Analyze the main risks that can impact on supply chains

Risk definition The effect of uncertainty on objectives. Uncertainty is created by a) Variability and b) Ambiguity

Understanding and analyzing the nature of the risk, Calculating the possibility of occurrence, Risk Management Process Calculating the impact or consequence, Developing options to offset or reduce Definition of a Hazard Source of potential harm or danger. 'The possibility that a hazard will cause loss or damage' Things or factors that make an organization more prone to risk, The extent to which an organization is affected by potential vulnerabilities Maximum loss or damage that can be suffered. Inherent Risk(before any action), Residual Risk(remaining after controls are in place), Objective: Acceptable residual risk exposure Shocks - Unanticipated events, Crises - Major events, anticipated or otherwise, Disasters - Major natural or human-induced events The amount of risk an organization is willing to bear. Risk Enthusiastic or, Risk Averse Corporate - Over arching, strategic. Delegated - Risk at different levels,

Vulnerability

Risk Exposure

Risk Events

Risk Appetite

Levels of Risk

Project - Temporary in nature Upside Risk Uncertainties with positive Consequences of Risk outcomes

Downside Risk - Negative outcomes resulting in: Direct Losses and,Consequential losses

Benefits of effective risk management

s shapes

Published research results, Environmental Scanning, Horizon Scanning, Monitoring benchmark organizations, Market intelligence and MIS, Critical Incident investigation, Scenario Analysis, Process Audit, Periodic Checks, Examining project plans and supply chain maps, Conducting formal risk assessments, Consulting with stakeholders & experts, Employing 3rd party consultants, Techniques for risk Identification Internal and External Sources of Risk Internal environment - Within the organisation, Micro Environment - Operating environment, Macro Environment - Market and society

STEEPLE

Socio-Cultural, Technological, Economic, Environmental, Political, Legal, Ethical

Country Risk, Payment Risk, Currency and exchange rate risk, Range of risks from global trading environment Transit and logistical risk, Legal and contractual risk, Compliance and reputational risk

Threats from new entrants, Buyer's bargaining power, The Competitive Environment - Porter's 5 Forces Supplier's bargaining power, Threat from Substitutes, Competitive rivalry within the industry

Develop a risk assessment and risk register to mitigate risks in a supply chain

What is a risk register?

A concise, structured document listing all the identified risks for a business, project or contra with the result of the risk analysis, initial mitigation plans and current status of each risk

Purpose and benefits of using a risk register:

To capture analysis and decisions in a co-ordinated, centralized data store, To provide a template document, To develop risk visibility throughout the organization, To identify accountabilities for monitoring and managing risks, To provide a framework for monitoring, management and review, To provide a basis for allocating resources, To encourage communication about risk issues with key internal and external stakeholders, To provide project sponsors etc with a framework from which they can report.

A Risk register Template typically includes the following columns for entry of data:

A unique reference code identifying each risk, Description of the type and nature of the risk, The date on which the risk was first identified, The risk owner, Probability of the risk event occurring, Impact, cost or consequence if the risk event occurs, identified possible responses or mitigation actions, The risk mitigation action chosen and its effect, Regularly updated information on the current status of each risk

Traffic light system System of flagging with risk registers?

Key Stakeholders in risk management

Board of directors at a strategic level, Risk management function, Line management at a functional level, Risk owners, External and internal audit functions, Cross-functional risk management teams, The procurement and supply function, 3rd Party risk auditing and assessment services

Analyze the use of probability and impact assessments to manage risks in supply chains
Risk assessment is? Risk is often quantified using this basic formula? The appraisal of the probability and significance of identified potential risk events Risk = likelihood / probability times Impact / adverse consequence

Risk probability/impact Matrix, Qualitative risk matrix, Methodologies for assessing the probability and impact of risk Risk scoring accompanied with Risk analysis matrix, are? Scoring likelihood and impact, Scenario analysis and planning Catastrophic, loss above a certain amount, Serious, with the assigned bracket, Minor, with the assigned bracket, and, Insignificant, loss below a certain amount.

Quantifying Impact can by done by using a scale of impact definition which defines the following levels:

Vulnerability assessment process is designed to?

