Supply Chain Risk Measurement

Introduction For several years now the topic of Supply Chain 'Risk' has been discussed in the inner circles of operations professionals, however until recently very little has been done to help companies measure their degree of supply chain risk exposure and most importantly how to manage risk within the company’s supply chain.  The interest in SC Risk has been almost certainly driven from our friends in the financial and investment community who have been veraciously educating themselves on the supply chain and helping to drive and enforce this new marriage – supply chain operations and risk management.  The increased globalization of the industry has increased the levels of both demand and supply uncertainly and the likelihood of supply chain disruption.

In October 2007, I was fortunate to be the event chairman for the European Supply Chain Council (SCC) conference held in Brussels where the theme of  "Supply Chain Risk" was brought to life.  Amongst other professionals who shared their views, members of the SCC ‘risk management’ Special Interest Group (SIG) were present to educate the audience on some of their initial findings and share what the SCC is doing to further incorporate the topic of risk in the next release of the Supply Chain Operations Reference (SCOR) Model - version 9.0 due in March 2008. 

The Risk SIG within the SCC however has made some significant strides forward and KNOWledge wanted to share some highlights from their work to be presented in an upcoming whitepaper on this subject.  Below are excerpts from this whitepaper which will be available soon at www.supply-chain.org and also posted on the eKNOWtion website www.eKNOWtion.com

Today’s environment

Financial and political turmoil, socio-cultural changes, highly fragmented and demanding behavior of consumers, rapid development and changeover of products, have seriously modified the economic and industrial environment in which companies act, bringing out new issues related to assuring the continuity of the business against potential disruptive events.

Moreover, one of the key factors contributing to disrupting supply chains is the focus on "lean" supply chains in academia and industry during the 90s.  Zero-inventory and just-in-time movement of goods became the dominant model, which has increased the sensitivity of supply chains.  Little issues quickly become big issues.  In addition, supply chains have become more global, increasing the order to delivery cycle times by a factor of four or five.  This acts to amplify the potential of a disruption and the impact.  Outsourcing has also become the dominant model, increasing the forces driving disruptions such as other customers competing for volume and attention: information flow issue; mistrust; win-lose negotiations; financial stress and misalignment of interests and goals. These have increased the likelihood of a disruption exponentially.

As a common term to designate the likelihood and impact of occurrence of such events we use the word risk: although the concept of risk is multi-dimensional and not univocally defined, it is generally established the fact that it is linked to uncertainties associated with events.

Managing risk in the supply chain has never been as challenging as it is today. As more companies have outsourced production to overseas locations, supply chains have been extended, the number of nodes increased, and the complexity of the networks have moved exponentially.  In the past, supply chain managers were mainly concerned with reducing cost, reducing purchase price variance, and managing inventory.  Today, supply continuity is the single biggest business driver.  Indeed, organizations now recognize that "preservation of shareholder value" is of paramount importance in supply chain management. It has been assessed that disruptions can exert a tremendous impact on the company’s overall performance of supply chain operations, if there are not suitable mechanisms or tools able to prevent or smooth their negative effects.

What is Supply Chain Risk Management (SCRM) and what are the benefits?

Risk is a concept that has applications in everything we do. It has several components, not the least of which is the lack of knowledge about the events that may impact us and our ability to manage them.  In order to understand risk we first need to define and decompose it, specifically as it pertains to the supply chain.

A common sense definition of risk – acknowledged by the International Organization for Standardization (ISO, 2002) – mainly deals with two of its essential components: losses (along with related amounts) and uncertainty of their occurrence.

In the financial industry, operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events (New Basel Capital Accord, 2006).

Definitions of risk must also have a time dimension or a specific time horizon (day, month, year, etc.) and a specific perspective or view that defines the unit of analysis (boundaries, what’s not included, etc.).

How does this apply to the supply chain? Recently, several publications have advanced the conceptual clarity of the terms used in the domain of supply chain risk management—yet, there is still no commonly agreed nomenclature.

