Docstoc

Supply Chain Vulnerability Risk Robustness and Resilience

Document Sample
Supply Chain Vulnerability Risk Robustness and Resilience Powered By Docstoc
					Chapter 12




             Donna 2009.5.4.


                               1
   Some working definitions
   Changing times and an uncertain world
   The shortcomings of risk management
   The need for holistic approaches
   A simple framework for a wicked problem




                                              2
   Risk
   Supply chain vulnerability
   Robust SCM
   Resilience




                                 3
   In decision theory: a measure of the range of
    possible outcomes from a single totally rational
    decision and their values, in terms of upside gains
    and downside losses (e.g. gambling)
   A particular type of hazard or threat e.g.
    technological risk or political risk
   The downside only consequences of a rational
    decision in terms of the resulting financial losses
    or number of casualties

                                                          4
   We should strive to identify vulnerabilities by
    asking questions such as:
     What has disrupted operations in the past?
     What known weaknesses do we have?
     What „near misses‟ have we experienced?
     What would be the effect of a shortage of a key material?
     What would be the effect of the loss of our distribution
      site?
     What would be the effect of the loss of a key supplier or
      customer?

                                                                  5
   “Strong in constitution, hardy, or vigorous”
   Enable a firm to manage regular fluctuations in
    demand efficiently under normal circumstances
    regardless of occurrence of a major disruption
   But does not in itself make a resilient supply
    chain




                                                      6
   “The ability of a system to return to its original
    [or desired] state after being disturbed”
   The core concept of resilience is:
     It encourages a whole system perspective

     It explicitly accepts that disturbances happen

     It implies adaptability to changing circumstances




                                                          7
   In a complex inter-organizational supply chain it
    would be difficult if not impossible for anyone to
    identify every possible hazard or point of
    vulnerability
   „Known‟ problems are only part of the picture
     Known Unknowns, Knowable Unknowns and Unknowable
        Unknowns
       Y2K: The Millennium Bug
       Creeping Crises (e.g. Foot and Mouth disease)
       Post 9/11 Security Matters
       Corporate Scandals, Operational Risk and Business
        Continuity
                                                            8
   Known Unknowns
     We know that there exist uncertainties, which we
      know how to solve
     „Known known‟
   Knowable Unknowns
     There are some uncertainties which we don‟t know
      how to solve, We may choose ignore or face it
   Unknowable Unknowns
     However, there are still uncertainties that we don‟t
      know that we don‟t know
                                                             9
   A „Known known‟ example
   In the UK, the government encourage
    businesses to take the necessary measures to
    prevent system crashes, and engage in
    business continuity planning




                                                   10
   As a result, nothing happened and the
    government was delighted, believing the
    planning had saved the country from disaster
   But the non-event left many managers
    skeptical as to whether the costly preventive
    measures had really necessary?



                                                    11
   Y2K is one of the intractable problems about
    proactive measures to improve organizational
    and supply chain resilience
     If successful, mean nothing happens, but leads to
     questions of value or cost/benefits justification
   It is very difficult to make a business case for
    proactive „just in case‟ measures to improve
    resilience

                                                          12
   The outbreak of foot and mouth disease(FMD)
    in British livestock herds in February 2001
    resulted in damage to whole sectors of
    economy
   FMD was a known threat to livestock, albeit
    one that had not been seen in UK for a
    generation
   The impact is engaged in production and
    distribution of food
                                                  13
   But FMD also affected car manufacturers and
    fashion houses across Europe because of the
    shortage of high-quality leather
   All „knowable unknowns‟ events could be the
    example of „creeping crises‟
   Creeping crises show the fact that supply chains
    are more than value-adding mechanisms
    underlying competitive business models
   Supply chains link organizations, industries and
    economies, they are part of the fabric of society
                                                        14
   The events of 9/11 were so far out of risk
    managers‟ field of reference, that they can be
    classed as “unknowable unknowns”
   The closure of US borders and the grounding
    of transatlantic flights dislocated international
    supply chains making supply chain
    vulnerability front page new


