Managing Risk and Resilience in the Supply Chain David Kaye

Similar documents
Managing Risk and Resilience in the Supply Chain

A Risk Management Approach to Business Continuity: Aligning Business Continuity with Corporate Governance

Public sector supply chain: risks, myths and opportunities

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Information Security: Business Assurance Guidelines

Social media governance

Key Cyber Risks at the ERP Level

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Paper P5. Advanced Performance Management. Thursday 4 December Professional Level Options Module

A Guide to Carrying Out a SWOT Analysis Introduction

Dealing with risk. Why is risk management important?

COMMUNICATION AND ENGAGEMENT STRATEGY

Business and human rights:

PRIORITIZING CYBERSECURITY

ASTRAZENECA GLOBAL POLICY SAFETY, HEALTH AND ENVIRONMENT (SHE)

Business Continuity Management

Contractor Management Applying Safety Analytics and Insurance Benchmarking

Risks and uncertainties

The fact is that 90% of business strategies are not implemented through operations as intended. Overview

Sage 300 Distribution

The search for solid ground Can outsourcing stabilize your debt management performance?

Business Continuity Policy & Plans

Supply chain integration

Wealth Management.

How to audit your business strategy

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

International money transfer 101 for businesses

QUALITY Global Policy

A GOOD PRACTICE GUIDE FOR EMPLOYERS

The Essential Guide to: Risk Post IPO

IFT Information Note: No Cash, Treasury and Working Capital Management. Treasury and Risk Management. 1. What is Treasury and Risk Management

The Education Fellowship IT Business Continuity Plan

Business Continuity Management Systems. Protecting for tomorrow by building resilience today

Relationship Manager (Banking) Assessment Plan

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

From Brand Management to Global Business Management in Market-Driven Companies *

Has globalisation made us more catastrophe-prone?

Business Continuity Management Framework

LexisOne. LexisOne. Powered by Microsoft Dynamics AX EnterpriseSolutions

Could a Managed Services Agreement Save Your Company Tens of Thousands of Dollars Each Year?

Outsourcing Manufacturing: A 20/20 view

Cyber security Building confidence in your digital future

Fundamentals Explained

Risk appetite How hungry are you?

Home About Meet the Experts Contribute Contact Us. Nonprofit Information - A Site Full of Tips for Nonprofits

FINANCIAL ACCOUNTING MANAGER

Enabling Technology in a Small Law Office

Managing Risk Control Environment and Responsibilities

The disaster recovery procedures started immediately. Services to IBM users were restored within 48 hours.

10 Reasons Why Project Managers Need Project Portfolio Management (PPM)

The business case for agile supply chains

Strategic priorities for UK businesses

2015 WAS A MIXED YEAR FOR THE INDONE- SIAN RECRUITMENT MARKET.

AB Volvo, Göteborg, Sweden. Ref No , August The Volvo Way

Risk management and prevention How professionals render their projects financially weatherproof

The three most important things in retailing are location, location and location.

How To Manage Social Media Risk

The Global Supply Chain Goes Collaborative

Level5. Civil Service Competency Framework Level 5 Deputy Directors

quality, health & safety and environment training and consulting

Increase Business Intelligence Infrastructure Responsiveness and Reliability Using IT Automation

Crisis Nestlé

July New Entrants: Charting the Health Industry s Risk and Regulatory Landscape Where Risk Meets Opportunity

EXAM EXEMPLAR QUESTIONS

Corporate Social Responsibility

Grooming Your Business for Sale

Explaining the difference your project makes A BIG guide to using an outcomes approach. Sara Burns and Joy MacKeith Triangle Consulting October 2006

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

NHS Commissioning Board Business Continuity Management Framework (service resilience)

A SCOPING REVIEW OF HEALTH VISITING AND SCHOOL NURSING

CRISIS MANAGEMENT PLAN

APRIL Economic Impact of AIM

Fighting Counterfeiting in Asia. Douglas Clark. Partner. Lovells, Shanghai

Business Continuity Management Policy

Global Fund Competency Behaviors by Organisation Level 2016

Health and Safety Policy and Procedures

Treating Customers Fairly. October 2015

Outsourcing. Definitions. Outsourcing Strategy. Potential Advantages of an Outsourced Service. Procurement Process

