2
Supply Chain Risk Management
The As-Is Landscape
Copyright © 2014. CRC Press LLC. All rights reserved.
In this chapter we provide an overview of the growth of supply chain risk
management (SCRM) during the last few years and provide additional
insight into who is talking about SCRM, what they are saying, and the
tone of the dialogue. We will provide a summarized view of SCRM topics, announcements, articles, reports, and survey results that help define
the state of SCRM today. We will also share a perspective on SCRM
through a different prism: the Four Pillars of SCRM. We will then provide
a maturity level for each pillar. The chapter concludes with discussion of
SCRM adoption.
A Chronology of Supply Chain
Risk Management
Let’s start by providing a sense of the growth of SCRM in terms of awareness, discussions, articles, papers, surveys, solutions, tools, and more.
During our research for this book we compiled hundreds of reference
works in order to provide a comprehensive, end-to-end perspective of
SCRM. Using these reference works and our experience, we have compiled a chronology of the growth we’ve witnessed and the tone and tenor
of the dialogue.
While many risk management studies and surveys were conducted during 2000–2010, our focus starts with the latter part of that decade. Most
supply chain executives became interested in SCRM after the financial
meltdown of 2008. Company after company watched, almost helplessly, as
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
25
26 • Supply Chain Risk Management: An Emerging Discipline
customer orders were canceled, suppliers entered bankruptcy, and commodity markets became increasingly volatile. For many, 2008 was the
genesis of their risk management efforts.
Copyright © 2014. CRC Press LLC. All rights reserved.
2009
Most operations management and supply chain management professionals are familiar with the International Organization for Standardization
(ISO) Group and its set of standards that revolve around quality control
and process reliability, such as ISO 9000. In 2009, the ISO Group delivered
its first set of standards directly relating to supply chain risk, which was
a major recognition of the importance of SCRM. These standards include
ISO 73 and ISO 31000. ISO 73 profiles the vocabulary and taxonomy of
risk within the supply chain, and ISO 31000 provides insight into the principles, practices, and guidelines to effectively identify, assess, mitigate, and
manage supply chain risk.
A key report during this period was Accenture’s 2009 Managing Risk for
High Performance in Extraordinary Times.1This global report, which surveyed 260 CFOs, chief risk officers, and other executives across 21 countries, came right after the 2008 financial meltdown. This report explored
the details of what was going on around the globe relative to risk and its
impact on businesses and supply chains. It was one of the first comprehensive analyses of the cause and effects of risk to global supply chains.
This report revealed that 85% of executive respondents said their company needed to overhaul its approach to risk management; 40% said their
companies already had increased or would increase their investments in
broader risk management capabilities; 41% stated their risk management
costs increased by at least 25% over a three-year period; and only 27%
said their risk management function was involved, to any great extent, in
objective setting and performance management.
Accenture concluded that steps needed to be taken to manage supply
chain risk to protect a company’s competitive advantage, reputation and
branding, and credit ratings; to maintain positive comments by analysts; and to ensure access to capital over time at a reduced cost. Overall,
Accenture reported that many companies had a long way to go before they
should feel comfortable about their company’s state of risk management.
AMR released a report on risk in U.S. manufacturing to get a sense of
how businesses feel about the future and what they saw in terms of risk. The
top three concerns of U.S. manufacturers were supplier quality failures,
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
Supply Chain Risk Management: The As-Is Landscape • 27
commodity price volatility, and intellectual property infringement. In
particular, supplier solvency was a key concern. Furthermore, respondents
said that doing business with Chinese suppliers was contributing the most
to overall risk, scoring the highest in 11 out of 15 risk categories evaluated.
2010
Copyright © 2014. CRC Press LLC. All rights reserved.
In 2010, we began a course for a master’s of business administration degree
by explicitly profiling the emerging elements of supply chain risk management. The initial courseware was made up of articles, survey outcomes,
reports from the insurance industry, and the basics of good risk management. As the course grew in maturity, a Supply Chain Risk Assessment
Tool emerged that codified the effects of supply chain maturity as it relates
to mitigating risk. The basic premise was that as the supply chain matures,
the inherent risks faced by that supply chain diminish.
The Supply Chain Risk Assessment Tool, featured in Figure 2.1, encompasses about 100 questions-of-discovery about a company’s supply chain
across 10 tenets of the entire supply chain. It is a perception-based tool that
captures the complexion of a company’s operating environment relative to
a maturity model and then develops an inherent risk factor for every tenet.
Risk factors are then plotted inside a spider diagram for visual presentation using a red, yellow, and green designation. There will be more discussion about this tool later in the book.
