Upload
emil
View
48
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Creating Value Through Resilience An insurer’s perspective on supply chain risk management. Supply Chain Risk Leadership Council February 2007 Tim Astley Strategic Risk Zurich Risk Engineering. Structure of presentation. Overview of SCRM – setting the context Tools and techniques - PowerPoint PPT Presentation
Citation preview
Supply Chain Risk Leadership CouncilFebruary 2007
Tim AstleyStrategic RiskZurich Risk Engineering
Creating Value Through ResilienceAn insurer’s perspective on supply chain risk management
2© Zurich -Risk Engineering, Cisco SCRLC February 2007
Structure of presentation
• Overview of SCRM – setting the context• Tools and techniques• Where is value added?
3© Zurich -Risk Engineering, Cisco SCRLC February 2007
The concept of supply chain networks*
Physical flow (logistics)
LEVEL 2 Infrastructure
LEVEL 3Organisation networks
Strategic (partnerships)
* From Cranfield University – Supply Chain Risk
Value creation (production)
LEVEL 1 Process
E.G.
4© Zurich -Risk Engineering, Cisco SCRLC February 2007
Where does Zurich fit in to the supply chain picture?
Supplier – insurance products (quotes, policies, claims)
Partner / advisor – tools and techniques
Stakeholder – risk transferee (Property, BI, Liability, Marine/Cargo, D&O, etc)
Customer – e.g. outsourced services, IT
5© Zurich -Risk Engineering, Cisco SCRLC February 2007
What supply chain risks interest an insurer?
BID&O
Property
S1 SL1 CL1 C1M1
M2
Marine
Marine
Liability
Liability
How well are these understood?
supplier customer
6© Zurich -Risk Engineering, Cisco SCRLC February 2007
What does an insurer want to know?
As much information about the risks as possible(!)• How well are they understood?• How well are they managed?• How well are they controlled?
The better a risk is managed and controlled, the more comfortable an insurer is (and the CEO)
7© Zurich -Risk Engineering, Cisco SCRLC February 2007
Why are things changing?
• Greater complexity
• Change of risk profile when a company outsources
• High profile / high cost insured events
• BI claim frequently > property damage
• Focus on resilience
8© Zurich -Risk Engineering, Cisco SCRLC February 2007
Supply chain risks?
Risks in a company’s supply chain which threaten the success and reputation of the
business.
What does this mean in practice?
• Properly managing the supply chain
• Optimising / protecting the profit flow
• Focussing on resilience
Two perspectives on the same thing:
•SCRM
•Loss-of-Profits Insurance
9© Zurich -Risk Engineering, Cisco SCRLC February 2007
A few words about resilience
The ability of an organisation to resist being affected by an incident
OR
The ability to recover (quickly) from major disruptions back to normal business processes
10© Zurich -Risk Engineering, Cisco SCRLC February 2007
Resilience
•Influenced by internal organisation, resources & supply chain.
•May be inherent, a reflection of ability and commitment, … … or the result of careful planning
•Can imply slack, surplus, spare, redundancy – and cost
•Or good BCM•Investors like it - expect a “no-surprises” result
•It is music to an insurer’s ears
11© Zurich -Risk Engineering, Cisco SCRLC February 2007
How does this lead to engagement in the bigger conversation?
• Enterprise Risk Management
• Business Continuity Management
• Supply Chain Risk Management
• Traditional (Insurance) Risk Management
12© Zurich -Risk Engineering, Cisco SCRLC February 2007
ERM, BCM, SCRM
• The supply chain is relevant in each
• Insurers are interested in aspects of each, just as the Board and shareholders and other stakeholders are interested…
•…just from a different perspective
• But still evidence of ‘silo’ thinking
• Need to coordinate the disciplines
13© Zurich -Risk Engineering, Cisco SCRLC February 2007
Tools and techniques
14© Zurich -Risk Engineering, Cisco SCRLC February 2007
What tools and techniques does Zurich use to evaluate supply chain risks?
