Upload
hans-casteels
View
1.935
Download
7
Tags:
Embed Size (px)
DESCRIPTION
What's keeping you up at night? Supplier financial risk? Environmental risk? Risk to brand or reputation? Geo-political risk? Third party risk? outsourcing relationship management? supply? Here are some thoughts on an effective supplier risk management framework.
Citation preview
Hans van Eck-Casteels // +1.416.931.5241 // [email protected]
Supplier / Supply Risk
Corporate Services
May, 2013
Hans van Eck-Casteels // +1.416.931.5241 // [email protected]
Supplier / Supply Risk management overview
Vendor Financial
Performance
Vendor Quality of Services
the corporation Reputation and
Brand
Viability
Quality Regulatory Complaince
Delivery
Customer Service
Innovation
Safety
Org
aniz
ation
VEN
DO
RS
Hans van Eck-Casteels // +1.416.931.5241 // [email protected]
Vendor Relationship Risk Management – what if?
• What would the impact be to the corporation if a strategic / critical vendor failed?
• How confident are we that one or more of our critical vendors are not in financial difficulty? • How would our stakeholders react to the failure of a critical vendor
• What would the impact be to the corporation’s reputation if one of our vendors causes a major security breach? • How do we effectively assess and monitor current and potential vendors’ financial and operational health? • What actions would we take if a vendor were to face difficulties, or causes difficulties for / to the corporation?
Hans van Eck-Casteels // +1.416.931.5241 // [email protected]
Vendor Relationship Risk Management – today’s realities
As the economic climate continues to stagnate or deteriorate, the corporation should be concerned about the viability of our critical or strategic vendors The impact of vendor failure could prove to be significant, including:
Disruption of service and product delivery Reputational damage Business continuity Loss of revenue Threat to competitive advantage Significant use of management time sourcing alternative vendors Potential business failure
Supplier Risk Management maintains an up-to-date view of the operational and
financial position of strategic / critical vendors Vendor risk issues are increasingly board-level concerns due to the severe financial, operational and strategic consequences disruption can cause. This is coupled with greater regulatory scrutiny, who want confirmation that the corporation is robustly managing vendors to limit vendor risk
Hans van Eck-Casteels // +1.416.931.5241 // [email protected]
Vendor Relationship Risk Management – benefits
Through the supplier risk management program, the corporation will be responding faster to the increased volatility and pressures stemming from globalization, outsourcing, the current economic environment. The corporation Vendor Risk Management framework will:
Ensure or improve the continuity of services through early warning systems and enhanced vendor information
Proactively address critical concerns by facilitating better communication and relationships with vendors
Increase control over potential disruptions in our supply chain and increase our ability to proactively mitigate risk
Minimize or eliminate unplanned reactive costs such as finding alternative vendors at short notice
Embed the improved vendor risk management framework across all aspects of vendor / Sourcing and LOB activity
Provide stakeholders with reassurance about the control corporate services has over the risks in the supply chain
Hans van Eck-Casteels // +1.416.931.5241 // [email protected]
Performance
CAUSES (Categories of
Predictive Measures) DISRUPTION
EVENTS CONSEQUENCES (Impacts)
Human Resources
Supply Chain Disruption
Financial Health
Environmental
Relationship
Quality, Delivery, Service Problems
Supplier Union Strike, Ownership Change,
Workforce Disruption
Supplier Locked Tier II Stoppage
Supplier Bankruptcy (or financial distress)
Disasters (Weather, Earthquake, Terrorists)
Misalignment of Interests
Finished Goods Shipments Stopped
Locate and Ramp Up Back up Supplier
Emergency Buy and Shipments
Reputation
Market Share Loss
EFFECTS Revenue Losses
and Recovery Expenses
OTHER IMPACTS Foregone Income
Emergency Rework and
Rushed FG Shipments
Recall for Quality Issues
Sudden Loss of Supplier
Su
pp
lier A
ttrib
ute
s
Sit
uati
on
al
Facto
rs
Supplier Risk Model – Elements of Vendor Risk and Consequences of Failure
Hans van Eck-Casteels // +1.416.931.5241 // [email protected]
Supplier Risk Model – Vendor Risk Strategy
Input Techniques
Output
• Business Strategy • Sourcing Playbook • Value Drivers • Organization Process • Definition of Risk Management objectives • Determine risk appetite tolerance • Define vendor risk process • Perform Risk analysis on seven components: - Financial - Operational - Strategic - Environmental - Regulatory - Foreign Corrupt • Benchmark results • Alternatives
