Workshop Code: DF New Risk Management Strategies for the Extended Supply Chain Robert M. Monczka, Ph.D., C.P.M.

Director Strategic Sourcing and Supply Chain Strategy Research CAPS Research Distinguished Research Professor Arizona State University Phillip L. Carter, DBA Executive Director CAPS Research Harold E. Fearon Chain of Purchasing Professor of Supply Chain Management Arizona State University
Note: This presentation requires a complimentary verbal discussion
CAPS Research 2012 1

CAPS Research

Research Team Members

Robert M. Monczka, Ph.D. CAPS Research and Arizona State University

Phillip L. Carter, DBA CAPS Research and Arizona State University

William J. Markham Research Associate CAPS Research

Robert J. Trent, Ph.D. Lehigh University

Janet L. Hartley, Ph.D. Bowling Green State University

Casey P. McDowell CPM International, LLC

Gary L. Ragatz, Ph.D. Michigan State University

CAPS Research 2012

Todays agenda

Provide an overview of Value Chain Risk Management (VCRM) Research findings

Present current best practices in Value Chain Risk Management

CAPS Research 2012

This is the first in a series of research efforts examining Value Chain Strategies for the Changing Decade
Complete Underway Next Up

Global Sourcing/ Outsourcing Risk Management Collaboration Sustainability

Future Topics
Information Technology Innovation Network Design Metrics & Measurement Value-Focused Sourcing Customer-focused Value Chain Integration Talent Management Transformation Strategies

Research Background

CAPS Research 2012

Todays business models and strategies offer greater rewards, yet expose companies to greater risks

Strategy External sources of innovation New geographic markets

Rewards More ideas, faster development Revenue growth

Risks IP ownership and competitiveness issues Unfamiliar laws, customs, business practices, politics Unfamiliar, untested suppliers Unreliable supply lines Reputational risk Hidden upstream risks

Lean, global, Less costly sources multi-tiered value Agility/responsiveness chains

Managing risk effectively requires a process for achieving acceptable levels of thoughtful and reasoned risks compared to competitive opportunities.

Events of the past several years demonstrated just how exposed companies had become to supply risk
Black Swan events caused unprecedented supply disruption Research shows few companies were fully prepared Only one-third of surveyed companies have effective risk management programs in place (MIT) More than eighty percent of companies lacked disaster plans and secondary sources for key categories (A.T. Kearney) Several barriers stand in the way of adopting a comprehensive supply chain risk management program (Supply Chain Risk Leadership Council)
CAPS Research 2012 7

This research is intended to help companies better manage supply risk by answering the following questions
What are the leading practices today for supply risk management? How can companies define, quantify and measure supply risk? How can supply risk management be integrated into the companys strategy and its overall risk management approach? How can companies use risk-related opportunities as a way to create value, not just prevent loss? What techniques can companies use to ensure that leading practices are in place upstream?

How can companies organize for and enable supply risk management?

Fifteen participating companies represent a wide range of industries and competitive situations

Automotive

Consumer Packaged Goods

Defense/Aerospace

Diversified Manufacturing

Financial Services

High Tech

IT Hardware and Services

Oil and Gas

Pharmaceuticals

Power Systems

Raw Materials Processing

Risk Concepts

CAPS Research 2012

10

A companys level of risk exposure is influenced by several factors

Risk Exposure Risk Appetite

Impact of Negative Event

Very High Risk

High

High Medium Low

Structural Resiliency

Low
Very Low Risk

High Low Probability of Negative Event

Value chain strategic decisions create the opportunity for rewards while also introducing risks
Reward Outcomes Exceeds the business/value chain plan

Introduce a New Product

Meets the business/value chain plan

Does not meet the business/value chain plan

Risk Outcomes
CAPS Research 2012 12

Strategic risk identification begins at the earliest stage of new market entry at Fundflow
Country X Strategy
Engage a local supplier to identify and sign-up new debit card customers

Evaluation Process
Government certification in data security, plus meeting Fundflow-specific requirements In-depth assessment of legal and regulatory compliance Evaluation of suppliers continuity plans and existence of a backup supplier

Complication
BU leader favored low cost (but small and unproven) supplier

Concerns
Business continuity disruptions Legal, reputational damage from Corrupt acts

Outcome
Supplier deemed high risk, but BU leader still favored it Supplier awarded pilot project Supply, BU leader and executive team will meet to review results

Inadequate data security

Value chain structural decisions set the level of value chain risk exposure
Meet the value chain plan

Sole Source a Part

Value Chain Structural Risk Outcomes

Miss delivery plan

Miss cost plan Miss technology development plan

CAPS Research 2012

14

The seeds of recent supply crises were planted through structural decisions
Headline cause Natural disasters in Japan and Thailand

