Category Archives: Risk Management

The World Economic Forum’s Global Risks 2007 – Part III

Expert opinion suggests that levels of risk are rising in almost all of the 23 risks on which the Global Risk Network has been focussed over the last year – but mechanisms in place to manage and mitigate risk at the level of businesses, governments, and global governance are inadequate.
Global Risks 2007, World Economic Forum

In Part I we covered the 23 ore global risks of an economic, environmental, geopolitical, societal, and technological nature identified by the World Economic Forum and in Part II we covered the “5 Pathways” to mitigation identified by the report: improving insight, enhancing information flow, refocusing incentives, improving investments, and implementation through institutions. Part II also introduced to potential institutional innovations for managing global risks: chief risk officer and a “coalition of the willing”. Today we’re going to discuss some potential mitigations to each of the risks that you can consider in your planning efforts.

Economic

  • Oil price shock / Energy supply interruptionsConsider using price hedging strategies and cutting long-term supply agreements from preferred suppliers.
  • US current account deficit / fall in US$ Don’t just look at cost when making outsourcing and low-cost country sourcing decisions – look at total value. That way, if the dollar drops and your supply increases in cost, relatively speaking, it could still retain its value.
  • Chinese economic hard landingDon’t over rely on Chinese suppliers who could be hit hard by a Chinese financial crisis. Be sure to mitigate risk with secondary suppliers in other countries as well.
  • Fiscal crisis caused by demographic shiftClosely monitor your financial situation in the G8 countries, especially with regards to debt financing as well as the financial situation of key suppliers in these countries.

Environmental

  • Loss of freshwater servicesDon’t start or expand your freshwater bottling business.
  • Natural catastrophe: Tropical stormsBe sure to insure all of your ocean freight and to maintain safety stock of key commodities on each continent.
  • Natural catastrophe: Inland floodingDo not build new production plants in areas at risk of inland flooding and be sure not to single-source key commodities or materials from such areas.
  • Natural catastrophe: EarthquakesDo not build new production plants near fault lines and be sure not to single-source key commodities or materials from such areas.

Geopolitical

  • International terrorismBe sure to have a business continuity plan ready to go in each of your locations in the event of a terrorist attack on or near your premises.
  • Interstate and civil warsBe sure to keep an eye on the political situation of each unstable country you are involved with and have a plan in place to move operations to a more stable country should a war break out.
  • Failed and failing statesDo not set up operations in any country that is failing. Furthermore, if such a country is the sole source of a raw material you require, find a back-up source. If you cannot find a back-up source, put on your innovation hat and try to find a product design that can use an alternate raw material.
  • Transnational crime and corruptionIdentify facilities that store critical information or materials and take appropriate actions to step up security. Furthermore, make sure you have a response management plan in place in the event of a crime in order to expedite matters with the local authorities and get you back in operation as soon as possible.
  • Retrenchment from globalizationBe prepared for the slowdowns in trade that this could bring by having appropriate safety stock of critical commodities and raw materials in the relevant countries and have back-up local sources of supply identified just in case.

Societal

  • PandemicsUnderstand your critical operations and insure a sufficient number of personnel understand each critical function and have plans in place to continue operations with at most half of your work force for short periods of time should a pandemic or new flu strain hit your area.
  • Infectious diseases in the developing worldUnderstand that your suppliers in these parts of the world could be severely crippled through the rapid, unpredictable, spread of infectious diseases through their workforce and be sure to have geographically dispersed sources of supply for all key commodities and raw materials.
  • Chronic diseases in the developed worldUnderstand the effects these could have on your workforce and put appropriate mitigation plans in place.
  • Liability regimesUndertake a careful cost-benefit analysis before selecting or avoiding a liability regime.

Technological

  • Breakdown of critical information infrastructure (CI) If your T1 line gets cut, your internet goes down, and so does all of your connectivity and on-demand applications. Make sure you have different wired and wireless connectivity services available, back up key data on site, and either run critical applications locally or use fat clients that do not require 24/7 connectivity to the on-demand service.

This is not meant to be an exhaustive list of risks, or possible mitigations, just some starting suggestions for your considerations to kick-start the process and your risk mitigation planning.

