Transcript Stanford Discussion

The Secure Value Chain
Stanford Global Supply Chain Management Forum
Risk Management Roundtable
November 14, 2006
Agenda
Agenda
• Today’s Environment – The Risk of Disruption
• Findings from a Deloitte Study – The Need for Change
• Key Takeaways
• Questions and Answers
2
Today’s Environment
Companies are facing increasing pressure to assure the integrity of their
downstream supply chain from the point of finished goods production
through the point of use, threats to integrity include:
• Present day and emerging regulatory scrutiny
• Natural Disasters (Katrina, earthquakes, etc.)
• Cartels seeking cash disruptions (counterfeiting, tainted goods)
• Global expansion and complexity
• Product environmental handling and controls
• Increasing geo-political and economic uncertainty/instability
3
Secure Value Chain Dynamics
Internal Risk Sources
Employees
Lack of Ethical
Standards
Internal Risk Influencers
Lack of
Adherence
Organizational
Culture
Behavioral
Incentives
Shareholder
Demand Generators
Product
Concept &
Strategic
Planning
Sales
Support Groups
Legal
Human
Resources
Regulatory
Finance
Other
External Risk Sources
Natural
Environment
Geopolitical
Environment
Competitive
Environment
Black Market
Environment
Marketing
Supply Chain Management
Sourcing Manufacturing Warehousing
Inventory
Control
Transportation
Customer
External Influencers
Government
Institutions &
Regulators
Commodities
Markets
Labor Unions
Consumer
Advocacy
Groups
4
Uncertainty is a Global Issue
A “sphere of uncertainty” will exist in the world over the next fifteen
years.
Legend
Key political hotspots
Israel/Palestine; Taiwan Straights; Indonesia; Korea
Central Asia, Iraq, India/Pakistan, Basque/Spain
Key water hotspots
Jordan River Basin, Turkey, Egypt, Aral Basin, Middle
East scarcity
Key transit cutoff
points
Turkish Straits/Pipeline,
Russia Pipeline,
Panama and Suez
Canals, Straights of
Hormuz and Malacca
Key oil hotspots
Middle East, North Africa, Caucus/Caspian States,
Indonesia, Alaska pipeline
Key demographic
hotspots Middle East,
North Africa, South Asia
Natural disasters and
Pandemics
Katrina, Tsunami,Avian
Flu
Unpredicted
disruption of services
US-Widespread power
outage in Northeast
5
A Need for Change
While businesses are held more accountable in a riskier and more
complex environment, efforts to manage operational risks have not
adapted.
Project Torpedo Objective*
• To identify the impact on brand value from supply chain disruptions
Key Project Findings
• Constrained ability to manage complex events
• Even a minor operational glitch can lead to a major impact on brand &
shareholder value
• Companies are not addressing the potential for combined risks
• Current “point solutions” are not sufficient
* An internal Deloitte study
6
Constrained Ability to Manage Complex Events
The relentless pursuit of efficiency has begun to constrain companies’
ability to adequately manage risks in today’s complex environment.
Current Operational Strategies
•
•
•
•
•
•
•
•
•
Sole Sourcing
Lean Manufacturing
Just-in-time
Six Sigma
Consolidation
Network Optimization
Off-shoring
Alliances
…
Constraints on Response
• Fewer sources and suppliers
• Less safety stock
• Less flexibility for adaptation
• Lower response time
• Greater reliance on certain
assets
• Wider distance between
associates
• Less control over processes
7
Even a minor operational glitch can lead to a major
impact on brand & shareholder value
When disruptions do occur, they can have a devastating impact on the
brand and shareholder value of an organization.
Key Insights
• 25 percent average drop in
shareholder value
• Drop in value due in part to revenue
loss and diminished expectations
• SOX 409 requires reporting of an
event’s threat to value within three
days of event
Source: Singhal, V. “Quantifying the Impact of Supply Chain Glitches on
Shareholder Value.” Georgia Institute of Technology, 2003
8
Companies are not addressing the potential for
combined risks
Organizations often fail to first recognize the potential for multiple risks to
materialize simultaneously, and then to plan for potential amplified
consequences.
Multiple Events
Consequence
Consequence
Singular Event
Vulnerability
This chart* depicts a traditional risk
analysis that looks at multiple risks
individually.
* For illustrative purposes only.
Vulnerability
This chart* depicts a more sophisticated
analysis that looks at how certain risks
interact to form new, more potent risks
with much greater consequences.
