Workshop: Developing a Risk Management Plan
advertisement
Workshop: Developing a Risk Management Plan This workshop was developed by the USAID | DELIVER PROJECT as part of its Risk Management Toolkit, which can be found at http://deliver.jsi.com/dhome/whatwedo/supplychainsys. 1 ACTIVITY 1: WORKSHOP INTRODUCTION 2 Session Objectives By the end of the session, attendees will have— • learned the basic concepts of supply chain risk management • evaluated and prioritized supply chain risks by frequency of occurrence and degree of impact on operations • developed potential strategies for each risk. 3 Overview • What is supply chain risk management? • Why is supply chain risk management important? • Activity: Evaluate and prioritize risks • Supply chain risk management approaches • Activity: Draft risk management approaches • Debrief: form longer-term risk mgmt. plan. 4 Basic Components of Supply Chain Risk Management • Identify risk events: – Definition: Possible actions or outcomes with a direct negative impact on supply chain objectives – Range: Can completely disrupt the supply chain, or only cause delays in scheduled plans • not just theft or corruption. • Evaluate and prioritize risks • Create a supply chain plan to work through each risk, or group of risks. 5 Risk Management Schematic: Activities and Organizational Structure Risk Context Participation Risk Evaluation Learning Risk Treatment Risk and Performance Monitoring • Map supply chain, • Assess and agree • Use levers within • Base on supply chain on features of risk and outside understanding of classification, events: likelihood, supply chain drivers of risk and product impact, ability to risk treatment • Avoid system classification. control, etc. plans activities; reduce, hedge, and accept • Monitor risk risk. drivers • Risk management performance. •System evaluation •Planning and execution improvement Incident Handling Credit: USAID | DELIVER PROJECT 2013 Participation: Initiating group + technical assistance + stakeholder collaboration • Incident detection • Specific and general contingency plans. 6 Why Is Supply Chain Risk Management Important? • In private sector, risk management is proving beneficial for complex supply chains: global supply chain, multiple tiers of suppliers, critical components in products. • Success in public health setting—in Côte d’Ivoire, Mozambique, and others. • Enables collaboration and consensus building between stakeholders about supply chain issues and steps to address these issues. 7 Risk Management Case Study • Content from TO5/advocacy materials • Also, see appendix for some presentation material. 8 ACTIVITY 2: RISK EVALUATION 9 Intrinsic Health Complexity Data Availability & Quality Procedural Complexity Stakeholders Collaboration Quality Management Fundamentals & Resource Availability Economic Politics Health Policy Decisionmaking Resource Destruction/ Theft Natural Events 10 Credit: USAID | DELIVER PROJECT 2013 Sources of Public Health Supply Chain Risk Likelihood Low High Tsunami Low High Impact Credit: USAID | DELIVER PROJECT 2013 Risk Evaluation: Basic Approach 11 Risk Evaluation: Group Instructions • Using a constructed list, group considers each risk. • Assign a group consensus score for frequency and impact of occurrence, including documentation. • Use a 1 to 4 scale for both frequency and impact; 1 is minimal impact or rare event, and 4 is certain occurrence in the next year or a system-wide disruption. • During plenary groups compare responses. • Adopt average or review each risk or select consensus score. 12 Processing Risk Evaluation Scores: Prioritization • Include graphic applications. • Adopt cutoff score. • Review list to ensure participants agree to accept lower priority risks. 13 ACTIVITY 3: INTRODUCTION TO SUPPLY CHAIN RISK MANAGEMENT APPROACH 14 Risk Management vs. Conventional Management Approach Conventional Management “How do we get our operations right?” • Assumes behavior and occurrences, within a specific narrow range, defined as normal: – prepares for these – Reacts to dysfunctions. • Appropriate when managers can sufficiently control operationalaffecting factors. Risk Management “What is our plan for when things go wrong?” • Contemplates abnormal, previously unexpected, behavior and occurrences: – prepares for these. • Appropriate when managers lack sufficient control over operationalaffecting factors. 15 Rating Scale Interpretations: Impact and Likelihood • Impact – Based on overall supply chain mission objective – Maximum rating should map to complete breakdown in supply chain mission – Minimum rating should map to mild deviation from mission. • Likelihood – Can be based on frequency in a specific time, e.g., a year or a month – Maximum rating should map to most frequent occurrence of risk events in supply chain – Minimum rating should map to the least frequent occurrence of risk events in the supply chain. • Template available in risk management toolkit to make explicit interpretations and create a reference for everyone working in risk evaluation. 16 Risk Feature Drivers • Risk feature drivers—aspects of health operations that affect the significance of risk event features: impact, likelihood, etc. • Can identify risk drivers for risk events—implies a better understanding of their mechanisms; helps improve consistency of risk-event evaluation. • Risk drivers— ₋ specific to risk event, but different risk events can share the same drivers ₋ help risk monitoring and performance monitoring. 