
An effective supply-chain risk-
management governance
mechanism is a cross-functional risk
board with participants representing
every node of the value chain. It
typically includes line managers
who double-hat as risk owners for
their function, giving them
ownership of risk identification and
mitigation. In most cases, the risk
board receives additional support
from a central risk-management
function, staffed with experts to
provide additional guidance on
identifying and mitigating risks. This Photo by Unknown Author is licensed under CC BY-NC

Institute governance
and regular review
▶ An effective board will meet periodically
to review the top risks in the supply
chain and define the mitigation actions.
The participants will then own the
execution of mitigation actions for their
respective functional nodes. For
example, if the board decides to qualify
and onboard a new supplier for a
critical component, the procurement
representative on the board will own the
action and ensure its execution.
Additionally, in many organizations the
risk board will also make
recommendations to improve the agility
and resilience of the supply chain,
ranging from reconfiguring the supply
network, finding new ways of reducing
lead times, or working with suppliers to
help optimize their own operations.
Increasing supply-chain agility can be a
highly effective mitigation strategy for
organizations to improve their
preparedness for a wide range of risks. This Photo by Unknown Author is licensed under CC BY-NC

Managing unknown
risks
▶ Unknown risks are, by
their nature, difficult or
impossible to predict,
quantify, or incorporate
into the risk-management
framework discussed
above for known risks. In
our experience, mitigating
unknown risks is best
achieved through creating
strong defenses combined
with building a risk-aware
culture.

Managing unknown
risks
▶ Building strong
defenses
Strong defenses, from
request-for-proposal
(RFP) language to worker
training, all contribute to
an organization identifying
and stopping unknown
risks before they affect
operations. Exhibit 2
outlines typical layers of
defense organizations
employ to defend against
unknown risks.

Managing unknown
risks
▶ Building a risk-aware
culture
A risk-aware culture helps
an organization both
establish and maintain
strong defensive layers
against unknown risks, as
well as respond more
quickly when an unknown
risk surfaces and
threatens operations.

Managing unknown
risks
• Acknowledgement. Management and
employees need to feel empowered to pass
on bad news and lessons from mistakes.
This openness fosters an environment
where it is okay to voice and deal with
issues. Culturally, it is critical that the
organization not get discouraged or point
fingers when a risk event occurs, and
instead works harmoniously towards a rapid
resolution.
• Transparency. Leaders must clearly define
and communicate an organization’s risk
tolerance. Risk mitigation often has an
associated incremental cost, and so it is
important to align on which risks need to be
mitigated and which can be borne by the
organization. An organization’s culture
should also allow for warning signs of both
internal and external risks to be openly
shared.
• Responsiveness. Employees need to be
empowered to perceive and react rapidly to
external change. This can be enabled by
creating an ownership environment, where
members feel responsible for outcome of
actions and decisions.
• Respect. Employees’ risk appetites should
be aligned with an organization, so that
individuals or groups do not take risks or
actions that benefit themselves but harm the
broader organization.

Time To Deploy The
Solution
▶ Time-based risk management” concept
focuses on time and response processes
instead of cost, probabilities or impact.
Most time-based management concept is
based on three elements of time: time to
detect a disruption, time to design or
prescribe a solution in response to the
disruption, and time to deploy the
solution.
Time-based risk management is
particularly relevant in industries with
rapidly changing landscapes, such as
technology, finance, and healthcare. For
instance, in the realm of cybersecurity, new
threats and vulnerabilities emerge
frequently, requiring constant monitoring
and adjustment of risk management
strategies.
Ultimately, time-based risk management is
about understanding that risks are not
static and that addressing them requires a
proactive and ongoing approach that
accounts for the passage of time and
changing circumstances.

Time to Detect a
Disruption
▶ The "time to detect a disruption"
refers to the amount of time it takes
for an organization or system to
identify and recognize that a
disruptive event or incident has
occurred. This metric is a critical
component of incident response and
risk management. The shorter the
time to detect, the faster an
organization can respond and
mitigate the effects of a disruption,
thereby reducing potential damages.
Overall, reducing the time to detect
a disruption is crucial for effective
risk management and incident
response. Organizations that can
quickly identify and respond to
disruptions are better positioned to
minimize damage, maintain
operational continuity, and
safeguard their reputation.