Contributing causes Clustering of suppliers in areas vulnerable to natural disasters Poor visibility into upstream value chains Creating new products with financially weak suppliers Inadequate monitoring of suppliers financial health Entering new and geographically dispersed markets with unknown suppliers Insufficient attention to suppliers labor practices

Supplier financial meltdown

Unsafe working conditions at suppliers

Overall High Level Findings

CAPS Research 2012

16

Although supply risk management is not broadly mature, this research uncovered several pockets of excellence
Risk Management Development Stages Maximum

Operational Focus

Strategic and Structural Focus

Contributions to Competitive Advantage

Study participants

Minimum
Minimal attention
CAPS Research 2012 17

Basic

Moderately advanced

Most advanced

The 15 companies in the research define value chain risk broadly, although the scope managed directly varies
While each company in the study defined value chain risk in its own terms, there was significant commonality in the categories of risk they covered
Traditional Categories Availability of supply: various causes Exposure to single/sole sources Quality Supplier financial stability Commodity price volatility Value chain security Additional Categories Sustainability requirements Legal and regulatory impacts Data protection and security Political and governmental actions Reputational harm

The most progressive of these companies extend the scope of value chain risk management activities to include strategic risks at the very early stages of new business/market entry and new product development Many of the companies focus management attention on first tier suppliers, relying on those to manage upstream supply risk with apparent inadequacies

A variety of approaches are used for governance, management and integration of corporate and supply risk
Most companies have corporate level risk committees or councils that establish policies, monitor a portfolio of key corporate and individual functional risks, assign responsibilities and set priorities for resources and investment Responsibility for supply risk management included these variations: A corporate procurement risk management team to set rules and tools with individual sites responsible for managing day-to-day risk Separate supply risk compliance boards for each business unit Category managers responsible for risk in their categories worldwide Three main integration processes were identified in the research Use of standard risk registers to capture, communicate and elevate risks throughout the organization Early involvement of supply in product development and new business opportunities Risk prioritization based on breadth of impact across the corporation

Metrics and measurements

Risk management has not evolved as quickly as the need for effective risk management has evolved No company in the research has developed a comprehensive set of risk KPIs that track levels and changes in value chain risk The more advanced approaches identified in the study involve calculated risk scores using risk algorithms

CAPS Research 2012

20

10

Brigham developed a comprehensive tool to provide supply risk visibility consistently across its units

Risk ratings (high, medium, low) by Financial Quality Delivery Scoring algorithm based on in-depth supply management experts input on risks Ability to map three tiers up the value chain
CAPS Research 2012 21

Data

Global Risk Monitoring Tool

Country Logistics hub Transportation link Commodity Supplier location Supplier

A Strategy Framework for Managing Supply Risk

CAPS Research 2012

22

11

Supply risk management is a continual process

External/Internal Environment Value Chain Decisions Risk Management Activities
Measurement, Evaluation and Learnings

Strategic Risk/Reward

Risk ID, assessment, monitoring

Business Model

Strategic reward-risk tradeoffs create exposure to structural risks

New Strategic Situations
Require

Global new market/segment entry New products, technologies/suppliers Outsourcing, insourcing, vertical integration New physical value chains Mergers and acquisitions Strategic supplier alliances

CAPS Research 2012

External Trends

Avoid VC Risk Management Strategies Accept Shift Mitigate Operational Risk Management Event Mgmt. Ongoing risk monitoring

Structural Risk

External Value Chain Events

Risk Management Governance

Strategic Value Chain Risk/Reward Decisions

Resulting in

Risk/Reward Assessment of Structural Decisions

Objective ID, assess risks and rewards and achieve an acceptable level of risk with mitigation plans

24

Supplier assessment and selection Business concentration Multi-tier VC visibility VC physical logistics, inventory Geo/legal/political exposure Relationship structure Contractual provisions Technology/material choice IP/data protection Supply market price and availability Reputational protection

12

Operational risk management requires anticipating and responding to risk events

Event Scenario Planning

Knowledge Capture and Feedback

Event Contingency Planning

Risk Event Management

25

Risk Monitoring

CAPS Research 2012

Event scenario planning anticipates what could go wrong within the current structure of the value chain
What types of events?
Market/region-wide Natural disasters Pandemics Armed conflicts Port strikes Terrorism Regulatory changes Government action Supplier-specific Financial failure Quality Reputational Legal IP

What level of exposure?