SCRM Risk “Heat Map” Assessment
Customer
Demand
Heat Map Color Key
Risk
Gradient
Low Risk
1 to 4
Medium Risk
5 to 7
High Risk
8 to 10
Logistics
Integrated
Supply Chain
Supply
Leadership
10.00
8.00
6.00
4.00
2.00
Balanced
Scorecard
S&OP
Processes
0.00
1.00
3.00
Industry
5.00
7.00
9.00
Manufacturing
Information
Systems
Figure 2.1
Tools: supply chain risk assessment.
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
Copyright © 2014. CRC Press LLC. All rights reserved.
28 • Supply Chain Risk Management: An Emerging Discipline
During 2010, the Massachusetts Institute of Technology (MIT) Center
for Transportation and Logistics produced its preliminary findings from
the Global Supply Chain Risk Management research project. The survey
collected 1,400 usable responses from companies in 70 countries. The
project’s primary goal was to understand if regional and cultural differences affect how people think about and manage supply chain risks. This
survey was a seminal point in the birth of SCRM. The final report covers
differences in attitudes about risk, differences in risk frequencies (internal
and external events) and priorities, and differences in practices across
countries and industries.2 It is one of the few reports that approached risk
from a cross-cultural perspective.
The MIT report concluded that respondents showed a marked preference for risk prevention as opposed to planning and response, but that
was influenced by national culture. Furthermore, most respondents indicated that risk planning and prevention should be carried out centrally
in an organization, while actual responses to most risk events should be
managed locally. Respondents were also asked to rank the top supply
chain disruptions for which their company should prepare. A breakdown
in supply quality, supplier financial failures, and internal process failures
topped the list.
Aberdeen Group also produced a comprehensive report on SCRM.
Their findings further supported the notion that SCRM is evolving as
a concept.3 One of the key findings from this study was an analysis of
the reasons behind pursuing an aggressive risk management agenda. The
top reasons include protecting the organization and its brand, safeguarding against an unpredictable global economic environment, a corporate
mandate to institutionalize/improve risk management, complying with
new and changing regulations, and maintaining and improving shareholder value.
And what did the Chief Procurement Officers (CPOs) plan to do to
manage risk according to Aberdeen? The CPOs expected to develop
clearly defined metrics for supply performance and risk, develop contingency plans for supply disruptions, use external information services
to monitor and assess supply risk, and define ownership of risk within
the organization.
This groundbreaking report was one of the first times a research organization put together a comprehensive profile in an effort to codify the
elements of a good SCRM journey. Figure 2.2 illustrates the actions items,
capabilities, tools, and techniques that will help ensure success within the
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
Supply Chain Risk Management: The As-Is Landscape • 29
Pressures
Actions
– Protect the organization – Implement processes
and its brand/
aligning risk
competitive advantage
management with
– Unpredictable global
compliance/governance
economic environment – Develop supply risk
mitigation strategies
– Build risk aware
culture throughout
the organization
Capabilities
– Standard risk
management
policies and procedures
across the enterprise
– Management
accountability
for risk management
activities within overall
governance framework
– Transparency in
communication of risk
information (i.e., policies
including escalation
criteria, procedures,
practices & thresholds)
– Risk information
integrated into core
decision-making (i.e.,
strategic planning
capital allocation and
performance
management)
Enablers
– Enterprise Risk
Management (ERM)
platform/software
– Enterprise governance,
risk, and compliance
(GRC)
platform/Software
– Event management
(triggers/alerts)
– Query & reporting tools
– Enterprise BI platforms
– Heat
maps/dashboards/
balanced scorecard tools
reflecting risk
– Predictive
analytics/process
modeling tools for
measuring and
monitoring risk
Aberdeen Group CPO Survey Report & SCRM Report 2010
Figure 2.2
Copyright © 2014. CRC Press LLC. All rights reserved.
Best-in-class SCRM framework.
risk management arena. The bulk of Aberdeen’s findings about and journey toward good SCRM hold true today.
Also in 2010 PRTM (now part of PricewaterhouseCoopers) released its
Global Supply Chain Trends Report.4 A few of the novel themes emanating from this study were that almost 75% of all the respondents believed
that demand and supply volatility will become the biggest roadblock to
capturing profits in the economic upturn, and more than 80% expected
complexity in their supply chains to increase dramatically, partly due to
an increase in product proliferation. The PRTM study produced several
important takeaways:
• Demand and supply volatility is here to stay.
• Supply chain complexity will be with us for many years.
• End-to-end supply chain cost optimization will be critical moving forward.
• Risk and opportunity management should span the entire supply
chain, including with key partners.
This research concluded, and this has certainly been borne out by
subsequent experience, that supply chains will become more volatile
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
Copyright © 2014. CRC Press LLC. All rights reserved.
