RISK MANAGEMENT FRAMEWORK
RISK IDENTIFICATION PROCESSES
A.
EMERGING AND UNKNOWN RISK SIGNALS
B.
S. C. RISKS (VIA TEAMS AND SURVEYS)
C.
PROJECT RISKS (PM SYSTEMS
D.
RISK TREATMENT EFFECTIVENESS OUTPUTS
CRISES LEARNINGS
 MODIFY ANALYTICS
 MODIFY SCREENING
 ID NEW SIGNAL SOURCES
AND OTHER)
SUPPLY CHAIN
LEADERSHIP
SUPPLY CHAIN RISK DASHBOARD
MONITOR RISK
TREATMENT
EFFECTIVENESS
INSTALL MONITORING POINTS
SYSTEMATIZE MONITORING
RISK ANALYTICS &
DECISION SUPPORT
OPERATIONAL
RISKS
EMERGING
RISKS
STRATEGIC
RISKS
ANALYZE
EVALUATE
PRIORITIZE
HOLISTIC VIEW OF RISKS
“SUPPLY CHAIN RISK”
MANAGEMENT TEAMS
IMPLEMENT ACTIONS AND/OR
FACTOR RISKS INTO PLANNING*




(multi-functional members)
Deep dive analysis of specific strategic risk
Implement risk treatment for new operational risk
Take action to leverage upside of an emerging risk
Modify strategy based on risk landscape
* examples of possible actions, not all-inclusive
ERM
Committee
SUPPLY CHAIN RISK WORLD
Unique and common risk events exist across the supply chain and at each organizational level
Identified risk events are analyzed for probability and consequence, thereby defining the risk level
Assessed risks are evaluated and risk treatment options are developed
Risk treatment is optimized, implemented and monitored
Strategic risks are generally out of
our direct control, and must be
factored into business planning.
Operational risks are
generally within our direct
control, and must be factored
into business operations.
COUNTRY
STABILITY
MATERIAL
QUALITY
COST
MATERIAL
AVAILABILITY
Buy
INBOUND
LOGISTICS
CONVERSION
EFFICIENCY
Make
WATER
USE
ENERGY
USE
PRODUCT
QUALITY
Move
ENVIRONMENTAL
COMPLIANCE
WATER
QUALITY
PRODUCT
SAFETY
WORKER
SAFETY
PRODUCT
SECURITY
Sell
OUTBOUND
LOGISTICS
Note: risks listed above are
indicative of the scope of supply
chain risks and risk areas, and
may not include all risks
Demand




RISK MANAGEMENT DEPLOYMENT
AT EACH LEVEL AND ENTITY
A Risk Register is created and managed at each level and entity,
and identified risks are incorporated into on-going business routines
Develop Initial Risk Register
TOP-DOWN AND BOTTOM-UP VISIBILITY TO RISKS (TRANSPARENCY)
GROUP
RISKS
BUSINESS UNIT
RISKS
COUNTRY
RISKS
AND AGGREGATED UPWARDS THROUGH THE ORGANIZATION
RISKS ARE ASSESSED AND OPTIMIZED AT THE LOCALLY RELEVANT LEVEL,
CORPORATE
RISKS
 Use historical and current risk assessments,
maybe supplemented by surveys
 Perform high-level ranking and screening to
identify significant risks
One-time
Perform Risk Analyses
 Bow-tie method to identify causes, consequences
 Identify existing and new risk treatments
 Establish risk owner and action items
 Link to other risks in system
 Refine risk register
Initial analyses,
then as-needed
Quarterly Risk Team Reviews
 Review action item status
 Review emerging and new risks
 Review effectiveness of existing risk treatment
 Perform new or review existing risk analyses
 Update and refine risk register
Quarterly meetings
to supplement
business meetings
Factor Risks into Business Planning
 Ensure strategic and operational risks are
considered in annual business planning
 Use risk information in on-going business
processes
Annual basis
aligned with
business planning