9
Current “point solutions” are not sufficient
Holistic solutions are required as point solutions – those that do not
address issues across the value chain – are no longer effective.
Comparative Revenue Growth of Competitors: 1995 - 2003
70.0%
60.0%
50.0%
Company
A
40.0%
30.0%
20.0%
Company
B
10.0%
0.0%
•-10.0%
Source: Sheffi, Y. “The Resilient Enterprise.” MIT Press, 2005
2003
2002
2001
2000
1999
1998
1997
1996
•-30.0%
1995
•-20.0%
10
What Value is at Risk?
Successful strategies effectively link specific threats and improvement
actions to shareholder value and their potential impacts on a company’s
brand.
Review segregation and release control procedures for finished goods
Deloitte’s Enterprise Value Map for
Shareholder Value
Secure Value Chain
in Life Science Companies
(Protecting value through secure Value Chain)
Security concerns pose threats to employees, customers,
communities, and the enterprise itself.. Management
responses to security risk issues exist within the same
framework of Value creation as all activity within a business
enterprise. The decisions regarding investments to be made
or actions to be taken to protect the Value Chain are
circumscribed by the same questions of optimization,
tradeoffs, real options, and competing priorities, regulatory
compliance, and ethical responsibility as all business
decisions.
Here are two simple ways to use the map:
§
§
The Enterprise Value Map for Secure Value Chain provides
a map of the Value Landscape in which these decisions are
made and is a simple, but powerful tool. This map will help
you to:
§
§
§
Start at the top. Working your way down, at each
step ask yourself, What are the threats I am dealing with
and what are my vulnerabilities? How will we improve this?
This will help ensure that your tactics support your
objectives.
Start at the bottom. Working your way up, at each
step ask yourself, Why are we doing this? This will
help ensure that every tactic leads to securing your
enterprise, its people, customers, and the value in
our organization.
Operating Margin
Revenue Growth
View security risk in the context of Enterprise Value,
Make sure your actions align against the risks you face,
Provide a view of options, trade-offs and potential
synergies associated with securing your company’s
Value Chain.
Volume
How Value Is Created
Asset Efficiency
(After Taxes)
Selling, General &
Administrative
(SG&A)
Price Realization
Cost of Goods Sold
(COGS)
Income Taxes
Property, Plant &
Equipment
(PP&E)
Expectations
Receivables
& Payables
Inventory
Company Strengths
External Factors
(Value Drivers)
Retain and Grow Current
Customers
Acquire New Customers
Leverage IncomeGenerating Assets
Strengthen Pricing
Improve
Improve
Improve
Improve
Customer Interaction
Efficiency
Corporate/Shared Services
Development & Production
Efficiency
Efficiency
Improve
Improve
Improve
Improve
Income Tax
PP&E
Inventory
Receivables & Payables
Efficiency
Efficiency
Efficiency
Efficiency
Management & Governance
Effectiveness
Improve
Logistics & Service
Provision
Efficiency
Improve
Execution Capabilities
What You Can Do
(Improvement Levers: Business Processes,
Assets, and Organizational Capabilities)
Product &
Service
Innovation
Marketing &
Sales
Account
Management
Cross-Sell/
Up-Sell
Demand &
Supply
Management
Cash/Asset
Management
Retention
Price
Optimization
Marketing &
Advertising
Customer
Service &
Support
Sales
Order
Fulfillment &
Billing
IT, Telecom &
Networking
Real Estate
Human
Resources
Procurement
(Excluding Production
Materials &
Merchandise)
Business
Management
Financial
Management
Product
Development
Logistics &
Distribution
Materials
Production
Create rapid response
units
Assemble regulatory
and legislative profiles
on problem countries
Service
Delivery
Merchandising
Income Tax
Management
Real Estate &
Infrastructure
Equipment &
Systems
Accounts,
Notes &
Interest
Receivable
Work in
Process &
Raw Materials
Finished
Goods
Accounts,
Notes &
Interest
Payable
Governance
Business
Planning
Business
Performance
Management
Program
Delivery
Operational
Excellence
Partnership &
Collaboration
Relationship
Strength
Agility &
Flexibility
Strategic
Assets
Secure Value Chain Imperatives
Diversion and Illicit Trade
Counterfeiting, Trade
Marking, and Reimportation
Increase focus on
developing and
protecting product
integrity measures
Implement pricing
strategy for certified
products
Qualify, quantify and
target loss reductions
in key geographic
regions
Rationalize pricing
strategy across
geographies to
eliminate incentives
for overseas business
units to stuff channels
Set loss values to be
used in court
proceedings and
press releases
Utilize data on illicit
trade to improve
accuracy of charge
backs
Enhance Market
Intelligence gathering
and analysis
Intentional Events,
Natural Disasters and
Accidental Disruptions
CAPABILITY DIMENSIONS
Update requirements
for licensure
Improve methods and
tools for managing
