A supply chain encompasses all organizations and activities associated with the flow and transformation of goods, from the raw material stage to the final consumer, with the associated financial and information flow. All companies belong to at least one supply chain, and therefore do not exist in isolation, but interconnected with other operations.
Factors such as globalization, increased outsourcing and the growing demand for higher quality products and better service levels, have made supply chains increasingly complex, and with increasing complexity, so have the vulnerability and risks of break.
Agile and resilient supply chains represent an important competitive advantage, and to achieve such resilience, risk management is a fundamental part.
According to the PMBOK® Guide (Project Management Body of Knowledge), risk management includes planning, identification, qualitative and quantitative analysis, response planning and monitoring and control processes, as shown in Figure 1.
Figure 1: Risk management overview
Source: PMBOK, adapted by ILOS
1. Plan risk management: Process for preparing the risk management plan, which, among other information, will contain the methodology to be used, roles and responsibilities, risk categories and probability and impact definitions.
2. Identify the risks: Determining the main risks that could affect the chain and what are the potential responses. To collect the information, techniques such as Delphi, brainstorming, interviews and root cause analysis can be very helpful. Supply chain risks can be classified into three categories: internal to the company (processes and control); external to the company, but internal to the chain (supply and demand); and external to the chain (socio-political events, natural disasters, etc.). For example, in the transport sector, the Monica Barros spoke on the Blog about a very important risk in Brazil, cargo theft, and the Maria Fernanda Hijjar addressed the lack of available carriers, especially during periods of peak demand.
3. Carry out a qualitative risk analysis: Risk prioritization process according to a qualitative assessment of their probability of occurrence and impact. A tool often used for this purpose is the probability and impact matrix, as shown in Figure 2.
Figure 2: Example of Probability and Impact Matrix
Source: ILOS
4. Perform quantitative risk analysis: For risks that justify such an analysis, their effect on the chain is estimated numerically, in order to support decision-making. Among the most used techniques are expected monetary value analysis, modeling and simulation, and sensitivity analysis.
5. Plan risk responses: In this process, we seek to develop alternatives that allow us to increase positive risks (opportunities) and minimize negative risks (threats). Possible strategies for negative risks are eliminate, transfer and mitigate. Positive risks can be exploited, shared or improved. Acceptance is another possible strategy for both threats and opportunities. When planning responses, it is very important to assign an owner to each risk.
6. Monitor and control risks: It is the process of monitoring identified risks, if necessary, implementing planned responses, tracking residual risks, identifying new risks, and evaluating the effectiveness of risk management.
Regarding how companies effectively deal with risk management, the “Risk Management and IR” survey, carried out by the company Deloitte, shows that, in 2016, almost 60% of companies had a formal risk management policy, and, of these companies, approximately one third had implemented it less than a year ago. Among the companies that did not have a formalized policy, more than 60% had plans to implement it, which demonstrates the growing interest of organizations in the subject.
Figure 3: Existence of formalized Risk Management policy
Source: Deloitte, 2016
Effective risk management practices differentiate supply chains that will be able to circumvent threats and better seize opportunities from those that will not. If your company does not yet have a risk management policy, the time has come to reflect on the matter.
References
HANDFIELD, Robert B.; NICHOLS JR, Ernest L. Supply chain redesign: converting your supply chain into integrated value system. Upper Saddle River, NJ: Financial Times Prentice Hall, 2002.
CHRISTOPHER, M.; PECK, H. Building the resilient supply chain. International Journal of Logistics Management, v. 15, no. 2, 2004.
OLIVEIRA, U.; MARINS, F.; Rock, H.; Salomon, V. The ISO 31000 standard in supply chain risk management. Journal of Cleaner Production, v. 151, p. 616-633, 2017.
PROJECT MANAGEMENT INSTITUTE. A Guide to the Project Management Body of Knowledge (PMBOK® Guide). 5th edition, 2013.
DELOITTE. Risk and IR Management: Continuous evolution to create and preserve value in investor relations, 2016. http://www.ibri.com.br/Upload/Arquivos/enquete/3838_Pequisa%20IBRI%20e%20Deloitte_2016.pdf
BARROS, MONICA. Cargo theft and the impact on transportation costs. Blog ILOS, 17/03/2017.
HIJJAR, MARIA FERNANDA. Challenges of hiring transporters in 2018. Blog ILOS, 06/02/2018.
Walter Puppo
Experience in consulting projects, focusing on Logistics and Supply Chain, working in various sectors, mainly in pharmaceutical and food and beverage companies. His history of developed projects involves benchmarking studies (costs and service level), mapping and evaluation of commercial processes and capabilities, mapping and evaluation of supply chain processes and capabilities, development of maturity models, development of panels for comparative benchmarking of performance, operating in Brazil and other Latin American countries. He has previous professional experience, having worked for eight years as a consultant and project manager in the construction industry in Uruguay.