30 • Supply Chain Risk Management: An Emerging Discipline
and complex. The researchers also concluded that most companies are
ill-prepared to manage this complexity and that risk management will be
a critical success factor affecting corporate success.
We also saw two more reports explicitly targeting supply chain disruptions and their financial impacts. Chainlink Research and Hendrick &
Singhai had been working on attempting to codify the financial impacts
of supply chain disruptions on company bottom lines. According to these
resources, a publicly traded company that experiences a moderate to
severe supply disruption should expect to realize a 107% drop in operating
income on average, 114% drop in return on sales, 93% drop in return on
assets, 7% lower sales growth, 11% growth in cost, 14% growth in inventories, and a 10% reduction in shareholder value. This is one of the first
reports that linked risk events to tangible performance shortfalls.
Finally, a report from the Business Continuity Institute (BCI) in the
United Kingdom revealed serious levels of supply chain failures and disruptions around the globe. This study found that weather disruptions
affected more than half of all companies in 2010, up from 29% the previous year. Unplanned IT and telecommunication outages were second on
the list of most frequent disruptions. More than one third of companies
mentioned service failures by outsourcer providers, up from 20% the previous year. More than 50% of the respondents stated that their disruptions
led to a loss of productivity and 20% of the respondents admitted they had
suffered damage to their brand or reputation as a result of a disruption.
The report concluded that the serious levels of supply chain disruption
experienced by organizations around the globe, coupled with the wide
range of threats, underscores the business case for investment in business
continuity planning (BCP). We will go into more detail later about BCP.
For now, consider BCP to be an internal insurance policy or risk response
plan that identifies, assesses, mitigates, and manages risk scenarios.
2011
During 2011 Accenture began to talk about the “new normal” of global
supply chains. The new normal featured more global sourcing and manufacturing, hyper-demand requirements, longer supply chain lead times,
more potential points of failure, and managing supply chains in far-flung
corners of the world.5 With these elements of supply chain risk coming to
the surface, Accenture produced a set of principles that support the birth
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
Supply Chain Risk Management: The As-Is Landscape • 31
of supply chain risk management as a discipline. These six principles
include the following:
Copyright © 2014. CRC Press LLC. All rights reserved.
1. Integrate risk management practices across all business functions to
ensure understanding, commitment, and alignment
2. Identify, measure, and prioritize risks by mapping out the complete
supply chain “ecosystem”
3. Emphasize operational flexibility, global visibility, and diversified
supplier portfolio to blunt the impact of supply chain calamities
4. Use probability modeling to identify unknown risks and develop
contingency plans
5. Insist that suppliers and business partners perform up-front due
diligence
6. Hedge risk by making prudent choices about insurance
We will dig deeper into every one of the six tenets throughout the book.
AMR surveyed more than 500 executives worldwide during 2011 and
asked questions about supply chain risks, disruptions, effects of those disruptions, and methods to mitigate and manage risk. Supply failures were
the most cited disruption noted by executives. Quality failures, natural
disasters, and commodity price volatility were also cited by almost one
third of respondents. In terms of the most common risk management
approaches, executives said they relied on (in order of mention) meetings/
discussions with external partners and suppliers, predictive analytic tools,
staying current with supplier business continuity plans, utilizing reports/
data from third-party sources, and utilizing performance risk dashboards.
In October 2011 SCM World, the global institute for supply chain learning, training, and development at Stanford University, released its annual
Chief Supply Chain Officer (CSCO) study.6 The survey involved 750 global
executives of which over 50% were vice presidents or higher. The report was
conducted during the immediate aftermath of the Japanese earthquake
and tsunami, creating an interest in understanding how supply chains
were reacting to these disruptions. The report highlighted the disruptions
due to the tragic events, how many companies had suffered shortages in
supply and capacity, lost sales, inventory write-offs, and plant closures
across many industries. Even though the report didn’t examine supply
chain risk specifically, it did talk at length about how the supply chain
is a critical success factor and a driving force for competitive advantage.
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
32 • Supply Chain Risk Management: An Emerging Discipline
Another key theme throughout the report was that supply chain sustainability is critical in terms of driving value for the corporation, especially
in times of demand and supply volatility.
During this period we also picked up on definitions of a resilient supply
chain from the Supply Chain Council.7 While the Supply Chain Council
was updating its SCOR Model and risk definitions and frameworks, the
importance of resiliency in the supply chain came to the surface. Essentially,
the council concluded that in a world of technical change, financial risk,
political turbulence, and mounting regulatory pressures, industry growth
does not always proceed smoothly. Risk management is especially challenging when threats are unpredictable. At the same time, corporations
are accepting broader responsibility for social and environmental impacts
of their supply chains. A resilient enterprise has the capacity to overcome
disruptions and continually transform itself to meet the changing needs
and expectations of its customers, shareholders, and other stakeholders.
