Supply chain risk management (SCRM) is "the implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity".
SCRM attempts to reduce supply chain vulnerability via a coordinated holistic approach, involving all supply chain stakeholders, which identifies and analyses the risk of failure points within the supply chain. Mitigation plans to manage these risks can involve logistics, finance and risk management disciplines; the ultimate goal being to ensure supply chain continuity in the event of a scenario which otherwise have interrupted normal business and thereby profitability.
3. Key Interpretation
• Still an art, not a science
• Requirements to drive to SCRM performance are coming from
everywhere
• No industry is immune to the SCRM Imperative
• Key issues include:
– The need for a common framework and language
– Accountability and ownership
– Controls
17th Oct 13
3
9. Which one should we be more concerned with
and why?
supplier
Information
(Processes)
Goods, Services and
information
Reverse logistics
Payment
customer
Supply Chain
17th Oct 13
Goods
INTEGRATION
customer
supplier
customer
Removal
supplier
Supply Chain Management
9
10. A Simple Supply Chain Example
Consumers
Raw Material Sources
Suppliers
Manufacturers
Distributors
Retailers
Customers
Material, Information and Funds Flow
17th Oct 13
10
11. A Supply Chain Example – More Complex
Distributors &
Warehouses
Raw Material and
Semi-Finished
Products Suppliers
Manufacturing
Centres
Consumers
Material, Information and Funds Flow
17th Oct 13
11
12. Supply Chain
Supply chain is NOT a CHAIN of businesses
BUT A NETWORK of businesses & relationships.
That offers the opportunity to capture the full potential of intra
and inter-company integration and management to organize –
people, activities, information and resources involved in moving
a product from supplier to end-user.
17th Oct 13
12
13. Supply Chain Management
• Supply chain management is a set of approaches utilized to
efficiently integrate suppliers, manufacturers, warehouses,
and stores, so that product is produced and distributed at the
right quantities, to the right locations, and at the right time, in
order to minimize system wide costs while satisfying service
level requirements.”
17th Oct 13
13
14. The Supply Chain – Another View
Plan
Source
Suppliers
Material Costs
17th Oct 13
Make
Manufacturers
Deliver
Warehouses &
Distribution Centers
Buy
Customers
Transportation
Transportation
Costs
Transportation
Costs
Manufacturing Costs
Inventory Costs Costs
14
15. Why Is SCM Difficult?
• Uncertainty is inherent to every supply chain
–
–
–
–
Travel times
Breakdowns of machines and vehicles
Weather, natural catastrophe, war
Local politics, labor conditions, border issues
• The complexity of the problem to globally optimize a supply
chain is significant
– Minimize internal costs
– Minimize uncertainty
– Deal with remaining uncertainty
17th Oct 13
15
16. Supply Chain Risk Management
• “Risk management is the process of measuring or assessing
risk and then developing strategies to manage the risk. These
strategies can involve the transference of risk to another
party, risk avoidance or mitigation, and channel risk sharing.
• “Risk management is the process of measuring or assessing
risk and then developing strategies to manage the risk. These
strategies can involve the transference of risk to another
party, risk avoidance or mitigation, and channel risk sharing.
17th Oct 13
16
17. A Business Outlook
Company’s Environment
Suppliers’ Environment
Suppliers
Supplier and
Market Intelligence
Customers’ Environment
Company
Customer and
Market Intelligence
Customers
Business Intelligence
17th Oct 13
17
18. … historically and currently problematic
Vipnet, 1999 GSM portal
launch delayed 1 year due
to supplier issues
Volcanic eruptions
Legal
War
Manufacturing
Strike
Culture
Boeing, 1997 writes off
$2.6 billion, due to
supplier parts shortages
Management
Processes
Technology
Airbus's A380
super-jumbo 2006
delivery to customers, Sony's 2006, PlayStation 3
almost 2 years late delay gives opportunity to rivals
(Microsoft's Xbox 360 and
Nintendo's Wii)
Sainsbury’s delayed
store openings, cost them
£millions in lost revenue
Supply Chain Risk
17th Oct 13
18
27. Vulnerability
• A characteristic of a system that allows a threat event to
materialize
Always
INTERNAL
And
Always in RELATION to a threat
17th Oct 13
27
28. Accident - Emergency
•
•
•
•
A function of vulnerability
Relates to Cause
1st significant deviation from the norm
Reactive Risk Assessment
17th Oct 13
28
29. Anatomy of an Incident
Hazard
Event
Controlled
Conditions
Deviation
Impact
Parameter
Excursion
Initiating
Action
Mishap
Consequence
UncontrolledCond
ition
Adapted from Department of Energy Handbook, 1100-96
17th Oct 13
29
30. Complex Systems
• Failure in one part (by any threat) may coincide or induce
failure in an entirely different part unforeseeable
combination resulting in cascading failures.
