From Uncertainty to a Risk
Managing risks in your organisation’s supply chains is an investment in responding to future events. The greatest risk is that an organisation remains in a reactive mode to events and only responds when it could be too late.
Uncertainty in an organisation’s Supply Network is enhanced due to factors that interact and amplify each other: non-linear operations (with many ‘ifs and thens’); emergent and cumulative outcomes to events and the three elements of:
- Complexity: built into processes, both internal (often management directed) and external. External complexity is influenced by:
- Breadth: number of direct Tier 1 suppliers in the supply base
- Depth: number of supplier Tiers in each supply chain
- Geography: global spread of customers and suppliers
- Variability: in the patterns of demand and supply through supply chains at locations and at individual pieces of equipment
- Constraints: restrictions and interruptions in the flows of items, money, transactions and information moving through an organisation’s supply chains
Criticality (or strategic value) to the buying organisation of an item or supplier is measured by the impact of risks. Annual spend on an item or with a supplier does not equate to risks, so should not be used.
For an Uncertainty to become a calculated risk requires the Supply Chains Risk Management (SCRM) approach, which has two elements:
- Risk Classification and Category process for an Uncertainty to become a calculated risk
- Supply Chains Network Design map to hold the risk data
- Total Cost of Ownership (TCO) for critical inputs to the business
- Risk Analysis
- Scenario Planning, incorporating:
- Decision Tree analysis and
- Discounted cash flow (DCF)
Uncertainties classified as Supply Chain Risks
The diagram provides a model for an Uncertainty within supply chains to become calculated risk within a risk evaluation process.
To commence the process, an Uncertainty is classified under one of four Risk headings:
Supply Chains Network risks for inbound and outbound supply chains:
Additional risks in supply chains to be considered are:
- Contingent risks: events within a supplier (including LSP) that could affect a supply chain e.g. fire at a raw material supplier or cargo theft from a 3PL. Increasing risks associated with the concentration of assets, such as Hub Ports and Logistics Hubs and these should be identified and analysed. Specific industry risks, such as a licence to operate issued by a country
- Power and Dependency risks: customers and suppliers that exert power (through ownership, control or influence) over a supply chain Node or Link. Also organisations that are dependent on a supply chain and therefore have increased risks
- Outsourcing and offshoring risks: transparency, response times, security and intellectual property
- Cyber-attack risks: at your organisation, customers and suppliers that can affect communication, data integrity and operations within your Supply Chains Network
There are also the risks built into complex adaptable systems, such as a Supply Chains Network.
- Emergent risks: developments in an industry or company that changes demand and supply in other industry sectors, which supply items into your supply chains
- Interdependent risks: events through other supply chains that could affect your organisation, due to the inter-connections between industries. That is, how events (such as the shortage of a raw material) in one industry (or company) affect demand and supply factors in other industry sectors that are suppliers at Tiers 2, 3 or 4 to your business.
External Risks to the Supply Chains Network: Global Supply Chains are inherently geopolitical in nature. Identify risks under the PESTEL heading:
- (Geo) Political: Geopolitics is the study of nation states and their external and internal dynamics. It uses geography to understand the constraints and imperatives in which a nation state and its parts exist. It views the following elements as different dimensions of national behaviour, but integrated within a single system
- Economic: brand and business value; profitable revenue; cost of doing business. Can be affected by international and domestic government economic policies and actions (geopolitics)
- Social: changing demographics among consumers. The origin of products and ingredients (‘clean and green’). Labour conditions in supply chains. Perceptions about the role of employment
- Technological: select and implement IT and telecommunication technologies; potential of disruptive technologies
- Environmental: climate change regulations; carbon emissions standards; the potential of moving towards a ‘circular economy’ for items; availability and price of utilities (water, electricity and gas); renewable energy expectations; use of eco-friendly packaging
- Legal: International and country-based laws and International trade agreements
Internal enterprise risks: uncertainties associated with an organisation’s business model, business plan and the structure and execution of the Supply Chains Network strategy.
Internal supply chain risks: achieving consistent outcomes in the planning and sourcing of materials and resources and deliveries of products or services:
- Risks within Procurement
- Risks within Operations Planning
- Risks within Logistics, including OH&S risks
From Risk Classification to Risk Category
As shown in Diagram 1, between the categories of Certainty and Ignorance are three additional categories of risk:
- Known risks: Supply chain events, such as late deliveries and changes in material costs. Events at risk are those that are outside the limit lines of control charts, used to measure variability in supply chains.
- Known – unknown risks: probability of an occurrence for an event is known from past experience; the likely consequences are not known. An example is the risk of an ocean shipment being delayed due to inbound customs intervention. The probability of this occurring by country and port can be identified from records of previous shipments and custom broker knowledge. However, the consequences (delays, additional payments, rejection) are unknown, requiring actions to reduce the impact.
- Unknown – unknown risks: The probability of occurrence and the possible consequences of an event cannot be foreseen, even by experienced supply chain professionals. To better allocate Unknown-unknown risks, they are viewed within two sub-categories:
- Unknown but knowable unknown risks (also called ‘knowable unknowns’): the likelihood and consequences of events can be known if sufficient time and resources are allowed. Even if an event has a very low probability of occurring and a very high impact if it does occur, it is a known risk, which can be addressed through the risk management process.
- Unknown and unknowable unknowns: events that are not discovered until they happen. These are called Black Swan events and cannot be addressed using risk management planning and mitigation techniques
Unknown – unknown risks are recognised as ‘force majeure’ in trade – a French term meaning ‘greater force’ and used in supply contracts. This enables one or both parties to be freed from liability or obligation when an extraordinary event occurs that is beyond the control of the parties and which stops the contract being fulfilled. It is not intended to protect either party to the contract from negligence.
When the Classification and Category process is completed, the data can be entered to the organisation’s Supply Chains Network Design map. This enables a risk-based approach to understanding Vulnerability and the Resilience required through an organisation’s supply chains.
The many events over the past two years that has affected or influenced supply chains throughout the world, illustrate that Supply Chains Risk Management is now an essential role for professionals working within the Supply Chains group of your organisation.