Supply Chain Risk. Business Continuity. Transport Vulnerability. Resilience. Articles and papers. Books and book chapters. Reports and whitepapers. And more.
Category Archives: REPORTS and WHITEPAPERS
Posts inspired by published reports or whitepapers
The World Economic Forum Global Risks Reports. I first came across them in 2008, when the hyperoptimisation of supply chains was a major issue, particularly, if coupled with a potential economic downturn. This was again highlighted in 2011, in the Supply Chain and Transport Risk Initiative, bringing together a range of leading experts to explore the most critical threats facing supply chain and transport networks. And now, in 2015, supply chains are again part of the global risk picture. This time, supply chains are at risk for getting too lean, highly effective, but also highly vulnerable.
Lean supply chains = risky supply chains?
The Global Risk Report 2015 does not spend much ink on supply supply chains specifically, but the make the case for supply chain risks being interwoven with many other risks that in turn make supply chains vulnerable, and vice versa:
The far-reaching global supply chains set up by multinational corporations are more efficient, but the complexity and fragility of their interlinkages make them vulnerable to systemic risks, causing major disruptions. These comprise natural disasters, including those related to climate change; global or regional pandemics; geopolitical instability, such as conflicts, disruptions of critical sea lines of communication and other trade routes; terrorism; large-scale failures in logistics; unstable energy prices and supply; and surges in protectionism leading to export/import restrictions.
This reminds me of a post I made in 2009 where I reflected on the upsides and downsides of lean supply chains, based on a couple of articles I had read, and my conclusion was quite simple:
Is lean logistics the same as risky logistics? No, lean does not necessarily make you more vulnerable or less robust towards supply chain disruptions. Lean implies agile, and agile is what is needed to overcome supply chain disruptions.
The only problem, and the Global Risk report 2015 highlights this, is that world is no longer peaceful and quite for the most, it’s a rather unstable place with an uncertain future.
Global risk at a glance
At the heart of the Global Risk report 2015 is the overall risk picture. The Global Risks Landscape, a map of the most likely and impactful global risks, puts forward that, 25 years after the fall of the Berlin Wall, “interstate conflict” is once again a foremost concern. For those of us who have lived long enough to see and feel the rise and fall of the Cold War, that is not the 2015 world we expected in the early 1990s.
In 2015, on one hand, the most likely risks are Interstate conflict, Failure of national governance, State collapse or crisis, along with Failure of climate change adaptation and Extreme weather events. On the other hand, the most average risks, i.e. what the respondents fear most, are Food crisis and Profound social instability, along with Large-scale involuntary migration, the latter making much of the news in Europe this summer.
An interesting feature of the 2015 report is what trends that contribute to what risks:
It is clear that Profound social instability is THE risk that is driven by a number of trends, alongside Interstate conflict and Failure of national governance.
Looking at how risks are interconnected, a similar picture emerges:
Again, Profound social instability, Interstate conflict and Failure of national governance are at the heart of all other risks.
Conclusion
In summary, the Global Risk report 2015 highlights and reflects upon a wide range of cross-cutting challenges that can threaten social stability. These risks are additionally aggravated by the legacy of the global economic crisis in the form of strained public finances and persistent unemployment. So basically, things have not improved since the inception of the Global Risk Reports in 2005, they have in fact turned worse. Local risks have now gone global.
The 2015 FM Global Resilience Index provides an annual ranking of 130 countries and territories according to their business resilience to supply chain disruption. Presented both as a report and an online map it is a visually impressive way of conveying an important message: Beware of where you do your business. As to my home turf the report Norway retains its top position in the index from last year, with strong results for economic productivity, control of corruption, political risk and resilience to an oil shock.
The map
This is how the map looks like for 2015
It’s definitely intriguing to see which countries that rank at lower end and higher end of the resilience scale.
Comprehensive and complete?
Supply chain risk is one of the leading causes of business volatility, so says the report.
The FM Global Resilience Index is the first data-driven tool and repository that ranks the resilience of 130 countries and territories to supply chain disruption. It is designed to help executives evaluate and manage unknown risk potentially inherent in the countries they rely upon. Nine key drivers of supply chain risk are grouped into three categories: economic, risk quality and supply chain factors.