Identify, Quantify and prioritise areas in which a system, organisation or supply chain is particularly open to risk or attack. IT Systems, Energy and water supply systems, Transportation and logistics systems and, Communication systems Listing or cataloguing the resources(assests and capabilities) in a given system, Assigning a quantifiable value, score or rank order of importance to those resources, Identifying the vulnerabilities or potential threats to each resource and, planning to mitigate or eliminate the most serious vulnerabilities for the most valuable resources. A key technique for evaluating the probability of ocurance is to extrapolate from historical statistical data to predict the likelihood of future occurences. Statistical sampling will often be used as the total population would be impractical. Published reports, statistical digests and online databases cataloguing and analyzing risk events, published risk monitoring reports and assessments from various categories of business risk, Statistical surveys of stakeholder groups, The organization's records and documents. The use of probability theory as a quantitative tool aims to add a numerical scale of measurement to ideas such as "very unlikely" or "Quite Likely" Events can be mutually exclusive or Independent

Vulnerability assessment is often performed on systems such as?

Vulnerability assessments would typically include 4 stages:

Collating statistical evidence of risks:

Sources of statistical data?

Probability Theory

Probability Distributions

Binomila distribution, Poisson distribution, Normal distribution

Explain the development of a risk management culture and strategy to improve supply chains

Risk management standards

ISO 31000 - Risk management, ISO 28000 - Supply chain security management systems Creates and protects value, Is an integral part of organizational processes, Is part of decision-making, Explicitly addresses uncertainty, Is systematic, structured and timely, Is based on the best available information, Is tailored, Takes human and cultural factors into account, Is transparent and inclusive, Is dynamic, iterative and responsive to change, Facilitates continual improvement and enhancement. Mandate and commitment, Design of framework to manage risk, Implementing risk management, Monitoring and review, Continual improvement

ISO 31000 risk management principles, risk management...

ISO 31000 Framework:

ISO 31000 Risk Management process:

Establishing context, Risk assessment, Risk treatment, Monitoring and review, Communication and consultation Continual improvement, Full accountability for risks, Application of risk management in all decision making, Continual communication, Full integration in the organization's governance structure

ISO 31000 - 5 Attributes for enhanced risk management

Security management policy; objectives / targets; and program, Security management structure, Security management competence, Security planning, ISO 28000 provides a best practice framework for developing, documenting, Legal and regulatory requirements, implementing and maintaining a effective SMS including elements such as: Documents, data and information systems and controls, Operational control measures; emergency plans and procedures, Monitoring and measuring security performance, Auditing and evaluating the SMS Risk management cycle, Risk management and mitigation strategies, Monitoring, reporting and review Identify sources of risk, Assess probability and impact of potential risks, Formulate risk management strategies, Allocate accountabilities and resources for managing identified

Th risk management process:

Risk management cycle:

risks, implement risk management, Monitor, report, adjust Tolerate, Transfer, Terminate, Treat. Treating or mitigating is often explained in application of controls: Preventative controls, Directive controls, Detective controls, Corrective controls Important, in order to: Ascertain whether the organization's risk profile or exposure is changing, Give assurance that the organization's risk management processes are effective, Indicate where contract risk management processes need improvement

Mitigation strategies

Monitoring, reporting and review

External reporting of risks in corporate accounts

Pressure may be supported by, Regulatory requirements, The expectation of external stakeholders, The organization's own governance, CSR and risk management policies, The reputational and other benefits of planned, voluntary disclosure

Resource categories for risk management strategies:

Informational resources, Human resources, infrastructure development, Technology resources, Physical resources, Financial resources

Develop a strategy to mitigate risks in supply chains

Risk Management strategy may be used in 2 different ways: The formulation of a chosen 'approach' or 'plan' to deal with identified risks and, The formulation of a corporate, long-term, proactive strategic framework to manage risk in the organization and supply chain Determine Risk appetite, Strategic intent, Risk policy, Risk management strategy, organizational framework

Risk strategy process:

Section 1: introduction and purpose, Section 2: Aim principles and implementation, Published risk Management strategy might include Section 3: Risk identification, Section 4: Risk analysis and evaluation, 6 generic sections: Section 5: Risk Treatment, Section 6: Risk Review and reporting Formulating a contingency plan: Identify critical risks, Identify and evaluate solutions,

