Presented to Procurement/Sourcing community for the purpose of deriving/justifying investment in Supply Chain Risk and Resiliency initiatives. Focused heavily on 3rd (third) party assessment and action. Provides cases, roadmap, tools & technologies for justifying investment and gaining value.
Supply Chain Risk Procurecon - Deriving Economic Value
1. SUPPLY CHAIN RISK:
DERIVING ECONOMIC VALUE
IN THE NEW ERA OF
CONTINUOUS CHANGE AND
VOLATILITY
P R O C U R E C O N
O C T O B E R 2 0 1 2
Gary S. Lynch, CISSP
Founder & CEO
The Risk Project
The Risk Project
All Rights Reserved
2. October 28, 2013 1
Uncertainty
The World Is a Riskier Place
THE RISK PROJECT
The Risk Project
All Rights Reserved
3. October 28, 2013 2
How Accurate Are the Professionals at Modelling Risk?
Modelled vs. Actual
Wind
Wind
Wind
Wind
EQ EQ
THE RISK PROJECT
The Risk Project
All Rights Reserved
4. October 28, 2013 3
55,000 Toyota Motor Corp.
vehicles delayed
70% of Japan’s auto
production temporarily shut
down
Honda, Nissan, Mitsubishi,
Mazda, Suzuki, and Fuji
Heavy Industries stopped or
slowed production
Farms use sawdust as cozy
and clean bedding
Construction/particle-board
makers use as cheap building
material
Auto-parts manufacturers,
wineries, oil-rig operators all
impacted
North America’s only source of
the base isotope for technetium-99
Injected into patients 20 million
times in the U.S. to create images
used in diagnosis and treatment
(e.g. cancer, heart ailments)
Isotopes
Atomic Energy of Canada
reactor at Chalk River, Ontario
shutdown – scheduled to open
5 days later, but delayed 60
days
Piston Rings
6.8 magnitude
earthquake shuts
down Riken Corp.
Sawdust
Housing market slows –
sawdust shortage
Sawdust prices rise in 15
months from $25 a ton to
more than $100 a ton
EVENT
CONSEQUENCE
THE RISK PROJECT
The Risk Project
All Rights Reserved
5. October 28, 2013 4THE RISK PROJECT
The Risk Project
All Rights Reserved
6. October 28, 2013 5
Nationalization
Cement,
Energy
Port
Strike
Retail, Food,
Consumer Packaged
Goods
Earthquake/Tsunami -
Power Failure,
Transportation
Disruptions, Nuclear
Contamination,
Facility Damage,
Displacement
High-Tech, Auto,
Travel
Pirates-
Marine
Hijacking
Shipping,
Energy
Floods
Transportation
Disruptions
Mining,
Agriculture
Earthquake
Lumber,
Packaging
Volcanic Ash
Transportation,
Logistics
Flooding
Auto, High
Tech
Strike
Communications
Recall
Auto
Trade
Finance
Contraction
Supplier
Bankruptcy
Auto, All
Hurricane
Energy, Transportation,
Pharmaceutical
Political/Social Unrest
Energy, Transportation
Economic
Slowdown
Trade Finance
Manufacturing
Snowstorm
Extreme Cold
Manufacturing,
Energy
Transportation
Recall
Auto/Brakes
Communications
Outage
Comms/Blackberry
Earthquake
Dairy,
Purchasing
Fires
Agriculture,
Transportation
Extreme Heat
Agriculture,
Transportation
Hacking
Communications
Media
Crime
Manufacturing
Assembly
Transportation
Contaminated
Pallets
Pharmaceutical
THE RISK PROJECT
The Risk Project
All Rights Reserved
7. October 28, 2013 6
HELP WANTED
Procurement Officer with Risk Management experience. Must be
fluent in the analysis and evaluation of the following:
• Economics
• Meteorological conditions
• Weather and climate
• Medical and health epidemics and pandemic
• Corporate responsibility programs
• Environmental regulation
• Intellectual property and information security
• Physical security
• Cyber security
• Quality programs
• Legal and regulatory compliance
• Contracts
• Financial analysis
• Privacy regulation
• Trade policy (for approximately 150 countries)
THE RISK PROJECT
The Risk Project
All Rights Reserved
8. October 28, 2013 7
Expanded Agenda
Quality, Cost, Design, Delivery, Financial Stability
Existing Scope (sample)
Supplier insolvency
Supplier breakdown or quality
breakdown
Exchange rate volatility
Commodity price volatility
Labor strikes