Copyright © 2014. CRC Press LLC. All rights reserved.
2012
Another study by the Business Continuity Institute addressed the impact
of the Great East Japan earthquake and Christchurch earthquake in New
Zealand. The key take-away from this research was the wide-ranging differences in an important SCRM metric, time-to-recovery. BCI assessed
how long it took supply chains to recover from the impact of the earthquakes. The compelling statistic is that almost 50% of all the respondents
needed more than five weeks to recover.
Aberdeen Group released a report on risk from a financial perspective.8 Coming off the heels of the Japanese disasters, the report attempted
to understand the risk-adjusted strategies actually operating inside the
CFO’s office. The report concluded that whether a company is looking to
reroute a supply source away from a natural disaster or seeking to mitigate the risk associated with tax audit exposure, it is clear that companies
with processes and tools that enable clear visibility to risk entities and a
means to react quickly are going to be the ones that hold the key to effective budgeting and profitability.
Zurich, one of the largest insurers in the world, published a set of supply chain risk statistics and some revealing numbers associated with supply
chain business interruptions.9 The insurer released a report that profiled
the causes behind supply chain disruptions derived from an analysis of
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
Supply Chain Risk Management: The As-Is Landscape • 33
insurance claims over a several-year period. Clearly, this analysis addressed
primarily hazard risk. The insurer found that 85% of organizations experienced at least one supply chain incident that caused disruption to their
business. More than 50% of supply chain disruptions occur because of
adverse weather, and just over 40% occur because of unplanned IT or telecom outages. Other significant disruptions occurred because of loss of
talent/skills, product quality incidents, civil unrest/conflicts, and cyber
attacks. Of the disruptions that occurred, nearly 40% originated below the
tier-one supplier level.
A research article titled Researcher’s Perspectives on Supply Chain Risk
Management presented a study of the diversity of perspectives surrounding supply chain risk management.10 This study identified three gaps in the
body of knowledge:
Copyright © 2014. CRC Press LLC. All rights reserved.
• Definition gap—there is no clear consensus on the definition of
SCRM because many limit the scope of SCRM to rare but large
events, while others believe that SCRM is about supply–demand
uncertainties. (Hopefully, the definitions we presented in Chapter 1
help to clarify this term.)
• Process gap—there is a lack of research on an important aspect of
the risk management process, namely, the response to supply chain
risk incidents.
• Methodology gap—there is a shortage of empirical research in the
area of SCRM.
During this period an important study on supply chain risk was concluded by Deloitte and Forbes Insights. This survey covered 192 U.S. executives, CEOs, CFOs, SVPs, and directors across multiple industries. One
finding that stands out from this work is that 91% of respondents said they
planned to reorganize and reprioritize their approaches to risk management during the subsequent three years.
A disconcerting aspect of this survey was the completely scattered
approach toward risk responsibility. Fully one quarter of respondents
indicated the CEO is primarily accountable for risk management; almost
a quarter said the said the CFO/treasurer’s office is primarily responsible;
almost 20% said the chief risk officer/treasurer is responsible; and fewer
than 15% said legal/compliance is responsible. The remaining respondents
were spread across various other groups. Future risk management plans
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
34 • Supply Chain Risk Management: An Emerging Discipline
include more than half of respondents saying their company planned to
elevate risk management within their organization, while almost 40%
said they will reorganize to support enterprise risk management (ERM), a
framework introduced in Chapter 1. Almost 40% of respondents said they
will provide more staff training, while almost one third planned to incorporate more technology into their risk management efforts.
And finally, SCM World, which we referenced previously, released its
annual Chief Supply Chain Officer report. This report surveyed more than
twice the number of companies as in 2011 and explored five main topics,
one of which was risk management. A novel aspect of this survey involved
SCM World asking respondents what they were doing to identify, assess,
mitigate, and manage risk and profiled the impact of risk events from
both demand and supply disruptions. From this study we learned that
the highest impact from supply and demand disruptions over a two-year
period was a loss of sales/revenue. In order of impact, subsequent impacts
included lower profits, delays in product launches and growth plans, loss
of customers, higher cost of capital, damage to image and reputation,
and lower share price/shareholder value. This research revealed the many
damaging effects of supply and demand disruptions.
Copyright © 2014. CRC Press LLC. All rights reserved.