demand/supply
performance in
response to a natural
disaster
Improve brand by
assisting with disaster
response and relief
Design and test
simulated scenarios
Develop industry
standards around
“secure supply chain”
Implement auxiliary
systems for continuity
of business
operations
Conduct Background
investigations on
employees and
business partners
Implement a
“resiliency-aligned”
pricing strategy
Improve licensing
practices
Expand patent and
trademark
registrations
Increase focus on
asset and illegal
proceed tracing from
identified
counterfeiters
Design bonded
evidence storage
facilities
Assess how security
vulnerabilities can
contribute to
additional revenue
loss
Conduct Background
investigations on
employees and
business partners
Improve protection of
patents in key
countries
Create zero-tolerance
policy internally for IP
theft
Implement initiatives
to uncover potential
areas of opportunity
for revenue growth
Improve methods and
tools for managing
demand/supply
performance in
response to an act of
terrorism
Develop a “security
optimized” pricing
strategy
Establish mechanism
to collect and track
restitution payments &
fines from infringers
Create opportunities
to resource share with
other brand owners
Create a cease and
desist civil program
Increase emphasis on
capture of counterfeit
trending data
Develop a trademark
manual and product
guide for external
enforcement officers
Develop a secured
centralized system to
manage product data
Update all contractual
arrangements to
reflect current
business, and illicit
trade issues
Implement RFID
technology to prevent
counterfeiting
Prepare to extend
illicit trade
tracking ,
prevention, and
mitigation
practices to
acquisitions
Acquire key supply
chain partners
Operations
(Innovation and Design, Supply Chain Management, Production
Operations and Logistics)
Human Capital Strategy
(The People dimension of security – Hiring, training, staffing,
communication, coaching and mentoring of management and
employees, )
Supply Chain
Resiliency
Increase emphasis on
supply chain
management
Implement redundant
data center/
operations across
global geo location
Implement CRM
system to manage
customer and pricing
strategies
Improve financial risk
management
processes
Conduct Background
investigations on
employees and
business partners
Prepare to extend
evaluation,
emergency and
contingency practices
to acquisitions
Integrate resiliency
initiatives with
compliance efforts
Acquire companies in
targeted geographies
Implement a “riskaligned” pricing
strategy
Establish thresholds
for actions and
escalation
Establish an
evidence-handling
protocol
Expand team
participation with US,
WHO, etc.
Conduct enhanced
due-diligence on 3rd
party vendors
Assess how security
vulnerabilities can
contribute to higher
material costs
Reduce access to
product in transit
Improve collaboration
with partners and
customers
Deploy investigative
teams
Implement initiatives
to uncover potential
ways to leverage
Secure Value Chain
Investments to
decrease SG&A
expense
Improve financial risk
management
processes
Implement initiatives
to uncover potential
areas of opportunity
for revenue growth
Create an
investigative manual
for internal
investigators and
stakeholders
Conduct Background
investigations on
employees and
business partners
Improve sales &
Marketing data
backup and recovery
process
Implement tracking
technologies that can
improve demand
conditioning
strategies
Implement a
“resiliency-aligned”
pricing strategy
Appoint
representatives to sit
on trade associations,
councils and
committees involved
in anti-counterfeiting
Assess how security
vulnerabilities can
contribute to higher
operating costs
Redouble filing of
IPRs and “white
books” with applicable
authorities
Deploy investigative
teams
Partner with the
Public Sector and
industry groups
Business Strategy and Governance
(Alignment of strategy planning and investment to mitigate
security threats. Having the right institutional functions to
manage security resources efficiently)
Rationalize and/or
refocus product
portfolio
Qualify and monitor
political and
geopolitical threats
that could operations
Create
Communication and
training around what
to do in specific
scenarios
Integrate security
initiatives with
compliance efforts
Qualify monitor
potential health
related threats that
could affect
operations
Create the centers of
responsibility for
disrupting events and
build responsibility
into specific job roles
Design and test
simulated scenarios
and related
contingencies
Create an initiative to
make preparedness
part of the
organization’s culture
Focus efforts on
Have active data
higher value vendor backup and off-site
relationships
storage programs
Institutes an active Conduct Background
system monitoring
investigations on
program
employees and
business partners
Enact Pro-active virus
programs
Develop integrated
systems to perform
employee & partner
