JUST IN CASE NOT JUST IN TIME

Greg Hutchins PE Quality Plus Engineering 800.COMPETE or 503.233.1012 GregH@QualityPlusEngineering.com

Who is Greg Hutchins?

Principal with Quality Plus Engineering (Q+E), Portland Oregon based supply and project management company. Q+E is US Department of Homeland Security Certified/Designated for Critical Infrastructure Protection: Forensics, Assurance, Analytics Addresses: www.QualityPlusEngineering.com www.ValueAddedAuditing.com Gregh@europa.com or GregH@QualityPlusEngineering.com 800.COMPETE Author of ISO 9000 (Wiley, translated into 8 languages), Standard Manual of Quality Auditing (Prentice Hall/ASQ), and Value Added Auditing (WIT) ASQ/IEEE/PMI Columnist

My Mission Critical Objective Today:

1. 2. 3. 4.

Global sourcing Changing sourcing rules Supply risk management Future of supply management

1. Global Sourcing

Todays Business Model

Aerospace and auto companies business model:

Design Product Outsource (up to 85% of manufacturing $) Assemble Test Manage their brand

Todays Business Model Impacts Supply Risk

Sara Lee Corporation plans to sell its noncore factories. It will focus on its core strengths, specifically developing new products, managing its brands, and increasing market share. Sara Lee will outsource commodity manufacturing and other non-core activities and only retain its highly proprietary processes. In other words, it plans to focus on what it does best.

Recent Supply Chain Articles

Quake Disrupts Key Supply Chains Stress Test for the Global Supply Chain Long Pause for Japanese Industry Raises Concerns About Supply Chain Japan Quake Likely to Affect Business Globally

2. Changing Sourcing Rules From Just in Time to Just in Case

Discussion

Just in Time
Lean supply chain No buffer inventories

Just in Case
What if Risk analysis Buffer inventories

From Single Source to Multiple Sources

Discussion
Single sourcing makes a lot of sense and offers value However, single source can result in supply risks

Earthquake in China

All eggs in one basket No diversification of risk

From Single Source to Multiple Sources

Discussion
Single sourcing makes a lot of sense and offers value However, single source can result in supply risks

Earthquake in China

All eggs in one basket No diversification of risk

From Price to Risk Based Decision Making

Discussion
Price or cost has been traditional method of selecting suppliers Now, risk is becoming critical component of selecting suppliers

From Looking Backward to Looking Forward

Discussion

Quality has compliance flavor

Historical focus Past performance

Risk management
Future focus What if analyses

From Supplier Trust to Supply Verification

Discussion

Supplier trust is based on:

Long term, mutually beneficial relationship Good products supplied

Supplier verification
More audits Trust but verify

From Quality Audits to Risk Audits

Discussion

Quality Audits
ISO 9000 Compliance based (still)

Risk Audits
What if audits White space gaps and risks in supply chain

3. Supplier Risk Management Thats Nice, What Do I Do Now?

This Is How You Start!

1.
2. 3. 4. 5. 6.

7.
8.

Determine managements appetite for risk. Identify supply chain risk events. Analyze risk events and assign risk vectors for likelihood and severity. Quantify: determine risk products and prioritize. Begin working with highest risk products (RP). Determine appropriate controls. Implement and monitor risk controls. Manage risks by monitoring and repeating the process. This is Supply Chain Risk Management!

Two Risk Definitions

Risk The possibility that an event will occur and adversely affect the achievement of objectives.
COSO, Enterprise Risk Management Framework, web, 2003.

Risk A situation or circumstance, which creates uncertainties about achieving program objectives.
FAA Programmatic Risk Management, 2002, p. 6.

Risk Appetite: Are You a Risk Taker?

Risk Identification Process

1.

2.

3.

4.

5.

Flowchart the overall supply chain and sub processes. Identify critical supply chain system, process, and production activities. Determine likelihood of unwanted variation (risk events). Identify which sources of variation represent higher severity. Determine risk product profile.