Well, lets take a closer look at how the index is calculated
Levels, factors and drivers
The index is calculated at three levels. Level 1 of the index provides a country ranking of business resilience to supply chain disruption. Level 2 comprises three factors, the core elements of resilience: economy, risk quality and supply chain. Level 3 includes a set of nine drivers that determine the business resilience to supply chain disruption for a country: GDP per capita, political risk, vulnerability to an oil shock, exposure to natural hazard, quality of natural hazard risk management, quality of fire risk management, control of corruption, infrastructure, quality of local suppliers:
I think this index does capture most of what goes into measuring resilience, although it’s hard to judge from the outside what actually goes into the calculations of levels, factors and in particular, the drivers. This is proprietary data. That said, I have no doubt that the scores are statistically sound and based on valid data.
Conclusion
In their own words, FM Global describes the index as
The index offers business executives an additional resource to help in prioritising supply chain risk management and guiding strategy in four key areas:
1. Selecting suppliers based on the supply chain risk/resilience of the countries in which they are located,
2. Deciding where to locate facilities,
3. Evaluating the resilience of the countries hosting existing facilities, and
4. Assessing the resilience of the countries where customers’ facilities are based.
In summary, the index provides a robust, composite view of business resilience to supply chain disruption around the world.
A bit of marketing here, but worth looking at, as an initial step in assessing one’s own supply chain resilience.
Is it possible to devise a simple framework for assessing the resilience of the transport infrastructure? The answer is Yes, and the New Zealand Transport Agency has done so. That said, it is not a “simple” framework. It is comprehensive, it is academically well-founded, it is practical, but it is not easy to put into use. Nonetheless, New Zealand has done that, too. In my opinion, it is something many countries can learn from.
My own struggles
I came across this report onMeasuring the resilience of transport infrastructure, published by the NZ Transport Agency, while trying to come up with a similar means of measure for the Norwegian road network. The measure would be put into use (among many other criteria) for prioritising investment projects in our National Transport Plan, a ten-year-plan that is revised every four years and that outlines how the Government intends to prioritise resources within the transport sector. The emphasis here is on “outlines” and “intends”, since the plan is not a commitment, merely an intention, and funding has to be allocated and voted upon by the parliament every year. Still, the four national agencies that are responsible for air, sea, rail and road transport in Norway spend considerable resources for finding projects, evaluating them and prioritising them, just to see the politicians then preferring the politically attractive projects over the economically attractive projects, as I wrote in a post some time back on why the world’s richest country has the world’s worst roads.
Resilience defined
Anyway, back the New Zealand report, and the reason for mentioning it on this blog, is the thoroughness with which the subject of resilience is described, and then narrowed down into two components: technical resilience and organisational resilience.
But before I get to that point, what enticess me most of all is their definition of resilience:
The concept of resilience is wider than natural disasters and covers the capacity of public, private and civic sectors to withstand disruption, absorb disturbance, act effectively in a crisis, adapt to changing conditions, including climate change, and grow over time.
As the report states, this definition rightly acknowledges that the service the infrastructure delivers will be disrupted, due to damage to the infrastructure; however, the service is able to reduce the possibility of failure, adapt and recover from a disruptive event and/or gradual external changes over time.
This reminds me of one my previous posts, about resilient organisations. There, resilience is about a company’s capacity to benefit from unlikely events, events which could have turned into threats, but instead were turned into opportunities. It is about the capacity to take advantage of serendipity, to take advantage of involuntary sagacity.
Two dimensions of resilience
The reseach report goes through a number of approaches towards resilience, citing academic references and relevant literature, and focuses on the key point, that resilience has two dimensions: organisational and technical:
Technical resilience: The ability of the physical system(s) to perform to an acceptable/desired level when subject to a hazard event.
Organisational resilience: The capacity of an organisation to make decisions and take actions to plan, manage and respond to a hazard event in order to achieve the desired resilient outcome.
