Before You Begin: Assign Information Classification
Download
Report
Transcript Before You Begin: Assign Information Classification
Supply Chain
Risk Management
Framework
Supply Chain Risk Leadership Council
Zurich Case Study
30 January 2008
Confidential – Do Not Forward Outside SCRLC
Confidential
1
Zurich Case Study
Types of risk are not
mutually exclusive
Types of risk
Risk Response
Control Activities
Downstream Customer
Risk Assessment
Your Company
First-tier Supplier
Event Identification
X-Tier Supplier
Risk management
components
Risk
Management
is an iterative
process
Objective Setting
Primary Customer
Internal Environment
Information & Communication
Monitoring
Confidential
Includes links (logistics and
electronic transfer of information)
between supplier, your company, and
customer
2
Manufacturer of Business Machines
Confidential
3
Background
$2.5bn business supplying high security equipment and
software solutions to the worldwide banking industry
Centralised (European) risk management and audit
Moved European manufacture out to China 3 - 4 years
ago
Initial savings of >50% achieved, now around 40%
Investment in local quality management
Initially poorly managed extended supply chain
Confidential
4
Risk Management Components I
Commercial drivers, little focus on risk management
Internal Environment
Cost, cost, cost, quality
Objective setting
Control Activities
Audit
Quality, delivery, EH&S,
insurable risks
Monitoring
Dimensions: Physical, Tier 1 (China)
Confidential
5
Risk Management Components II
Corporate (Enterprise) level, belated focus at Supply
Chain level
Event identification
Risk identification ‘deep dive’
Risk Assessment
Supply chain mapping, EHS,
CSR, QA, physical
Risk Response
Risk mitigation and transfer
Control Activities
Verification and audit, BCM
Monitoring
Supply chain metrics, risk
mitigation review
Confidential
6
Risk Assessment
‘Fundamental’ requirement to monitor and assess
EH&S and physical risks
Concern over ‘Hyper-optimisation’ in supply chain
Growing recognition of reputation vulnerability
Supply chain mapped – key product lines
Scenarios evaluated
P
SIC
HY
AL
P
CE
RO
SS
TIO
U
T IT
INS
L
NA
Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information & Communication
Monitoring
Confidential
7
Risk Response
‘Institutional’ dimension recognised
Focus on critical supplies (not just geographical)
Actions defined to mitigate reputation exposure
Risk transfer options defined
P
SIC
HY
AL
P
CE
RO
SS
TIO
U
TIT
INS
L
NA
Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information & Communication
Monitoring
Confidential
8
Control Activities
Greater focus on BCM in the supply chain
Push audit focus upstream
Extending BCM testing assurance to Tiers 1 & 2
P
SIC
HY
AL
P
CE
RO
SS
TIO
U
TIT
INS
L
NA
Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information & Communication
Monitoring
Confidential
9
Monitoring
Tighten internal monitoring
Establish metrics to evaluate overall supply chain
vulnerability
Monitor suppliers on this basis
Maintain focus on competitor activity, customer
response and regional drivers
Measure effects of risk mitigation(?)
P
SIC
HY
AL
P
CE
RO
SS
TIO
U
TIT
INS
L
NA
Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information & Communication
Monitoring
Confidential
10
Conclusions
Valuable reference / check
Iterative nature of framework
Focus on different elements at different times
Cumulative value
Confidential
11