background checks
against government &
other agencies
databases
Establish thresholds
for actions and
escalation
Assess how security
vulnerabilities can
contribute to
additional revenue
loss
Design and test
simulated scenarios
and contingency
plans
Create rapid response
units
Develop contingency
plans for disruption or
compromise of water
Conduct Background sources
investigations on
Develop contingency
employees and
plans for disruption
business partners
due to war or other
geopolitical
Profile threats to
disruptions
water resources
Improve information/
transactions
exchange system with
business partners
Qualify monitor
potential health
related threats that
could affect specific
operations
Conduct Background
investigations on
employees and
business partners
Qualify and monitor
political and
geopolitical threats
that could affect
sourcing, production,
distribution
Create
Communication and
training around what
to do in specific
scenarios
Understand and map
production capabilities
and vulnerabilities
Develop the capacity Create
Create the centers of Structure organization
and organizational
for efficient ‘Green’ or Communication and responsibility for
roles for redundancy
‘sustainable’
training around what disrupting events
and for flexibility and
Manufacturing and
to do in specific
resiliency
packaging
scenarios
Perform sensitivity
Include a substantial Develop and implement analyses to quantify
IT review component Training programs in
the level of supply
in partner reviews
protocols and
chain resiliency in
(quality partnerships). proceeduresacross the connection with
organization
financial measures
Expand security
review program
Tighten shipping
routes
Map relationships with
business partners
Phase in new security
technologies for most
frequently
counterfeited products
Prepare to extend
illicit trade
tracking ,
prevention, and
mitigation
practices to
acquisitions
Increase emphasis on
placement of
taggants, DNS
markets or similar
chemical tracers
Create the centers of
responsibility for
disrupting events and
build responsibility
into specific job roles
Determine the
location of R&D
records, and
implement offsite
back up
Include tax
advantages analysis
in security
assessment
Create an initiative to
make preparedness
part of the
organization’s culture
Prepare to extend
evaluation,
emergency and
contingency practices
to acquisitions
Include tax
advantages analysis
in resiliency
assessment
Increase emphasis on
design for
manufacturability and
service
Implement security
solutions with positive
long-term ROI
Establish
Develop secure
communication links networks to improve
with local & national
collaboration with
media to receive real- business partners
time information
Incorporate tax
considerations into
resilient supply chain
redesign
Identify 3rd party
venue security gaps
Create formal anticounterfeiting
enforcement group
Conduct Background
investigations on
employees and
business partners
Adapt labeling on
active ingredients,
bulk chemicals and
drug packages to
reflect tamper-evident
security features
Create control
measures at
wholesale level
Ensure all products
have tamper-evident
packaging at
manufacturing level
Perform audits of
wholesalers and
vendors
Incorporate two types
of validated anticounterfeiting
technology into all
packaging
Create and deploy
unique security
devices
Develop low inventory
business models
Reduce knowledge &
visibility of one of the
two anti counterfeiting
technologies on
packaging
Develop a data
warehouse and data
management system
Estimate potential
revenue loss from
disruption to that
business process
Implement diagnostic Rationalize production
initiatives to uncover facilities
existing inefficiencies Divest obsolete
materials
Implement business
Design and test
continuity
simulated scenarios
management
Create rapid response
Develop in
units
conjunction with
warehousing unit
Ensure adequate
plans for palleting Conduct Background
supplies and
critical survival and investigations on
stockpiling of key
emergency supply employees and
provisions to ensure packs for ready
business partners
viability and continuity distribution
Implement initiative to
uncover existing
inefficiencies
Improve product
innovation processes
Optimize packaging
on dosage-form drugs
for unit-of-use
Focus on creation and
the tracking of
pedigrees from
inception to consumer
Broaden coordination
with investigating
agencies
Increase focus on
strategic assets
Design and test
simulated scenarios
Create
Analyze safety stops
Communication and and expiration date
training around what metrics
to do in specific
scenarios
Create an initiative to Create the centers of
make preparedness responsibility for
disrupting events and
part of the
organization’s culture build responsibility
into specific job roles
Optimize insurance
Prepare to extend
coverage of fixed
evaluation,
assets and
emergency and
inventories
contingency practices