Time to Design or
Prescribe a Solution in
Response to The
Disruption
▶ The "time to design or prescribe a
solution" in response to a disruption
refers to the amount of time it takes for an
organization or a team to develop and
propose a solution to address the issues
caused by the disruption. This is a critical
phase in incident response and crisis
management, as it involves assessing the
situation, understanding the impact of the
disruption, and formulating an effective
plan to mitigate the effects and restore
normal operations.
The time it takes to design a solution can
vary significantly based on the nature and
complexity of the disruption, the
organization's preparedness, the
availability of expertise and resources,
and the urgency of the situation. A swift
and well-thought-out response is
essential to minimizing the impact of the
disruption and ensuring a timely recovery.

Time to Design or
Prescribe a Solution in
Response to The
Disruption
▶ Timely design and prescription of a
solution are crucial because they set
the course for recovery and help
restore normal operations as quickly
as possible. Delays in this phase
can lead to prolonged downtime,
increased costs, and potential long-
term repercussions. Effective
communication and collaboration
among teams are essential during
this phase to ensure that the chosen
solution aligns with the
organization's goals and objectives
while addressing the immediate
challenges posed by the disruption.

Time to Deploy The
Solution
▶ The "time to deploy the solution"
refers to the duration it takes to
implement and put into action the
proposed solution designed to
address a disruption or incident.
This phase is a crucial part of
incident response and crisis
management, as it involves
executing the plan developed in
response to the disruption and
returning to normal operations as
swiftly as possible.
The time it takes to deploy a
solution can vary depending on
factors such as the complexity of the
solution, the availability of
resources, the coordination of
teams, and the nature of the
disruption itself. A well-executed
deployment process is essential to
minimize the negative impact of the
disruption on the organization.

Time to Deploy The
Solution
▶ Timely deployment of the
solution is essential to
restoring normal operations
and minimizing the
disruption's impact on the
organization's performance,
reputation, and customer
satisfaction. Efficient
coordination, clear
communication, and a well-
prepared deployment plan
are key factors in
successfully executing this
phase of incident response.

The road ahead
▶ Global supply chains are
irreversible, as are the supply-
chain risks that globalization
has brought with it. Our
experience suggests that it is
critical for organizations to build
robust programs for managing
both known and unknown
supply-chain risks. Leaders
should also recognize that risk
management is not merely
about setting up processes and
governance models, but also
entails shifts in culture and
mind-sets. By employing these
approaches, organizations
increase their chances of
minimizing supply-chain
disruptions and crises, while
capturing the full value of their
supply-chain strategies.

Supply Risk
Management
▶ SRM is a specific type of SCRM focusing
on risks in dyadic supply chains.
▶ It analyzes risks at the interface between
a purchasing company and its supplier(s).
▶ Agency theory is relevant for managing
risks in this dyadic relationship.
▶ SRM aims to ensure the continuity of
supply to the end customer.
▶ The SRM process includes steps like
mapping supply network, risk
identification, assessment, management,
and collaborative strategy.

Crisis Management
(CM)
▶ CM originates from political science and
began to be discussed in business
administration in the 1970s.
▶ CM deals with crises, which can have
positive or negative impacts and is
ambivalent in nature.
▶ Crisis is defined in various ways across
different scientific disciplines.
▶ CM focuses on specific risks that threaten
a company's survival and aims to ensure
its solvency and success.
▶ The CM process includes steps like signal
detection, preparation/prevention,
containment/damage limitation, recovery,
and learning, with an emphasis on
reactive measures.

Business Continuity
Management
▶ BCM is a relatively new concept
focused on managing risk and
uncertainty.
▶ It originated in the field of
information technology, specifically
addressing the year 2000 problem.
▶ BCM aims to prevent disruptions
in information systems and has a
practitioner-oriented perspective.