2013
The start of 2013 featured the release of a report from the World Economic
Forum (WEF) in Davos, Switzerland. The sponsors of the report were
Zurich Insurance, Accenture, Partners against Corruption (PACI), and the
World Economic Forum. The report, titled Building Resilience in Supply
Chains, was an outcome of WEF’s initial Supply Chain Risk Initiative
started in 2011. A clear finding in this report is the need for organizations
to shift from reactive to proactive risk management. Another relevant
finding is that more than 80% of companies are now concerned about supply chain resilience. Study participants also indicated there is a need for
a common risk vocabulary and that cyber risk may have the greatest risk
implications for supply chains.
The World Economic Forum’s report touched on what it will take to
make SCRM a bona fide business discipline. Perhaps most importantly,
risk management must become an explicit and integral part of supply
chain governance. Other high-level suggestions for moving SCRM to a
business discipline include the following:
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
Supply Chain Risk Management: The As-Is Landscape • 35
Copyright © 2014. CRC Press LLC. All rights reserved.
• Institute a multistakeholder supply chain risk assessment process
across the enterprise
• Mobilize international standards’ bodies to further develop resilience standards
• Incentivize corporations to follow agile, adaptable supply chain strategies
• Expand the use of data-sharing platforms for risk identification
and responses
A RIMS.org article mentioned the Risk Maturity Index developed by
AON Insurance and the Wharton School of Business. The index suggests
that companies with the highest level of risk maturity (a measure that
gauges the development of an organization’s risk strategy and framework)
experience 50% lower stock price volatility than less-developed counterparts. Over a two-year period (2010–2012) companies with higher risk
maturity ratings saw greater annual stock price returns. This was especially apparent when the only companies to see positive returns during
that volatile period were those with the highest risk maturity levels. Those
lower on the maturity scale saw losses between 17% and 30%. This work
again pointed out the critical relationship between risk management and
financial outcomes.
Lloyd’s of London released several statistics in 2013 associated with
the Japanese earthquake and tsunami and Thailand floods. The first statistic they shared was the combined property and business interruption
losses, which reached a record-breaking $240 billion, with just $47 billion
of the losses covered by insurance. The insurance industry provides supply chain interruption products called contingent business interruption
(CBI). However,a large majority of companies impacted only had asset-
based property damage insurance. Some of the elements covered by CBI
include getting workers in and out of damaged facilities, working to get
power to facilities, and shipping and receiving goods into and out of facilities. Chapter 5 will reexamine the floods in Thailand from a risk quantification perspective.
An interesting report from the Association of Insurance and Risk
Managers in Industry and Commerce (AIRMIC) titled Supply Chain
Failures: A Study of the Nature, Causes, and Complexity of Supply Chain
Disruptions, identified seven underlying factors that tend to be present
whenever supply chains go wrong: off-shoring, increasing complexity, cost
pressures, geographic clustering, modern communications, modern production methods, and increasing dependency. The report also estimated
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
Copyright © 2014. CRC Press LLC. All rights reserved.
36 • Supply Chain Risk Management: An Emerging Discipline
that economic losses from supply chain disruptions have increased 465%
between 2009 and 2011.
And finally, Ernst & Young interviewed more than 420 CFOs and heads
of supply chains at technology, automotive, manufacturing, aerospace,
and defense companies. The report concluded that when CFOs and supply
chain leaders form a closer business partnership within a company, they
report better results in a number of areas, including the company’s financial position. The study found, for example, that 70% of CFOs and 63% of
supply chain executives said their relationship had become more collaborative over the past three years. The merger between finance and supply
and supply chain professionals appears to be an inevitable one.
The intriguing outcome from this survey is, because CFOs take a long-
term approach to formulating business strategy, they are in a unique
position to manage risk and plan for business continuity, something that
challenges supply chain managers who tend to think in terms of shorter
time horizons. The CFO also has the opportunity to work with the procurement and treasury groups to determine the extent to which risk is
owned and managed by the company and the extent to which it is pushed
down through the supply chain.
In 2013 the authors of this book published several articles on SCRM.
One key article was SCRM: The New Discipline of Supply Chain Excellence.
After several years of teaching in the classroom and conducting workshops
around the globe, we became thoroughly convinced of the need for SCRM
to become a discipline. The article identified what was emerging from the
classroom and from the practical application of the body of knowledge in
the field. This article was a major impetus for this book.
Four Pillars of Supply Chain Risk Management
We would like to finish up our “as-is” discussion by providing an assessment of the state of supply chain risk management. This will involve something we call the Four Pillars of SCRM. These pillars include supply risk,
process risk, demand risk, and environmental risk. Each pillar encompasses its own set of tools, techniques, tactics, metrics, people, processes,
and program issues. The complexion of each pillar is below.
