Supply chain risk management (SCRM) is "the implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity". SCRM attempts to reduce supply chain vulnerability via a coordinated holistic approach, involving all supply chain stakeholders, which identifies and analyses the risk of failure points within the supply chain. Mitigation plans to manage these risks can involve logistics, finance and risk management disciplines; the ultimate goal being to ensure supply chain continuity in the event of a scenario which otherwise have interrupted normal business and thereby profitability.

1. Supply Chain Risk Management Essentials
Megha Thakkar PMP®
Strategic Supply Chain Management,
Cipla Ltd.

2. Agenda
• Objective
• Introduction
• Supply Chain Management (SCM)
• SC Risk Management (SCRM)
• Developing A Comprehensive Risk Assessment
• Conclusion
17th Oct 13
Pharma Project
2

3. Key Interpretation
• Still an art, not a science
• Requirements to drive to SCRM performance are coming from
everywhere
• No industry is immune to the SCRM Imperative
• Key issues include:
– The need for a common framework and language
– Accountability and ownership
– Controls
17th Oct 13
3

4. Let’s start by DISPELLING
some MYTHS
17th Oct 13
4

5. FIRST
Supply chain management
is neither
a synonym for logistics
nor
as logistics that includes customers
and suppliers
17th Oct 13
5

6. SECOND
Supply chain management
is not
New name
for purchasing &/or operations
17th Oct 13
6

7. FINALLY
Supply chain management
is not even
Combination of
purchasing, operations and logistics
17th Oct 13
7

8. Then?
What is supply chain and
Supply chain management?
17th Oct 13
8

9. Which one should we be more concerned with
and why?
supplier
Information
(Processes)
Goods, Services and
information
Reverse logistics
Payment
customer
Supply Chain
17th Oct 13
Goods
INTEGRATION
customer
supplier
customer
Removal
supplier
Supply Chain Management
9

10. A Simple Supply Chain Example
Consumers
Raw Material Sources
Suppliers
Manufacturers
Distributors
Retailers
Customers
Material, Information and Funds Flow
17th Oct 13
10

11. A Supply Chain Example – More Complex
Distributors &
Warehouses
Raw Material and
Semi-Finished
Products Suppliers
Manufacturing
Centres
Consumers
Material, Information and Funds Flow
17th Oct 13
11

12. Supply Chain
Supply chain is NOT a CHAIN of businesses
BUT A NETWORK of businesses & relationships.
That offers the opportunity to capture the full potential of intra
and inter-company integration and management to organize –
people, activities, information and resources involved in moving
a product from supplier to end-user.
17th Oct 13
12

13. Supply Chain Management
• Supply chain management is a set of approaches utilized to
efficiently integrate suppliers, manufacturers, warehouses,
and stores, so that product is produced and distributed at the
right quantities, to the right locations, and at the right time, in
order to minimize system wide costs while satisfying service
level requirements.”
17th Oct 13
13

14. The Supply Chain – Another View
Plan
Source
Suppliers
Material Costs
17th Oct 13
Make
Manufacturers
Deliver
Warehouses &
Distribution Centers
Buy
Customers
Transportation
Transportation
Costs
Transportation
Costs
Manufacturing Costs
Inventory Costs Costs
14

15. Why Is SCM Difficult?
• Uncertainty is inherent to every supply chain
–
–
–
–
Travel times
Breakdowns of machines and vehicles
Weather, natural catastrophe, war
Local politics, labor conditions, border issues
• The complexity of the problem to globally optimize a supply
chain is significant
– Minimize internal costs
– Minimize uncertainty
– Deal with remaining uncertainty
17th Oct 13
15

16. Supply Chain Risk Management
• “Risk management is the process of measuring or assessing
risk and then developing strategies to manage the risk. These
strategies can involve the transference of risk to another
party, risk avoidance or mitigation, and channel risk sharing.
• “Risk management is the process of measuring or assessing
risk and then developing strategies to manage the risk. These
strategies can involve the transference of risk to another
party, risk avoidance or mitigation, and channel risk sharing.
17th Oct 13
16

17. A Business Outlook
Company’s Environment
Suppliers’ Environment
Suppliers
Supplier and
Market Intelligence
Customers’ Environment
Company
Customer and
Market Intelligence
Customers
Business Intelligence
17th Oct 13
17