Business Continuity
Management
▶ BCM emphasizes continuity as the
desired state for companies.
▶ Unlike other concepts, BCM does not
focus on a specific type of disruption.
▶ BCM addresses disruptions that are
not easily identifiable or quantifiable.
▶ The concept primarily applies at the
company-level, with some discussion
of Supply Chain Continuity.
▶ BCM aims to restore or improve
operations after a disruption, based on
the assumption that disruptions cannot
be fully eliminated. The process
includes steps like initiation, planning,
implementation, and operational
management, with a core focus on
Business continuity planning.

Safety
Management
▶ SM is discussed more within the information
technology field.
▶ SM focuses on a desirable condition
(Sicherheit) rather than a specific disruption.
▶ The term "safety" is studied across various
disciplines including political, social, and
cultural sciences.
▶ Three types of safety are distinguished:
certainty, protection from unintended events,
and protection from intended events.
▶ SM in business administration aims to
achieve a specific safety level, requiring both
preventive and reactive measures. It
includes steps similar to RM but emphasizes
setting protection-related objectives and the
desired safety level.

Supply Chain
Security
▶ SCS Management aims for the desired
condition of supply chain security.
▶ The concept gained intensity post the
events of September 11, 2001.
▶ The Department of Homeland Security
highlights the relevance of SCS for
national security.
▶ Legal regulations and institutional
economics drive the practical
implementation of SCS.
▶ SCS is distinct from the concept of SM,
focusing specifically on security,
particularly within SCM and logistics, with
an emphasis on protecting assets from
unauthorized entries into the supply chain
alongside theft prevention.

Supply Chain
Security
▶ The main objective is protecting a
supply chain and its assets.
▶ The concept focuses on those
types of disruptions that refer to
any attacks which are intended by
human acts.
▶ The focus is more on protecting
the material flow and less on
protecting the information flow.
▶ For the purpose of managing
security, the adoption of preventive
instead of reactive action
measures is recommended.

Uncertainty
Management
▶ UM is discussed at both company and
supply chain levels, like SM.
▶ UM focuses on the disruption type of
uncertainty, which is implicitly/subsumed
in other concepts.
▶ Uncertainty is characterized by the
absence of information and has a positive
connotation.
▶ Information economics and (open)
systems theory contribute to
understanding uncertainty.
▶ Resource dependence theory and chaos
theory provide insights into managing
uncertainty with strategies focused on
critical resources and controllable chaos,
respectively.

Failure
Management
▶ FM is a concept focusing on risk and
uncertainty factors, discussed in business
administration at both company and
manufacturing levels.
▶ The concept of FM addresses failures,
subject to various scientific disciplines.
▶ Failures are deviations from an optimum
condition or procedure, with both positive
and negative connotations.
▶ Failures can result from human-based,
technical-oriented, or system-oriented
factors.
▶ FM assumes that not all failures can be
eliminated, leading to the need for
preventive, proactive, and reactive action
measures. The FM-process shares
similarities with the RM-process.

Disruption
Management
▶ DiM is a concept for managing risk and
uncertainty factors through disruption
management.
▶ Disruption is a term studied in various
scientific disciplines, including engineering
and business administration.
▶ DiM can be viewed as analyzing production
systems with disruptions seen as unplanned
deviations from planned processes.
▶ In supply chain contexts, disruptions can
refer to unplanned events resulting in
deviations from plans, often with negative
impacts.
▶ The management of disruptions is typically
addressed within broader concepts like
SCRM due to their negative character and
connection to supply chain risks.

Incident, Problem and
Event Management
▶ Incident Management (IM), Problem Management (PM),
and Event Management (EM) are IT-focused concepts
for managing risk and uncertainty factors.
▶ IM focuses on incidents, which are disruptions like
outages or errors causing interruptions in IT services. IM
aims to restore normal operations and minimize negative
effects.
▶ PM addresses problems, the unknown causes of
incidents, aiming to prevent incidents and minimize their
impact. PM is primarily preventive in nature.
▶ EM deals with events, detectable occurrences with
significance for IT infrastructure or service delivery. EM
aims to detect and manage events to prevent
disruptions.
▶ All three concepts involve standardized processes that
align with the risk management (RM) process, with IM
being reactive, PM being preventive, and EM focusing on
early detection and management.