• ‘Traditional’
• Risk grading and benchmarking
• Interdependency analysis
• Qualitative risk analysis techniques
• Adherence to standards
• Risk quantification
15© Zurich -Risk Engineering, Cisco SCRLC February 2007
‘Traditional’
•Site risk assessmentsEvaluations and risk improvement recommendations
•Due diligence
•Standards of care guidelinese.g. Marine
16© Zurich -Risk Engineering, Cisco SCRLC February 2007
Risk grading and benchmarking
Risk Grading
e.g. Property, BI, BCM, Extended Perils, General & Product Liability, Machinery
BreakdownBenchmarking
• Promotes best practice (internal & external)
• Particular value in asset management
• Less easy for evaluating SC complexity
17© Zurich -Risk Engineering, Cisco SCRLC February 2007
Interdependency analysis
• Risk definition
• Supply chain mapping
• Loss of profits modelling
18© Zurich -Risk Engineering, Cisco SCRLC February 2007
Risk Definition
Key risks rated as shown:
1. Like-for-like sales growth 2. Customer satisfaction3. IT network resilience4. Sarbanes Oxley5. Health and safety6. Business Continuity 7. Legislation
67
534
2
1
Likel
ihoo
d
Impact
NEED TO UNDERSTAND WHAT EACH RISK REALLY MEANS
19© Zurich -Risk Engineering, Cisco SCRLC February 2007
Total Insurable Loss Cost =• Loss of Profits…+ …Costs of the temporary solution (ICOW)
GP
Time
ICOW
Loss of Profits Cost of TemporarySolution
Loss of profits modelling
Need full understanding of supply chain and associated risks
20© Zurich -Risk Engineering, Cisco SCRLC February 2007
Supply chain mapping
Strike a balance between pragmatism and complexity Schematic Goods / Value Flow
GroupDivision
Product A
Product B
Site 1
Site 2
Site 3
Site 4
Customer
Product A to Customer
Product B to Customer
= Complex on a Site
= Good / Value Flow
Supplier
21© Zurich -Risk Engineering, Cisco SCRLC February 2007
Qualitative risk analysis
• Scenario definitions
• Risk profiling
• Risk interdependency mapping.
• Risk appetite (e.g. BIA)
22© Zurich -Risk Engineering, Cisco SCRLC February 2007
Scenario definitions
• Structured approach to gain common understanding of risk
• Risk profiling6
75
34
2
1
Likel
ihoo
d
Impact
23© Zurich -Risk Engineering, Cisco SCRLC February 2007
Qualitative risk analysis – Zurich approach
Risk appetite
Likel
ihoo
d
Impact
67
534
2
1
24© Zurich -Risk Engineering, Cisco SCRLC February 2007
Qualitative risk analysis in BCM
Likel
ihoo
d
Impact
Business Impact Analysis (BIA)•Identify the key processes and activities
•Determine the impact upon the business if these were disrupted or lost
• Consider the GAP (MAO, RTO, etc). E.g. financial, market, customer loyalty impacts
•Conduct a risk analysis to identify the potential threats – prioritise resources
67
534
2
1
25© Zurich -Risk Engineering, Cisco SCRLC February 2007
Qualitative risk analysis
Enables:
• Effective communication of risks
• Understanding of interrelationships
• Prioritisation
• Focus on key issues
• Efficient BCM / SCM / ERMLik
elih
ood
Impact
67
534
2
1
26© Zurich -Risk Engineering, Cisco SCRLC February 2007
Quantitative techniques
• Actuarial techniques
• Retention studies
• Total cost of risk
Yourhealth comTotal Risk Profiling on Healthwatch 14.04.2000
Annual Loss Amount
Prob
abili
ty
• Evaluation of real loss / claims data
•‘Simulation’ of data in difficult areas
• Combine and analyse
27© Zurich -Risk Engineering, Cisco SCRLC February 2007
Risk quantification
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
1'000 10'000 100'000 1'000'000 10'000'000
loss severity x (EUR)
prob
abili
ty [s
ingl
e cl
aim
< x
]
individual claims, inflatedapproximanted distribution
Model A:claims between
EUR 6'000and EUR 52'000
Model B: claim > EUR 52'000
87.3% ...
... of all claims> EUR 6‘000
12.7% ...
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
1'000 10'000 100'000 1'000'000 10'000'000
loss severity x (EUR)
prob
abili
ty [s
ingl
e cl
aim
< x
]
individual claims, inflatedapproximanted distribution
Model A:claims between
EUR 6'000and EUR 52'000
Model B: claim > EUR 52'000
87.3% ...
... of all claims> EUR 6‘000
12.7% ...
87.3% ...
... of all claims> EUR 6‘000
12.7% ...
Self Financing (Captive)
EUR 144’000 p.o. xs EUR 6'000 p.o., but in the maximum EUR 1’370’000 p.a.
EUR 10 Mio. p.o.
Stop Loss
EUR 1’630’000 p.a.xs
EUR 1’370’000 p.a.
Excess
EUR 9’850’000 p.o.xs
EUR 150’000 p.o.
per occurrence limit (p.o.)
EUR 150’000
p.o.
Working deductibleEUR 6'000 p.o.
Small risks
Medium risks
High risks
Self Financing (Captive)
EUR 144’000 p.o. xs EUR 6'000 p.o., but in the maximum EUR 1’370’000 p.a.
