Are you the seat belt that your supply chain depends on to survive a crash? Risk management is something every one of us practices every day, multiple times a day, in both our private and business lives – even if it’s not in our job description. When you drive a car, using the seatbelt is a risk management decision – do you risk a ticket (and possible injury or death) for comfort and “independence”, or do you accept the “cost” of discomfort for a reward you hope to never collect? Do you wear a belt when riding in a taxi or on a bus, a plane or a train? In each of those public situations the seatbelt risk vs. reward decision has been made for you – the Federal government requires some of those passenger vehicles to have seat belts, and there are varying regulations on when passengers must use them. Unfortunately, in the Supply Chain world, very few risk management decisions are made for us – we are the ones who decide which risks our companies will deal with and which ones will be ignored - and at what cost.
A basic Risk Management program can be structured with three components: Risk Identification, Risk Ranking, and Risk Mitigation.
Risk Identification is exactly what its name implies – you list every possible risk in your supply chain such as: a supplier going bankrupt; a tsunami or earthquake affecting your supplier (and/or your supplier’s supplier(s)) in the Far East; a loss of import privileges due to your own Customs violations; bad weather grounding your critical air freight shipment(s); insufficient packaging causing damage to your goods; a carrier’s union going on strike; etc.
Risk Ranking requires you to think about each exposure and has 2 primary elements – how likely a risk is to occur (its probability), and how severe the impact would be if it happens. The combination of these two aspects tells you how each risk ranks against all the others. For example, if you rate every risk on a 10 point scale, assigning a 10 to each crippling event that shuts down your supply chain, lower scores to less severe risks, and perhaps a 1 or zero to something with little impact, and then multiply each rating by its probability (from zero - “it will never happen”, to 1 - “this will definitely happen”), each risk will now have a numerical value, between zero and ten, with the highest rankings representing your greatest threats.
Risk Mitigation is the third and most difficult component, as it takes the academic exercise of Ranking into the real world where you decide (1) which risks to address with your scarce resources to avoid or lessen their impact and, (2) (Just as important) which risks require little or no effort to protect against. This is where you weigh the costs of failure vs. the costs of being prepared to deflect or mitigate a risk.
Please keep in mind that your risk rankings must change over time and need to be reevaluated at least once a year – ideally just before you prepare budgets for the next fiscal year so that your goals and objectives will align with the risks you and your company will be facing. A strike threat, for example, increases as the end of a carrier’s labor union contract approaches, and therefore the resources you expend on developing alternatives should increase as that risk’s calculated ranking rises.
To be sure, this has been a very basic approach to managing risk, and obviously some risks will need to be addressed no matter what their theoretical rank might be. However, by quantifying all of your risks, figuring out what could go wrong, how likely each is to go wrong, and how to reduce or mitigate that risk, you can be proactive and ready to implement action plans in the face of a developing disaster, instead of a reactive, perhaps soon-to-be-former employee. That career risk, by the way, is yours alone to manage!
This article is part of the monthly series authored by ISM’s Logistics & Transportation Group Board Members, who are current practitioners, consultants, and educators. In future columns, they will continue sharing their views on a number of Supply Chain topics.
George Yarusavage, CTL, C.P.M., CICSM, is a principal in Fortress Consulting, LLC, specializing in Transportation, Logistics, and Sourcing issues. He is also the Treasurer of ISM’s Logistics & Transportation Group and can be reached at gyarusavage@yahoo.com, or (203) 984-4957. Membership in the L&T Group is open to all ISM members who are responsible for or have an interest in the Logistics & Transportation fields.
A basic Risk Management program can be structured with three components: Risk Identification, Risk Ranking, and Risk Mitigation.
Risk Identification is exactly what its name implies – you list every possible risk in your supply chain such as: a supplier going bankrupt; a tsunami or earthquake affecting your supplier (and/or your supplier’s supplier(s)) in the Far East; a loss of import privileges due to your own Customs violations; bad weather grounding your critical air freight shipment(s); insufficient packaging causing damage to your goods; a carrier’s union going on strike; etc.
Risk Ranking requires you to think about each exposure and has 2 primary elements – how likely a risk is to occur (its probability), and how severe the impact would be if it happens. The combination of these two aspects tells you how each risk ranks against all the others. For example, if you rate every risk on a 10 point scale, assigning a 10 to each crippling event that shuts down your supply chain, lower scores to less severe risks, and perhaps a 1 or zero to something with little impact, and then multiply each rating by its probability (from zero - “it will never happen”, to 1 - “this will definitely happen”), each risk will now have a numerical value, between zero and ten, with the highest rankings representing your greatest threats.
Risk Mitigation is the third and most difficult component, as it takes the academic exercise of Ranking into the real world where you decide (1) which risks to address with your scarce resources to avoid or lessen their impact and, (2) (Just as important) which risks require little or no effort to protect against. This is where you weigh the costs of failure vs. the costs of being prepared to deflect or mitigate a risk.
Please keep in mind that your risk rankings must change over time and need to be reevaluated at least once a year – ideally just before you prepare budgets for the next fiscal year so that your goals and objectives will align with the risks you and your company will be facing. A strike threat, for example, increases as the end of a carrier’s labor union contract approaches, and therefore the resources you expend on developing alternatives should increase as that risk’s calculated ranking rises.
To be sure, this has been a very basic approach to managing risk, and obviously some risks will need to be addressed no matter what their theoretical rank might be. However, by quantifying all of your risks, figuring out what could go wrong, how likely each is to go wrong, and how to reduce or mitigate that risk, you can be proactive and ready to implement action plans in the face of a developing disaster, instead of a reactive, perhaps soon-to-be-former employee. That career risk, by the way, is yours alone to manage!
This article is part of the monthly series authored by ISM’s Logistics & Transportation Group Board Members, who are current practitioners, consultants, and educators. In future columns, they will continue sharing their views on a number of Supply Chain topics.
George Yarusavage, CTL, C.P.M., CICSM, is a principal in Fortress Consulting, LLC, specializing in Transportation, Logistics, and Sourcing issues. He is also the Treasurer of ISM’s Logistics & Transportation Group and can be reached at gyarusavage@yahoo.com, or (203) 984-4957. Membership in the L&T Group is open to all ISM members who are responsible for or have an interest in the Logistics & Transportation fields.