Please enable JavaScript.
Coggle requires JavaScript to display documents.
Lecture 10: Supplier Risk Management (Introduction: Supplier Risk…
Lecture 10: Supplier Risk Management
Introduction: Supplier Risk Management
Vulnerability of Supply Chains
The trend towards reducing costs
leads to globalisation and, thus,
more complex supply chains
The trend towards just-in-time
and lean practices leads to
efficiency rather then
effectiveness
The trend towards economies of
scale leads to centralised
distribution/manufacturing and,
thus, less flexibility
The trend towards outsourcing of
non-core business activities leads
to loss of control
The trend towards consolidation
of suppliers leads to increased
potential for supply failure
Examples slide 4 - 8
Profile of a Supply Chain Disruption (Sheffi & Rice (2005))
An organisation's ability to recover from disruption quickly can be improved by building redundancy and flexibility into its supply chain.
Stages of Disruption
Preparation
In some cases a company can foresee and prepare for disruption and in that way minimise its effects.
The Disruptive Event
First Response
Aims at controlling the situation, saving or protecting lives, shutting down affected systems and preventing further damage.
Initial Impact
In some cases the full impact is felt immediately
Full Impact
Performance drops dramatically
Recovery Preparation
Preparations for recovery typically starts in parallel with the first response and sometimes even prior to the disruption, if it has been anticipated. They involve qualifying other suppliers and redirecting suppliers’ resources
Recovery
To get back to normal operations levels, many companies make up for lost production by running at higher-than-normal utilizations, using overtime as well as suppliers’ and customers’ resources.
Long term impact
It typically takes time to recover from disruptions, but if customer relationships are damaged the impact can be especially long-lasting and difficult to recover from.
The Vulnerability Framework
The Vulnerability Framework examines vulnerability from the perspective of Disruption Probability (Low to High) and Consequences (Light to Severe). Vulnerability is highest when both the likelihood and the impact of disruption are high. Rare, low-consequence events represents the lowest level of vulnerability and require little planning or action. Disruptions that combine high probability and low consequences are part of the scope of daily operations management in the normal flow of business. On the other hand, those characterised by low probability but high impact call for planning and a response that is outside the realm of daily activities.
Building in Recilence
The cost of redundancy
Market Position
Responsiveness
The Five Facets of Flexibility
Supply and Procurement
Conversion
Disruption and customer-facing activity
Control systems
The Right Culture
Risk vs. Uncertainty
“There are far-reaching and crucial differences in the bearings of the phenomena depending on which of the two is really present and operating […]. It will appear that a measurable uncertainty, or ‘risk’ proper, as we shall use the term, is so far different from an unmeasurable one that it is not in effect an uncertainty at all.”
Knight (1921)
Risk
Applies when we don’t know the outcome of a situation, but can
accurately measure the odds.
Example: Airline forecasts that risk of an accident of one of its
planes is 1 per 20 mio. takeoffs.
Uncertainty
Applies when we cannot know all information we need to set
accurate odds in the first place.
Example: Economic outlook for airlines 30 years from now is
incalculable (unknown factors!).
Known Unknowns vs Unknown Unknowns
“Reports that say that something hasn’t happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don’t know we don’t know.” Donald Rumsfeld, U.S. Secretary of Defense (February 12, 2002)
Known Unknowns
Phenomena that can be reasonably anticipated but not
quantified.
Example: cancelled flight
Unknown Unknowns
Come from situations that are so “out of this world” that they
never occur to you.