Supply Chain
Event Management
▶ Supply Chain Event Management (SCEM) is a
concept for managing risk and uncertainty factors,
considered a specific type of Event Management
(EM).
▶ SCEM focuses on events, which are seen as
milestones reflecting deviations between target and
actual states in the supply chain that need
minimization.
▶ The concept aims to reduce complexity by addressing
specific high-relevance events requiring action.
▶ SCEM integrates approaches from different
disciplines, including business administration and
information technology.
▶ Influenced by Management by Exception (MbE),
Event-driven planning, and Tracking & Tracing (T&T)
systems, SCEM combines proactive and reactive
event management, aiming for cross-company
transparency in supply chains. The recommended
SCEM process involves monitoring, notification,
simulation, control, and measurement, but lacks
specific elements like goal formulation, risk analysis,
and risk assessment.

Supply Chain
Resilience
▶ Supply Chain Resilience (SCR) is a recent concept
stemming from events like fuel protests in 2000 and foot-
and-mouth disease in 2001.
▶ Similar to Business Continuity Management (BCM), SCR
doesn't focus on a specific disruption but aims at
resilience as the primary objective of supply chains.
▶ Resilience is used in various scientific disciplines and is
about rapid recovery or achieving a better state after
disruptions.
▶ SCR integrates aspects of Risk Management (RM) and
Supply Chain Management (SCM) and operates at the
supply chain level.
▶ SCR aims to enable systems, like supply chains, to
recover rapidly from disruptions and create resilience
through flexibility and agility, often involving proactive
measures. The resource-based view analyzes factors
contributing to SCR.

Supply Chain
Vulnerability
▶ Supply Chain Vulnerability (SCV) is a concept
for managing risk and uncertainty factors,
arising in response to events that exposed
supply chain vulnerabilities.
▶ SCV focuses on vulnerability, which is
discussed in various scientific disciplines, and
combines elements of Risk Management (RM)
and Supply Chain Management (SCM).
▶ Vulnerability is defined as a condition affecting a
firm's goal accomplishment dependent on
negative consequences of disturbance.
▶ SCV aims to highlight the degree of vulnerability
in supply chains rather than providing action
measures to avoid or minimize it.
▶ Increased interconnectedness of companies,
leading to interdependencies, is a driver of
vulnerability, and this aspect is studied through
system theory and normal accident theory.
Interdependencies are categorized into time
dependence, relationship dependence, and
functional dependence.

Disaster
Management
▶ Disaster Management (DM) is a concept focused on the
management of risk and uncertainty factors, rooted in
social sciences and originating from the public sector's
responsibility since the 1920s.
▶ DM is discussed within various scientific disciplines,
including laws, political sciences, and economics, and is
increasingly debated within the areas of Supply Chain
Management (SCM) and logistics.
▶ DM primarily deals with large-scale disruptions known as
disasters, characterized by low probability of occurrence
and high severity, leading to significant human, material,
and environmental losses.
▶ The process of DM involves planning, mitigation,
detection, response, and recovery steps, with a strong
emphasis on preparedness.
▶ Disasters typically exceed the coping capabilities of
affected entities, requiring national and international
assistance and involving a network of various actors
contributing resources for relief efforts. DM involves
complex coordination and establishment of supply
chains to efficiently manage the humanitarian,
ecological, and economic impacts of disasters

Emergency Management
▶ Emergency Management (EM) is a concept with its
roots in social sciences, particularly public
administration and national security, increasingly
relevant in business administration, particularly
within SCM and logistics.
▶ EM and Disaster Management (DM) concepts are
closely related, often referencing each other in
literature, leading to overlaps between the two.
▶ EM focuses on emergencies, defined as
exceptional events exceeding normal coping
capacities and associated with low occurrence
probability but high severity.
▶ Emergencies are distinguished from disasters by
the level of response required, with emergencies
typically manageable at the local level, while
disasters demand a greater response.
▶ EM is more localized compared to DM, mainly
addressing routine events manageable at the local
level and emphasizing mitigation, preparedness,
response, and recovery steps, with a focus on
mitigation's long-term orientation and high-cost
intensity.