Business Continuity Management Policy

SaaS casts shadow over licensed software

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

Business continuity management policy

Business Continuity Planning and Disaster Recovery Planning

Operations and Supply Chain Management Prof. G. Srinivasan Department of Management Studies Indian Institute of Technology Madras

Business Continuity Planning

ISO 9001 It s in the detail Your implementation guide

Successfully identifying, assessing and managing risks for stakeholders

NEXT GENERATION MOBILITY IN MANUFACTURING

Business Continuity Business Continuity Management Policy

BS BUSINESS CONTINUITY MANAGEMENT

Social Return on Investment (SROI)

Energize your supply chain network A European perspective

I have found the process to be fascinating and extremely useful, highlighting a number of opportunities to develop the Business Wales Service.

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

Change Management- A Challenge in Supply Chain Management

Charities & Not for Profit Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

Risk Management & Business Continuity Manual

These guidelines can help you in taking the first step and adopt a sustainability policy as well as plan your further sustainability communication.

Version 1.0. klm. General Certificate of Education June GCE Business Studies. Mark Scheme

Transcription:

Managing Risk and Resilience in the Supply Chain David Kaye www.bsigroup.com/bip2149 www.riskreality.co.uk Risk managers, of course, understand that the consequences of damage by an unexpected incident may not only be measurable in terms of purely financial cost. There are more ways, and potentially much more destructive ways, of a risk incident harming an organisation and its people than the loss of assets, revenues, cash flows, or the financial cost of litigation. The most destructive of impacts from a risk incident can be to render the organisation unable to deliver on current contracts or continue to meet its responsibilities to stakeholders. It can also destroy its ability to manage and to retain effective control, to retain its marketplace positioning, and remain legal and compliant. Within earlier business models, the organisation managed most, if not all, aspects of its supply chain from within its own factory, office, warehouse and workforce. It had more than one way of interfacing with its consumers, and maintained stocks of finished goods and raw materials on site to keep them going for days or weeks in the event of a failure or slow down in supply. It employed the workforce directly and thus had day by day control. They could instantly redirect that workforce to meet any new urgencies that emerge. The modern business model, with its just-in-time supply chain, tight compression of margins, direct communication via the web simultaneously to millions of customers at home and abroad, is much more brittle and has never been more susceptible to one single point of catastrophic failure. Furthermore, much of its workforce is now employed by a third party to deliver both intellectual and physical resources, activity, but only and precisely as agreed in a contract that had been negotiated at a time when the potentially destructive incident may not have been anticipated. This challenge is to organisations large and small, profit making and public service. Outsourcing is now often integral to the very heart of the business model. Outsourcing is so much more than subcontracting, and is much more than cost-saving. It positions core divisions of the organisation into the hands of third parties and has enabled entirely new business models, that embrace instant and differentiated services to entirely new customers. These promises of instancy, customer differentiation and multinationalism become high risk expectations of course on which the entire business model depends and on which group brand values depend. In a nutshell, the modern business model is much leaner and has much less margin for error. Its ability to absorb surprises is gone for ever, and thus understanding and managing its risks has never been more critical. The impact of failure may enforce a period of time when it cannot remain an effective player in its market place. It doesn t take long for that displacement 1