Supply Chain Risk Events

Early/late shipments or delivery to wrong location Non-conforming/wrong product or quantity Supplier processes Sole source supplier Undesirable events (storm, flood, earthquake, etc.) Contract, legal and regulatory non-conformance. Information system failure and compromises Supplier country political stability

Risk Continuum
High

Likelihood

Low

Low

Severity

High

Sample Risk Profile for Late or Non-Delivery

High Likelihood
Specialized Electronic Chips in Household Appliances Off Shore Supplier Specialized Electronic Chips in Regulated Products Off Shore Supplier

Low Likelihood

Maintenance, Repair and Operational (MRO) Supplies Domestic supplier

Fasteners in Regulated Products Domestic Supplier

Low Severity

High Severity

Likelihood of Occurrence
Descriptor Probability Rank Value

Highly Probable

>75%

High

Probable
Occasional Remote Improbable

>50%<75% Medium High

>25%<50% Medium >10%<25% Medium Low <10% Low

4
3 2 1

Consequence or Severity of Impact

Descriptor Rank Value

Catastrophic Critical
Serious Marginal Negligible

High Medium High

Medium Medium Low Low

5 4
3 2 1

Risk Product Profile

Severity of Impact
Likelihood
Highly Probable Probable Negligible
1x5=

Marginal
2x5=

Serious
3x5=

Critical
4x5=

Catastrophic 5x5=

5
1x4=

10
2x4=

15
3x4=

20
4x4= 5x4=

25 20
5x3=

4
1x3=

8
2x3=

12
3x3=

16
4x3=

Occasional
Remote

3
1x2=

6
2x2=

9
3x2=

12
4x2= 5x2=

15
10
5x1=

2
1x1=

4
2x1=

6
3x1=

8
4x1=

Improbable

Risk Product (RP)

Severity of Impact
Likelihood
Highly Probable Probable Occasional Remote Improbable Negligible
1x5=

Marginal
2x5=

Serious
3x5=

Critical
4x5=

Catastrophic 5x5=

5
1x4=

10
2x4=

15
3x4=

20
4x4= 5x4=

25 20
5x3=

4
1x3=

8
2x3=

12
3x3=

16
4x3=

3
1x2=

6
2x2=

9
3x2=

12
4x2= 5x2=

15 10
5x1=

2
1x1=

4
2x1=

6
3x1=

8
4x1=

High Level SC Risk Matrix

Severity of Impact
Likelihood
Negligible Marginal Serious
Pending legislation adds 2 days to on- dock time

Critical

Catastrophic

Highly Probable

Probable
Nationaliza -tion of MRO supplier

Non-ISO verified vendors

Key component delivery late 26%

Non-ISO certified vendors

Critical component lost shipments

Sole source vendor in tornado alley

Occasional Remote Improbable

Develop Strategy: Control Risk

Develop Strategy: Accept Risk

Develop Strategy: Avoid Risk!

Would you please elaborate on then something bad happened?

4. Future of Supply Management Takeaways!

Outsourcing increases risk. Leaning of supply chains increases risk. Data chain management increasingly more important (not only chain of custody, but data transferred from system to system). Higher levels of independent verification and validation required. Third party risk assessment of vendors is critical.

Takeaways

Managing risk is increasingly important and necessary to compete and survive. Terrorism, natural disasters, computer system compromises, are all on the rise.
Risk based system for import safety SCM professionals are key to an enterprises risk management. Be proactive; predict, prevent, and preempt risks.
DHS is developing risk management system

Know Your Risks Before Fishing (Offshoring and Outsourcing)!

The Bottom Line

I think we now live in an era when many of the concerns in running organizations are being reframed in terms of risk, which suggests that risk professionals are likely to rise to the top.
Source: Managing Risk in the New World, Harvard Business Review (HBR), October, 2009, p. 75.

QUESTIONS?
THANK YOU FOR INVITING ME!

Greg Hutchins Engineering Principal Quality Plus Engineering, LLC 800.COMPETE