Identify and document selected contingency response, Document what/who will trigger activation of plan, Establish and train response leadership teams, Communicate the plan so that everyone can repond at need. Project initiation and management, Business risk assessment, Business impact analysis, Business continuity strategy, Business continuity action plans, Testing, Stakeholder involvement, Maintenance Business risk assessment and business impact planning, Plan development, Document, Test, Maintain Roles and responsibilities, Incident checklists for key staff, First stage, Follow-up Stages, Document review Commence disaster log, Emergency services, Record of damage, Assemble the recovery team,

Business Continuity Planning Process

Generic framework for BCP:

Basic elements of a DRP

Disaster recovery lifecycle

Look after, support and brief staff, Inform stakeholders, Public and media relations, Debrief and learning, Review of DRP

Analyze the main methods for eliminating corruption and fraud in supply chains
Nature of Fraud, what are the 2 main categories? Removal of funds or assets from an organization, Intentional misrepresentation of the financial position of an organization. Motive, There must be something worth stealing, There must exist an opportunity, There must be a failure of internal control or fraud risk management. Online fraud, Telephone fraud, Being used for fraud, Corporate identity theft, Minor fraud, Competitor fraud Conflict of interest, Bribery, gifts and hospitality, Money laundering Bribery Act 2010: (it covers) Bribery, Being bribed, Bribery of foreign public officials, Failure of a commercial organisation to prevent bribery on its behalf. Financial reporting, Internal control,

Why does Fraud occur? (Main pre-conditions)

Types of fraud?

Types of corruption?

Legislation affecting bribery and corruption?

Corporate Governance Framework

Audit, Compliance Preventing conflicts of interest, Assuring the integrity of internal controls, Enhancing transparency Internal controls must assure that any information material to financial performance is made known to the CEO / CFO, The audit committee is also required to oversee controls and establish financial risk management and assessment policies

Sarbanes Oxley Act Aimed at?

SOX requirements include:

Analyze the main operational risks in supply chains

Contract Failure includes? Contract Failure Risk, Legal Risk, Negotiation Risk. Capacity and capability of prospective suppliers, Percentage of supplier capacity utilized by the contract, Likelihood of unanticipated demand, Supplier lead times and flexibility, Supply risks affecting supply chain or suppliers, Accuracy and clarity of specs, Vulnerabilities in Supply chain quality assurance, Accuracy of scheduling and forecasting, Quality, reliability and transparency of data, Cost management,

Contract Failure Risk includes Factors such as:

Project and contract management effectiveness Poor contract development and contracting process, Unmanaged battle of the forms, Poor contract admin and change control, Lack of adequate protection of IP, Issues of liability, Cost and relational damage from disputes Risk of 'losing out', Unacceptable or unfeasible concessions, Reaching an impasse, Adversarial relations, Conflict or divergent tactics, Ethical and reputational risk, Compliance Risk Currency and exchange rate risks, Credit Risks, Supplier financial instability - Springate model, investment Risk A - Ratio of working capital to assets, B - Ratio of net profit before interest and taxes to total assets, C - Ratio of net profit before taxes to current liabilities, D - Ratio of sales to total assets, Z = 1.03A + 3.07B + 0.66C + 0.4D, Low score indicates risk of insolvency

Legal risk

Negotiation Risk

Financial Risk includes?

Springate model

Definition of Quality

Fitness for purpose, Conformance to spec or requirement, Comparative excellence Costs of Appraisal and Prevention, Cost of Failure: Internal & External Quality Control - Reactive, Quality Assurance - Proactive, Quality Management - includes both above, Total Quality Management - Business Philosophy Gap between buyer and supplier perceptions of quality, Gap between Concept and specification, Gap between specification and performance, Gap between communication and performance, Gap between buyer expectations and perceived service

Costs of Quality

Approaches to managing quality failure risk

Service Quality Risk - SERVQUAL Model

Supply Risk may arise from?