EUR 10 Mio. p.o.
Stop Loss
EUR 1’630’000 p.a.xs
EUR 1’370’000 p.a.
Excess
EUR 9’850’000 p.o.xs
EUR 150’000 p.o.
per occurrence limit (p.o.)
EUR 150’000
p.o.
Working deductibleEUR 6'000 p.o.
Small risks
Medium risks
High risks
Distribution of Scenario Improvement Potential
-2 0 2 4 6 8NLE improvement potential – net of costs(?) [€ Mio]
Prob
abili
ty
Scenario 1
Scenario 2
Scenario 3
Distribution of Scenario Improvement Potential
-2 0 2 4 6 8NLE improvement potential – net of costs(?) [€ Mio]
Prob
abili
ty
Scenario 1
Scenario 2
Scenario 3
Individual scenario risk-return diagram
0
1
2
3
4
5
6
0 0.2 0.4 0.6 0.8 1Risk (e.g., scenario std devn or VAR
Return(e.g.,expectedNLEImprovement)[€ Mio])
Tool / location 1
Tool / location 2
Tool / location 3
risk-adjustedhurdle rate?
Individual scenario risk-return diagram
0
1
2
3
4
5
6
0 0.2 0.4 0.6 0.8 1Risk (e.g., scenario std devn or VAR
Return(e.g.,expectedNLEImprovement)[€ Mio])
Tool / location 1
Tool / location 2
Tool / location 3
risk-adjustedhurdle rate?
Tool / location 1
Tool / location 2
Tool / location 3
risk-adjustedhurdle rate?
28© Zurich -Risk Engineering, Cisco SCRLC February 2007
Risk quantification
Enables:
• Greater insight into exposure analysis
• Efficient capital allocation
• Total view
29© Zurich -Risk Engineering, Cisco SCRLC February 2007
The spectrum of supply chain management activity*
* Haywood, M. (2002), “An Investigation into supply chain vulnerability management within UK aerospace manufacturing supply chains”
PLANNING
(‘ideal world’)
MANAGEMENT
(established supply chain)
CHANGE MANAGEMENT
(implementation of modifications)
30© Zurich -Risk Engineering, Cisco SCRLC February 2007
When would Zurich apply these tools?
PLANNING CHANGE MANAGEMENT
MANAGEMENT
Benchmarking, loss lessons, claims
analysis
Traditional - site surveys, gradings
Traditional - site surveys, gradings
Risk quantification – actuarial techniques,
retention studies, total cost of risk
Interdependency analysis
Benchmarking, loss lessons, claims
analysisQualitative risk
analysis techniques Qualitative risk
analysis techniques
Adherence to standards
Adherence to standards
PLANNING
(‘ideal world’)
MANAGEMENT
(established supply chain)
CHANGE MANAGEMENT
(implementation of modifications)
Risk quantification
31© Zurich -Risk Engineering, Cisco SCRLC February 2007
Adding value - Insurers’ perspective
• Companies with genuine business resilience want credit for it.
•Underwriters’ view of risk is strongly influenced by the quality of data
•Insurers need: • Loss potentials accurately modelled • Continuity plans fully detailed• To be convinced that plans will succeed • To understand supply chain exposures
• This will reduce doubt and allow more ‘accurate’ insurance pricing
• Creating added value for all
32© Zurich -Risk Engineering, Cisco SCRLC February 2007
Adding value - the insurers’ perspective
Business Continuity Plans
(BCPs) Implemented
Original EML
Impact on GP (BI Loss Estimate)
Exce
edin
g P
roba
bilit
y
33© Zurich -Risk Engineering, Cisco SCRLC February 2007
Adding value - the insurers’ perspective
“Resilience Adjusted” EML
Impact on GP (BI Loss Estimate)
Exce
edin
g P
roba
bilit
y
34© Zurich -Risk Engineering, Cisco SCRLC February 2007
Finally…
Greater focus on BCM and SCRM
more opportunity to create value
greater awareness about supply chain exposures
more dialogue with insurers
reduction of surprises
Thank-you
Tim [email protected]+44 (0) 1423 359564+44 (0) 7730 735396
Supporting material
37© Zurich -Risk Engineering, Cisco SCRLC February 2007
Adherence to standards
• Standards in SCM? ERM – e.g. COSO, etc
• Standards in BCM – e.g. NFPA 1600, BS 25999, ISO??
