Rigorous Risk Management

As a global management consulting firm, A.T. Kearney is focusing on strategic and operational CEO-agenda concerns, and leading startegists at AT Kearney often have articles appearing in Supply Chain Mangement Review (SCMR). Today I will take a closer look at Bringing Rigor to Risk Management, written by Kish Khemani in 2007. Risk management is emerging as a key focus area for corporations, especially in terms of the extended supply chain and Bringing Rigor to Risk Management is a very brief and concise 2-page article, but it manages to highlight the key points that are important in managing supply chain risk. Why is managing supply chain risk important? As they take on expanded responsibilities for global sourcing, supply chain managers are also increasingly required to manage risk in terms of brand, reputation, and ethical sourcing, not just procurement and purchasing risks. In other words, supply chain risk management is increasingly becoming overall enterprise risk management.

A Framework for Risk Analysis

Khemani defines risk as the measurable possibility of losing or not gaining value. Risk exposure is then is the quantified measure of risk for any single event as calculated by multiplying the impact of such an event by its probability. A risk profile represents a company’s collective risk exposure. Risks, in turn, fall into three distinct categories:

(1) event risks, which occur at single point in time and have a significant impact on a company.

(2) market risks, which refer to volatility in traded markets, be they commodities or currencies.

(3) strategic risks, those longer-term trends that will have an impact over a period of time.

Khemani stresses that each company or business unit or function needs to prioritize risks by calculating its risk exposure. Without a quantified understanding of the cost-benefit trade-off around each risk, the organization cannot make a well-informed decision.



Seven ways of dealing with risk

Interestingly, the article discusses seven ways of risk management:

Avoid: Proactive action that eliminates the possibility of an event.

Transfer: Proactive action (often financial or legal) that shifts risks to a third party.

Mitigate: Proactive action that reduces the financial impact if an event occurs.

Minimize: Proactive action that reduces the probability of an event occurring.

Respond: Predetermined actions taken after an event occurs in order to reduce the impact.

Monitor: Continuous scanning of the environment that triggers alternative actions or the implementation of certain measures if predefined thresholds are exceeded.

Accept: Decision to bear risk exposure without taking any additional actions.

This includes the classic four Avoid-Transfer-Reduce(Minimize)-Accept that I have portrayed in a previous article on six ways of dealing with risk. What appears to be “missing” in the classic four is Mitigating and Responding, along with Monitoring. Albeit not explicitly mentioned, they could be said to be included in Reduce, if one keeps in mind a mitigative and contingent perspective.

Causes – Events – Outcomes – Impacts

Similar to the source-driver-impact framework in Jüttner et al. (2003), Khemani sets up a framework of causes, leading to supply discontinuity events, which in turn lead to business outcomes, having a certain financial impact.

khemani-bringing-rigor-to-risk-management-2Click image for larger version

Thus, the framework includes 1) the external and internal occurrences that directly contribute to the event, 2) the event which has immediate consequences on the enterprise, 3) the impact that the event has on various business areas within the firm, and 4) the total financial impact of the event.

An opportunity rather than a threat

In conclusion, Khemani remarks that

For companies not that far along, the key is to build momentum for their efforts by clearly demonstrating that risk management represents an opportunity rather than just a cost.

Lessard and Lucea (2009) picked up on this in their article on risk management as a core competence, where they state that no company can exist independent of its supply chain, and companies should not so much focus on risk-shedding, but instead work more on risk-shaping.

Reference

Khemani, K. (2007) Bringing Rigor to Risk Management. Supply Chain Management Review 11(2), 67-68.

Author Links

Related

Posted in ARTICLES and PAPERS
Tags: , , ,

ARTICLES and PAPERS
How to secure your supply chain - 2/7
Continuing my previous post, which talked about raising the awareness towards disruption risks in ge[...]
Inbound and outbound vulnerability
After publishing A conceptual framework for the analysis of vulnerability in supply chains, Gøran Sv[...]
BOOKS and BOOK CHAPTERS
Book Review: Cooperative Strategy
Cooperative strategy is the attempt by organizations to realize their objectives through cooperation[...]
Book Review: Logistics and Supply Chain Management
This book by Martin Christopher, Logistics & Supply Chain Management, is one of the better if [...]
REPORTS and WHITEPAPERS
Supply chain disruption risk on the rise
Global supply chains are increasingly becoming more vulnerable to potential disruption to trade, say[...]
Saving Norway's crumbling infrastructure
NTP 2010-2019
Following up my post this morning called "D-Day for Norway's Transport Infrastructure", the numbers [...]