Risk management:Welcome to the newA

Risk management:Welcome to the new
As supply chains continue to become more global and complex,the risk of disruption intensifies. Yet while most companiesrecognize the increased risk potential, many are ill preparedto handle a disruption. This article argues for a new set of risk management techniques in a world where heightened supplychain risk is now part of the game.
By Gregory L. Schlegel and Robert J. Trent
Hurricanes, earthquakes, tsunamis, tornadoes, and billowing ash from obscure volcanoes all have some things in common. Over the last several years each has been featured prominently in the news. And each has had the inevitable effect of disrupting global supply chains.
Yet these kinds of disruptions were not on the minds of Astella Pharma executives on June 17, 2009. On that night, thieves stole a trailer containing $10 million of the company’s pharmaceutical products from a truck stop in Tennessee. What followed was a harsh lesson in the realities of supply chain risk.
Once the final tallies were made, the actual cost of the stolen product was just a fraction of the losses eventually suffered by Astella. Acting on advice from the U.S. Food & Drug Administration, the company quickly contacted every party
in its supply chain, ranging from wholesalers to hospitals, warning them of the stolen drugs. Then, as a preventive measure, Astella withdrew from the marketplace all drugs with the same lot numbers as those that were stolen.
Some of the stolen pharmaceuticals required strict climate
control (something the thieves were likely not too concerned about),
thereby necessitating the return of all product with those lot numbers. The $10 million theft eventually cost the company $47 million, a figure equivalent to 10 percent of its North American sales for that quarter. Welcome to the world of supply chain risk—a world where sometimes the only thing we should expect is the unexpected
Gregory L. Schlegel CPIM, CSP, is vice president of business development at SherTrack LLC, adjunct professor of supply chain risk management at Lehigh University and a past president of APICS. He can be reached at schlegel01@earthlink. net. Dr. Robert J. Trent (rjt2@lehigh.edu) is director of the
supply chain management program at Lehigh University
This article argues that the risk management techniques currently in place, most of which are put forth with the best of intentions, may not be sufficient to allow supply chain organizations to attain risk management excellence in a dangerous world. An innovative set of approaches is needed in a world where heightened risk represents the new normal.

Understanding risk and risk management
Before presenting these innovative ways to address supply chain risk, we can make some relevant observations based on extensive experience and research with leading firms.
First, organizations over the last decade have become increasingly aware of the need for risk management. Almost 75 percent of risk managers say that their company’s supply chain
risk levels are higher than in 2005. Over 70 percent say that the financial impact of supply chain disruptions has also increased.
Second, too many firms are ill prepared to handle the supply chain risks that may come their way—even though most managers recognize that supply chain risk is a growing concern. A recent study revealed that for firms with less than $500 million in annual revenue, only 25 percent take a proactive
approach to risk management.
Third, while many risk categorizations and topologies exist, we see a convergence of interest around the key categories of supply chain risk, particularly operational and financial risk.
Finally, as it relates to mitigating or lessening the impact of risk events, the standard approaches typically adopted fail to reflect bold or innovative thinking. Over the next few pages
we’ll present some new and exciting ways to move beyond
the obvious as it relates to supply chain risk management.

Risk: Our perspective
Anyone who writes about risk has their own perspective on the concept. So, what is our perspective? We view risk as the probability of experiencing a less-than-desirable event that affects one or more parties within a supply chain. A standard perspective of risk is that it involves the possibility of loss or injury. This leads to risk management as a key part of the overall risk discussion.
With that said, we’d like to provide a grounding definition of risk management from APICS—the Association for Operations Management. APICS defines risk management as follows:

“In the context of supply chain management, risk management involves dealing with uncertainty in supply, transformations, delivery, and customer demand. The uncertainties can be the result of such forces as yields, timing, pricing, and catastrophic events.”
Few would argue that when risk events occur, they have the potential to negatively disrupt business objectives. To emphasize this point, consider the impact of supply chain disruptions on businesses worldwide.
It is hard to talk about risk without understanding some important concepts. Two such concepts are vulnerability and resilience. Vulnerability represents the combination of the likelihood of a disruption
and its potential severity. Resilience refers to the ability to recover from disruptions of any type. Obviously, resilience will differ according to the risk occurrence and the steps taken to help with
a recovery. A company with redundant suppliers located geographically apart, for example, will have higher resiliency when a disruption hits a certain part of the supply chain than a company with only a
single source of supply.
An important consideration when evaluating risk is the tradeoff between risk aversion and the willingness to accept risk, or what is called a risk appetite. Entrepreneurs usually have a high risk appetite and a low risk aversion. Those who are completely risk averse, on the other hand, would never invest in the stock market or maybe even drive a car. A common misperception, both in business and at a personal level, is that risky endeavors are something to be avoided. Yet people who never take any kind of risk likely will not achieve much in the way of success.
A host of mega-trends are in play that ensure risk management will remain an important topic for the foreseeable future. Here are just a few from PRTM’s
recent Global Supply Chain Trends 2012
report.
• 75 percent of study respondents cite demand and supply volatility with poor forecast accuracy as the biggest roadblock to success during upturn.
• 85 percent expect complexity to grow significantly through 2012.
• 75 percent expect an increase in the number of international customers.
• 66 percent expect a higher number of product variations to fulfill customer requirements. The final report stated this fundamental finding relative to uncertainty, complexity, and risk: “Most participants are looking to international customers for future market growth, yet few are prepared for the
complexity that results from serving global
Risk Management
44 Logistics Management WWW.LOGISTICSMGMT.COM | February 2012 customers with regionally customized products.” With that said, we feel comfortable stating that an era of heightened risk represents the new normal.
Innovative approaches to risk management
Risk management surveys invariably ask supply chain managers what they are doing about risk.
The responses provided, while often insightful, are usually predictable and not necessarily on the cutting edge of risk management.
Popular approaches include ongoing evaluation of supplier financial health and expanded supplier pre-qualification standards. Other techniques mentioned include adopting multiple vs. single supplier sourcing, creating better supply chain traceability, and selecting suppliers closer to the end market.
But where are the approaches that are daring, non-conventional, and on the cutting-edge of risk management? What are the risk tactics and techniques that not everyone else is doing but that could be real game changers? We offer the following “game-changing” ideas for your consideration.
Enterprise-wide risk management framework within
S&OP: Enterprise-wide risk management (ERM) includes a set of methods and processes from the insurance, finance, and risk sectors that have been around for some time. The Risk & Insurance Management Society (rims.org) defines ERM as follows: “The methods and processes used by organizations to manage risk and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization’s objectives, assessing them in terms of likelihood and magnitude of impact, determining a response plan, and monitoring progress.”
This framework consists of eight elements: internal environment, object setting, event identification, risk assessment (type of risk and magnitude), risk response plan (what to do, who is responsible, and how to manage the risk), control activities, information-communication, and monitoring.
Companies on the leading-edge of supply chain risk management, such as Cisco, Coca-Cola, Ericsson, Nokia, and Bayer Crop Science, have begun to integrate the ERM framework into their mature S&OP process. This framework provides companies with mature S&OP processes a formal construct—a roadmap— to begin SCRM. This greatly enhances the potential for success of the endeavor.
Scenario planning using probabilistic methods:AMR Research, now part of Gartner, has been speaking about the complexion of the 21st Century supply chain for some time. And during that dialogue, the topic of probabilistic planning continuously arises. This planning process is supported by stochastic demand management and dynamic inventory planning. How do these approaches open up new opportunities to address supply chain risk management? Let’s first get o