Plant & equipment breakdowns
Expanded Scope
Geographic concentration and
clustering
Macro (geo-political, market, &
industry) and micro
interdependencies/triggers
Full scope operational risk
Systemic risk
GEC risks
Total landed costs, adjusted for risk
Value/stakeholder driven program
THE RISK PROJECT
The Risk Project
All Rights Reserved
9. October 28, 2013 8
Value Segmentation
Simplicity and Focus, Efficient and Effective Allocation of Limited Risk Resources
Product Revenue Margin 3 yr Forecast
Product 1 $ 2,626.0 56% $ 6,020.0
Product 2 $ 562.0 72% $ 3,421.0
Product 3 $ 1,004.0 22% $ 7,621.0
Value Segmentation
Impact Filters
• Revenue
• Margin
• Asset
• Cash Flow
• Strategic
• Regulatory
• Brand
• Life
Beverages
Product Rationalization
Impact Filters
• Revenue
• Margin
• Asset
• Cash Flow
• Strategic
• Regulatory
• Brand
• Life
Sources
• Exec Interviews (CEO, GC, CMO)
• Analyst Reviews
• Financial Statements (e.g. 10k)
• Market Data
THE RISK PROJECT
The Risk Project
All Rights Reserved
10. October 28, 2013 9
Setting Expectations, Understanding Tolerance
Listening Posts
Regulators
Customers
Employees
Shareholders
Investors
Industry
Associations
NGOs
Global Quasi-
Government
Government – Policy Makers & Influencers
Suppliers & Business Partners
THE RISK PROJECT
The Risk Project
All Rights Reserved
11. October 28, 2013 10
Raw
Materials
Fabricated
Components
Finished
Goods
Services Suppliers
Component
Suppliers
Distributors
Widget
Company
Manufacturing
Plant
Ports
• Shanghai
• Ningbo
• Yantian
Widget
Company
Overseas
Manufacturing
Plant
Distributors
Customers
Rail, Truck
Rail, Truck,
Ship
Direct Ship LTL
Ports
• LA/LB
Sub-Assemblies
Tier 1Tier 2, 3, 4
NOTE: Chart is used for illustrative purposes and does not represent
all of the details of the actual supply chain.
Mills
Mines
$4b
$500m
$250m
$2.1b
$1b
Value Chain Mapping
Understand Resource Dependencies and Their Maximum Loss
Across the Extended Supply Chain
THE RISK PROJECT
The Risk Project
All Rights Reserved
12. October 28, 2013 11
Risk Profile Third Parties
THE RISK PROJECT
The Risk Project
All Rights Reserved
13. October 28, 2013 12
Impact
To Resources for the Specific Product (Value)
Effort
Level of:
Time
Management
Attention
Capital
Resources
High
Measure and Prioritize Impacts
Lithium &
Titanium
Distribution
Center Motors
Manufacturing
Plant
Shanghai,
Ningbo,
Yantain Ports
Oracle
AMAPS
Physical
Record,
Device
History
Electronics
Fasteners
CNC
Operator
Electronics
Assembler
Welder
Nanotech
Engineers
Supplier X
Freight
Forwarders
Quality
Engineer
Supplier Z
Supplier Y
Supplier K
THE RISK PROJECT
The Risk Project
All Rights Reserved
14. October 28, 2013 13
Identify Most Relevant Threats
Earthquake Volcano Tsunami
Tropical
Cyclone
Extratropical
Storm Hail Tornado Lightning Flood Storm Surge
Location: ID 0 - 4 0 - 3 0 - 2 0 - 6 0 - 5 1 - 6 0 - 4 1 - 6 1 - 2 0 - 2
xxx Italy 1 1 1 0 0 3 4 2 3 1 0
xxx, USA 2 0 0 0 2 3 4 3 4 1 0
xxx, Puerto Rico 3 3 0 0 5 0 2 2 3 0
xxx, USA 4 3 0 0 0 2 4 3 4 1 0
xxxx USA 5 1 0 0 0 2 5 3 4 1 0
xxx USA 6 1 0 0 2 2 5 3 4 1 0
x USA 7 2 0 0 0 2 4 3 4 1 0
x Germany 8 0 0 0 0 3 3 3 2 1 0
x JP 9 4 0 0 5 3 4 2 2 0
x Japan 10 3 0 2 5 3 4 2 2 1
x JP 11 4 0 0 5 3 4 2 2 0
x JP 12 3 0 2 3 3 3 2 2 1
x Factory 13 4 0 0 4 3 4 2 2 0
x 1 Factory 14 4 0 0 4 3 4 2 2 0
x 2 Factory 15 4 0 0 4 3 4 2 2 0
x Factory 16 4 0 0 4 3 4 2 2 0
x NJ, USA 17 0 0 0 2 3 3 3 3 1 0
x PA 18 0 0 0 2 3 3 3 3 1 0
x PA 19 0 0 0 2 3 4 4 3 1 0
x JP 20 4 0 0 4 3 4 2 2 0
x JP 21 3 0 2 3 3 3 2 2 1
x JP 22 2 0 0 5 3 3 2 2
x PA 23 0 0 0 2 2 3 3 3 1 0
x France 24 0 0 0 0 4 3 2 2 2 0
x JP 25 4 0 0 4 3 4 2 2 0
x Israel 26 1 0 0 0 2 2 2 2 0
Very High/RelevantNote: Moderate /Somewhat Relevant Low/Not Relevant No Data
Source: MunichRE NATHAN data – see Appendix C
THE RISK PROJECT
The Risk Project
All Rights Reserved