Inadequate buyer-side processes for E, A and S, Inadequate buyer & Supplier side processes for Contract and performance management, Unanticipated levels of demand, Unanticipated shortages or price fluctuations, Unmanaged performance issues, Excessively lean supply chains, Inadequate provisions for physical security,

Natural or human caused disasters, Market risks, Commodity risks, Transportation risks, Lack of lesson learning and continuous improvement. Logistics complexity issues? Technological considerations? Global supply chains are increasingly lengthy and complex, Lean thinking has reduced waste, but at the expense of safety stock to react to shocks, Effective delivery is increasingly dependant on ICT infrastructure. Hardware and software theft, Cyber attack and data theft: Hacking, Viruses, Phishing. Technology failure: Teething, Performance, Compatibility problems, System breakdown. Objectives, Personnel, Relationships, Technology, Finance, Power Intellectual capital, Integrity and security of data, System failure, Compliance, Integrity and value of data, Design and implementation of MIS, Turnover of key personnel, Loss of organizational knowledge.

Implementation of New technology checklist?

Information risks include risks to?

Supply chain relationships risks?

Single sourcing arrangements, Outsourcing arrangements, Long-term partnership relations, Supplier tiering, Supplier switching. Failure to distinguish between core and non-core activities, Failure to identify and select a suitable supplier, Unrealistic expectations of outsource provider, Inadequate & Inappropriate t's & c's in contract, Lack of well- defined KPI's, Lack of management skills to control supplier performance & relationships, Gradual surrender of control of performance of contractor. Decision based on clear objectives and measurable benefits, Rigorous supplier selection, Rigorous supplier contracting, Clear and agreed service levels, Continuous and rigorous monitoring of service delivery and quality, On-going contract and supplier management, Contract review. Protection of IP, Additional transport and logistical risks, Political instability, Operational risk from difficulty to monitor and control, Operational, reputational and compliance risk arising from cultural, legal and linguistic differences.

Reasons for outsourcing failure?

Key elements in mitigation of outsource risk?

Offshoring risks?

Contractor relationship

An integrated project team approach is commonly used, bringng together multiple, integrated supply chains into one supply chain. Full turnkey, Partial turnkey, Client-coordinated approach, Management contracting. Joint ventures and consortia, Private public partnerships, Private financial initiative. Fixed price agreement / lump sum contract Fixed price but with provision for upward or downward revision

Contract strategies?

Project partnering?

Project pricing agreements?

Compare project lifecycle models that can mitigate risks in supply chainsDefine, Design, Do, Develop Definition, Planning, Organising, Controlling, Closing Directing, Planning, Strating up,

Project Lifecycle Models, A Four stage Model

A five stage model

Prince2 Model

Initiating, Controlling a stage, Managing product delivery, Managing stage boundaries, Closing a project Understand the distinct phases that all projects go through, Manage the expectations of stakeholders at each stage, Break down the project in a rational manner, Apply stage based planning and control tools such as gates, end-stage reviews, and end-stage approvals Clear statement that encompasses 3 aspects: Objectives, Scope, Strategy It should include the following elements: Project vision, goals and objectives, Business case for the project, Critical success factors by which achievement will be judged, Details of project scope, Risk assessment, Roles and responsibilities within the project team, Project control mechanisms, Reporting lines and procedures, List of planning milestones, Project budget Overview,

Using Project Lifecycle models, it allows PM's to:

Project Definition and specification

Developing a project initiation document

Elements of a Project

Management Plan

Objectives, General Approach, Contractual aspects, Schedules, Resources, Personnel, Risk management plans, Evaluation methods Time (Scheduling), Cost, Quality management, Risk and contingencies, Resources, Communication Structure (Functional, Matrix, Pure Project), Personnel Needs (Project Teams) Recognises that the progress of the project must be continually measured and compared against milestones, targets and other indicators of quality, time and cost

Need for integrated plans for:

Organisation and implementation Project monitoring

Project Control Two key elements to control of a project:

Administrative interface that ensures that the project is progressing as intended. Milestones and, Mechanisms for feedback gathering, reporting and communication on milestone attainment. Project Completion and, Review

Project closure comprises of:

