Home ARTICLES and PAPERS Rigorous Risk Management

Rigorous Risk Management

Posted on by
Revised on: 2015-09-11

As a global management consulting firm, A.T. Kearney is focusing on strategic and operational CEO-agenda concerns, and leading startegists at AT Kearney often have articles appearing in Supply Chain Mangement Review (SCMR). Today I will take a closer look at Bringing Rigor to Risk Management, written by Kish Khemani in 2007. Risk management is emerging as a key focus area for corporations, especially in terms of the extended supply chain and Bringing Rigor to Risk Management is a very brief and concise 2-page article, but it manages to highlight the key points that are important in managing supply chain risk. Why is managing supply chain risk important? As they take on expanded responsibilities for global sourcing, supply chain managers are also increasingly required to manage risk in terms of brand, reputation, and ethical sourcing, not just procurement and purchasing risks. In other words, supply chain risk management is increasingly becoming overall enterprise risk management.

A Framework for Risk Analysis

Khemani defines risk as the measurable possibility of losing or not gaining value. Risk exposure is then is the quantified measure of risk for any single event as calculated by multiplying the impact of such an event by its probability. A risk profile represents a company’s collective risk exposure. Risks, in turn, fall into three distinct categories:

(1) event risks, which occur at single point in time and have a significant impact on a company.

(2) market risks, which refer to volatility in traded markets, be they commodities or currencies.

(3) strategic risks, those longer-term trends that will have an impact over a period of time.

Khemani stresses that each company or business unit or function needs to prioritize risks by calculating its risk exposure. Without a quantified understanding of the cost-benefit trade-off around each risk, the organization cannot make a well-informed decision.

Seven ways of dealing with risk

Interestingly, the article discusses seven ways of risk management:

Avoid: Proactive action that eliminates the possibility of an event.

Transfer: Proactive action (often financial or legal) that shifts risks to a third party.

Mitigate: Proactive action that reduces the financial impact if an event occurs.

Minimize: Proactive action that reduces the probability of an event occurring.

Respond: Predetermined actions taken after an event occurs in order to reduce the impact.

Monitor: Continuous scanning of the environment that triggers alternative actions or the implementation of certain measures if predefined thresholds are exceeded.

Accept: Decision to bear risk exposure without taking any additional actions.

This includes the classic four Avoid-Transfer-Reduce(Minimize)-Accept that I have portrayed in a previous article on six ways of dealing with risk. What appears to be “missing” in the classic four is Mitigating and Responding, along with Monitoring. Albeit not explicitly mentioned, they could be said to be included in Reduce, if one keeps in mind a mitigative and contingent perspective.

Causes – Events – Outcomes – Impacts

Similar to the source-driver-impact framework in Jüttner et al. (2003), Khemani sets up a framework of causes, leading to supply discontinuity events, which in turn lead to business outcomes, having a certain financial impact.

khemani-bringing-rigor-to-risk-management-2Click image for larger version

Thus, the framework includes 1) the external and internal occurrences that directly contribute to the event, 2) the event which has immediate consequences on the enterprise, 3) the impact that the event has on various business areas within the firm, and 4) the total financial impact of the event.

An opportunity rather than a threat

In conclusion, Khemani remarks that

For companies not that far along, the key is to build momentum for their efforts by clearly demonstrating that risk management represents an opportunity rather than just a cost.

Lessard and Lucea (2009) picked up on this in their article on risk management as a core competence, where they state that no company can exist independent of its supply chain, and companies should not so much focus on risk-shedding, but instead work more on risk-shaping.

Reference

Khemani, K. (2007) Bringing Rigor to Risk Management. Supply Chain Management Review 11(2), 67-68.

Author Links

Related

Posted in ARTICLES and PAPERS
Tags: , , ,
ARTICLES and PAPERS
Supply Chain Security - an overview and research agenda
Supply chain security is one of many components of a company's overall supply chain risk management,[...]
Interpreting Resiliency
In yesterday's post on Freight Transportations Systems Resilience I mentioned Kelly Pitera and her M[...]
BOOKS and BOOK CHAPTERS
Book review: Cost-Benefit Analysis: Theory and Application
I really enjoyed reading Cost-Benefit Analysis: Theory and Application by Tefvik Nas.  I used this b[...]
The Handbook of Business Continuity Management
As I said in my post yesterday, Supply Chain Risk Management (SCRM) has many similarities with Busin[...]
REPORTS and WHITEPAPERS
Stemming the rising tide
Are you are taking radically different actions than your peers when it comes to supply chain risk ma[...]
Risky cities - want to work there?
If you are doing global business, do you know where you are at risk and what risk that is most perti[...]