w w w. ku wa i te r m . c o m OFFICIAL SPONSOR Supply Chain Risk- Best practices for exposure management LAUREANO ALVAREZ Senior Risk Expert McKinsey w w w. k u w a i t e r m . c o m Supply chain failures have significant and lasting negative impact on the company Overall cumulative average abnormal returns1 % 0,5 Disruption date Time to disruption, working days 0,0 7x actual loss -0,5 Decline in market cap 10x actual loss is 12x actual loss after 120 days Actual loss = 0.16% of market capitalization -1,0 -1,5 -2,0 -2,5 -40 -20 0 20 40 60 80 100 120 1 Based on sample of more than 350 operational loss events, normalized for industry performance SOURCE: McKinsey Risk Management Practice 5 In recent years, companies have faced high levels of risk in their supply chains … and these risks are increasing As the nature of supply chains have evolved … ▪ Globalization and new markets ▪ Massive gains in productivity and efficiency ▪ Just-in-time supply chains ▪ Increased automation ▪ Consolidation of suppliers ▪ Offshoring … the amount of risk in supply chains continues to increase ▪ 70% believed they are at more risk from supply chain issues (e.g., business partners going bust) compared with a year ago SOURCE: McKinsey Risk Management Practice ▪ 65% believed levels of operational risk have increased in the past year ▪ 85% believe greater disruptions next year ▪ Around half stated that redundancies and cost reductions have affected the effectiveness of dayto-day operations and increased operational risk 6 Best practices in supply chain risk management ▪ Clear understanding of ▪ the culture gaps … openly discussed Nurtured culture with bias toward acting, impact, and continuously improving 5 Risk culture and performance transformation ▪ Insight into the risks that really 1 4 ▪ Embed SC risks in ▪ ▪ governance … from board down Adequate resource levels to manage risks Roles and responsibilities aligned Risk organization and governance Risk management framework ▪ Explicit risk appetites (in Strategy and risk appetite 3 Risk-enabled key decisions ▪ 2 ▪ Mitigation action decisions optimized with risk-informed ▪ matter – Objectives at risk (production, revenues, environmental) – End-to-end supply chain (both internal and external) – Cascading reports lead to action Insight and risk transparency ▪ terms of objectives at Risk) Standard, measurable way to discuss exposure – Concentration risk – Considering impact? Likelihood? Preparedness? Strategy informed by risk insights, including explicit consideration of natural owners approaches Strong links between SCRM, key BUs, and other functions SOURCE: McKinsey Risk Management Practice 7 1 Critical risks are identified from a roster of risks that can affect different parts of the value chain Sources of risk are analyzed … Roster of 50-60 standard sources of risk from the different functions … to prioritize the top 8-10 risks that can affect the supply chain… … which are then analyzed in detail to understand knock-on effects Prioritization requirements ▪ Cross-functional team discussion ▪ Quantitative assessment Detailed exposure analysis Upstream Midstream Value chain - Impact Timeline for recovery Knock-on effects across the value chain Refining Petchem Each of the top 8-10 risks is analyzed based on its impact to the key supply chain objectives of demand, cost ,and quality and its knock-on effects Exports SOURCE: McKinsey Risk Management Practice 8 1 Risk prioritization requires to assess exposures against each of the primary supply chain risk objectives Primary supply chain objectives-at-risk A Other Environmental: Comply with requirements for a particular site or activity Health&Safety: Comply with requirements to minimize any HS risk Quality: Comply with regulatory requirements for product quality D SOURCE: McKinsey Risk Management Practice Production: Meet a specified level of end-customer demand within a specified lead time B Supply: Obtain specified level of feedstocks and raw material supply to meet production C Margin: Achieve a specified level of Margin/contribution to shareholders in a specified time period 9 2 Everything is about risk appetite It is not about how much risk you can take on … … but rather how much risk you actually want to bear SOURCE: McKinsey Risk Management Practice 10 2 Exposures impact need to be compared with risk appetite Assess exposure importance to key supply chain objectives … … to risk-categorize all exposures… Production H Financials Financials Production M A Other L L M H Production Reputation Consider exposures contribution to enterprise objectives around production, financials, reputation … and compare with risk appetite by supply chain objective Use the importance of a exposure to key enterprise objectives to categorize them SOURCE: McKinsey Risk Management Practice D B Supply C Margins Set thresholds around risk appetite for key supply chain objectives 11 3 Decisions need to be optimized with risk-informed approaches: risk appetite and cost-benefit trade-off Mitigation option Mitigation decision Mitigate (reduce risk impact) Supply chain risk exposure Not mitigate (assume risk) Buy insurance (transfer to 3rd party) Build flexibilities in the value chain (reduce impact) Build redundancy in the value chain (reduce impact) Increase maintenance (reduce likelihood) Do we want to assume this risk? How does it compares with our risk appetite? SOURCE: McKinsey Risk Management Practice What is the preferred option? How is the cost benefit trade-off? 12 4 3-level governance structure to oversee Supply Chain Risk Quarterly meetings with 3-hours dedicated to Risk topics Top management team (BU-level) Oversees Supply Risk Management activities, Approves strategic risk mitigation measures & high investments Regular meetings fully dedicated to Risk topics Supply Risk Management Core team Responsible for developing and delivering the overall supply risk strategy Assess Supply Risks in a timely and effective manner Consists of operational experts supply chain organization Operational team Responsible for following the supply risk process and executing the activities Tracks and communicates changes in the supply chain to the core team & top management Multidisciplinary approach is required to the complexity and the inter-linkages of the value chain SOURCE: McKinsey Risk Management Practice 13 5 Weaknesses in risk culture help create the circumstances where serious failures can occur Isolated management, a ‘fear of bad news’, prioritizing launch objectives over 100% confidence in safety. Result: shuttle break-up from previously-flagged failure Hierarchical management structure, risk insights not communicated up the line, workers indifferent to making changes. Result: an explosion that killed 15 people and billions of costs/compensations SOURCE: McKinsey Risk Management Practice 14 5 Risk Culture is critical to manage Supply Chain Risk and requires: timely information sharing, rapid elevation of emerging risks and willingness to challenge practices Risk culture McKinsey framework Individuals do not challenge each others’ attitudes, ideas, and actions Management and employees feel inhibited about passing on bad news or learning from past mistakes People believe that their organization is immune/ insulated from risk as a result of its superior position or people Warning signs of both internal or external risks are not shared Leadership has not communicated a clear risk appetite or has presented a coherent approach or strategy The organization fails to understand the risks it runs or thinks that’s the preserve of risk specialists Challenge The organization sees external changes but reacts too late and/or is in denial about innovation or impact of change Speed of response Openness Acknowledgement Confidence Communication Responsiveness Definition: The norms of behavior within an organization that determine collective risk-taking and the ability to identify, understand, and act on the organization's current and future risks Transparency Respect Tolerance Level of insight SOURCE: McKinsey Risk Management Practice Adherence to rules Level of care Cooperation A reluctance to react to situations or to not care about the outcome either due to bad faith or incompetence Individual units take risks or embrace projects that benefit them or are not in line with organizational risk appetite People’s’ risk appetites are misaligned with the organization’s, potentially resulting in fraud 15 Concluding Remarks End-to-end view of the supply chain is required to assess top exposures and understand cascading effects Risk exposures on different supply chain objectives need to be compared with company risk appetite Decisions need to be optimized with risk-informed approaches: risk appetite and mitigation cost-exposure reduction trade-off A multidisciplinary approach is required because of the complexity and the inter-linkages of the value chain Risk Culture is critical to manage Supply Chain Risk 17
© Copyright 2024