                                                        15
   Post 9/11, new security measures were hurriedly
    introduced at US border posts, ports and airports,
    affecting inbound freight to USA, including:
   Container Security Initiative (CSI)
     CSI looked to new technology to pre-screen „high
     risk‟ containers before they arrived at US ports
   Customs-Trade Partnership (C-TPAT)
     C-TPAT is a „known shipper‟ programme, which
     allows cargoes from companies certified by US
     Customs to clear customs quickly
                                                         16
   In the world of corporate risk management
    events(e.g. 9/11) were unfolding that would
    push „operational risk‟ to the top of the
    corporate agenda
   The Enron Corporation collapsed in late 2001
     Once held up as a model of best practice corporate
      risk management
     Another three companies quickly followed


                                                           17
   New regulation, Sarbanes-Oxley Act(SOX) is
    noteworthy (Ch10)
   SOX requires full disclosure of all potential
    risks to corporate well-being within the
    business
   Board members have become more interested
    in identifying „knowable unknowns‟ and have
    turned to risk management and to Business
    Continuity Management(BCM)
                                                    18
 Rooted in IT disaster recovery, but its remit has
  expanded greatly
 Helps to prove that management have acted with
  „due diligence‟
 Start with the preparation of a Business Continuity
  Plan
 Best practice:
     An on-going programme of training, rehearsals and
      reviews of the initial plans to cope with various
      eventualities
     Careful consideration to the management of an after-
      the-event recovery phase                               19
   Decision Theory and Managerial Tendencies
   Objective Risk and Perceived Risk




                                                20
   Concerned paid little attention to uncertainty
    surrounding positive outcomes, viewing risk in
    terms of dangers or hazards with potentially
    negative outcomes
   Managers focus on the possible losses associated
    with plausible outcomes
   Decisions involving risk are heavily influenced
    by their impact on the manager‟s own
    performance targets

                                                       21
   In comfortable circumstances managers are
    likely to be risk-averse, but when staring
    failure in the face, researchers show that this
    tendency reverses and they become risk-pron
   There is unlikely to be a single unified attitude
    to risk taking within a large organization



                                                        22
   A view of risk set out by the engineers and
    physicists of The Royal Society:
     „Objective risk‟: determined by experts applying
      quantitative scientific means
     „Perceived risk‟: the imprecise and unreliable
      perceptions of general public
     „Detriment‟: the numerical measure of harm or loss
      associated with an adverse event


                                                           23
   Social scientists contend that, where people
    were involved, objective and perceived risk
    become inseparable
     Risk is not a discrete or objective phenomenon
     Risk is an interactive culturally determined one
     Risk is inherently resistant to objective
      measurement



                                                         24
 Engineering-derived „objective‟ views lead to a
  business process engineering and control
  perspective
 Open interactive societal systems views offer a
  persuasive argument for perceived risk
 The global supply chain view illustrates that
  culturally determined perceptions of risk could
  vary greatly from one region to another
 Hence the forces of nature can demonstrate just
  how far removed from a controlled environment
  this all might be
                                                    25
   SCM is integrative and interdisciplinary
   Logistics is just one of several established
    sub-disciplines
   Supply chain risk management can be
    expected to display all the characteristics of a
    „wicked problem‟



                                                       26
   Wicked Problems
     Societal problems are inherently different from the
      problems that scientists and some engineers tackle
     Involve multiple stakeholders
     Any solution, after being implemented, will
      generate waves of consequences
     Should be considered within „valuative‟
      frameworks



                                                            27
   A supply chain as an interactive system
                 Unfortunately!! We don‟t live in an ideal
                 world, so levels two, three and four bring in
                 a host of other factors that often intervene.
            • Socio-political factors, such as action by pressure groups can be
    • From a pure SCM perspective risk at this level is the downside
            identified by routine „horizon scanning‟ using specialist or
    financial consequences of a specific event. The loss of a sole
            general media sources, allowing measures to be put in place to
      • Focuses on what is the most obvious danger here.
    supplier or customeris being carried- work and information
            mitigate the impact.
            • The creeping crises within to between
      flows- and process designreferredandearlier in this chapter could all
      organizations. as level four disruptions, but it would be wrong to
            be regarded
        • Itthehelpful to explore the impact on operations of the loss of
             is ideal world of scientific management,
      • In regard them only as external threats to themasterychain.
                                                          supply of
        links or nodes methodologies would facilitate the
      process control in the production/distribution and infrastructure
        networks, through network modeling.
      identification, management and elimination of risk.
        • e.g. With the element of SCM and resource requirements are
        increasing, the probability that assets may be damaged, stolen or
        mislaid along the way is increasing.                                      28
Thank You for Your Attention




                               29