I think this makes sense. While you can invest in strengthening your infrastructure techincally, this will not make you any more resilient unless the organisation(s) responding to an event are skilled, prepared and trained towards it.
Within these dimensions the authors describe underlying principles of both technical and organisational resilence:
Technical:
Robustness: the ability of elements, systems and other units of analysis, to withstand a given level of stress or demand without suffering degradation or loss of function
Redundancy: the extent to which elements, systems, or other infrastructure units exist that are substitutable, in the event of disruption, degradation, or loss of functionality.
Safe-to-fail: the extent to which innovative design approaches are developed, recognising that the possibility of failure can never be eliminated.
Organisational:
Change readiness: the ability to sense and anticipate hazards, identify problems and failures, and to develop a forewarning of disruption threats and their effects.
Networks: the ability to establish relationships, mutual aid arrangements and regulatory partnerships, understand interconnectedness and vulnerabilities across all aspects of supply chains and distribution networks.
Leadership and culture: the ability to develop an organisational mind-set/culture of enthusiasm for challenges and opportunities.
As I see it, the authors have captured mots if not all of which that goes into resilience.
Overall resilience score
Based on the dimensions and principles the authors devise a resilience assessment framework that comes up with a final overall resilience score: Very High, High, Moderate and Low resilence.
Complicated? Maybe. Comprehensive? Yes.
Reference
Hughes, JF and K Healy (2014) Measuring the resilience of transport infrastructure. NZ Transport Agency
research report 546. 82pp
How does the Norwegian Public Roads Administration NRPA assess the vulnerability of the Norwegian road network? This is the first post in an attempt at resurrecting this blog from its hibernating state that has now lastet for some 18 months., and marks the start of blog posts form my life as senior adviser in contingency planning and crisis management, where I spend much of my working hours developing tools for risk analysis and giving lessons on how to conduct risk analyses. The inspiration for this post is taken from the course material I prepared for a recent course.
Why risk and vulnerability analysis?
As a government body, the NRPA adheres to many laws and rules, and is guided by a number of policies and principal documents. One of these documents, the National Transport Plan, or NTP in short, states that the national goal for transport is:
To provide an efficient, accessible, safe and environmentally friendly transport system that covers society’s requirements and encourages regional development.
with accessibility being one of four main goals, as described here:
Our transport policy is to improve traffic flow and reduce the time of travel in order to strengthen competitiveness of industry and contribute to maintaining the main features of existing settlement patterns.
The most recent NTP 2014-2023 emphasizes reduced vulnerability and more adaptation to climate change as an important issue for the future:
Precipitation, temperature and wind have a strong impact on transport infrastructure and traffic management. Extreme weather, with strong winds, storm surges, heavy rains and temperature fluctuations, imposes increased demands on infrastructure. Large sections of the current transport network are not sufficiently resilient to withstand such increased strains. The infrastructure must be made more robust and emergency preparedness must be improved.
The NRPA has its own bylaw, describing in detail which tasks that we are responsible for doing, and with accessibility closely linked to vulnerability, it is no wonder then that risk analysis and contingency planning (among many other tasks) is mentioned specifically:
The NRPA is to have an overview of the threats to and the vulnerability of the road network, and work across its own organsation (and together with other agencies) in necessary contingency planning in order to ensure the best possible accessibility under changing conditions and/or possible or actual threats.
Being able to see, evaluate and manage potential risks and vulnerabilities is in fact part of the NPRA’s obligation towards society.
Societal security and business continuity
The background for this obligation can be found in the term “Societal security”, a term not very common outside of Norway. “Societal security”, which I tried to explain in a previous post, is best translated as the ability that a society has to persist under strenuous circumstances, to maintain important functions, and to provide the necessary services to uphold the life, health and welfare of its members.”It is very similar to the Finnish “security of supply” that I wrote about some time ago.
For the NRPA societal security, or “samfunnssikkerhet” in Norwegian, means the ability that we (the NRPA) has to to persist under strenuous circumstances, to maintain important functions, and to provide the necessary transport network so that society can persist. Since we plan, build, operate and maintain the Norwegian road network, it is our duty to make sure that it is functioning and accessible 24/7, even during worst of times. That is the obligation that we have towards society.