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
Supply Chain Risk Management: The As-Is Landscape • 37
Supply Risk
The complexion of this pillar encompasses areas such as supplier continuity, strategic sourcing, supplier viability and capability, raw material
pricing, supplier assessments, inbound logistics, fraud, corruption, and
counterfeiting. Inherent risks here are disruptions caused by the inability
of suppliers to deliver on time, quality failure, financial failure, compliance failure, channel complexity, and communication failure.
Process Risk
This pillar includes IT systems, mergers and acquisitions, marketing
strategy, organizational structure, frameworks and metrics, supply chain
strategy and execution, manufacturing and quality, organizational risk
assessment, heat maps, and war rooms. The inherent risks here include
disruptions caused by quality problems, inventory shortages, late deliveries, capacity shortages, equipment breakdowns, IT outages, poor overall
execution, and misalignment of strategy and metrics.
Copyright © 2014. CRC Press LLC. All rights reserved.
Demand Risk
The complexion of this pillar covers areas such as new customers, market
trends, consumer interest/spending, demand management/forecasting,
distribution requirements planning, product integrity, customer service,
and scenario planning. Inherent risks here are disruptions caused by problems in distribution, actions by competitors, product reputation, brand
management, social media/trending, logistics, and customer sentiment.
Environmental Risk
This final pillar encompasses areas such as government regulations, taxes,
economic volatility, currency exchange, natural disasters, and compliance. Inherent risks are natural disasters, geopolitical and energy risks,
port security, logistics and facilities security, currency exchange fluctuations, global economics, war, pandemics, and civil disobedience.
We have compiled a profile of the maturity and activity level for each
pillar. Figure 2.3 depicts our assessment of the maturity and activity level
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
38 • Supply Chain Risk Management: An Emerging Discipline
120
Maturity Index
100
80
100
100
100
100
70
60
50
40
40
30
The difference
between the top &
bottom of each box
indicates the
scope of activity
20
0
Supply
Process
Demand
Environment
Figure 2.3
Copyright © 2014. CRC Press LLC. All rights reserved.
Four-pillar SCRM maturity and activity level.
for each pillar. On the left or y-a xis is the maturity level of each pillar. The
horizontal x-a xis depicts the Four Pillars, and the size or length of each
“box” is an indication of the activity level within each pillar.
From a maturity point of view, we feel the supply pillar is by far the most
mature of the four, positioned at about 70 out of 100. Why? Procurement
professionals have been dealing with supplier uncertainty and risk for
more than 50 years. This discipline has become a profession, supported by
member-driven organizations who are providing certifications to demonstrate that these professionals have a command of the body of knowledge
and best practices. Tools such as supplier relationship management (SRM),
spend management, credit and financial reporting by public credit organizations, and more have matured over the years. And the present activity level of new techniques such as supplier risk assessment; supply chain
mapping; and fraud, bribery, and corruption identification supported by
new cloud-based software systems is providing the procurement professionals with a host of new tools and techniques to leverage in an effort to
identify, assess, mitigate, and manage supplier risk.
The next-highest level of maturity and activity, in our opinion, is the
demand pillar. Positioned at about 50 out of 100, demand management
solutions, such as sales forecasting and many other deterministic tools
have been around as long as the supply tools. So why then do we feel this
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
Copyright © 2014. CRC Press LLC. All rights reserved.
Supply Chain Risk Management: The As-Is Landscape • 39
pillar is at a lower maturity level than supply? The tools utilized in this pillar have been developed to support processes that are purely forward looking and one-dimensional, such as sales forecasting, and do not involve
any element of uncertainty or risk. Another tool, collaborative planning,
forecasting, and replenishment (CPFR), does provide some coverage of
risk because it attempts to support information sharing between supplier
and customer in an effort to minimize demand surprises and shocks to
the supply chain. New techniques and tools such as probabilistic planning, discrete-event simulation, and digital modeling are emerging to
assist demand managers and sales and operations planning (S&OP) process owners to run “what-if” scenarios that will demonstrate how their
supply chains will act when a risk event shocks their organization. These
new tools overtly handle uncertainty and risk and will take some time
to mature.
Next in the maturity and activity level is the process pillar. A tremendous number of tools and techniques support all the processes we’ve
highlighted in this pillar. Many have been around for more than 40 years
and are supported by professional organizations such as APICS, CSCMP,
ASQC, ISSSP, and others and also include professional certifications.
Again, our reasoning for the pillar’s positioning is that many of the tools
do not embrace uncertainty and risk. They support discrete, linear functions, such as planning inventory, planning capacity, production scheduling, quality, logistics, and more. These functions are driven by solid supply
chain management metrics such as maximizing service, reducing cost,
and improving asset utilization, not mitigating risk.