Value chain mapping Single-sole source Geographic clustering Critical items for key products Low volume/ low cost/high impact items Logistical choke points Supplier performance Audits Scorecards

13

Event contingency planning defines the potential actions to be taken when events occur
Example Planning Approaches

Rogers Electronics Analyze continuity of supply (COS) risks and select levers to mitigate Identify leading indicators of COS problems Natfarm Employ playbook to plan mitigation for at-risk suppliers Carco Discuss upstream risks with tier 1 suppliers during development Require suppliers to explain how they will manage those risks Evaluate the tier 1s procurement capabilities and expects them to have a process for monitoring their own suppliers Comco Evaluate tier 1 suppliers in part on their risk mitigation strategies Stress test the plans by practicing for a range of occurrences Globaman Evaluate the risk management processes that tier 1 suppliers have in place and applies an audit process to verify

Risk monitoring looks for signals that indicate a risk is imminent or has just occurred
Risk types

Monitoring techniques
Third-party financial reporting services Supplier-provided financials Pre-selection and ongoing audits Performance scorecards Composite leading indicators

Supplier-specific risks

Commodity risks

Forecasting services Direct involvement in upstream markets Media/newsfeeds or upstream markets Econometric scenario planning

Value chain risks

Continuity of supply scorecards Product origin tracking

14

Example: Carco (automotive OEM) employs a multidimension approach to monitor supplier financial health
Risk Identification System
Three month trends Financials Quality Delivery

Goal: Anticipate falling supplier profitability

Observation
On-site observation Management, staff turnover Idle equipment Production control problems Insufficient maintenance Increases in defects, scrap, cause unknown defects Increased inspection, sorting Production in excess of requirements

Additional signals Request for cost increase Request for advance payment Tier 2 expresses concerns Lack of cost down participation Ownership changes

Risk event management involves executing the planned and ad-hoc activities that lead to business continuity recovery
Situation assessment Which suppliers? Where in value chain? What impact on the business? What contingency plans? Implementation planning Detailed actions Teams and responsibilities Communications Execution Rapid response Stabilization or transition Recovery

Research examples
Tsunami recovery: Assessment in 2 days Contingency plans deployed No disruptions Fire at suppliers plant: On site in 4.5 hours Molds cleaned/moved within 48 hours One day production lost at single plant

Keys to success included preparation, rapid and accurate information, and trained and empowered people

15

Knowledge capture and feedback improves future operational risk management efforts
Measuring, Evaluating and Documenting the Event Strengthen future contingency planning and event management when similar events occur Identify and incorporate general process improvements for supply risk management

Natfarms procurement staff uses past playbooks available, documenting the specific contingency plan and the history of its implementation as a reference when developing future playbooks Carco maintains a best practices/lessons learned document on supplier risk management which is continually updated based on post-event debriefings Globaman credits their improved ability to deal with Thailand flooding on the actions taken and process improvements made during the Japan tsunami.

Future Vision of Supply Risk Management

CAPS Research 2012

32

16

Because exposure to value chain risk continues to increase, new and innovative approaches will emerge
Supply Risk Management Risk management will become an embedded part of supply management The need for effective risk management will force companies to look past tier one suppliers Total cost of ownership (TCO) models will increasingly become part of the risk assessment process across the value chain Value chain risk metrics will shift from reactive to predictive indicators

CAPS Research 2012

33

Because exposure to value chain risk continues to increase, new and innovative approaches will emerge
Supply Risk Management Value chain risk metrics will become integrated into the companys balanced scorecard Risk management approaches will rely more on prevention and less on mitigation Transparency and real-time data updates will increasingly replace reactive and batch-data updates Continuous improvement of risk management capabilities will be a major corporate priority model to an enterprise-wide excellence model

CAPS Research 2012

34

17

Value Chain Risk Management Best Practices

CAPS Research 2012

35

Traits of a composite most advanced company

Executive level risk committees and reviews of risks and mitigation plans Clearly defined risk categories tied to company strategy Risk registers in use to identify and communicate risks & probabilities/impact across functions and business units Company-wide focus on risk management audits and companywide improvement with dedicated resources Increasing risk appetite and managing risk/reward to achieve company goals & competitive advantage

CAPS Research 2012

36

18

Traits of a composite most advanced company

Risk identification and mitigation begins at the earliest stages of new business and product development and becomes part of company-wide culture
Emphasis on risk prevention with real-time data collection Extended value chain visibility with collaborative risk management efforts with key suppliers/ customers Increasingly sophisticated risk management tools: scenario planning, contingency planning, predictive analytics, simulation Trained and enabled quick-strike and on-going value chain response teams and communications/ actions in response to crisis events

CAPS Research 2012

37

Three forthcoming reports (May 2012)

Risk Management across the Extended Value Chain Implementing Value Chain Risk Management: Case Study Findings Risk Management across the Extended Value Chain: Executive Report

CAPS Research 2012

38

19

Questions and Discussion

CAPS Research 2012

39

20