18. … historically and currently problematic
Vipnet, 1999 GSM portal
launch delayed 1 year due
to supplier issues
Volcanic eruptions
Legal
War
Manufacturing
Strike
Culture
Boeing, 1997 writes off
$2.6 billion, due to
supplier parts shortages
Management
Processes
Technology
Airbus's A380
super-jumbo 2006
delivery to customers, Sony's 2006, PlayStation 3
almost 2 years late delay gives opportunity to rivals
(Microsoft's Xbox 360 and
Nintendo's Wii)
Sainsbury’s delayed
store openings, cost them
£millions in lost revenue
Supply Chain Risk
17th Oct 13
18

19. Supply Chain Risk Perspectives
Company’s Environment
Customers’ Environment
Suppliers’ Environment
Suppliers
Supplier Facing
Relationship Risk
Supplier Performance Risk
Human Resource Risk
Supply chain disruption risk
Supplier Environment Risk
Disaster Risk
Supplier Financial Risk
Regulatory Risk
17th Oct 13
Company
Internal Facing
Operational Risk
Technical Risk
Financial Risk
Legal Risk
Environmental Risk
HR / Health and
Safety Risk
Customer Facing
Customers
Market Risk
Brand / Reputation Risk
Product Liability Risk
Environmental Risk
19

20. Supply Chain Risk and Risk Management
Strategies
Network Design for Agility
(Supplier/Logistics Risk)
Revenue management
(Demand Risk)
Customer
Rationalization
(Profitability Risk)
Demand
Supply
Contract Management
(Compliance Risk)
Sales & Operations
Planning
Social
Responsibility
(Brand Risk)
Hedging strategies
(Cost Risk)
Supplier
Development/Supply Base
Monitoring (Capacity Risk)
Intellectual Property
Management (IP Risk)
Product
17th Oct 13
20

21. Supply Risk Management Road Map
H
Supply Network Optimization
Risk Managed Revenue and Improvements
Definition, assessment, advanced
prediction, advanced (multi-tier)
network monitoring and advanced
(multi-tier) network redesign improvement actions.
Supply Network Expansion
Definition, assessment, advanced
prediction, network monitoring and
network redesign - improvement
actions.
Multiple Category Expansion
Definition, assessment, basic prediction
and category and cross category
redesign - improvement actions.
Single Category- Pilot
Definition, assessment, basic
prediction and key supplier
focused redesign improvement actions.
L
L
17th Oct 13
No. of Suppliers under SRM
H
21

22. DEVELOPING A COMPREHENSIVE
RISK ASSESSMENT
17th Oct 13
22

23. Terminology
•
•
•
•
•
Threat
Vulnerability
Accident
Risk
Consequences
The goal is not to be understood.
It is to not be misunderstood.
17th Oct 13
23

24. Threat – Hazard - Danger
• A condition that is a prerequisite to a mishap, accident, or
emergency
May be
INTERNAL or EXTERNAL
17th Oct 13
24

25. Threat Classification
• Natural Hazards
• Anthropogenic (man-caused) Threats
• Technological or Accidental Threats
From Avoiding Disaster, ©2002, John Laye, FBCI
Publisher: John Wiley & Sons, Hoboken, NJ, USA
17th Oct 13
25

26. Threat – Fear/Terrorism
Perpetrators must have:
INTENT
+
CAPABILITY
Measurable?
Uncertainty  Fear  Risk (Real or Perceived)
17th Oct 13
26

27. Vulnerability
• A characteristic of a system that allows a threat event to
materialize
Always
INTERNAL
And
Always in RELATION to a threat
17th Oct 13
27

28. Accident - Emergency
•
•
•
•
A function of vulnerability
Relates to Cause
1st significant deviation from the norm
Reactive Risk Assessment
17th Oct 13
28

29. Anatomy of an Incident
Hazard
Event
Controlled
Conditions
Deviation
Impact
Parameter
Excursion
Initiating
Action
Mishap
Consequence
UncontrolledCond
ition
Adapted from Department of Energy Handbook, 1100-96
17th Oct 13
29

30. Complex Systems
• Failure in one part (by any threat) may coincide or induce
failure in an entirely different part  unforeseeable
combination resulting in cascading failures.
• Cascading failures can accelerate out of control.
• Potentially limitless combinations in complex systems.
• Accidents are inevitable  “normal”
17th Oct 13
30