to destroy brand values and other confidences, and before competitors rush in and wreak long term damage to the organisation s customer base and other important stakeholder dependencies. Even when the organisation is a monopoly or public service supplier, the way stakeholders and customers react to a real or perceived fall in service levels can turn a hiccup into a disaster. The risk managers worry beads therefore include the need that all of the operational dependencies and tools that are necessary for the organisation s survival remain accessible, and quickly enough to stay alive. These dependencies are much more than money and assets. They include, crucially, a wide range of intellectual assets, effective business controls, regulatory approvals, legality, regulatory compliance, the confidence of its various stakeholders, its brand values and its wider reputation. It includes of course whatever assets, tools and skills wherever they are positioned in the value chain that it needs to be able to continue to retain trust and deliver urgent, contracted, products and services, on time and of the expected quality. Extreme financial damage from an unpleasant surprise may indeed be sufficient to divert the financial business model sufficiently to render the organisation no longer viable. The non-financial impacts, however, are equally, if not more likely, to bring greater damage or even corporate death. These are just the dependencies that are often handed over to the third party members of an outsourced supply chain. The cause of that corporate death may be a sudden accident or indeed be a gradually evolving disease any where in the value chain. The end result is the same and both are of equal concern to the most senior management, their risk advisors, and of course their stakeholders. A gradually developing disease, for example a supplier s quality problems beginning to affect the brand value, is no less destructive and can be more difficult to manage than a sudden loss. It raises difficult questions of precisely when to react. It is a difficult judgement between the hope that the problems can be resolved or whether the disaster reaction plan, with its own costs and challenges, needs to be triggered. Customers can move away so much faster perhaps with just a click of the mouse. Aggressive competitors, with the same business models available to them, longer need to raise capital, design and construct factories or office blocks and then recruit staff before they can upsize and attack an organisation weakened by a risk incident. They simply sign a few new outsourcing contracts; maybe even with the damaged organisation s erstwhile suppliers. Risk and opportunity are however two sides of the same coin. These business models enable the organisation to upscale and downsize much easier and more quickly than before, and offers opportunities to spread risk and to react to a crisis. A diverse supply chain can therefore be a useful riskspreading tool once the downside risks are understood and are within the organisation s own risk tolerance levels. 2

This potential for damage, loss of detail control, and the lack of ability to react now lies at the very core of business models. It takes the risk manager and the most senior strategic managers of the organisation way beyond the range of their traditional risk management comfort zones. It takes them into the much more amorphous and difficult arena that combines strategic risk and operational risk; and especially into measuring low frequency but very high impact risks. It needs them to understand and respond to the fact that they are simultaneously shedding the ability to micro-control; shedding the very tools that they will need urgently, and are into areas where second-hand risks, impacts and frequencies are so much more difficult to evaluate, communicate and manage. Thus proactive relationship management also is equally a crucial part of early warnings, disaster avoidance and of the the organisation s important corporate life support machines. Risk management has moved on from being simply the purchase of insurance products. Business continuity management is emerging from its own historical silo of technology and workstation replacement. Critical relationships need proactive management, regulators are increasingly pulling operational risk concerns into compliance management; and even credit risk management considers operational risks that could take away a debtor s ability to pay. Indeed there are single points of infrastructure supply failure that could affect separate debtors simultaneously. The realities of modern business models and their risks therefore cut right across these and other erstwhile silos of risk management that were, on the whole, previously able to deliver their values in isolation. The outsourced value chain both supply and delivery of course - is clearly at the very heart of the resilience of modern day organisations, whether they be profit-making, public service or indeed charity. It brings real challenges in gaining an understanding what those risks are, and indeed it brings a whole new range of risks and potential impact. The chief officer can delegate risk processes to third parties, but cannot delegate the responsibility for risk. Suppliers may be from different legal environments, languages, have different cultures and especially have entirely different tolerances to risk and levels of impact. They are charged to put interests of their own employers and stakeholders first. Simply demanding that the organisation is compliant, with a standard or regulation such as BS25999 or Sarbanes Oxley is a massive minefield. They may indeed be compliant and thus made themselves possibly resilient as an organisation; but do their plans embrace all individual customers own survival -level pressures, urgencies, quality standards, consistencies and volumes? There are further minefields within the assurances of lawyers, due diligence reports, insurance, contingency plans, exercising, exit strategies, and contract wordings that will not only damage the unwary, but could destroy them. So much so they take up a whole chapter in the book 3

The supplier sees itself as a dependency too of the customer, who can be damaged or destroyed by the failure of the recipient s ability to receive the goods or services as contracted, or indeed to retain the supplier s confidence that they are going to get paid for them. The supplier s reaction as a stakeholder to a perceived weakened customer can turn a problem into a disaster. Summary In summary, the responsibilities and demands of the strategic management of an organisation do not change when a part of the core activity is repositioned with a third party. Understanding and retaining control over the risks of those activities, and retaining at the same time their freedom to fully exploit their commercial value, does however bring very different problems, balancing acts and challenges. David Kaye FCII FBCI FRSA MIRM Risk Reality United Kingdom and Barbados davidjkaye@aol.com Reference: 1. Managing Risk and Resilience in the Supply Chain. David Kaye. British Standards Instition. May 2008. ISBN: 978 0 580 60726 4 2. www.riskreality.co.uk 3. www.bsigroup.com/bip2149 4

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information