Interim Result:
State of Research
▶ No holistic concept encompassing all supply chain
risk and uncertainty factors exists currently.
▶ Various concepts do not qualify as holistic concepts
due to their nature as elements of higher-level
approaches or as objectives (IM, EM, PM, SCR).
▶ SCRM is the main contender as a supply chain-level
concept for risk management, focusing on identifiable
and quantifiable risks while excluding uncertainties.
▶ SCRM employs both preventive and reactive
management approaches, while BCM emphasizes
proactive management.
▶ SCRM lacks the step of goal formulation in its
process, making it incomplete for comprehensive risk
and uncertainty management.
▶ An illustration visually summarizes the dimensions of
level, comprehensiveness, and management
approach, highlighting the need for a holistic concept.
▶ A new concept called Supply Chain Safety
Management (SCSM) will be introduced to address
these limitations.

The Concept of
SCSM
▶The terms "safety" and "security" are used
inconsistently and need to be defined in the context
of supply chain management.
▶"Safety" and "security" are terms originating from IT
and computer systems but are relevant to supply
chains as well.
▶"Security" in supply chain safety includes both
physical security (protecting tangible goods) and
digital security (protecting information systems)
against intended attacks like organized crime and
terrorism.
▶"Safety" in supply chain safety refers to protection
from unintended hazards, such as natural disasters
or negligence.
▶The concept of Supply Chain Safety Management
(SCSM) aims to ensure supply chain continuity while
considering the economic goal of profitability. It
focuses on achieving relative safety by taking
appropriate action alternatives and mitigating
potential risks to a tolerable degree.

The Concept of
SCSM
▶ The primary goal of Supply Chain Safety
Management (SCSM) is to ensure the continuity of
supply and minimize disruptions in supply chains.
▶ Safety-related action measures in SCSM are divided
into supply chain protection and supply chain
resilience.
▶ Supply chain protection involves preventive
measures to avoid disruptions, including inspections,
data backups, standards implementation, and safety
precautions.
▶ Supply chain resilience includes reactive measures to
enable rapid response to unexpected events, with a
focus on flexibility (postponement, alternative
transport modes) and redundancy (multiple sourcing,
safety stocks, redundant resources).
▶ Supply chain preparedness is the goal of SCSM,
aiming to ensure a supply chain can continue or
quickly restore operations after a disruption.

Targets and Components
of Supply Chain
Safety Management:
Structure of the Book

The concept of Supply Chain Safety
Management (SCSM) comprises five
essential elements that shape its
framework:
▶ Necessity of a New Concept: Recognizing
the need for a novel approach to managing
risk and uncertainty factors across company-
spanning supply chains.
▶ Identification and Analysis: Identifying and
analyzing risk and uncertainty factors that
pose threats to a supply chain's safety.
▶ Preventive Action Measures: Implementing
proactive measures to eliminate or reduce
the sources of risk and uncertainty factors,
enhancing the supply chain's protection.
▶ Reactive Action Measures: Employing
reactive measures to mitigate the adverse
effects caused by risk and uncertainty
factors that have already materialized,
enhancing the supply chain's resilience.
▶ Management Process: Establishing a
management process that enables supply
chains to enhance their overall
preparedness.

of Supply Chain
Safety Management:
▶ Chapter 2 highlights the relevance of the
research field; it discusses various risk and
uncertainty factors impacting supply chains,
these factors increase vulnerability and lead
to disruptions.
▶ Supply chains rely on scarce natural
resources for continuity.
▶ Different countries have distinct raw material
strategies due to wealth and structure.
▶ Scarce Metals and Minerals article analyzes
resource risks, emphasizing price and supply
risks.
▶ National raw material strategies differ among
countries.
▶ Despite variations, all studied countries
share the challenge of securing metals and
minerals at sustainable prices.