This obligation towards “societal security” is apparently so important in today’s world that the ISO in 2013 published an international standard, ISO 22301 – ″Societal Security — Business continuity management systems”, as a response to governments and regulators beginning to recognize the role of business continuity in mitigating the effects of disruptive incidents on society.
This is also reflected in Helen Peck’s 2006 article on Reconciling supply chain vulnerability, risk and supply chain management, where Peck refers to the UK Civil Contingencies Act of 2004 that requires the undertaking of business continuity planning and risk management from local government authorities, utilities providers and commercial organizations with responsibilities for essential public transport and critical infrastructure.
Risk and vulnerability
Back to risk and vulnerability, according to ISO 31000 Risk Management, there is no distinction between risk analysis and vulnerability analysis, it’s just risk analysis. However, for reasons that I cannot really understand, in Norway we mostly call it risk and vulnerability analysis. Linking risk and vulnerability is difficult. Where does one end and the other start? In my understanding, I usually use these definitions:
Risk is the potential likelihood that an event will occur and the potential consequences if the event occurs.
Vulnerability is the ability that an object has to withstand the effects of an (unwanted) event and to resume its original condition or function after that event.
Hence, to me, risk is associated with the immediate consequences of an event, while vulnerability is associated with the extent of the ability to manage or handle the wider consequences and long-term effects rather than the imminent consequences. Essentially, the less you can handle, the more vulnerable you are. Or, to use the term business continuity, vulnerability is that which stops business from continuing.
Example: Risk: A bridge is prone to being closed because of frequent flooding. Vulnerability: There is no diversion route.
I often use the bow-tie figure below to illustrate the difference between risk and vulnerability, and between proactive and reactive measures, i.e. mitigative actions and contingent actions..
Please note that the consequence in the right column does not necessarily relate directly to the cause on the same line in the left column. Also note that the consequences illustrate the wider effects on society, i.e. the business continuity issues related to societal security, whereas the event is the immediate effect resulting from the cause(s).
ISO 31000 Risk and Vulnerability Analysis
The risk and vulnerability process in the NRPA follows the terms and steps (5.3 to 5.5) used in ISO 31000, as described in the figure below: While ISO 31000 describes very well what is meant by these terms, I have made my own a bit more hands-on descriptions for what a risk and vulnerability analysis contains:
What Values do we have?Establishing the context 5.3
What do we want to protect? What can we accept?
What are the Threats we face?Risk identification 5.4.2
What are our challenges? What can go wrong? What do we fear?
What are the Likelihood and Consequences of events?Risk analysis 5.4.3
Why and how can things go wrong? Causes, drivers and results?
How is our Vulnerability and Robustness?Risk evaluation 5.4.4
If things go wrong, how bad is it really? Can we cope (or not)? What are the wider effects?
Which Likelihood-reducing measures are there?Risk treatment 5.5
What have we done (and what more can we do) to prevent things from happening?
Which Consequence-reducing measures are there?Risk treatment 5.5
What have we done (and what more can we do) to prevent things from getting worse, if they indeed do happen?
Perhaps not the best of descriptions, but they work for me.
Three levels of analysis
As to the risk and vulnerability analysis itself, it is done at three different levels: simple, simplified and detailed. Simple analysis (Level 1):
A risk and vulnerability analysis that is used to identify what risks and vulnerabilities that exist and to make initial easement of how they should be treated. The analysis shall point at possible challenges and solutions, and is a mostly qualitative analysis, a best guess or estimate.
Evaluation criteria: Best judgement
Situation OK, risk treatment can be done if desired, but is not required.
Situation NOT OK, risk treatment is necessary and should be done, it is not required, but highly recommended.
Situation NOT OK AT ALL, i.e. unacceptable, risk treatment is required and must be done.
Simplified analysis (Level 2)
An extended risk and vulnerability analysis that is used to evaluate risk and vulnerability, when or where the first analysis does yield conclusive results or when or where there is a need for a more thorough analysis to evaluate different risks and risk treatments. This is a mostly quantitative analysis that aims at determining more precise values for likelihoods and consequences.