• Cascading failures can accelerate out of control.
• Potentially limitless combinations in complex systems.
• Accidents are inevitable “normal”
17th Oct 13
30
32. How do we assess?
• 3 steps to the Assessment process
– Identification
• What might go wrong?
• Must clearly define the risk in question
– Analysis
• What is the likelihood?
• How bad would it be?
– Evaluation
• What are the levels of risk criteria?
• Defined in advance
17th Oct 13
32
33. Risk Assessment
• A systematic process for organizing information to support a
risk decision that is made within a risk management process.
The process consists of the identification of hazards and the
analysis and evaluation of risks associated with exposure to
those hazards.
17th Oct 13
33
34. Risk Control
• Risk control includes decision making to reduce and/or accept
risks.
– The purpose of risk control is to reduce the risk to an acceptable
level.
– The amount of effort used for risk control should be
proportional to the significance of the risk.
– The user shall use different processes for understanding the
optimal level of risk control including cost-benefit analysis.
17th Oct 13
34
35. Risk Reduction
• By the implementation of risk reduction measures,
– new risks may be introduced into the system
– the significance of other existing risks might be increased.
– Hence, it might be appropriate to revisit the risk assessment to
identify and evaluate any possible change in risk.
17th Oct 13
35
36. Risk Acceptance
• Risk acceptance is a decision to accept risk.
– Risk acceptance can be a formal decision to accept the residual
risk or it can be a passive decision in which residual risks are not
specified.
– This acceptable level will depend on many parameters and
should be decided on a case-by-case basis.
17th Oct 13
36
37. Risk Review
• The results of the risk management process shall be reviewed
to take into account new knowledge and experience.
• Once a risk management process has been initiated, that
process should continue to be utilized for events that might
impact the original risk management decision whether these
are planned E.g., results of product review, inspections,
audits, change control) or unplanned (e.g., root cause from
failure investigations, recall).
• Risk management shall be an ongoing quality management
process and a mechanism to perform periodic review of
events shall be implemented. The frequency of the review
should be based upon the level of risk. Risk review might
include reconsideration of risk acceptance decisions
17th Oct 13
37
38. Tools and Techniques for Risk Review
• Ishikawa Model
• SCOR model
• Failure Mode Effects Analysis (FMEA)
17th Oct 13
38
39. Failure Mode Effects Analysis (FMEA)
• FMEA is a prevention tool used to assess, manage, and reduce
risk associated with failure or potential failure of products,
processes, services, and other systems.
• A quantitative characterization of failures is then undertaken
• This is comprised of the assignment of probabilities to three
factors - the likelihood of occurrence, the likelihood of
detection of failures and the severity of a failure.
• As part of this assessment each characteristic is assigned a
value. These values are then multiplied with the resultant risk
priority number (RPN).
17th Oct 13
39
40. Occurrence
RANKING
1
2
3
4
5
17th Oct 13
CRITERA
Remote probability of failure. One occurrence every one to three years or one
occurrence in one million events.
Low probability of failure. One occurrence every six months to one year or one
occurrence in 10000 events
Moderate probability of failure. One occurrence every three months or three
occurrences in 1000 events
High probability of failure. One occurrence per week or a probability of 5
occurrences in 100 events
Very High probability of failure
40
41. Severity
• Severity (S) refers to an assessment of the seriousness of a
failure as it affects the end user.
• A higher severity rating may be assigned to process steps that
involved manual operations or interventions as compared to
done by automatic machine The higher rating is necessary
because of quality failure or introduction of contamination
during these steps will result in a higher risk to the product
safety and the end-user.
17th Oct 13
41
42. Severity
RANKING
CRITERA
1
Product quality is not affected
2
Very Low severity. A lesser deviation from the requirements which calls for
moderate action (i.e. higher frequency of tests of the final products, additional
tests, etc.)
3
Low severity. A deviation from the requirements which calls for strong action (i.e.
quarantining of a batch, product recall, OOS-Situation etc.)
4
High severity. Affect to the patient in some way.
5
Very High severity. Threat to the life of patient
17th Oct 13
42
43. Detection
• Detection (D) refers to the ability to detect the failure mode
for contamination risk prior to the customer receiving the
finished product.
• The rating scale for determining the detection level is shown
in Table
17th Oct 13
43
44. Detection
RANKING
CRITERA
1
Assured detection of failure mode. The defect is obvious or there is 100%
automatic inspection with regular calibration and preventive maintenance of the
inspection equipment
2
Chances of Detection are high. An effective Statistical Process Control (SPC)
program is in place
3
Detection possibility is moderate. Some SPC is used in process and the product is
final inspected off-line
4
Difficult to detect .Product or failure is accepted on the basis of no defectives in a
sample
5
The failure is not inspected or the failure is not detectable
17th Oct 13
44
45. Risk Score
Risk Priority Number = O x S x D
Where
O=
Occurrence
S = Severity
D=
Detection
Risk priority
number evaluates
the overall risk.
