As more supply chains stretch across the globe, complexities increase and require a careful cost-versus-benefit analysis for each risk-mitigation strategy.
Phases of Risk Management
Even the best-managed companies can be overwhelmed by the prospect of rationally and proactively balancing the potential negative effects of risk factors against the cost and benefits of implementing risk-mitigation strategies. In fact, it quickly becomes clear that managing risk can be at odds with other strategic initiatives, such as reducing inventories and cutting costs. Therefore, effective risk management requires a careful consideration of the appropriate balance among customer service levels, cost and working capital within an acceptable risk tolerance.
In addition, all risks are not equal. They must be identified and categorized along a scale on the basis of the severity of the impact of the risk and the likelihood of occurrence. Obviously, risks with high severity that are most likely to occur should be the first priority.
These are complicated scenarios requiring substantial computing power and sophisticated analysis capabilities. All risk-analysis approaches have two phases, although the specific techniques used in each phase vary widely. The first phase of risk analysis is risk identification and consists of determining the sources of risk, the dependencies among them and the likelihood of occurrence. For example, the loss of a supply source in one location may cause a shortage of transportation capacity in a different area where an alternate supply source is available. The second phase is response analysis and involves determining potential options to hedge against the risk while assessing the impact in terms of both cost and benefit.
The first phase of risk identification often involves variants of the Delphi method of predictive analysis. Developed by the Rand Corporation during the Cold War to predict the impact of technology on warfare, the Delphi method is a facilitated brainstorming or information-gathering process. It involves experts who participate anonymously in iterative sessions by providing predictions with supporting logic. The results from each session are reconsidered by the experts until the process converges on a relative consensus.
Next, probabilities are associated with risk factors through a wide variety of techniques. For example, historical data may provide estimates of variability in forecasts or lead times. Analysts may also use sophisticated regression models to determine errors in long-range growth forecasts. Similarly, the mathematics of extreme-event analysis enables analysts to estimate the probability of rare events. The process results in a good understanding of potential risk factors and their probability of occurrence.
Once risks are identified, the response-analysis phase focuses on estimating the impact of risk factors across the supply chain. This exercise is challenging because the relationships between risk factors are not static. One decision or risk factor may impact other risk factors. In practice, techniques for analyzing risk-decision clusters fall into two families: prescriptive decision models and descriptive simulation models.
Prescriptive decision models, which include many supply chain optimization tools, are designed to prescribe an answer for a given set of inputs. The models used in software solutions are further divided into two categories: deterministic and probabilistic. Both deterministic and probabilistic models provide insight into the interaction between risk factors and supply chain control variables by systematically analyzing different scenarios.
However, while deterministic models use a single number for each variable under consideration, the more sophisticated probabilistic models use statistical probability curves for variables such as demand patterns or the likelihood of a supply disruption. Because of the increased complexity in these probabilistic models, they tend to be limited in scope.