Evaluation criteria: Risk matrix
Note that this is a generic matrix and that one must decide on which values and increments to use for likelihood and consequence before starting the analysis, by answering the question “What can we accept?” when establishing the context. This also establishes the colour grading of the matrix, which may or may not be as seen above. Being generic, this matrix should be extended to include analysis-specific consequence categories, as seen in this book on Security Risk Management, e.g. consquences for people’s life/health, environment, accessibility, property/equipment.
Detailed analysis (Level 3)
A special risk and vulnerability analysis that is used to analyse specific risks and vulnerabilities, e.g. in the construction and design details of roads, bridges and tunnels. This is a detailed and quantitative analysis using statistical methods and forecasting tools aimed at ruling out any missed uncertainties in the previous levels of analysis.
Evaluation criteria: analysis(object)-specific This type of analysis is not often used within the NRPA and mostly contracted out to consultants and risk analysis experts.
Events
Obviously, there are many events that could close down a road, too many to think of, actually. That is why the NRPA risk and vulnerability analysis guidelines lists a set of “standard” events for which a road should be analysed, in order to generate a risk profile.
Adverse weather
Bridge closed
Drainage failure
Electricity blackout
Ferry link failure
Fire (in objects on or near the road)
Flooding
Foundation failure
Frequent accident point
Hazardous goods accident
High winds
Landslide (earthflow)
Malicious actions/terrorism
Quick clay slide
Restrictions (in height, width, weight, axle load etc. that make the road inaccessible to some vehicles, typically Heavy Goods Vehicles)
Road rescue and towing (of Heavy Goods Vehicles, other car rescues are neglible)
Rockfall
Snow avalanche
Storm surge
Terrain sinking (non-slide)
Transport hub inaccessible
Tunnel closed
In a later post I will present some of the analyses done in my work region and the risk profiles they resulted in. It is quite interesting to see which events that are most frequent in which areas.
Summary
This post was meant to give some basic insight into how the Norwegian Public Roads Administration NRPA assesses the vulnerability of the Norwegian road network. It will be followed up by more detailed posts.
Author’s note
This is my first post for some 18 months now, and it has taken me more time than expected to write this. Not just because of the language barrier, as the original material for this post is in Norwegian, but also because of a “writing barrier”. Wording and phrasing and structuring a blog post is a skill that needs regular training and I must admit that my skills are still a bit rusty. Nonetheless, there’s more to come.
In our interconnected world, safety, reliability and efficiency can only be secured through collaboration between industries and government. This is the theme of a recently published report titled New Models for Addressing Supply Chain and Transport Risk. Written in collaboration with Accenture and published as an initiative of the Risk Response Network with the World Economic Forum, the report highlights the urgent need to review risk management practices to keep pace with rapidly changing contingencies facing the supply chain, transport, aviation and travel sectors.
Are economic imbalances and social inequality risk reversing the gains of globalization? Should we shift our concern from environmental risks to socioeconomic risks? Will further economic shocks and social upheaval roll back the progress globalization has brought? How well are the world’s institutions equipped to cope with today’s interconnected and rapidly evolving risks? These are the questions asked by the seventh edition of the Global Risk Report, just out.
Today’s supply chains circle the globe and form the backbone of world trade and a are major factor in the global economy, linking countries far from us as if they were our neighbors. The world is becoming smaller, no doubt. But this increasingly tighter connected world is also increasingly dangerous, and it thus imperative to secure supply chains against any form of man-made and natural disruption. So say PwC in the lastest volume of their Transportation & Logistics 2030 series: Securing the supply chain. Based on a survey of a global group of experts using the RealTime Delphi method, this well-founded report highlights and explores what elements of supply chain security they believe will be most critical in the future.