of Supply Chain
Safety Management:
▶ Post-2001 (September 11), developed
nations face potential state and non-state
adversaries preparing to attack
vulnerabilities.
▶ Lack of preparedness for "new" threat forms
and the merging of military and non-military
methods.
▶ Article "Hybrid Threats and Supply Chain
Safety Management" by Marc Oprach and
Boris Bovekamp focuses on hybrid threats.
▶ Hybrid threats involve state and non-state
actors using a mix of conventional, criminal,
terrorist, and irregular measures.
▶ Our aim in this lecture is to raise awareness
about hybrid threats' impact on supply chain
continuity and suggest effective responses
for industrial nations.

of Supply Chain
Safety Management:
▶ Political environment is increasingly
volatile and demand-driven, causing
unpredictability for supply chains.
▶ The political environment's impact poses
a significant risk for supply chain
operations.
▶ Scholarly literature confusion necessitates
a clear definition of political environment
and risk.
▶ Carlo Masala's article "Political
Environment as a Factor of Risk" clarifies
political environment and risk concepts.
▶ Provides distinct definitions for both
terms, explores their interconnections,
offers empirical examples of political
environment as a risk factor, and presents
theoretical strategies for managing risks
from specific political contexts.

of Supply Chain
Safety Management:
▶ Risk information is legally required and sought by
shareholders, potential investors, and
stakeholders for evaluating a company's future
performance.
▶ Risk disclosures in annual reports are a primary
means of communication between companies
and stakeholders.
▶ Christoph Bode, René Kemmerling, and Stephan
M. Wagner offer a tool to systematically identify
and analyze supply chain risks.
▶ They propose a two-level classification system
for supply chain risk analysis: internal-driven and
external-driven risks on the top level, and five
risk categories on the second level.
▶ Analysis of 10-K reports from 219 companies
between 2007 and 2009 reveals an increasing
importance of internal-driven supply chain risks
in recent years.

of Supply Chain
Safety Management:
▶ Chapter 3 focuses on identifying
preventive action measures to enhance
supply chain protection.
▶ The chapter emphasizes security
procedures and initiatives that strengthen
logistics chains within company-spanning
supply chains.
▶ Aviation security is crucial for increasing
safety levels in various process chains.
▶ Gerhard Wirth's article "The secure
process chain in aviation security"
explores aviation security and its impact
on just-in-time delivery.
▶ The article highlights the complexity of
aviation security processes related to
passenger arrival and departure, and the
need for management systems to ensure
functional process chains

Targets and Components of
Supply Chain
Safety Management:
▶ The paragraph discusses the vulnerability of
physical supply chains and the importance of
infrastructures like highways and bridges.
▶ Recent events have shown that physical
supply chains are susceptible to disruption
due to strong interdependencies.
▶ Norbert Gebbeken's article focuses on
safeguarding critical built infrastructures
against various threats such as natural
disasters and terrorist attacks.
▶ He highlights the use of numerical
simulations to assess and design critical
infrastructures, reducing the need for time-
consuming and expensive physical tests.
▶ Numerical simulations aid in studying threat
scenarios, assessing existing infrastructures,
and designing new buildings more efficiently.

of Supply Chain
Safety Management:
▶ Cargo theft in European road freight
transport chains has been increasing and
becoming organized.
▶ Irene Sudy, Sebastian Kummer, and Ellis
Lehner's article focuses on managing the
risk of theft and organized crime in road
freight transport.
▶ They develop a set of risk response
measures categorized by their ability to
eliminate, reduce, transfer, or accept the
theft risk.
▶ The proposed measures are based on a
comprehensive literature review and
personal expert interviews with logistics
service providers and insurance companies.
▶ This approach aligns risk response
measures from risk management literature
with practical measures applied in the field.

of Supply Chain
Safety Management:
▶ Logistics service providers have a crucial
role in managing transportation within supply
chains.
▶ Logistics service providers need to establish
and operate effective global supply chains.
▶ Two main challenges they face are creating
cost-efficient, high-performance supply
chains and ensuring security due to rising
threats like terrorism and extreme weather
conditions.
▶ Karl Engelhard and Christian Böhm's article
"Security of Supply Chains from a Service
Provider’s Perspective" provides a practical
insight into the challenges logistics service
provider's encounter, which discusses
successful preventive measures
implemented to achieve supply chain
security.