Helps to identify
focus area to help
improve overall
system reliability
17th Oct 13
45
46. Steps of FMEA
•
•
•
•
•
•
•
•
•
•
Step 1: Review of the process (Process mapping)
Step 2: Determine failure mode
Step 3: Determine potential risk of the failure modes
Step 4: Evaluate severity of the risks (S)
Step 5: Evaluate probability of the failure modes (P)
Step 6: Evaluate the detection of the failure modes and/or
risks (D)
Step 7: Calculate Risk Priority Numbers (RPN)
Step 8: Prioritize the failure modes need to be mitigated
Step 9: Decide elimination and/ or avoidance of the failure
modes
Step 10: Re-calculate the RPNs after mitigation
17th Oct 13
46
51. Risk Management – Action plan
Level of Risk
Category
Action
X1
No action reqd.
X2
Training
X3
Cost effective / selective controls
X4
Control irrespective of cost
involved
X5
Immediate change of process
design/ Control required
No risk
Small risk
Moderate Risk
Unacceptable Risk
Severe
17th Oct 13
51
52. Risk Assessment - Warehouse
Reference
Risk
Occurrence Severity Detection
O
S
D
Risk priority
Number
OxSxD
Category
1.1
Receipt of Wrong material
1
5
1
5
X1
1.2
Receipt of damaged packs or containers
2
4
1
8
X3
1.3
Receipt of Hazardous material
1
1
1
1
X1
1.4
Receipt of container without Label
1
5
1
5
X1
2.1
Wrong material sampled.
1
5
1
5
X1
2.2
Sampling from damaged packs or
containers
2
4
1
8
X3
2.3
Contamination of materials during
sampling
1
5
1
5
X1
2.4
Sampling from Hazardous material
1
1
1
1
X1
17th Oct 13
52
53. Check List
•
•
•
•
•
•
How can each part possibly fail ?
What mechanisms might produce these modes of failure?
What could the effects be if these failures did occur ?
Is the failure in the safe or unsafe direction ?
How is the failure detected ?
What inherent provisions are provided in the design to
compensate for the failure?
17th Oct 13
53
Opportunity to bring my frame of reference of Project management in Supply chain and its value addition.
There are some myths around about supplychain
Supply Chain is different from Supply Chain Management – why?
Supplier Facing looks at the network of suppliers, their markets and their relationship with the “company”. Customer Facing looks at the network of customers and intermediaries, their markets and their relationships with the “company”. Internal facing looks at the company, their network of assets, processes, products, systems and people as well as the company’s markets. In all cases, a global perspective is essential.
- People from all over the world leave translation to youEven American/English has ambiguityThreat assessments, vulnerability assessments, risk assessments, etc.
Threats are everywhereLoss prevention – example of internal and external causes/threatsIdentifying threats is typically the second step of RA. Will examine the first shortly.
Categorizing threats helps to develop the correct perspective. As well, the correct persepctive helps to identify threats.Correct persepctive and a focus on your system – client, activity, experiment, business, etc.All threats fall into one of three categories
Special kind of threat is fear and terrorism. Root word “terror” – is a threat mostly in the sense of the fear – real or perceived. Risk acceptance or risk avoidance determines actions taken in relation to the fear. In fact, risk of death by terrorist acts is very low. But explosions, hostages, etc. – regardless of cause or perpetrator – can be very high in the right circumstances.Opposite: It can’t happen here.
With fear is concept of vulnerability. Terrorism works because of randomness that increases perception of vulnerability and knowledge that the targets are civilians.Vulnerability –or lack of protection/mitigation – in a system is directly related to the a threat. So a threat assessment cannot stand on its own – it must relate to something. Perspective and knowledge of a system and its interdependencies is critical. Find the experts and guide them in the methodology.
When a threat and a vulnerability collide, we risk an accident. It may or may not happen. The existence of a pickpocket in a crowd, or the presence of a drunk driver on the road does not guarantee an event but the right circumstances are in place. It still needs a catalyst.
Precipitating event. Every arrow is an opportunity to prevent or mitigate the effects of an incident.(Talk to slide)
It’s well recognized the more complex a system, the more opportunity for error. The original jeep of WWII (Wiley) was much more reliable than a modern day Cadillac if only for the number of systems – the vulnerability to failure. Again, perspective is your guide in helping experts – the system experts – identify the threats and vulnerabilities
A risk assessment attempts to discover the entire range of threats and vulnerabilities – their confluence – looking for “what can go wrong.”