to acquisitions
Rationalize production
facilities
Develop and utilize
unique production
resources
Leverage data on
illicit trade from
suppliers for better
contract terms and
contract enforcement
Map and quantify
revenues related to
each type of
intellectual property
Increase use of
flexible production
equipment
Increase emphasis on
use of common
components
Correlate each type of
intellectual property to
an significant biz
process
Focus on track &
trace program
Partner with the
Partner with the
Public Sector and
Public Sector to jointly industry groups to
develop guidance and jointly develop
policies
response plans
Improve logistics/
distribution efficiency
Develop contingency
plans for disruption
due to war or other
geopolitical
disruptions
Prepare to extend
evaluation and supply
chain continuity
practices to
acquisitions
Integrate RFID
technology with
optimization software
Reduce number of
gates in the supply
chain
Increase focus on
dynamic responses to
counterfeit methods
Develop standard
metrics to assure
supply chain integrity
Create a hotline for
public to report
information on
counterfeits
Enhance traceability
of products across the
Supply Chain
Integrate resiliency
initiatives with
compliance efforts
Refine vendor/
supplier strategies to
enhance robustness
and resiliency
Improve use of
national/global
purchasing power
Implement initiative to Improve ability to
uncover potential
utilize offshore cash/
ways to increase
assets and move
operating margin
between geographies
Institute background
checks on distributors
Rationalize and/or
refocus product
portfolio
Improve design/
structure of
distribution networks
Prepare to extend
evaluation,
emergency and
contingency practices
to acquisitions
Appoint
representatives to sit
on trade associations,
councils and
committees involved
in anti-counterfeiting
Create security teams
for each entity
Establish back up
data centers
Create redundant
networks, dual LANs,
WANs
Implement RFID to
track material within
the supply chain
Leverage the
standard metrics
which assure supply
chain integrity to
improve forecasting
and protect Brand
Integrity
Create specialized
response units
Increase focus on
business continuity
planning
Discount financial
forecasts for disaster
risk
Partner with the
Public Sector and
industry groups to
jointly develop
response plans and
policies
Designate a Chief
Logistics Officer
Implement CIRC
(Critical Incident
Response Command)
decision tree and
hierarchy policy
Create intelligence
units for pre-event
and on-the-ground
information feeds
during events
Improve intelligence
collection from
internal and external
sources
Create greater
awareness programs
Institute comprehensive
monitoring of suppliers
Create a capability
and capacity for
incidence
investigation and
response
Converge members of
legal, BU’s and
supply-chain into one
team
Expand ties with trade
associations and
colleague companies
Create reward
programs for tips
Expand relationships
with customs agents
globally
Retain counsel in key
regions and countries
Prepare to extend
secure value chain
practices to
acquisitions
Optimize
authentication of
packaging
Optimize package
disposal protocol
Identify and partner
with other companies
in regions of operation
for sharing of joint
resources
Improve assignment
of accountability and
authority
Re-evaluate current
policies against
known recent
disasters to determine
weaknesses or
effectiveness
Improve management Improve identification Discount financial
of vendors/service
of stakeholder groups forecasts for supply
providers
and establishment of chain disruption
priorities
Set resiliency and
Conduct routine
contingency planning Map and profile key audits of the security
requirements
center
stakeholder, both
Create a stakeholder internal and external,
management strategy and how they need to
around supply chain be engaged for supply
chain resiliency
resiliency
Improve monitoring
and management of
risk and compliance
Prepare a terrorism
response and crisis
management plan
Maintain flow of
current employee
information and
movements to thirdparty response
groups
Coordinate scenario
design and testing
across business
functions and silos
Create multiEnhance relationships departmental
with governmental
leadership team
agencies, local law
(security, business
enforcement and
intelligence, legal,
NGO aid
logistics, etc)
organizations
Balance risk reduction Discount financial
and resiliency
forecasts for
improvements with
geopolitical and
other organizational
environmental risks
demands
Prepare to extend
Meet with supply
evaluation and supply
chain partners and
chain continuity
evaluate the health of practices to
the relationship
acquisitions
Implement a terrorism
risk management
solution and strategy
Partner with the
Public Sector to
ensure effective
communications of
threats
Create competencies
and acquire talent
around organizational
agility, and flexible
response.