Evaluate the contribution that project planning can make to managing risks in supply chains
It forces those involved to consider potential risks and vulnerabilities, It identifies the deliverables, likely duration and cost of the project, It determines resources required at each stage of the project, It allows time for the examination of costs quoted, challenging of business need and over-specification, It identifies the tasks to be undertaken, the sequence and timing within which they need to be undertaken and any dependencies between tasks, It underpins control processes, It provides for end-stage or gateway reviews, It specifically establishes expenditure budgets, It provides tools and outputs, It supports management by exception, It allows the needs, views and interests of project stakeholders to be taken into account Work Breakdown Structure by: Activity, Functional area,

Project planning contributes in a number of ways:

Identifying activities

Product Dependencies between activities, Interactions between activities, Sequencing activities depends on: Resource requirements of activities, Durations or timings of activities Bottom-up estimating, Top-down estimating, Comparative estimating, Parametric estimating, Three-point estimating Various statistical techniques, An activity schedule costing approach, Bills of quantity, From a client point of view by estimate of project contractor Top-down budgeting, Bottom-up budgeting

Estimating activity timings techniques

Estimating project costing (basic techniques):

Two main approaches to establishing project budgets:

Critical path analysis can be done Network analysis using: Gantt Charts Baselines Read through A set of assumptions and methods that are used as the base evaluation of risk. in project management, a baseline is the project's original plan: that is, the starting schedules and milestones. Over-allocated, Under-allocated.

Optimising resource allocation (2

main problems): Resource smoothing / leveling used to come to efficient use of resources.

Evaluate how the organisation, implementation, monitoring and control of projects mitigate risks in supply chains

Efficient organization of work packages involves grouping activities so that:

They form meaningful manageable chunks of the whole project for the designated individual or team, They optimize the use of available resources, They minimize the need for coordinating mechanisms within work packages, They can be regarded as a single area of accountability, as the responsibility of a single manager or team leader. Determining the needs of personnel and, Determining the needs for personnel To protect people from pain and suffering, To comply with relevant legal and policy standards, To minimize the costs of accidents and ill-health, The enhance their ability to attract and retain quality staff, To avoid negative PR and enhance their brand and reputation for corporate social responsibility Health and Safety at Work Act 1974 Incorrect or irresponsible use of equipment, machinery and tools, Hazards of movement associated with confirmed or cluttered spaces, stairs, poorly maintained flooring or wet and slippery floors, Storage, handling and use of hazardous materials and chemicals,

Determining the needs of personnel:

Health and safety issues (Why plan to minimize?)

Legal framework on health and safety

Hazards in the project environment:

Operation of machinery, Inadequate lighting, heating, ventilation or hygiene, Poor ergonomic design of work spaces, equipment and furniture, putting strain on workers, Heavy lifting, Risk of fire Adopt simple performance measures that are easily understood by the project team, Ensure that managers measure only what is really important, Set appropriate control limits, tolerances or acceptable variances, report by exception only, End stage assessments, Highlight reports, Checkpoints, Milestones and gates, Techniques such as project budget, gannt charts and network analysis, Complex project management software. Percentage complete values, Estimated remaining durations, Actual start/finish times

Performance review mechanisms must:

Range of control methodologies:

Progress tracking metrics:

Reviewing and challenging individual task durations, Analyzing the logic of activity sequencing, Implementing remedial action 9reducing the Authorizing overtime, additional work shifts and so on, overall duration of the project): Increasing resources, Reducing quality without impacting on firness for purpose. Range of tactics available to reduce overall project costs: Reducing the scope or reducing resources assigned, Challenging initial resource estimates,

Challenging project overheads, Negotiating competitive market rates for contracted staff, Planning and m0bilising resources over longer periods

Change control orders

Read through Key final step is obtaining sign-off by the client, Obtaining client acceptance and installing Sell the successes of the project. deliverables: Documenting the project, Issuing the final report. Frequent reviews and project meetings to maintain urgency, Classifying outcomes into 3 categories(read), changing the project manager, Final steps before a project can be Measuring the results, regarded a complete: Communicating success, Embedding the results, Dissolving the team quickly, Celebrating successes Assessing whether and how far the outcomes met the Post-completion audit focus: expectations of the sponsor and stakeholders, Assessing the effectiveness of the management process Establishing the procedures, Checking the documentation to ensure procedures were Audit process involves the following followed, steps: Report on any areas where it appears that shortcomings arose Financial, Time, Quality, Review and audit criteria Human resources, Environmental, Planning,