And finally, the environmental pillar is very new and continues to
expand because of new industry-specific and governmental rules and regulations. There is more and more activity in this area, but with new and
ever-changing regulations, this pillar will take a long time to solidify.
The Supply Chain Risk Management Adoption
We’ll finish this chapter with a brief discussion on what we call SCRM
Adoption. This utilizes a categorization scheme revolving around laggards, industry average, and early adopters. We want to leave you with a
sense of the operational complexion for each category in terms of SCRM
along with a few salient statistics from the early adopter companies.
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
40 • Supply Chain Risk Management: An Emerging Discipline
Copyright © 2014. CRC Press LLC. All rights reserved.
SCRM Adoption
We know that leading-edge companies are much more likely to integrate
and align risk with corporate goals. They generally have more visibility
into their organization as they are substantially more likely to perform
“what-if” scenario-planning and change analysis. On average, leaders
achieve almost 95% better accuracy of cash flow forecasts, which is clearly
better than what their peers achieve. And they tend to mitigate their financial losses down to 3% of revenue as opposed to their peers, who average
10% of revenue due to financial loss. What characterizes early adopters,
industry average, and laggards?
Early Adopter Companies. Early adopters leverage their ERM tools
and technology to enhance the integration of risk management across the
business. They continually link risk management to company goals and
compensation. And, they are improving visibility and monitoring of Key
Risk Indicators with new business analytic tools.
Early adopters also implement processes that are aligned with risk management and compliance, build a risk awareness culture throughout the
organization, and secure executive commitment for risk management initiatives. These practices are being driven by the early adopters by a factor
of two- or three-to-one above the industry average and laggard companies.
Other attributes characterize early adopters. These companies maintain a
senior management champion of risk, segment risk duties, cross-functionally
coordinate risk management, establish roles and responsibilities to execute
risk, and establish a risk committee to oversee key risks. These commitments by early adopters eclipse the industry average and laggards again by
a factor of two- or three-to-one.
Industry Average Companies. Average companies attempt a standardized approach to communication and organizational collaboration relative to risk. Some of these companies are beginning to integrate and align
risk with corporate goals. Some are also developing and measuring risk
and performance. Several are beginning to improve the time-to-decision
by optimizing risk knowledge management activities and expanding risk
visibility throughout the organization. Senior management oversight and
engagement associated with risk to improve executive buy-in is starting to
occur at this level.
Laggard Companies. Laggards talk about supply chain risk but do not
fund projects to prepare for and respond to risk events at any real level.
Most have someone in the CFO’s office reviewing enterprise risk in the
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
Supply Chain Risk Management: The As-Is Landscape • 41
Maturity Level – Low to High
3.5
Early Adopters,
10% of Sample Size
3
2.5
Average, 20% of
Sample Size
2
1.5
Laggards, 70%
of Sample Size
1
0.5
0
0
0.5
1
1.5
2
2.5
Adoption Rate – Low to High
3
3.5
Figure 2.4
Copyright © 2014. CRC Press LLC. All rights reserved.
SCRM adoption.
classical financial terms, such as hazard, financial, and strategic risk. The
average operational and supply chain professional does not maintain scenario game plans for risk events; therefore, SCRM is an event-driven, ad
hoc, or part-time experience. Most executives in this category assume
incorrectly that their people will know what to do in a risk event.
Figure 2.4 depicts a graph encompassing laggards, industry average, and
early adopter companies in terms of the adoption rate of SCRM concepts.
In terms of the as-is state, it is safe to conclude that a majority of companies are still considered laggards in terms of their SCRM capabilities. This
suggests that we have more work to do to move companies away from the
laggard status. Subsequent chapters will concentrate on how to do that.
Concluding Thoughts
The purpose of this chapter is to help us understand the current state of
supply chain risk management. From our analysis we can reach some overarching conclusions. First, the negative outcomes from supply chain risk
events are often quite severe. Only a fool would believe otherwise. Second,
no consensus exists among companies or industries concerning how
to organize for or manage supply chain risks. The ways that companies
approach SCRM are varied. Third, most companies are ill-prepared from
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
42 • Supply Chain Risk Management: An Emerging Discipline
an employee, measurement, organizational, and IT perspective to operate
in an environment characterized by increased uncertainty and volatility.
Another major conclusion is that most companies recognize the threat
of supply chain uncertainty and understand that operating in a condition
called the “new normal” will not be as enjoyable as operating in the “old
normal.” A study by Zurich Insurance, for example, reported that 75% of
respondents state they still do not have full visibility into their supplier
base. This is concerning because several studies have concluded that supply disruptions are the most widely cited supply chain risk event.
