Rigorous Risk Management

As a global management consulting firm, A.T. Kearney is focusing on strategic and operational CEO-agenda concerns, and leading startegists at AT Kearney often have articles appearing in Supply Chain Mangement Review (SCMR). Today I will take a closer look at Bringing Rigor to Risk Management, written by Kish Khemani in 2007. Risk management is emerging as a key focus area for corporations, especially in terms of the extended supply chain and Bringing Rigor to Risk Management is a very brief and concise 2-page article, but it manages to highlight the key points that are important in managing supply chain risk. Why is managing supply chain risk important? As they take on expanded responsibilities for global sourcing, supply chain managers are also increasingly required to manage risk in terms of brand, reputation, and ethical sourcing, not just procurement and purchasing risks. In other words, supply chain risk management is increasingly becoming overall enterprise risk management.

A Framework for Risk Analysis

Khemani defines risk as the measurable possibility of losing or not gaining value. Risk exposure is then is the quantified measure of risk for any single event as calculated by multiplying the impact of such an event by its probability. A risk profile represents a company’s collective risk exposure. Risks, in turn, fall into three distinct categories:

(1) event risks, which occur at single point in time and have a significant impact on a company.

(2) market risks, which refer to volatility in traded markets, be they commodities or currencies.

(3) strategic risks, those longer-term trends that will have an impact over a period of time.

Khemani stresses that each company or business unit or function needs to prioritize risks by calculating its risk exposure. Without a quantified understanding of the cost-benefit trade-off around each risk, the organization cannot make a well-informed decision.



Seven ways of dealing with risk

Interestingly, the article discusses seven ways of risk management:

Avoid: Proactive action that eliminates the possibility of an event.

Transfer: Proactive action (often financial or legal) that shifts risks to a third party.

Mitigate: Proactive action that reduces the financial impact if an event occurs.

Minimize: Proactive action that reduces the probability of an event occurring.

Respond: Predetermined actions taken after an event occurs in order to reduce the impact.

Monitor: Continuous scanning of the environment that triggers alternative actions or the implementation of certain measures if predefined thresholds are exceeded.

Accept: Decision to bear risk exposure without taking any additional actions.

This includes the classic four Avoid-Transfer-Reduce(Minimize)-Accept that I have portrayed in a previous article on six ways of dealing with risk. What appears to be “missing” in the classic four is Mitigating and Responding, along with Monitoring. Albeit not explicitly mentioned, they could be said to be included in Reduce, if one keeps in mind a mitigative and contingent perspective.

Causes – Events – Outcomes – Impacts

Similar to the source-driver-impact framework in Jüttner et al. (2003), Khemani sets up a framework of causes, leading to supply discontinuity events, which in turn lead to business outcomes, having a certain financial impact.

khemani-bringing-rigor-to-risk-management-2Click image for larger version

Thus, the framework includes 1) the external and internal occurrences that directly contribute to the event, 2) the event which has immediate consequences on the enterprise, 3) the impact that the event has on various business areas within the firm, and 4) the total financial impact of the event.

An opportunity rather than a threat

In conclusion, Khemani remarks that

For companies not that far along, the key is to build momentum for their efforts by clearly demonstrating that risk management represents an opportunity rather than just a cost.

Lessard and Lucea (2009) picked up on this in their article on risk management as a core competence, where they state that no company can exist independent of its supply chain, and companies should not so much focus on risk-shedding, but instead work more on risk-shaping.

Reference

Khemani, K. (2007) Bringing Rigor to Risk Management. Supply Chain Management Review 11(2), 67-68.

Author Links

Related

Posted in ARTICLES and PAPERS
Tags: , , ,

ARTICLES and PAPERS
Risk Analysis of Critical Infrastructures
The vulnerability of critical infrastructures is a recurring theme on this blog, and today's article[...]
Avoid Supply Chain Breakdown - Tailored Risk Management
In my previous post on Ericsson versus Nokia - the now classic case of supply chain disruption I men[...]
BOOKS and BOOK CHAPTERS
Book Review: This is where raster GIS started...
...well not really, but Geographic Information Systems and Cartographic Modeling by Dana Tomlin spar[...]
Supply Chain Logistics Risk in Germany
What are the most common supply chain and logistics risks that businesses and logistics providers ha[...]
REPORTS and WHITEPAPERS
A Decade of Living Dangerously
Do you remember the movie The Year of Living Dangerously with Mel Gibson? Topically unrelated maybe,[...]
Risky cities - want to work there?
If you are doing global business, do you know where you are at risk and what risk that is most perti[...]