• Interviews • Questionnaires • IT Risk Management tools • Checklists • Assumption Analysis • SWOT templates • Modeling / Diagrams • Contingency response strategies
• Ranked risk profile • Vendor risk strategy • Vendor risk register • SLA / KPI / • Contract language • Vendor specific risk policies • Risk Governance • Tailored scorecards • Risk acceptance / sign off
Risk 4
Risk 1
Risk 2
Im
pact
Probability
L H
Risk 5
Risk 6
Risk 3
Specific vendor
management approach based on
segmentation and risk weighing
Scorecard
Onboarding
Hans van Eck-Casteels // +1.416.931.5241 // [email protected]
An Op Risk Management Framework
Objective is to reduce ultimate risk exposure by detecting, managing and mitigating the original risk levels
Supplier Risk Risk Objectives
Initial Risk Exposure
Up-front Protection
Activity
Mitigation Trigerred by
VRM Management
Target Level Of Strategic Vendor Risk
Exposure
Up-front Risk Identification: focus is on uncovering critical vulnerabilities and
segmenting these to determine appropriate Mitigation strategies
Up-front Risk Identification: focus is on mitigation triggered by VRM vendor risk
mitigation strategies and processes
The VRM / VMO will lower vendor risk exposure By effective and proactive identification and risk mitigation strategies and monitoring processes
The VRM / VMO organization has an opportunity to significanly reduce risk exposures
Hans van Eck-Casteels // +1.416.931.5241 // [email protected]
An Op Risk Management Framework
Vendor Risk
and Control
Self Assessments
(RCSA)
Strategy
Business Initiatives
Risk Measurement
Business
Continuity
Strategy
Vendor Risk Governance Vision, Guiding Principles, Risk Strategy, Risk Appetite,
Organization Structure, Risk Glossary
Key Risk
Indicators
(KRIs)
Vendor Risk Monitoring Vendor Risk Identification & Assessment
•Common Organizational
Hierarchy
•Common Risk Definitions
•Common Control Themes
•Key Process Focus
•Validating Components
Risk Reporting
Supplier Risk Model –Risk Management Process
Hans van Eck-Casteels // +1.416.931.5241 // [email protected]
For strategic vendors, an additional risk filtering process
Proposed
VRM Risk Filtering
Ris
k F
ilte
rs
Risk 1
3
1
2
1
2
3
Risks are filtered for identification and categorization
Risks are measured according to business impact and possibility of occurrence
Results of aggregate risk, measurement determine contract and vendor engagement model
Risk 4
Risk 1
Risk 2
Specific vendor
management approach based on
segmentation and risk weighing
Scorecard Vendor Segmentation
Im
pact
Probability
H L
L H
Risk 5
Risk 6
Risk 3
Change Mgmt
VRM Governance Processes
Strategic CommodityOperational
Performance
& ManagementFocus
Governance
& Control Focus
Problem Mgmt.
Change Mgmt.
Delivery Mgmt.
Risk Mgmt.
Financial Mgmt.
Contract Mgmt.
Relationship Mgmt.
High Risk
Change Mgmt
VRM Governance Processes
Strategic CommodityCommodityOperationalOperational
Performance
& ManagementFocus
Governance
& Control Focus
Problem Mgmt.
Change Mgmt.
Delivery Mgmt.
Risk Mgmt.
Financial Mgmt.
Contract Mgmt.
Relationship Mgmt.
High Risk
VRM Management Process
Risk 2 Risk 3 Risk 4 Risk 5 Risk 6
•Contract Renewal •Contract Extension
•New Contract
Risk 1
Risk 2
Risk 3
Risk 4
Risk 5
Risk 6
Environmental
Foreign Corrupt
Risk filtering VRM Risk Filtering
After segmentation Leading to tailored VRM processes – scorecards weighted to risk mitigation, specific onboarding activities and innovation management
Strategic
mandatory
Operational
Financial
Regulatory
operational
commodity
strategic
Onboarding
Segmentation Tool
Strategic vendors, specially selected Operational vendors and all ITO/BPO will be additionally risk profiled and rank profiled
Tailored Processes
After filtering, scores will be matrixed,…
Hans van Eck-Casteels // +1.416.931.5241 // [email protected]
Supplier Risk Model – Vendor Risk Categories
VRM Risk Filtering
Reputation impact
Assesses Transition Risk while onboarding a new service provider. These risks may include poorly defined/ Documented processes being transferred, lack of co-operation from the terminating service provider, the need to transfer institutional memory and transfer knowledge, loss of knowledgeable Company staff during transition,
The overall financial stability of the service provider is assessed by a Financial Stability analysis. This helps to determine whether the service provider will remain solvent, invest in technology and new services to maintain competitive and has the financial resources to provide services at the desired services levels for the duration of the contract.