Finally, most SCRM efforts rely on heroics rather than planning and prevention. In terms of SCRM maturity, most companies are considered laggards with some movement toward average. Minimal proactive supply chain
risk management appears to be occurring. Growth along the maturity curve
needs to accelerate, especially when we consider that almost 75% of risk
managers believe that supply chain risk levels are higher than just a few years
ago and that risk will continue to increase. More than 70% of risk managers say the financial impact of supply chain disruptions has also increased
compared with just a few years ago.11 As a sign of the times, the Allianz Risk
Barometer in 2013 ranked for the first time ever business interruption and
supply chain risks as the top concerns of businesses globally. One of the main
objectives of this book is to prepare us to manage in this “new (ab)normal.”
Copyright © 2014. CRC Press LLC. All rights reserved.
Summary of Key Points
• Most supply chain executives became interested in SCRM after the
financial meltdown of 2008. For many, 2008 was the genesis of their
risk management efforts.
• In 2009, the ISO Group delivered its first set of standards directly
relating to supply chain risk, which was a major recognition of the
importance of SCRM. These standards include ISO 73 and ISO 31000.
• The Supply Chain Risk Assessment Tool encompasses about 100
questions-of-discovery about a company’s supply chain across
10 tenets covering the entire supply chain. The basic premise is that
as the supply chain matures, the inherent risks faced by that supply
chain diminish.
• The new normal of global supply chains features more global sourcing and manufacturing, hyper-demand requirements, longer supply
chain lead times, more potential points of failure, and managing
supply chains in far-flung corners of the world.
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
Supply Chain Risk Management: The As-Is Landscape • 43
• Over a period of several years, Zurich found that 85% of organizations experienced at least one supply chain incident that caused disruption to their business.
• The Risk Maturity Index suggests that companies with the highest
level of risk maturity experience 50% lower stock price volatility
than less-developed counterparts.
• The Four Pillars of SCRM are supply risk, process risk, demand risk,
and environmental risk. The supply pillar is by far the most mature
of the four because procurement professionals have been dealing
with supplier uncertainty and risk for over 50 years. The demand
pillar ranks second in terms of maturity, followed by the process pillar and finally the environmental pillar.
• SCRM Adoption utilizes a categorization scheme revolving around
laggards, industry average, and early adopters. In terms of the as-is
state, it is safe to conclude that a majority of companies are still considered laggards in terms of their SCRM capabilities.
Copyright © 2014. CRC Press LLC. All rights reserved.
Endnotes
1. “Managing Risk for High Performance in Extraordinary Times.” Accenture 2009
Global Management Study. 2009.
2. Arntzen, Dr. Bruce, Prof. Maria Jesus Saenz, and Isabel Agudelo. “The SCALE,
Supply Chain & Logistics Excellence Network.” MIT’s Global Scale Risk Initiative,
MIT’s Center for Transportation & Logistics, March 2010.
3. Accessed from Aberdeen Group CPO Survey Report & SCRM Report, 2010.
4. Burson, Patrick. “PRTM’s Global Supply Chain Trends 2010–2012 Survey.” Supply
Chain Management Review, (June 2010).
5. Pearson, Mark. “Inoculate against Supply Chain Risk.” Logistics Management, April
2011: 20–21.
6. Lee, Hau, PhD, and Kevin O’Marah. “Chief Supply Chain Officer Report.” SCM
World, October 2011.
7. Pettit, Timothy J., Joseph Fiskel, PhD, and Keely L. Croxton, PhD. “Can You Measure
Your Supply Chain Resilience?” Supply Chain and Logistics Journal, Canada,
Spring 2008.
8. Catellina, Nick, and William Jan. “Leveraging Risk-adjusted Strategies to Enable
Corporate Accuracy.” Adapted from Aberdeen Group, April 2012.
9. Accessed from Zurich Re’s Knowledge Vault on Risk, July 2012.
10. Sodhi, Manmohan S., Byung-Gak Son, and Christopher S. Tang. “Researcher’s
Perspective on Supply Chain Risk Management.” Production and Operations
Management, (2011), Accessed from Jan Husdal’s SCRM blog (www.husdal.com).
11. Favre, Donovan, and John McCreery, “Coming to Grips with Supplier Risk.” Supply
Chain Management Review, 12, 6 (September 2008): 26. Citing statistics from Marsh,
Inc. and Risk & Insurance magazine.
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
Copyright © 2014. CRC Press LLC. All rights reserved.
Schlegel, Gregory L., and Robert Joseph Trent. Supply Chain Risk Management : An Emerging Discipline, CRC Press LLC,
2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2020-03-14 05:46:37.
Purchase answer to see full
attachment