Example: disruptive innovation
Supply Chain Risk
“variation in the
distribution of possible
supply chain outcomes,
their likelihood, and their
subjective values”
Jüttner et al. (2003)
supply chain risk positive or negative
“chance of danger,
damage, loss, injury or
any other undesired
consequences”
Harland et al. (2003)
supply chain risk purely negative
Multidimensionality of Supply Chain Risk
Uses of the term “risk” can be confusing because it is perceived as a multidimensional construct:
Risk Source (e.g., “volatility of customer demand”)
Risk Consequence (e.g., “risks to customer service levels”
Risk Driver (e.g., “focus on efficiency rather than effectiveness”)
Risk Mitigating Strategy (e.g., “postponement”)
Jüttner et al. (2003)
Key Focus Areas within Logistics
and Supply Chain Management
A. T. Kearney (1999); Norrman & Jansson (2004)
Risk vs. Costs:
SCRM might create too high
prevention costs as well as reduce
cost for both business interruptions
and insurances.
Risk vs. Time:
SCRM might create buffers and
processes delaying lead time. Time
could also be reduced – e.g. the
reaction time when an incident or
accident happens.
Risk vs. Quality:
These areas are most similar and
should work out well in parallel –
both have a process orientation
and a focus on avoiding errors.
Traditional vs. Future focus areas
Supply Chain Management vs Risk Management
Sodhi et al. (2011)
Business Continuity Management
“the development of strategies, plans and actions which provide
protection or alternative modes of operation for those activities or
business processes which, if they were to be interrupted, might
otherwise bring about a seriously damaging or potentially fatal loss to the enterprise” Hiles & Barnes (2001)
Supply Chain Risk Management
“the implementation of strategies to manage both everyday and
exceptional risks along the supply chain based on continuous risk
assessment with the objective of reducing vulnerability and
ensuring continuity” Wieland & Wallenburg (2012)
Possible Organization of Risk Management on a Corporate Level (Norrman & Jansson (2004))
Phases of Supply Chain Risk Management
Risk Identification
Enumerating the causes/sources of
potential supply chain disruptions.
Risk Assesment
Evaluating likelihood of occurrence and
impact that event will have on the business
for each cause/source of disruptions.
Risk Controlling
Prioritizing causes/sources of disruptions
and developing strategies for reducing the
likelihood and/or mitigating the impact.
Risk Monitoring
Monitoring developments of risks on an ongoing basis, including political risks and risks related to markets and suppliers.
Risk Identification
Risk Management
beyond own Risks
Companies should not only focus on their own risks. They must also focus on risks in other links in their supply chain.
Supply chain risk management goes beyond risks within the own
company.
Not only suppliers, but also customers can cause risks, e.g., the
sudden insolvency of a strong customer.
Risk Sources:
Internal
External
Supplier+related
Customer-related
Risk Categories:
Disruption:
A disruption occurs when the supply chain is radically and
unexpectedly transformed through nonavailability of certain
production, warehousing, distribution, or transportation
options, such as equipment failure.
Delay:
A delay in material flow can be viewed as a recurrent risk
and can occur because of many reasons, such as variations
in transportation or production lead times.
Distortion:
A distortion, also known as “forecast risk,” occurs when one
or more parameters within the supply chain system, such as
order sizes, stray from their forecasted and expected values.
Risk Sources and Risk Categories:
Combines Risk Sources and Risk Categories in a matrix. Please see slide 25
Risk Assessment
Risk Assessment Based on the Risk Matrix
Norrman & Jansson (2004)
Qualitative risk matrix:
Impact and probability are
assessed subjectively
(e.g., low vs. high)
Quantitative risk matrix:
Impact and probability are
assessed objectively
(e.g., frequency, costs in
euros). Note: These
values should not be
multiplied.
Qualitative vs. Quantitative Supply Chain Risk Assessment
Slide 29
Example: Risks Facing a Major U.S. Retail Supply Chain
Slide 30
Exceptional Risks are Particularly Important for Business Continuity Slide 31
Everyday risks (high probability, low
impact) are usually anticipated
intuitively, e.g., frequent occurrence of
quality problem.
Exceptional risks (low probability, high
impact) are often not recognized
before it is too late, e.g., sudden
bankruptcy of an important supplier.