According to Wagner and Bode (2006) it is possible to distinguish four interrelated terms:

• Supply chain risk: it is defined as the negative deviation from the expected value of a certain performance measure, resulting in negative consequences for the focal firm. Hence, risk is equated with the detriment of a supply chain disruption. The authors explicitly adopt the notion of risk as purely negative as the one that corresponds best to supply chain business reality. As a consequence, they do not consider "happy disasters" nor the situation where managers intentionally "gamble" on risk.
• Supply chain disruption: a supply chain disruption is an unintended, untoward situation, which leads to supply chain risk. For the affected firms, it is an exceptional and anomalous situation in comparison to every-day business. Supply chain disruptions can materialize from various areas internal and external to a supply chain. Consequently, their nature can be highly divergent.
• Supply chain risk source: attempting to circumscribe supply chain disruptions (i.e. the demarcation of supply chain risks from other business risk), many scholars have proposed classifications in the form of typologies and/or taxonomies of risks. The derived classes of supply chain disruptions are often labeled supply chain risk sources.
• Supply chain vulnerability: while a supply chain disruption is the situation that leads to the occurrence of risk, it is not the sole determinant of the final result. It seems consequential that also the susceptibility of the supply chain to the harm of this situation is of significant relevance. This leads to the concept of supply chain vulnerability. In other way, Christopher and Peck (2004) define supply chain vulnerability as "an exposure to serious disturbance", while Barnes and Oloruntoba (2005) describe vulnerability as "a susceptibility or predisposition to loss because of existing organizational or functional practices or conditions".

In order to better understand and define risk in the supply chain the different perspectives need to be understood.  Figure 1 shows the three perspectives in a supply chain and list some of the risk definitions related to them.

Supplier Facing looks at the network of suppliers, their markets and their relationship with the "company". Customer Facing looks at the network of customers and intermediaries, their markets and their relationships with the "company".  Internal facing looks at the company, their network of assets, processes, products, systems and people as well as the company’s markets. In all cases, a global perspective is essential.

With this in mind, the research team developed the following definition of SCRM:

Supply chain risk management is the systematic identification, assessment, and quantification of potential supply chain disruptions with the objective to control exposure to risk or reduce its negative impact on supply chain performance.  Potential disruptions can either occur within the supply chain (e.g. insufficient quality, unreliable suppliers, machine break-down, uncertain demand, etc.) or outside the supply chain (e.g. flooding, terrorism, labor strikes, natural disasters, large variability in demand, etc.). Management of risk includes the development of continuous strategies designed to control, mitigate, reduce, or eliminate risk.

According to a recent research report from Aberdeen Group, SCRM leads not only to cost avoidance by reducing the probability and impact of disruptions but it also leads to performance improvements.

How to measure Supply Chain Risk?

This risk metrics team has made some recommendations for specific supply chain risk metrics to be incorporated into the SCOR model. After detailed discussions, the team developed the metric hierarchy show in figure 3.

Figure 3 - Risk Measure Hierarchy 

The hierarchy has three levels, as with all other metrics within the SCOR model.  Level 2 and 3 are mostly internal to the risk enabler process and are used for analysis and diagnostics.   Three specific metrics are rolled up to Level 1 and appear in the level 1 SCOR card.   These are Value at Risk (VaR) and Mitigation costs.  Mitigation costs are rolled up and included in Total Supply Chain costs while VaR is new Level 1 or Level 2 metric (currently under discussion).

Value-at-risk (VaR) is a category of risk metrics that describe probabilistically the market risk of a trading portfolio over a given period of time. Value-at-risk is widely used by banks, securities firms, commodity merchants, energy merchants, and other trading organizations. Such firms could track their portfolios' market risk by using historical volatility as a risk metric.

VaR is about performance v. expectations (or target).  With securities it measures the probability that the actual return will be below the desired (or expected) return.  The VaR calculation uses historical data on the securities to calculate the number of times the securities performed below the target (probability) times the amount below the target.  For example, if the target price was $100 and the security historical pricing was the following:

10 times at $70
10 times at $80
10 times at $90
10 times at $100
10 times at $110

The VAR would be 10 (100-70)+10(100-80)+10(100-90) = $600.

This is a very simple, non-statistical application of VaR.  There are other, more sophisticated ways to apply this concept but this example is only meant to illustrate the concept.

VAR can be also be used to evaluate and manage risk in the supply chain.  The SCC defines Value at Risk as the sum of the probability of events times the monetary impact of the events for the specific process, supplier, product or customer.

Caveats in using VaR :

• VaR calculates the probability of non-adherence to metrics value (expected value) based on historical data. Hence, it is a retrospective view of the event risk. The same may or may not be applicable in the future.
• VaR is a downside Risk Metric. It calculates maximum loss for each level of confidence (probability). In a real life scenario, it is likely that the losses would be less than calculated using VaR.
• Calculating VaR from historical data requires a large database of events and metrics, and it could be computationally intensive.

Summary
Supply chain has a significant impact on the company’s value.  The ability to measure risk is necessary for us to manage it.  The SCC has taken a major step forward in terms of standardizing the definition of SCRM and provides its members for the first time, the ability to calculate VaR and consider this new metric in measuring end-to-end supply chain performance!  Our congratulations to the SIG and sincere thanks for sharing just a few of the highlights of the forthcoming whitepaper.