In September and October 2009 the Economist Intelligence Unit surveyed 500 company executives with responsibility for risk management, and selected from companies across Asia-Pacific, North America and Europe, in order to understand how companies are being affected by supply-chain risk, and how they are responding to it. While colored by the them still lingering recession, and perhaps already as old as the proverbial water under the bridge, the report titled Managing supply chain risk for reward nonetheless paints a good picture of what supply chain risks these executives think thought are were the most pressing issues in their industry. This post will highlight some of the findings from the report, even though things may have changed in the meantime…
We are living in a new world of risk that is making this world unprecedentedly complex and challenging for corporations, institutions and states alike. Supply chains are no exception, and in our quest for greater efficiency and greater choice, are we really developing robust global transport networks or simply building a house of cards? That is what the Supply Chain and Transport Risk Initiative, nested within the Risk Response Network (RRN) of the World Economic Forum is trying to answer. The aim is to develop better international risk management mechanisms and improved crisis response across the public and private sectors to deal with the major risk of disruption in transport and supply chains. This post takes a closer look at this initiative and what it is up to.
Are you are taking radically different actions than your peers when it comes to supply chain risk management? If so, Marsh Consulting thinks you are an innovator and blazing the trail for others to follow. At least, that’s what they say in their report Stemming the Rising Tide of Supply Chain Risks: How Risk Managers’ Roles and Responsibilities Are Changing. Penned by Beth Enslow and written in 2008 and well before the global financial downturn had companies think of anything but supply chain risk, this study of 110 North American risk managers by Marsh in collaboration with Risk Insurance magazine found that only 35 percent considered their companies to be “moderately effective” at managing supply chain risk, not a very uplifting figure, I must say. Having said that, the report clearly shows what “the innovators” do differently and how they have managed to “rein in” their supply chain risks, as the report says.
What happens when a business is disabled for a length of time? What are the impacts on its profitability, service delivery, and employees? What are the flow-on effects to the broader community? What are the key attributes that can help a business to bounce back or bounce forward from a disruption? Those are the issues the Australian Resilience Expert Advisory Group REAG discusses in a position paper titled Organisational Resilience. I was alerted to this paper by a recent post on the blog of Ken Simpson, a resilience expert and blogger from Australia. The paper details a set of core principles and resilience attributes that can be applied across a diverse range of critical infrastructure organisations, and although it is aimed at the individual business and its management, it is a paper that makes sense in a range of organizational settings.
This blog is about supply chain risk, business continuity and transport vulnerability, and while I have blogged profusely about supply chain resilience in a vast number of posts over the last 3 1/2 years, citing journal articles, book, papers and research reports en masse, one major reference – perhaps the major reference – has so far been omitted: Creating Resilient Supply Chains: A Practical Guide, published by the University of Cranfield in 2003. Commissioned by the UK Department of Transport, with Helen Peck as the principal researcher, the objective of the report is to increase awareness, understanding and thus the ability of UK industry to cope with disruptions to its supply chains. To that end it provides insight and practical tools, which will assist managers in improving the resilience of their organisation’s supply chain networks.
Supply chains have gone global. No longer are they a point-to-chain of goods flowing from a source to a consumer, but a global network of interlinked businesses, processes and services. Supply chain risks have gone global, too, and one tiny incident somewhere in this vast network may result in devastating effects that can ripple across the entire supply chain. No wonder then that supply chain risk has become a major selling point for consultants who are making a living from selling solutions that are “guaranteed” to capture and manage the exact and full risk that a company is facing. We academics often frown at these consultants and their glossy whitepapers, but truth is that some of them are highly valuable and well-researched, and excellent food for thought. Take this whitepaper for instance, An Integrated View of Supplier Risk by a company called Hiperos. Here, supplier risk management is focused on four areas: the supplier’s viability, performance, compliance and corporate social performance. That is a perspective very much in line with my own ideas of holistic risk management.
For a budding and even for a seasoned researcher, nothing is more rewarding than to have one’s publications cited. Sometimes that happens in the unlikeliest of places. Or maybe this place is not so unlikely after all, given the main themes of my 10 years of research: supply chain risk, business continuity, and transportation vulnerability. It’s the latter that has caught the attention of a consultancy in the UK when preparing a report for the UK Highways Agency. The report, dated 2010 and titled Network Resilience and Adaptation, assesses and details in great depth the vulnerability and resilience of the transport infrastructure in the East of England and displays it using a GIS. “My” contribution, if I may call it that, is in the literature review section of the report, where definitions and perspectives on vulnerability, resilience and related terms are discussed. Frankly, I had almost forgotten about these definitions, since I wrote them in a paper in 2004, but it’s nice to see that they still make an impact.