Control

Analyse the use of contractual remedies for managing risks in supply chains
Express, Implied, Warranty, Condition Common law principle that means: Let the buyer beware Damages, Specific performance, Injunction, Quantum Meruit The legal and financial responsibility or obligation of an entity in a situation. Strict Liability and, Vicarious Liability Assigns primary liability to the other party in the contract Costs or Debts, Loss or damage to the buyer's propertyas a result of neligent or defective work, Business losses incurred by a suppler's poor advice,

Types of Contract terms

Caveat Emptor

Remedies for Contract Failure

Meaning of Liability Types of Liabiiity Indemnity Clause

Indemnity clauses might include:

Injury to staff, cusomers or 3rd parties caused by negligence Exclusion clause is applied to contract clauses which, Totally excludes one party from the liability which would otherwise arise from some berach of contract, or which, Restrict or limit its liability in some way, or which, Seek to offer some form of 'guarantee' in place of normal liability for breach of contract. The buyer is not legally bound to accept delivery of goods before inspection and/or testing of the goods to ascertain that they confirm to specification and are fit for purpose and, That the buyer is to be allowed a reasonable time to inspect and test incoming goods To put the injured party into the position it would have been in if the contract had been properly performed.

Limitation of liability

Testing, inspection and acceptance clauses may be used to stipulate:

Liquidated damages purpose?

Analyse the use of outsourced 3rd parties in risk management in supply chains
Credit Rating Services Services offered to businesses wishing to access credit and financial information about other businesses as part of their due diligence prior to entering into contracts or business partnerships

Employment agencies, Information assurance consultants, Premises security services, Other Business services offered by 3rd Other security based services and consultancies, parties: Brokerage and agency services, Legal services, Insurance services Risk Auditing services may be brought External auditors, Risk consultants and security advisors, in from or outsourced to? Research companies,

Mystery shoppers One of the key benefits of using external auditors? Independence

They bring a 'fresh eye' to the organization, Benefits of appointing an external risk They offer independent judgment, They bring specialist expertise and wide experience of the risk category and issues, consultant? They may offer specialist resources and competencies for managing risks Commercial services providing for off-site back-up storage of data and documents, Specialist services for the recovery of ICT systems and data centers, A range of commercial services to whom business critical operations can be outsourced or contracted on short term basis, Sources of alternative premises, facilities or work accommodation, Public emergency services, Grants and financial assistance

3rd Party resources for disaster recovery include the following:

Evaluate the use of insurances for protection against risks in supply chains

Range of insurance cover for:

Theft and Fraud, Damage to property, Fire and flood, Marine, aviation and motor transit, Public liability, Product liabilty, Employer's liabiiity Reduces financial impact of risk event, Aids recovery, May satisfy customers, suppliers and other key stakeholders, May be required by the contract of purchase or sale, May be required by law Contract, Indemnity, Insurable interest, Proximate Clause, Mtitgation, Subrogation, Utmost good faith A procss by which one party agrees to accept some of the risk of another party, in exchange for a

Benefits of insurance:

Key Legal principes of insurance:

Underwriting process

premium Evaluating the risk exposure of the potential client, Deciding whether to accept the risk and how much coverage the client will receive, Determining a premium, Protecting the insurance company's portfolio of risk, Casualty insurance, Property or indemnity insurance, Liability insurance including: Public liability, Employer's liability' Professional indemnity and product liability, Credit insurance and, Business interruption insurance

Underwriting involves the following procedures:

Types of insurance

Analyse the use of contingency plans to overcome risks in supply Chains

Contingency planning defined?

Planning to mitigate the impacts of risk events, variances and failures by making secondary plans in-case something goes wrong or the original plan fails. Many risks cannot be completely eliminated, Risks may be low priority but high impact, Risk mitigation is more effective when proactive than reactive. More comprehensive plans, such as:

Role of Contingency planning? It is important because...

In crises level contingencies, immediate emergency response plans will be linked to?

To maintain business continuity and, To begin disaster recovery.