The World Economic Forum’s Global Risks 2007 – Part II

Expert opinion suggests that levels of risk are rising in almost all of the 23 risks on which the Global Risk Network has been focussed over the last year – but mechanisms in place to manage and mitigate risk at the level of businesses, governments, and global governance are inadequate.
Global Risks 2007, World Economic Forum

In addition to identifying 23 core global risks of an economic, environmental, geopolitical, societal, and technological nature that no global organization can afford to ignore in its risk planning and risk mitigation efforts, this report also offered the “5 Pathways” to mitigation.

  • Improving InsightMove risks from the unknown to known through research.
  • Enhancing Information FlowAllow information to flow effectively between decision-makers and those experiencing the risk first hand to provide early warning, inform the public, and exchange best practice.
  • Refocus IncentivesCreate incentive frameworks that allow decisions to be made to reduce risks.
  • Improve InvestmentProvide the investments necessary to mitigate risks.
  • Implement Through InstitutionsImprove the framework needed to mitigate risks for which an institutional response is required.

The report also pointed out which risks are reduced by each of these mitigations.

Mitigation
Risk Insight Information Incentives Investment Institutions
Oil Price Shock / Energy Supply Interruption   X   X   X
US Account Deficit   X   X
Chinese Economic Hard Landing   X   X
Fiscal Crisis Due To Demographic Shift   X   X
Excessive Indebtedness   X   X
Climate Change   X   X   X
Loss of Freshwater Services   X   X   X
Tropical Storms   X   X   X
Earthquakes   X   X   X
Inbound Flooding   X   X   X
Terrorism   X   X   X
Proliferation of WMD   X   X
Interstate and Civil Wars   X   X
Failing States   X   X   X
Transnational Crime   X   X   X
Retrenchment from Globalization   X   X   X
Middle East Instability   X   X   X
Pandemics   X   X   X
Infectious Diseases (Developing World)   X   X   X
Chronic Diseases (Developed World)   X   X
Liability Regimes   X   X
Critical Information Infrastructure (CI) Breakdown   X   X
Nanotechnology Risks   X   X

They also provide two possible institutional innovations for managing global risks.

  • Country/Chief Risk OfficerIn the public sector, governments would appoint a single Country Risk Officer, prioritize risks on a cross-sectional basis, and explore private sector techniques of risk assessment, management, and transference. In the corporate sector, the Chief Risk Officer would be responsible for all categories of risk, risk reporting, consolidation, and aggregation.
  • “Coalition of the Willing”Different groups of countries / corporations would come together in a non-exclusive fashion to create a system of flexible geometry to mutually mitigate risks.

Lastly, although not specifically mentioned in the report, you can address each risk on an individual basis using reason, logic, and common sense to develop appropriate mitigations, which will be the subject of Part III.

Procurement Contract Risk Management

As pointed out by JP Massin in his Strategic Sourcing Europe [WayBackMachine] blog, APICS and Protiviti recently released a study on “Procurement Contract Risk Management”.

As noted by JP Massin, the conclusion is that a large proportion of organizations need to improve the management of their procurement contract risks and opportunities. And this seems to hold true across the board, for direct and indirect procurement alike.

The study does a great job of pointing out many types of procurement contracts management risks you should be aware of:

  • End-customer satisfaction risk
  • Authority limit risk
  • Regulatory non-compliance risk
  • Information security, access, and privacy risk
  • Terms and Conditions risk
  • Reputation risk
  • Environment, health, and safety risk
  • Inventory and obsolescence risk
  • Off-balance sheet inventory liability risk
  • Automatic renewals risk
  • Contractual and legal risk
  • Employee/third-party fraud risk
  • Outsourcing risk
  • Efficiency risk

It also does a great job of pointing out some key capabilities a company will need to tackle these risks:

  • Strategy and Policy
  • Processes, Practices, and Procedures
  • Organization and People
  • Contracts Management Process
  • Information Methodologies / Tools
  • Systems and Data

And provides some great recommendations, including:

  • Never underestimate the importance of having a clear process vision, and well-designed and defined objectives, strategies, and plans for the process.
  • No matter how well the process is designed, it cannot be effective without the right people and structure.
  • It is essential that technology be leveraged.