Tools for Risk Assessment
Cause–Effect Diagram of Supply Chain Risk Slide 33
Indicators to Evaluate the Insolvency Risk of a Supplier Slide 34
Risk Assessment Calculations Slide 35-39
Complexity and Dynamism of Supply Chains
Need to be Considered when Assessing Risks
While some of the disruption risks are specific to one company, many disruptions will cause problems to multiple companies at a time, e.g., earthquakes.
Many companies are members of multiple supply chains at a time and disruptions in their operations will affect multiple supply chains. Hence, it is important to study mitigation strategies for disruption risks in the context of multiple competing supply chains.
Dependencies among suppliers do often exist and can have significant consequences. For example, bad rubber harvest will affect multiple tire suppliers. Always assess interdependence of dual-sourcing suppliers!
Risk Controlling
Decision/Design Issues that Influence Vulnerability
Following issues are closely interlinked
Product Design
Consider alternate
or more resilient
components before
the design is
finalized
Supply Chain Design
Qualify second
sourcing and
alternate sites and
negotiate and
implement buffers.
Operational Control
Ensure business
continuity based on
continuity plans
and crisis
management.
Template for Risk Assessment and Controlling, and Contingency Planning
Slides 44
Strategies to Control Risks
(Vaughan (1997); Kajüter (2003); Norrman & Jansson (2004))
Strategies to Control Risks Can Be Connected to the Risk Matrix Slide 46
(DeLoach (2000); Husdal (2009))
Risk Avoidance:
Eliminate the types of event that could
trigger the risk.
Risk Reduction:
Reduce the probability and/or the consequence of a risk.
Risk Transfer:
Transfer to third parties, e.g., insurance
companies, SC partners, customers.
Risk Sharing:
Implement contractual mechanisms and pursue collaboration.
Risk Taking:
Take the potential risk impact, i.e., do not pursue any other strategy.
Risk Transfer Based on Insurance
Slide 47 - 48
Traditional risk transfer mechanisms, such as insurance, can be expensive or unavailable for some types of risk.
Insurable Risks:
Catastrophic disaster
Property damage/loss
Product liability
Business interruption
Trade credit risks
Uninsurable Risks:
Supplier non-performance
Customer demand volatility
Product defects
Emerging risks (pandemics)
Shipping port closure
Risk Sharing Based on Contracts
“Risk-sharing contracts specify which proportion of the transaction cost and risk is incurred by the manufacturer and which is incurred by the retailer.”
Contracts can be used to require suppliers to implement supply chain risk management processes (e.g., require them to follow a standard).
The contract could even require suppliers to require their own suppliers to implement such processes, and so on.
This could ensure that the entire supply chain has risk management measures in place.
However, such an approach is hard to implement in practice.
Dealing with supply and demand side risk Slide 51-52
Assessing the Impact of Various Strategies to Mitigate Supply Chain Risks
Slide 53
Risk Monitoring
Risk monitoring has not yet received much attention by supply chain risk researchers.
Particularly, not much focus is put on measuring risk over time.
However, risk ratings and/or risk indices must be tracked over time
Trends need to be monitored to determine if they are reaching
unacceptable levels.
Moreover, the usefulness of risk indicators should be assessed.
An integrated database is needed for risk monitoring.
Risk Monitoring Makes Trends Visible
Resilience
“the capacity […] to survive, adapt, and grow in the face of turbulent change.” Fiksel (2006)
Slide 58
Zone of Resilience Pettit et al. (2010)
The Sand Cone Model of
Supply Chain Resilience
Hohenstein et al. (2015)
Mechanisms to Create Resilience
Wieland & Wallenburg (2013)
Slide 61-62
Robustness
“ability of a supply chain to
resist change without
adapting its initial stable
configuration (proactive).”
Wieland & Wallenburg (2012)
Agility
“ability of a supply chain to
rapidly respond to change by
adapting its initial stable
configuration (reactive).”
Wieland & Wallenburg (2012)
Robustness, Agilty,
and the Risk Matrix
Slide 63
Conceptual Framework of
Supply Chain Robustness
Slide 64