BCM programme management
Exercising, maintenance &
self-assessment
Understanding the organisation
Developing & implementing a BCM
response
Determining the BCM options
• BCM still not widely understood
• Big kick to major customers’ desire for assurance
• Knock-on effect in SC
• Insurers see value
• Impending internationalisation
38© Zurich -Risk Engineering, Cisco SCRLC February 2007
‘Marine’ risk management
• Addresses mostly hijacking and theft
• ‘Small’ loss events can create major disruptions – how big?
S1
SL1
CL1
C1
M1
M2
• Can effect reputation
• Surprisingly under-developed
• Need to address the basics – security, handling, minimum standards of care
• Use of technology – long way to go
• Value to be gained
39© Zurich -Risk Engineering, Cisco SCRLC February 2007
SC issues in Europe – Zurich’s observations
• Growing focus on CSR
• Assessment and audit of suppliers (threat to brand)
• Reduction of supplier base – risk-based
• Outsourcing / offshoring
• Supplier (and customer) positioning
• Growing interest in risk measurement
High risk
Low risk
Low cost
High cost
Partnering
Assurance of
supply
Process Leverage
40© Zurich -Risk Engineering, Cisco SCRLC February 2007
Analysis Parameters
• SCOPE of analysis
• PERSPECTIVE of analysis
• TIME HORIZON
Interdependent factors which determine the true value of the analysis
How?
When?
Why?
Trigger
How Big?
How Much?
How Bad?
Consequences
Controls?
Where?
Vulnerability
What?
• DEPTH of analysis
• DURATION of analysis
• DATA available
41© Zurich -Risk Engineering, Cisco SCRLC February 2007
‘Headline’ risks
• Avian flu• Pandemics• Cyber risk• Infodemics• Climate change• Single-issue campaigning• Strikes• Brand damage, etc
All impact the broader supply chain – but how?
42© Zurich -Risk Engineering, Cisco SCRLC February 2007
Damage to reputation
Trigger ConsequencesVulnerability
Competitor pre-empts legislation
change
Possible new legislation will change buying habits
Loss of market share
Planning hold-ups delay expansion
and refurbishment of retail outlets Decline in
like-for-like sales growth
Failure to meet earnings
targets
Year-on-year sales growth is a key industry performance measure
Only one supplier of key customer systems
technologyFire at key supplier - no BCP
Company subject to Sarbanes- Oxley
legislation(extensive compliance programme underway)
SEC finds non-
compliance
Company fined,
MD gaoled
IT back-up systems failure
Customer systems dependent on IT infrastructure
(robust back-up procedures)
Understanding Risks Better
43© Zurich -Risk Engineering, Cisco SCRLC February 2007
Interdependency analysis
• Importance of value flow vs. physical flow
• Proper appreciation of the risks
• Address complexity
• Measure financial impacts
• Enables ‘what-ifs’
• Imprecise by nature
• Prioritisation
• Resource and capital allocation
• Strategic decisions
44© Zurich -Risk Engineering, Cisco SCRLC February 2007
What new issues are we faced with and how do we view them?
• Greater BCM and SCRM focus greater awareness about non-insured risks
• What are the other drivers?
Homeland security
Other
Reputation / public image
Operating managementPrevious experiencesStakeholder
responsibility
Senior Management
Compliance
Operational Resilience
(Deloitte BCM survey – 2005)
45© Zurich -Risk Engineering, Cisco SCRLC February 2007
Uninsured concerns - brief customer survey
(Red = High) = Supply chain
relatedChange in regulation or tax rateInterruption to communication systems. Fuel shortageRestrictions on use of buildings, staff availability or deliveries due to external influencesInsolvency (customers and suppliers)
Interruption at customer / supplier
Raw materials
Extortion, fraud, theft and virus
Reputation
Staff illness
Fines, penalties and closures
Product-related
Errors
Latent defects
Demand / competition
12345678123456
EXTE
RN
AL
INTE
RN
AL
46© Zurich -Risk Engineering, Cisco SCRLC February 2007
Possible supply chain triggers
• Insolvency of customers or suppliers• Denial of access, restriction on suppliers’ use of buildings• Strikes – suppliers, transport and customers• Interruption to their utilities or communications systems• Customer / supplier staff illness• Unavailability of raw materials• Failure of supplier’s suppliers• Any other incident outside their control that prevented
supply
Which would be of most interest? Any more?
© Zurich -Risk Engineering, Cisco SCRLC February 2007
More value to protect - collateral damage (Iceberg principle)
Insured risks
Uninsured risks
Direct costs Indirect costs
Workers compensation, public liability, assets, tooling
Business interruption, product liability, debris removal & salvage, hire
Sick pay, repairs, lost/damaged product
Investigation costs, loss of goodwill, brand, image, hiring, training, legal, overtime, temporary hire, loss of expertise, emergency supplies, records/data