“Ten or fifteen years ago, you could not convince most procurement and supply-chain professionals to talk about supply-risk management. Today you can not get them to stop talking about it.” That is what Zycus, the self-proclaimed spend management experts, claims in their latest whitepaper “The Supply Risk Explosion – Building a business culture that can cope“. I must admit that they do indeed have a point. Today’s list of supply-related risks can seem nearly infinite: supplier bankruptcy, tight credit, emerging capacity constraints, commodity price inflation, low inventories, product recalls, supply-chain globalization, supply-base rationalization, corporate cost cutting, dangerous management decisions, currency fluctuations, terrorism, increased regulatory activity, outsourcing, sustainability, social responsibility, social media, unfair trade practices, and so much more. How can any firm not be overwhelmed by this?
The twelve future trends that will shape value chains and supply chain management during this decade. Are you ready for what is coming? If you need an inspiring break in your daily routine, this is the report for you, and I haven’t had this much fun when reading a report for a long time. Although printed on glossy paper and richly illustrated, most company reports or whitepapers are usually not an overly exciting read. This one is. Whoever decided the layout and graphics for this report must have had a great time doing so. There simply is no better way to get the message across and to show the 12 global root trends that address change in society, shopper behavior, environment and technology. Above all, sustainability is the new buzzword. And lest not forget, supply chain risk and business continuity are part of the picture…implicitly.
Many global supply chains are not equipped to cope with the world we are entering. Most were engineered, some brilliantly, to manage stable, high-volume production in China and other low-cost countries. But in a future when the relative attractiveness of manufacturing locations changes quickly—along with the ability to produce large volumes economically— such standard approaches can leave companies dangerously exposed. So say Yogesh Malik, Alex Niemeyer, and Brian Ruwadi in the McKinsey Quarterly of January 2011. Essentially, in the future, economies of scale need to be replaced by economies of flexibility in order to cope with the risks of turbulent and shifting sourcing and manufacturing opportunities, wherever they occur…and disappear again.
What is risk management in supply chains? The more I study supply chain risk management, the more confused I get. The supply chain risk literature is inconsistent at best at conflicting at worst. There are so many terms and definitions, and each author, book, paper, or article seem to have its own way of describing the subject matter. Perhaps they haven’t heard about ISO Guide 73:2009 Risk Management Vocabulary? After all, it provides the definitions of many of the generic terms related to risk management. That is why this post will present some of the most frequent used terms relating to the management of risk in an attempt to promote a coherent approach to the description of activities. Will it help? I’m not sure, but the least I can do is spread the word.
Some of you may remember that I posted about the SCOR Framework for Supply Chain Risk Management earlier this year, and today I will take a closer look at it again, because I recently found a post on scdigest.com, where Mitul Shah, one of the key members of the working group behind the framework, explains how this risk management framework can be put into use to calculate the Value-at-Risk (VaR). This Value-at-Risk is an important construct in estimating the economic implications of supply chain risks and in implementing the best strategies for supply chain risk management. This post is based on those three posts and my personal communications with Mitul Shah, Manager at Accenture Consulting.
Have you heard of ISO 28002? No? You should take note of this standard, because the ISO 28000 series specifies the requirements for a security management system for the supply chain. The standards address potential security issues at all stages of the supply process, thus targeting threats such as terrorism, fraud and piracy. The most recent addition to the series is ISO 28002: Security management systems for the supply chain – Development of resilience in the supply chain, published in September 2010. ISO 28002 details how an organization can engage in a comprehensive and systematic process of prevention, protection, preparedness, mitigation, response, continuity and recovery. This post will take an inside look at ISO 28002 and highlight the essential content.
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
We do not use cookies of this type.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
We do not use cookies of this type.
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
We do not use cookies of this type.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
We do not use cookies of this type.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
We do not use cookies of this type.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