15. October 28, 2013 14
Assess Geographic Concentration & Clusters
Supply Chain Locations
Production
Tier 2 Suppliers
Tier 1 Suppliers
Tier 3 Suppliers
Earthquake Severity
Moderate
Significant
Severe
Catastrophic
Tokyo
Osaka
Source: MunichRE NATHAN data
THE RISK PROJECT
The Risk Project
All Rights Reserved
16. October 28, 2013 15
Align Risk Programs
THE RISK PROJECT
The Risk Project
All Rights Reserved
17. October 28, 2013 16
Calculate Return on Risk Investment
Use Analytics to Support Investment
Essilor Supply Chain - PC TRS PAL Fill Rate
0%
20%
40%
60%
80%
100%
0 5 10 15 20 25
Weeks
FillRate
1 DC 2 DC
1 DC Model Reaches 99% Fill Rate in 17 Weeks
2 DC Model Reaches 99% Fill Rate in 4 Weeks
Modeled Network
Supply Chain Resiliency Analytics
1 DC Model Reaches 99% Fill Rate in 4 Weeks
2 DC Model Reaches 99% Fill Rate in 4 Weeks
Modeled Network w/Additional Levers
Essilor Supply Chain - PC TRS PAL Fill Rate
0%
20%
40%
60%
80%
100%
0 5 10 15 20 25
Weeks
FillRate
1 DC 2 DC
Supply Chain Resiliency Analytics
THE RISK PROJECT
The Risk Project
All Rights Reserved
18. October 28, 2013 17
Apply a “Portfolio” Management Approach to Risk
Building the Business Case for Risk Investment Requires Modeling and Analysis of Risk
Mitigation, Finance, & Avoidance Options (“Levers”)
High Impact/
High Effort
THE RISK PROJECT
The Risk Project
All Rights Reserved
19. October 28, 2013 18
Deploy Active Monitoring
U.S. Corporate
Headquarters
Materials Provider
Pennsylvania
Logistics Provider
Nevada
Logistics Provider
Tennessee
Corporate Office
Germany
Supplier
Poland
Supplier Hong
Kong
Supplier
India
Corporate Office
Japan
Manufacturing site
Japan
Wholesale
Distributor
Tennessee
Wholesale Distributor
Indiana
Sales Order
Management
Ohio
Wholesale Distributor
Italy
Wholesale Distributor
Hong Kong
Manufacturing site
Canada
Logistics Provider
Japan
Materials
Provider
Shanghai
Distributors
Sales Order Management
Logistics Provider Locations
Corporate Offices
Packaging & Materials
Providers
Manufacturing Facilities
THE RISK PROJECT
The Risk Project
All Rights Reserved
20. October 28, 2013 19
Vendor Risk
Evaluation Criteria
External
Data Sources
Customer/Channel
Segmentation
Threat
Data Sources
Vulnerability
Evaluation
Criteria
Vulnerability
Profile
Risk Mitigation,
Financing, &
Retention Options
Solutions
• NC4
• iJet
• Stratfor
• Other
• Maplecroft
• Nathan -
MunichRE
• AIR
• SC Mapping
• Resource
Mapping
• Impact Analysis
• Design Analysis
• SPOF Analysis
• D&B
• Briefcase
• Other
Delivery
Management
Platform
(sample)
Data
Sources
(sample)
Measures
Key Business
Processes –
Business
Priorities
Hiperos 3rd Party Management® SAP Supplier InfoNet®
D&B Supplier Risk Manager®
Resilinc®
iJet WorldCue®
External Operating
Environment
Evaluation Criteria
Value
Alignment
Product Category
Segmentation
Product (Family)
Rationalization
Impact
Assessment &
Calculation
NC4®
Stakeholder
Expectations
Threats Vulnerabilities OptionsMeasures
• See slide 17
Pinkerton/Vigilance
THE RISK PROJECT
The Risk Project
All Rights Reserved
21. October 28, 2013 20
Successful Practices
Business aligned, business justified risk management activities
Visibility and profiling of extended/horizontal supply chain (for given
value streams)
Impacts measured (quantified and qualified) along the chain
Near real-time event monitoring of key nodes, integration with crisis
management program
Measured/efficient allocation of risk portfolio of solutions
Validated (tested, audited, etc.)
Integrated, modeled with other risk programs (ERM, ER, DR, CM)
Accountability
THE RISK PROJECT
The Risk Project
All Rights Reserved
22. For More Information
October 28, 2013 21THE RISK PROJECT
Gary S. Lynch, CISSP
Founder & CEO
gary.lynch@theriskproj.com
Twitter: garyslynchSPOF
+1 973 370 0431
+1 862 812 2176The Risk Project
All Rights Reserved