Create and
communicate a clear
vision and change
imperative for supply
chain resiliency
Create appropriate
connections across
organizational to enable
communication, flexible
response, mobilization of
resources
Create the centers of
responsibility for
disrupting events and
build responsibility
into specific job roles
Create an initiative to
make preparedness
part of the
organization’s culture
Acquire or cultivate
appropriate talent for
management of
response capacity
Evaluate the impact
of global changing
weather patterns
on specific
geographies
Prepare to extend
evaluation,
emergency and
contingency practices
to acquisitions
Align executive and Create a center of
managers goals to
responsibility for
include resiliency and resiliency evaluation
not just efficiency
and strategy
goals
Create competencies
and acquire talent
around organizational
agility, and flexible
response.
Create appropriate
connections across
organizational to
enable
communication,
elevation of issue
IT Strategy and Operations
(The Systems that can be deployed to enhance security, or
survivability)
Cooperation and Alliances
(The alliances, partnerships, and cooperative work with
businesses, government or other institutions that address
security issues)
Compliance
Regulatory Compliance
and Validation
(Compliance with laws related to security)
Detection, Monitoring, Evaluation and Intelligence
(The capabilities, resources that enhance the ability to detect
threats ahead of time)
Physical Security
Capabilities and actions to take to physically secure facilities,
transportation and shipment, and packaging
Security, Privacy
and Continuity
Geographic Risk
Implement Sales
Force compliance
management and
tracking system/
process
Create visibility
programs to comply
with regulations while
also helping improve
demand chain
management
Create policies to
avoid sales activities
running afoul of FDA
off-label use
regulations aand OIG
regulations
Maintain trusted
player/entity in the
marketplace with
employees and
customers
Revisit pricing options
based on regulatory
performance
Assess how security
vulnerabilities can
contribute to
additional revenue
loss
Rationalize pricing
strategy across
geographies to
eliminate incentives
for overseas business
units to stuff channels
Empower regulatory
compliance officers to
contribute to strategic
decisions
Publicly confront
regulatory agency issues
head-on – (regulatory
transparency)
Require specific regulatory
reporting requirements
(dash boards etc) at the
BOD level
Create Chief Compliance
Officer position (promote
regulatory visibility &
significance)
Highlight regulatory
compliance performance
when competitors falter
Expand security
review program
Assemble regulatory
and legislative profiles
on problem countries
Leverage Improvements
to regulatory compliance
capabilities to aid
evaluation and
optimization of the supply
chain
Evaluate vendor/supplier
compliance when
considering when
negotiating long term
pricing deals
Due diligence and
Qualify, understand
and control for cultural background checks
on business partners
risk
Create policies to
avoid sales activities
running afoul of the
Foreign Corrupt
Practices Act
Create policies to
avoid sales activities
running afoul of the
Foreign Corrupt
Practices Act
Avoid compliance citations
leading to Product recalls,
leading to Bad public
image, Warning letters,
Corp. Integrity
Agreements
Improve sales &
Marketing data
backup and recovery
process
Conduct periodic
reviews of compliance
process efficiency
against current best
practice
Ensure compliance with
FDA off-label use
regulations
Review IT system
validation policies and
procedures
Improve regulatory
risk and compliance
management process
Develop a system to
control data access
based on user/entity
profile & tracking
system
Conduct Background
investigations on
employees
Evaluate compliance
initiatives with a focus on
reducing product failures
and product recalls
allowing for better product
price points and profit
margins
Expand security
review program
Craft communication
and trainings around
cultural or political or
other geography
specific issues
Acquire country
specific talent to
weigh in on sales
specific risks and
threats
Conduct Background
investigations on
employees
Due diligence and
background checks
on business partners
Develop relationships
with environmental
NGOs
Leverage C-TPAT
compliance to
improve process
visibility and drive
improvement
Audit sales force
practices and training
against industry and
regulatory standards
Establish privacy
security for identity in
shared service
centers
Create policies to
avoid supplier
relationships running
afoul of the Foreign
Corrupt Practices Act
Consolidate
regulatory and
risk reviews into
single audits
Review procedures
and practices for
compliance with FDA
direct to consumer
marketing guidelines
Efficiently manage Integrate security Create policies to
information risk and initiatives with
avoid supplier
compliance efforts relationships running
support the
confidentiality,
Create centers of afoul of the Foreign
availability, and
Corrupt Practices Act
responsibility for
integrity of data
security
Establish privacy
security for identity in
shared service
centers
Qualify, understand