Ris
k F
ilte
rs
Risk 1 Risk 2 Risk 3 Risk 4 Risk 5 Risk 6
Risk 1
Risk 2
Risk 3
Risk 4
Risk 5
Risk 6
Environmental
Foreign Corrupt
Strategic
Operational
Financial
Regulatory
“Green”, Recycling, Environmental impact
Regul;atory compliance assessment helps to determine the compliance with regulatory edicts and events that will disrupt services that are delivered by the service provider Risk 4
Risk 1
Risk 2
Im
pact
Probability
H L
L H
Risk 5
Risk 6
Risk 3
Establish the context
Identify Risks
Analyze Risks
Plan for Risks
Segment risk
Control
Hans van Eck-Casteels // +1.416.931.5241 // [email protected]
Risk Measurement
Risk Assessment
Risk Mitigation
Risk Monitoring
Stage 1:
QUALITATIVE
ASSESSMENT
Identification, Prioritization and Assessment of Vendor
Risk
Stage 2:
RISK MONITORING
Monitoring of Risk and Process Indicators to Track
Operational Risk Level, Modify Risk Profile and Improve
Business Processes
Risk Identification
Risk Assessment
Risk Mitigation
Risk Monitoring
Risk Identification
Risk Assessment
Risk Mitigation
Stage 3:
QUANTITATIVE VALIDATION
Identification and Measurement of Operational Risk Events, including
Near Misses
Supplier Risk Model –Risk Management Process
Contract Life Cycle
Risk Identification
Ris
k Fi
lter
s
Risk 1 Risk 2 Risk 3 Risk 4 Risk 5 Risk 6
Risk 1
Risk 2
Risk 3
Risk 4
Risk 5
Risk 6
Environmental
Foreign Corrupt
Strategic
Operational
Financial
RegulatoryRis
k Fi
lter
s
Risk 1 Risk 2 Risk 3 Risk 4 Risk 5 Risk 6
Risk 1
Risk 2
Risk 3
Risk 4
Risk 5
Risk 6
Environmental
Foreign Corrupt
Strategic
Operational
Financial
Regulatory
Hans van Eck-Casteels // +1.416.931.5241 // [email protected]
Supplier Risk Model –Risk Response
Awareness Prevention Remediation Knowledge
• Probability and Impact • Recognition of effects of risk on: - service levels - brand and reputation - service levels - consumer perception - vendor viability • Awareness on internal, external and regulatory environment
• Goal is to recognize, reduce or mitigate the likelihood of service disruptions, brand and reputation tarnishment and comply with regulatory issues • Key processes include: - risk assessment - risk identification - risk segmentation - risk management - risk monitoring - change management - scorecarding - onboarding
• Goal is to identify procedures for managing 4 stages of disruption - interruption - response - recovery - restoration of service • minimize or eliminate impact on: - services - brand - reputation - business impact - time - cost / revenue - resources • Determine most appropriate focus level
• Goal is to learn from experience and to hold vendors accountable for the consequences of their actions • Modify standard procedures resultant from lessons learned • Establish a basis of vendor interaction • Formalized activity
•
Hans van Eck-Casteels // +1.416.931.5241 // [email protected]
Supplier Risk Model – Stakeholder Risk Change Management
Input • Detect disruptions and estimate impact on service performance Process • Identify and categorize disruptions • Record risk in risk database • Update scorecard • Liaise with LOB
Output • Scorecard • SLA alignment • Root Cause Analysis • Change management • Issue closure document
Capture
Input • Communicate disruption impact Process • VRM identifies disruption • Distribute reports and documents from “capture” to “closure” • LOB / Vendor / VRM meetings • If process change, document
Output • Review action points • Follow up
Input • Review immediate causes and identify root cause • LOB / vendor / VRM Process • Identify alternative solutions • Select best alternative • Delegate assignment
Output • Scorecard • SLA alignment • Discount capture • Root Cause Analysis • Change management • Issue closure document
Communicate Collaborate