17 Risk Management Schematic: Activities and Organizational Structure Risk Context • Mapping supply chain, supply chain classification, product classification. Organizational Structure & Participation Risk Evaluation Learning Risk Treatment Risk & Performance Monitoring • Assessment and • Using levers • Based on agreement on within and understanding of features of risk outside the supply drivers of risk and events: likelihood, chain risk treatment impact, plans • System activities: controllability, etc. avoiding , • Monitoring risk reducing, hedging, drivers and accepting • Risk management risk. performance. •System evaluation •Planning & execution improvement Incident Handling Credit: USAID | DELIVER PROJECT 2013 Participation: Initiating group + technical assistance + stakeholder collaboration • Incident detection • Specific and general contingency plans. 18 Risk Management Approaches • Redesign supply chain network • Intelligent task shifting • Addressing incentive misalignment • Intelligent commodity/supply base choice. Reducing Risk • Supply chain management strengthening • Improved LMIS systems • Outsourcing. Accepting risk is the default approach. Hedging Risk •Use of buffer inventory/capacity •Sharing real-time inventory and consumption data •Sharing costs with supply chain partners. Credit: USAID | DELIVER PROJECT 2013 Avoiding Risk 19 Risk Management Approaches In particular, three features of the risk event can identify an appropriate risk response: • Is the source of risk controllable? • Is the source of risk operational? • Is the source of risk structural? Controllable Yes No No No Structural No Yes Yes Operational Yes No Risk Response Reducing Accepting Avoiding Hedging 20 Risk Monitoring • Two types – Determine if risk features are changing • Confirm if original risk response plan is appropriate – Determine if risk event is impending • Receive advanced notice of events occurring and can respond to mitigate events. • Both types involve monitoring risk feature drivers; come from insights gained during risk evaluation and treatment. • Example: – Comparing the number of units ordered in a procurement cycle to a benchmark could be a leading indicator for whether an emergency order is likely to occur. 21 Options for Risk Performance Monitoring • Supply chain performance management tends to focus on indicative/strategic key performance indicators— How are we generally doing?—not diagnostic outcomes—Why are we performing the way this way? – Indicative/strategic metrics may not capture low likelihood or low impact events; they tend to be affected by a range of risk events. • Additional options for risk performance monitoring: – diagnostic metrics in operational areas – risk drivers – simulated/forecasted performance • changes in risk features • effect of risk event. 22 Examples of Performance Monitoring from TO5 Case Study Risk Category Risk Event Metric Freight forwarding A. Shipments are not delivered on time due to shipper error Delivery to Plan (DTP) Reasons for Late Shipment (% with this reason) Warehousing Warehouse does not manage inventory properly for storage, or pick and pack DTP Warehouse metric (% with this reason) • Simulated performance – For risk treatment, planners would estimate the changes in risk features as a result of planned risk response. 23 Credit: USAID | DELIVER PROJECT 2013 • Diagnostic metrics ACTIVITY 4: DRAFTING RISK MANAGEMENT APPROACHES 24 Exercise: Draft Risk Management Approaches • Functional groups address prioritized risks. • Consider available options, draft potential plan. – Use Risk Evaluation and Treatment template from risk management toolkit. 25 Debrief: Form Long-Term Risk Management Plan • Develop timeline for completing management approaches. • Do a periodic review. 26 APPENDIX 27 Appendix RISK MANAGEMENT CASE STUDY: PROCUREMENT TASK ORDER FOR USAID | DELIVER PROJECT 28 Risk Management Case Study • Context – Task order for procuring and distributing essential public health supplies • Objective: Achieve a targeted delivery-to-promise goal of 95%. • Implementation – Workshop exercise at end of 60 days • Risk identification, evaluation, and some risk treatment planning. – Risk treatment plans further developed and implemented after workshop. 29 Drivers for Risk Management Approach • USAID-mandated task order deliverable – Approach was expected to be generally beneficial • Prevent issues from being lost during planning. • Help prioritize resources. • Enable stakeholders to objectively come to agreement about which issues to focus on. – Perception that stakeholders did not agree on what mattered. – Could help develop consensus: bring partners together, harmonize expectations, align partners. 30 Risk Identification and Evaluation • Risk identification: – List of risk events based on experience; validated with other partners. • Risk evaluation: – 10-point scale • severity • occurrence • detection of failures—not considered as applicable to supply chain. – Risk probability number = severity × occurrence × detection: • Threshold of 100 for dealing with risk; some sensitivity analysis around threshold. 31 Risk Treatment Process • Development of plans to address risks: – Workshop produced initial plans • collaborative process. – Small groups returned and refined management approaches • people with relevant experience in risk areas who exceeded threshold. – Circulated to wider team for validation; small teams were implementers. • Plans: – responsibilities and timelines – effect on risks; estimated revision of risk profile number – specific to products. 32 Risk Treatment Example: Product Registration • Risk analysis and evaluation – Objective seriously harmed if product not properly registered and unable to enter country. No single solution works across all countries. • Risk treatment – Preventive actions • product registration requirements in RFPs • due diligence with potential manufacturer prior to contract award • product registration technical assistance. – Strategies on occurrence • formalize core registration team to work on problem. – Impact reduction • transition plans using available products. – Risk communication • ongoing among all stakeholders. 33