I would highly recommend downloading a copy of the “Procurement Contract Risk Management” study and reviewing it at your leisure to make sure you understand what the contract risks are, what the key capabilities you will need to mitigate the risks are, and where the major problem areas are in most companies so that you can insure they are not in yours.

Trade Compliance

Last fall I introduced you to global trade data management (posts I and II), as well as Global Data Mining (acquired by CUSTOMS Info which was acquired by Descartes) and the International Trade Bureau.

A few months ago, even though it only hit the on-line edition recently, the Supply Chain Management Review published “Building a Strong Framework for Trade Compliance”. In the article, they defined five components of trade compliance that can help companies operate efficiently in an international marketplace.

  • A Culture of Compliance
    The culture starts with management who must define internal controls, starting with a corporate policy issued by the chief executive. The policy must communicate management support, an insistence on the ethical and lawful transaction of business, and intolerance for willful disregard of regulatory requirements.
  • Risk Assessment
    Know where you could fall afoul of government regulations and develop methods for managing those risks. Start by conducting an internal assessment of your current compliance program. Evaluate each area of compliance to determine if its effective, documented, consistent, and, most important, current. No regulatory or business environment is static, so your compliance program will continually need to evolve.
  • Establishment of Control Activities
    Create policies, procedures, and organizational structures that will minimize risk to your company. The procedures must be effective, but should not be more burdensome then necessary. The goal is to achieve compliance, not bring operations to a halt. Document what you do, and do what you document, but keep it efficient.
  • Constant Communication
    Train, train, and train again. Higher awareness allows for effective maintenance of a compliant environment. Keep materials up to date and send communications to affected departments whenever regulations are amended.
  • Implementation of a Monitoring Program
    Institute an internal audit program and check your internal controls regularly for effectiveness. Develop a corrective-action program that you can implement when discrepancies are found.

Non-compliance can impact supply chain performance, bottom line profits, and, thanks to Sarbanes-Oxley, executive liability. Thus, its important to do everything you can to insure compliance.

51% of Companies Don’t Understand (Supply Chain) Risk

Yesterday, Aberdeen released their latest supplier performance and risk management benchmark report, “Supply Risk Increasing While the Market Stands Still”, which found that although two thirds of the organizations surveyed expect supply risk too increase, only 49% of organizations have bothered to implement a supplier performance measurement and risk management program. That tells me that at least 51% of companies do not understand risk, for if they did, they would be doing something about it.

The study found that there is direct correlation between the length of time a supplier performance and risk management program has been in place, the percentage of the supply base measured, and the positive results enjoyed by the organization. Moreover, best-in-class companies, which (i) have had programs in place for at least three years, (ii) measure 51% or more of their supplier base, and (iii) engage in supplier performance management and risk management in the supply base 70% of the time achieve:

  • 92% effectiveness in product and service quality
  • 91% on-time-delivery
  • 87% price competitiveness
  • 85% service and performance capability

Best-In-Class companies surpass their peers in pretty much every way.

  • 43% have instituted cross-functional teams of key stakeholders
  • 68% have instituted a structured performance and risk management program
  • 55% more supplement basic tools with more complex financial risk mitigation strategies
  • 57% use supplier performance systems, 54% use supplier databases and rating systems, and 48% use supplier market research and intelligence

In addition to pointing out some key differentiators, the report also overviews a number of enablers that can help a company that wants to achieve best in class status. These include:

  • Supplier Scorecarding and Reporting
  • Automated Calculation of Key Supplier Performance Metrics
  • System Notification of Performance Issues & Disruption Events
  • Integration with Spend Analysis Tools
  • Reporting of Key Supplier Operational and/or Financial Risks
  • Web-Based Portal for Supplier Self-Registration & Information Maintenance
  • Hedging and Other Insurance Solutions

In addition, they point out the following strategies that can be leveraged for maximum advantage:

  • Re-organization of the supplier performance and risk management initiatives into cross-functional ownership mode among all key stakeholders
  • Re-alignment of focus on supplier performance risk management activities to address customer and regulatory pressures
  • Implementation of a supplier performance and risk management technology layer across all business processes
  • Supply base segmentation on key criteria such as spend concentration, number of available sources per commodity, etc.

This report is definitely worth a read – especially if only 49% of organizations are actively addressing risk.