31. Risk
•
Future Effect
•
Combination of Severity and Likelihood
•
Undesirable (Insurance Co. view)
17th Oct 13
31

32. How do we assess?
• 3 steps to the Assessment process
– Identification
• What might go wrong?
• Must clearly define the risk in question
– Analysis
• What is the likelihood?
• How bad would it be?
– Evaluation
• What are the levels of risk criteria?
• Defined in advance
17th Oct 13
32

33. Risk Assessment
• A systematic process for organizing information to support a
risk decision that is made within a risk management process.
The process consists of the identification of hazards and the
analysis and evaluation of risks associated with exposure to
those hazards.
17th Oct 13
33

34. Risk Control
• Risk control includes decision making to reduce and/or accept
risks.
– The purpose of risk control is to reduce the risk to an acceptable
level.
– The amount of effort used for risk control should be
proportional to the significance of the risk.
– The user shall use different processes for understanding the
optimal level of risk control including cost-benefit analysis.
17th Oct 13
34

35. Risk Reduction
• By the implementation of risk reduction measures,
– new risks may be introduced into the system
– the significance of other existing risks might be increased.
– Hence, it might be appropriate to revisit the risk assessment to
identify and evaluate any possible change in risk.
17th Oct 13
35

36. Risk Acceptance
• Risk acceptance is a decision to accept risk.
– Risk acceptance can be a formal decision to accept the residual
risk or it can be a passive decision in which residual risks are not
specified.
– This acceptable level will depend on many parameters and
should be decided on a case-by-case basis.
17th Oct 13
36

37. Risk Review
• The results of the risk management process shall be reviewed
to take into account new knowledge and experience.
• Once a risk management process has been initiated, that
process should continue to be utilized for events that might
impact the original risk management decision whether these
are planned E.g., results of product review, inspections,
audits, change control) or unplanned (e.g., root cause from
failure investigations, recall).
• Risk management shall be an ongoing quality management
process and a mechanism to perform periodic review of
events shall be implemented. The frequency of the review
should be based upon the level of risk. Risk review might
include reconsideration of risk acceptance decisions
17th Oct 13
37

38. Tools and Techniques for Risk Review
• Ishikawa Model
• SCOR model
• Failure Mode Effects Analysis (FMEA)
17th Oct 13
38

39. Failure Mode Effects Analysis (FMEA)
• FMEA is a prevention tool used to assess, manage, and reduce
risk associated with failure or potential failure of products,
processes, services, and other systems.
• A quantitative characterization of failures is then undertaken
• This is comprised of the assignment of probabilities to three
factors - the likelihood of occurrence, the likelihood of
detection of failures and the severity of a failure.
• As part of this assessment each characteristic is assigned a
value. These values are then multiplied with the resultant risk
priority number (RPN).
17th Oct 13
39

40. Occurrence
RANKING
1
2
3
4
5
17th Oct 13
CRITERA
Remote probability of failure. One occurrence every one to three years or one
occurrence in one million events.
Low probability of failure. One occurrence every six months to one year or one
occurrence in 10000 events
Moderate probability of failure. One occurrence every three months or three
occurrences in 1000 events
High probability of failure. One occurrence per week or a probability of 5
occurrences in 100 events
Very High probability of failure
40

41. Severity
• Severity (S) refers to an assessment of the seriousness of a
failure as it affects the end user.
• A higher severity rating may be assigned to process steps that
involved manual operations or interventions as compared to
done by automatic machine The higher rating is necessary
because of quality failure or introduction of contamination
during these steps will result in a higher risk to the product
safety and the end-user.
17th Oct 13
41

42. Severity
RANKING
CRITERA
1
Product quality is not affected
2
Very Low severity. A lesser deviation from the requirements which calls for
moderate action (i.e. higher frequency of tests of the final products, additional
tests, etc.)
3
Low severity. A deviation from the requirements which calls for strong action (i.e.
quarantining of a batch, product recall, OOS-Situation etc.)
4
High severity. Affect to the patient in some way.
5
Very High severity. Threat to the life of patient
17th Oct 13
42

43. Detection
• Detection (D) refers to the ability to detect the failure mode
for contamination risk prior to the customer receiving the
finished product.
• The rating scale for determining the detection level is shown
in Table
17th Oct 13
43