of Supply Chain
Safety Management:
▶ Society is shifting towards a networked
society with trends like social networks,
online banking, e-health, and e-
marketplaces.
▶ This connectivity comes with both
advantages and risks related to security
and privacy.
▶ Protecting digital assets becomes more
challenging due to the widespread
vulnerability.
▶ Gabi Dreo Rodosek and Mario Golling's
article "Cyber Security: Challenges and
Application Areas" addresses cyber
security threats and presents potential
countermeasures.
▶ The existing approaches are insufficient to
address current cyber security threats,
emphasizing the importance of
researching new approaches.

of Supply Chain
Safety Management:
▶ Globalization has led to products being
developed, produced, and sold across different
regions, benefiting from global supply chains.
▶ System failures in transportation,
communication, or energy supply can have far-
reaching effects, causing domino effects in
various areas of life and production.
▶ Ensuring public security efficiently is a
challenging task for nations and international
organizations.
▶ The logistics sector supports public security by
providing solutions that assist governmental
administrations and organizations.
▶ Matthias Witt's article "How logistics can create
and support public security" demonstrates how
the logistics sector can contribute to maintaining
public security through practical examples.

of Supply Chain
Safety Management:
▶ Chapter 4 focuses on identifying reactive
action measures to enhance supply chain
resilience.
▶ The Panama Canal extension project is a
significant global transportation project,
costing $5.5 billion.
▶ The project aims to expand the Canal's
capacity to handle larger vessels (12,600
TEU Post-Panamax) compared to the
current limit (4,400 TEU Panamax).
▶ The expansion is expected to lead to
changes in transportation flow patterns
across the Americas, impacting port loads
and inland transportation.
▶ Liliana Rivera and Yossi Sheffi's article
"Panama Canal Update" provides insights
into the project's status and its
implications for transportation routes,
distribution patterns, and logistics hubs.

of Supply Chain
Safety Management:
▶ Increasing influences endanger logistics
systems' functions, making resistance
against them crucial.
▶ Logistics companies and networks need
robustness to offer reliable services and
remain competitive.
▶ The ability of logistic systems to restore
operational reliability after damage is
essential (self-healing).
▶ Philip Cordes and Michael Hülsmann's
article "Self-Healing Supply Networks – A
Complex Adaptive Systems Perspective"
introduces self-healing processes for
logistics systems.
▶ The authors analyze technological and
organizational conditions, examining how
self-healing contributes to logistics system
robustness and identify potentials and
limitations

of Supply Chain
Safety Management:
▶ Critical infrastructures are vital but often
undervalued until disruptions occur.
▶ Breakdowns in critical infrastructures can
lead to severe disruptions and safety
risks.
▶ Supply chains are dependent on the
safety of critical infrastructures, such as
energy supply.
▶ Albrecht Broemme's article discusses a
process model to enhance the safety,
protection, preparedness, and resilience
of critical infrastructures.
▶ Broemme uses the Technisches Hilfswerk
(THW) as an example of a governmental
organization supporting the restoration of
critical infrastructures after disruptions

of Supply Chain
Safety Management:
▶ Product availability outbound to
customers is a significant customer
requirement.
▶ Distributors, traders, and OEMs need to
optimize operations for continuity of
supply.
▶ Companies seek management concepts
to detect and respond to potential product
shortages promptly.
▶ Complex modern supply chains make this
task challenging.
▶ Joerg S. Hofstetter and Wolfgang Stölzle
introduce the concept of Supply Chain
Event Management (SCEM) to address
these challenges, including its varying
understandings, approaches, and use in
business practice.