and control for cultural
risk
Create policies to
avoid supplier
relationships running
afoul of the Foreign
Corrupt Practices Act
Craft communication
and trainings around
cultural or political or
other geography
specific issues
Audit IT systems against
internal validation policy
requirements, industry
standards and FDA Part
11 requirements
Audit critical vendors and
suppliers for compliance
with FDA, EMEA and
OSHA regualtions
Establish good business
Review HR training &
practices that require
documentation practices
compliance be evaluated
against FDA, OSHA, OIG as part of the overall
and internal requirements business model
Create communication and
training around privacy policy
for those with access to
personally identifiable data
Acquire country
specific talent to
weigh in on shared
service specific risks
and threats
Create positions of
responsibility for
privacy policy
compliance
Include compliance
evaluation thread in any
enterprise wide risk
assessment as part of an
overall financial risk
management plan
Develop system for
electronic
management of
compliance
requirements
Develop a system to
control data access
based on user/entity
profile & tracking
system
Implement security
systems to control
physical access of all
IT assets and access
to critical information
Conduct Background
investigations on
employees and
business partners
Voluntary compliance
with labor practices
Import Export
Regulatory
compliance
Develop relationships
Envirionmental
with labor &
regulatory compliance environmental NGOs
Ensure compliance
with IRB study
protocol and other
FDA clinical trial
regulations
Ensure suppliers and
contractors meet
cGxP requirements
and FDA/EMEA
Develop ‘Green’
Standards for suppliers standards
Integrate security
initiatives with
compliance efforts
Expand security
review program
Ensure marketing
materials are compliant
with approved/proposed
label claims
Develop ‘Trusted
Shipper’ Standards for
suppliers
Ensure cGMP compliance Utilize service
in all areas of R&D,
providers which are
developmental, precompliant with
clinical manufacturing
regulatory standards
Highlight regulatory
activities to insurance
providers for rate
discounts
Create policies and
procedures that
define cGxP
compliance levels and
ptactices for every
phase of product
development ad
clinical trial
Negotiate better
contracts with partners
based on regulatory
compliance
performance
Develop system to
automate validation
process
Create security teams
for each entity
Envirionmental
regulatory compliance
Conduct Background Qualify, understand
Supplement security
investigations on
and control for cultural department
employees and
risk
capabilities
business partners
Conduct background Develop relationships
Voluntary compliance checks on security
with local law
with labor practices personnel or
enforcement
providers
Review segregation and
release control procedures
for finished goods
Ensure all equipment,
processes and systems
are validated in
accordance with FDA and
internal policies
Review QA release
procedures for compliance
with cGMPs and industry
practices
Review segregation and
release control procedures
for finished goods
Craft communication Acquire country
and trainings around specific talent to
cultural or political or weigh in on sourcing
other geography
and vendor specific
specific issues
risks and threats
Avoid compliance citations
leading to, Plant shutdowns, or Consent
Decrees that negative
impact on asset
management and cash
flow
Review segregation and
release control procedures
for raw materials and WIP
goods
Improve collaboration Integrate data security
with vendors/partners and privacy
processes into the
overall enterprise risk
Expand security
management process
review program
Create centers of
Acquire or cultivate responsibility for
security talent
security
Assemble regulatory
and legislative profiles
on problem countries
Assure Environmental
regulatory compliance
for all facilities
Conduct Background Craft communication
and trainings around
investigations on
cultural or political or
employees and
other geography
business partners
specific issues
Enforce/Incorporate
security clauses in
SLA’s with vendors
Monitor performance
of security measures
Assemble regulatory
and legislative profiles
on problem countries
Enhance relations
with regulatory bodies
and Data Protection
Authorities
Create regulation
matrixes for each
country of business
Prepare to extend
Create centers of Communicate and
Develop a system to
compliance practices control data access
responsibility for provide training on
to acquisitions
based on user/entity
security
security policy
profile & tracking
Strengthen the
Acquire or cultivate Create centers of
Physical security of system
responsibility for
security talent
business continuity data systems
Institute regular
publication of
regulatory news within
the company and for
outside stakeholders
Enhance lobbying
efforts with local
representatives in
countries of business
Implement Epedigree
Optimize
Create specialized
Increase cooperation
representation for
country and product
with colleague
needs in key
companies, trade
desk teams for
countries and states regulatory intelligence associations &
stakeholders for more
and compliance.
