Transcript Supply Chain Vulnerability, Risk, Robustness and Resilience
Chapter 12
Donna 2009.5.4.
1
Some working definitions Changing times and an uncertain world The shortcomings of risk management The need for holistic approaches A simple framework for a wicked problem 2
Risk Supply chain vulnerability Robust SCM Resilience 3
In decision theory: a measure of the range of possible outcomes from a single totally rational decision and their values, in terms of upside gains and downside losses (e.g. gambling) A particular type of hazard or threat e.g. technological risk or political risk The downside only consequences of a rational decision in terms of the resulting financial losses or number of casualties 4
We should strive to identify vulnerabilities by asking questions such as: What has disrupted operations in the past? What known weaknesses do we have?
What ‘near misses’ have we experienced?
What would be the effect of a shortage of a key material? What would be the effect of the loss of our distribution site?
What would be the effect of the loss of a key supplier or customer?
5
“Strong in constitution, hardy, or vigorous” Enable a firm to manage regular fluctuations in demand efficiently under normal circumstances regardless of occurrence of a major disruption But does not in itself make a resilient supply chain 6
“The ability of a system to return to its original [or desired] state after being disturbed” The core concept of resilience is: It encourages a whole system perspective It explicitly accepts that disturbances happen It implies adaptability to changing circumstances 7
In a complex inter-organizational supply chain it would be difficult if not impossible for anyone to identify every possible hazard or point of vulnerability ‘Known’ problems are only part of the picture Known Unknowns, Knowable Unknowns and Unknowable Unknowns Y2K: The Millennium Bug Creeping Crises (e.g. Foot and Mouth disease) Post 9/11 Security Matters Corporate Scandals, Operational Risk and Business Continuity 8
Known Unknowns We know that there exist uncertainties, which we know how to solve ‘Known known’ Knowable Unknowns There are some uncertainties which we don’t know how to solve, We may choose ignore or face it Unknowable Unknowns However, there are still uncertainties that we don’t know that we don’t know 9
A ‘Known known’ example In the UK, the government encourage businesses to take the necessary measures to prevent system crashes, and engage in business continuity planning 10
As a result, nothing happened and the government was delighted, believing the planning had saved the country from disaster But the non-event left many managers skeptical as to whether the costly preventive measures had really necessary?
11
Y2K is one of the intractable problems about proactive measures to improve organizational and supply chain resilience If successful, mean nothing happens, but leads to questions of value or cost/benefits justification It is very difficult to make a business case for proactive ‘just in case’ measures to improve resilience 12
The outbreak of foot and mouth disease(FMD) in British livestock herds in February 2001 resulted in damage to whole sectors of economy FMD was a known threat to livestock, albeit one that had not been seen in UK for a generation The impact is engaged in production and distribution of food 13
But FMD also affected car manufacturers and fashion houses across Europe because of the shortage of high-quality leather All ‘knowable unknowns’ events could be the example of ‘creeping crises’ Creeping crises show the fact that supply chains are more than value-adding mechanisms underlying competitive business models Supply chains link organizations, industries and economies, they are part of the fabric of society 14
The events of 9/11 were so far out of risk managers’ field of reference, that they can be classed as “unknowable unknowns” The closure of US borders and the grounding of transatlantic flights dislocated international supply chains making supply chain vulnerability front page new 15
Post 9/11, new security measures were hurriedly introduced at US border posts, ports and airports, affecting inbound freight to USA, including: Container Security Initiative (CSI) CSI looked to new technology to pre-screen ‘high risk’ containers before they arrived at US ports Customs-Trade Partnership (C-TPAT) C-TPAT is a ‘known shipper’ programme, which allows cargoes from companies certified by US Customs to clear customs quickly 16
In the world of corporate risk management events(e.g. 9/11) were unfolding that would push ‘operational risk’ to the top of the corporate agenda The Enron Corporation collapsed in late 2001 Once held up as a model of best practice corporate risk management Another three companies quickly followed 17
New regulation, Sarbanes-Oxley Act(SOX) is noteworthy (Ch10) SOX requires full disclosure of all potential risks to corporate well-being within the business Board members have become more interested in identifying ‘knowable unknowns’ and have turned to risk management and to Business Continuity Management(BCM) 18
Rooted in IT disaster recovery, but its remit has expanded greatly Helps to prove that management have acted with ‘due diligence’ Start with the preparation of a Business Continuity Plan Best practice: An on-going programme of training, rehearsals and reviews of the initial plans to cope with various eventualities Careful consideration to the management of an after the-event recovery phase 19
Decision Theory and Managerial Tendencies Objective Risk and Perceived Risk 20
Concerned paid little attention to uncertainty surrounding positive outcomes, viewing risk in terms of dangers or hazards with potentially negative outcomes Managers focus on the possible losses associated with plausible outcomes Decisions involving risk are heavily influenced by their impact on the manager’s own performance targets 21
In comfortable circumstances managers are likely to be risk-averse, but when staring failure in the face, researchers show that this tendency reverses and they become risk-pron There is unlikely to be a single unified attitude to risk taking within a large organization 22
A view of risk set out by the engineers and physicists of The Royal Society: ‘Objective risk’: determined by experts applying quantitative scientific means ‘Perceived risk’: the imprecise and unreliable perceptions of general public ‘Detriment’: the numerical measure of harm or loss associated with an adverse event 23
Social scientists contend that, where people were involved, objective and perceived risk become inseparable Risk is not a discrete or objective phenomenon Risk is an interactive culturally determined one Risk is inherently resistant to objective measurement 24
Engineering-derived ‘objective’ views lead to a business process engineering and control perspective Open interactive societal systems views offer a persuasive argument for perceived risk The global supply chain view illustrates that culturally determined perceptions of risk could vary greatly from one region to another Hence the forces of nature can demonstrate just how far removed from a controlled environment this all might be 25
SCM is integrative and interdisciplinary Logistics is just one of several established sub-disciplines Supply chain risk management can be expected to display all the characteristics of a ‘wicked problem’ 26
Wicked Problems Societal problems are inherently different from the problems that scientists and some engineers tackle Involve multiple stakeholders Any solution, after being implemented, will generate waves of consequences Should be considered within ‘valuative’ frameworks 27
A supply chain as an interactive system Unfortunately!! We don’t live in an ideal world, so levels two, three and four bring in • • a host of other factors that often intervene.
Socio-political factors, such as action by pressure groups can be From a pure SCM perspective risk at this level is the downside financial consequences of a specific event. The loss of a sole • general media sources, allowing measures to be put in place to mitigate the impact.
• • be regarded as level four disruptions, but it would be wrong to It is helpful to explore the impact on operations of the loss of regard them only as external threats to the supply chain.
process control methodologies would facilitate the identification, management and elimination of risk.
• e.g. With the element of SCM and resource requirements are increasing, the probability that assets may be damaged, stolen or mislaid along the way is increasing.
28
Thank You for Your Attention 29