of Supply Chain
Safety Management:
▶ Agility, disruption resistance, and resilience
are critical in supply chain planning.
▶ Dmitry Ivanov, Boris Sokolov, and Joachim
Käschel propose an adaptation-based
supply chain resilience framework.
▶ The framework aims for optimal economic
performance and stability in supply chains.
▶ The authors analyze supply chain resilience
using flexibility and reliability elements
classification.
▶ Their decision-making algorithm considers
risk perceptions, strategies, economic
performance, and stability for supply chain
planning.

of Supply Chain
Safety Management:
▶ Chapter 5 focuses on implementing elements
of Supply Chain Safety Management.
▶ Economic globalization and competition
challenge companies to source globally and
meet international market requirements.
▶ End-to-end monitoring of supply chains and
certification of products/processes are crucial
for compliance and meeting cultural
expectations.
▶ Outsourcing to specialized service providers
allows companies to focus on core
competencies and reduce sourcing risks.
▶ Axel Stepken's article "Monitoring and
Certification of Supply Chain Safety"
discusses practical aspects of testing,
inspection, certification, and their role in
global supply chains using examples from
four companies.

of Supply Chain
Safety Management:
▶ Compliance with complex laws, regulations, and
standards is crucial for global supply chains and
certain sectors like the military.
▶ End-to-end supply chain compliance is essential
for success, encompassing all elements,
material flows, and information exchanges.
▶ Compliance management is vital for balancing
risk and opportunities in supply chain
performance.
▶ Josef Mauermair's article "Compliance and
Supply Chain Safety" presents a theoretical and
supplier's perspective on developing,
implementing, and operating a compliance
system.
▶ The article introduces a life cycle model of rules
for ensuring supply chain preparedness and
discusses planning, running, and controlling
rules within the compliance system

of Supply Chain
Safety Management:
▶ Innovation is essential for economic
development, providing competitive
advantages and long-term success.
▶ Innovation is inherently risky due to
uncertainty.
▶ Current SCRM literature often overlooks
the connection between SCRM,
opportunities, and innovation.
▶ The "Supply Chain Innovation and Risk
Assessment (SCIRA) Model" by Stephan
Klein-Schmeink and Thomas Peisl
introduces an advanced SCRM approach.
▶ The SCIRA model focuses on strategic-
level SCRM, integrating risk assessment
with innovation considerations.

of Supply Chain
Safety Management:
▶ The importance of quantifying and
managing supply chain risks is
emphasized.
▶ The existing literature lacks publications
that utilize simulations and mathematical
models for risk assessment.
▶ Andreas Brieden, Peter Gritzmann, and
Michael Öllinger present a novel
quantitative algorithm for supply chain
risk assessment. The algorithm involves
constrained clustering and aims to
provide a multiple covering of the
commodity graph.The algorithm
calculates the probability of failure and
assesses risk compared to optimal
supplier assignments, demonstrating the
potential for risk reduction.

Conclusion
▶ Supply chains are complex networks that involve
the movement of goods, information, and resources
across various stages, from raw material suppliers
to end consumers. We discussed some of the
supply chain risk. We also reviewed current
implications of supply chain risk. We also examined
the activities for Supply Chain Risk Management.
Supply chain risk management involves a series of
activities aimed at identifying, assessing, mitigating,
and responding to potential risks that could disrupt
the smooth operation of the supply chain. The key
activities in supply chain risk management include
risk identification, risk assessment, and risk
mitigation/control/monitoring
We also discussed why time frame is important for
SCRM because different risks have varying lead
times, potential impacts, and windows of
opportunity for mitigation and response.
Considering time frames helps organizations
develop effective strategies to address risks and
disruptions in a timely manner. We talked about
several core components that collectively help
organizations identify, assess, mitigate, and
respond to risks within their supply chains. We also
reviewed the core component of SCRM. These
core components work together to establish a
comprehensive and effective supply chain risk
management framework that helps organizations
navigate uncertainties, minimize disruptions, and
maintain the smooth operation of their supply
chains.

Security, Compliance & Loss Prevention Part 1.pptx

More Related Content

Similar to Security, Compliance & Loss Prevention Part 1.pptx

More from Sheldon Byron

Recently uploaded

Security, Compliance & Loss Prevention Part 1.pptx