Designate key
effective responses to
compliance officers
proposed rules
for each unit, country Ensure timely
compliance reports
Integrate compliance
and region
are produced and
process into overall
Develop relationships Develop relationships provided to corporate enterprise risk
with environmental
board
with labor NGOs
management
NGOs
Enhance public
awareness of
corporate compliance
profile
Develop prepared
responses for
regulatory noncompliance incidents
Foster recognition in Expand security
Enhance relations
review program
the industry as
with regulatory bodies leading security
and Data Protection
innovator/adopter
Create a center of
Authorities
responsibility for
Privacy
Assemble regulatory
and legislative profiles
on problem countries
Qualify, understand
and control for cultural
risk
Build relationships
Employ tracking
with government
mechanisms for new
regulators, inspectors
rules proposed by
and investigators
countries where
Partner with
business is conducted Regulators to
develop regulations
or anticipated
Leverage Pedigree
Create a center of
to increase visibility
responsibility for
of products in your
regulatory
supply chain
compliance
Create centers of Acquire or cultivate
Create a center of Create strategies and
Acquire or cultivate
responsibility for policies for the
appropriate talent for responsibility for talent for enterprise
physical protecting
security
managing privacy
security management enterprise wide
continuity planning key human resources
related issues
and oversight
and oversight
Obtain Kidnapping
Hire Body guards
Conduct Background Craft communication Acquire country
insurance for
and/or provide
investigations on
and trainings around specific talent to
vulnerable personnel security for vulnerable
employees and
cultural or political or weigh in on all
personnel in high
business partners
other geography
geography specific in high threat
geographies
threat geographies
specific issues
risks and threats
Acquire or cultivate Assess and evaluate
appropriate talent areas for potential
for managing
violations of FCPA
regulatory
Avoid compliance
compliance
citations leading to
Highlight risk
Bad public image or
management
Warning letters
activities in
SEC Reporting Incorporate a
and in
senior “compliance”
communication role in your IT
to the analyst
organization
community
Prepare to extend
compliance practices
to acquisitions
Assess and evaluate Evaluate the impact
of global changing
areas for potential
weather patterns
violations of FCPA
on specific
geographies
© Deloitte Touche Tohmatsu 2006. All rights reserved. 1205
11
Key Takeaways
While managing today’s complex risks is complicated, companies can
balance supply chain performance with brand and shareholder value
•
Take a strategic, comprehensive and holistic approach
•
Make managing operational risk an executive priority
•
Play war games
•
Create a security culture
•
Get partners involved
12
The Secure Value Chain
What will you do when the lights go out?
Stanford Global Supply Chain Management Forum
Risk Management Roundtable
November 14, 2006
About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms and their respective subsidiaries and affiliates.
Deloitte Touche Tohmatsu is an organization of member firms around the world devoted to excellence in providing professional services and
advice, focused on client service through a global strategy executed locally in nearly 140 countries. With access to the deep intellectual capital
of approximately 135,000 people worldwide, Deloitte delivers services in four professional areas, audit, tax, consulting and financial advisory
services, and serves more than 80 percent of the world’s largest companies, as well as large national enterprises, public institutions, locally
important clients, and successful, fast-growing global growth companies. Services are not provided by the Deloitte Touche Tohmatsu Verein
and, for regulatory and other reasons, certain member firms do not provide services in all four professional areas.
As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other’s acts or
omissions. Each of the member firms is a separate and independent legal entity operating under the names “Deloitte”, “Deloitte & Touche”,
“Deloitte Touche Tohmatsu” or other related names.
In the United States, Deloitte & Touche USA LLP is the U.S. member firm of Deloitte Touche Tohmatsu and services are provided by the
subsidiaries of Deloitte & Touche USA LLP (Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP, Deloitte
Tax LLP, and their subsidiaries), and not by Deloitte & Touche USA LLP. The subsidiaries of the U.S. member firm are among the nation’s
leading professional services firms, providing audit, tax, consulting, and financial advisory services through nearly 40,000 people in more than
90 cities. Known as employers of choice for innovative human resources programs, they are dedicated to helping their clients and their people
excel. For more information, please visit the U.S. member firm’s Web site at www.deloitte.com
Copyright © 2006 Deloitte Development LLC. All rights reserved.
14