44. Detection
RANKING
CRITERA
1
Assured detection of failure mode. The defect is obvious or there is 100%
automatic inspection with regular calibration and preventive maintenance of the
inspection equipment
2
Chances of Detection are high. An effective Statistical Process Control (SPC)
program is in place
3
Detection possibility is moderate. Some SPC is used in process and the product is
final inspected off-line
4
Difficult to detect .Product or failure is accepted on the basis of no defectives in a
sample
5
The failure is not inspected or the failure is not detectable
17th Oct 13
44

45. Risk Score
Risk Priority Number = O x S x D
Where
O=
Occurrence
S = Severity
D=
Detection
Risk priority
number evaluates
the overall risk.
Helps to identify
focus area to help
improve overall
system reliability
17th Oct 13
45

46. Steps of FMEA
•
•
•
•
•
•
•
•
•
•
Step 1： Review of the process (Process mapping)
Step 2： Determine failure mode
Step 3： Determine potential risk of the failure modes
Step 4： Evaluate severity of the risks (S)
Step 5： Evaluate probability of the failure modes (P)
Step 6： Evaluate the detection of the failure modes and/or
risks (D)
Step 7： Calculate Risk Priority Numbers (RPN)
Step 8： Prioritize the failure modes need to be mitigated
Step 9： Decide elimination and/ or avoidance of the failure
modes
Step 10： Re-calculate the RPNs after mitigation
17th Oct 13
46

47. Risk Matrix
Probability
High
Medium
High
Medium
Low
Severity
Risk Class ONE
Risk Class TWO
Risk Class THREE
Low
17th Oct 13
47

48. Risk Matrix
High
Medium
Low
Detection
HIGH priority
Risk Classification
MEDIUM priority
17th Oct 13
ONE
LOW priority
TWO
THREE
48

49. Risk evaluation - Risk Severity / Probability
Classification
X1
X4
X4
X5
X5
4. Probable
Probability Classification
5. Frequent
X1
X3
X4
X4
X5
3. Occasional
X1
X2
X3
X4
X4
2. Remote
X1
X2
X2
X3
X4
1. Improbable
X1
X1
X1
X1
X1
RATING
1 - None
2 - Negligible
3 - Marginal
4 - Critical
5 - Catastrophic
Risk Severity
17th Oct 13
49

50. Risk Severity+Probability Vs Detection
X1
X4
X4
X5
X5
X4
X1
X3
X4
X4
X5
X3
X1
X2
X3
X4
X4
X2
X1
X2
X2
X3
X4
X1
X1
X1
X1
X1
X1
RATING
Risk Severity + Probability
X5
1 - Assured
2 - High
3 - Moderate
4 - Difficult
5 - Not
detectable
Detection
17th Oct 13
50

51. Risk Management – Action plan
Level of Risk
Category
Action
X1
No action reqd.
X2
Training
X3
Cost effective / selective controls
X4
Control irrespective of cost
involved
X5
Immediate change of process
design/ Control required
No risk
Small risk
Moderate Risk
Unacceptable Risk
Severe
17th Oct 13
51

52. Risk Assessment - Warehouse
Reference
Risk
Occurrence Severity Detection
O
S
D
Risk priority
Number
OxSxD
Category
1.1
Receipt of Wrong material
1
5
1
5
X1
1.2
Receipt of damaged packs or containers
2
4
1
8
X3
1.3
Receipt of Hazardous material
1
1
1
1
X1
1.4
Receipt of container without Label
1
5
1
5
X1
2.1
Wrong material sampled.
1
5
1
5
X1
2.2
Sampling from damaged packs or
containers
2
4
1
8
X3
2.3
Contamination of materials during
sampling
1
5
1
5
X1
2.4
Sampling from Hazardous material
1
1
1
1
X1
17th Oct 13
52

53. Check List
•
•
•
•
•
•
How can each part possibly fail ?
What mechanisms might produce these modes of failure?
What could the effects be if these failures did occur ?
Is the failure in the safe or unsafe direction ?
How is the failure detected ?
What inherent provisions are provided in the design to
compensate for the failure?
17th Oct 13
53

54. Any Questions?
17th Oct 13
54

55. Thank You
Megha Thakkar, PMP ®
Email: kotak.megha@gmail.com
LinkedIn Profile: http://in.linkedin.com/in/mthakkar/
55