Learning from disasters - what if supply network interruptions happen?

riskmethods welcomes a guest post from Markus Groth, Head of Marsh Risk Consulting and Council Member of Marsh’s Business Interruption Center of Excellence.

The aftershocks from the devastating natural catastrophes such as of 2011 are still rippling through global supply networks. Companies that had believed their supply networks were secure found out otherwise – the hard way. Many organisations that were not affected see a warning sign in unprecedented global string of floods, earthquakes, tornadoes and other events in 2011 which have been analysed with great care and precision during the last years. Many are beginning to fully understand the imperative to ensure resiliency in the critical areas of their supply networks.

Increased vulnerability

Such losses typically manifest in a company’s supply network, which is often an integral component of the value that a company can deliver to its customers and stakeholders. But supply networks have become increasingly complex, globally interconnected and largely managed by third parties. After years of focus at many organisations on cost, efficiency and speed to market, supply networks are more vulnerable to geographically remote, disruptive events than ever before.

Although some organisations recognise this vulnerability, the truth is that many still are not prepared for a supply network disruption. Too many organisations lack complete visibility into their supply networks and do not understand the risks they face, the tools that are available to them to mitigate their risk and improve resiliency and the competitive advantages and bottom line benefits that superior supply network risk management can yield.

Exemplary loss events in 2011

The two costliest events of 2011, the Japan earthquake, tsunami and nuclear event and flooding in Thailand, illustrate how an event in one part of the world can have a significant effect on supply networks globally. Among the industries affected were electronics, semiconductors, automotive, shipping, steel, medical devices, solar and energy. Unstable power lines made it impossible for many manufacturers in the high-tech and other sectors to operate for several weeks following the disaster.

Meanwhile, flooding across Thailand in the second half of the year severely disrupted that country’s manufacturing operations and forced the closure of various major industrial estates. More than ten thousands of businesses temporarily ceased operations, suspending the production of cars, electronics and other goods.

Broad diversity of risks

When organisations closely examine their supply network risks, many focus purely on the potential physical disruptions – damage or destruction to their operations or those of their suppliers from earthquakes, hurricanes and tropical storms and other catastrophes. But global supply networks can be disrupted by more than natural catastrophes. Disruptions to supply networks can come about due to political and social unrest; technology failures related to cyber attacks and other events; shortages of raw materials; or an economic downturn that puts one or more suppliers out of business.

Similarly, many organisations view the supply network itself as being purely physical – comprising only those mechanisms that create and transport physical products and goods. But physical assets are just one aspect of how any company delivers value through its supply network: Critical technologies, relationships, knowledge, skills and people all contribute heavily to the flow of cash and /or goods that create and deliver any product or service, from smart phones to financial advice.

Lessons learned from the loss events in 2011

The events of 2011 raised concerns in boardrooms, among shareholders and in risk management circles about the true resiliency of supply chains and related risk transfer mechanisms. For example, many companies are now taking a closer look at the physical placement of operational nodes that contribute to global supply networks. There is also a greater appreciation of how supply network resiliency can be used as an “offensive” weapon to take market share away from competitors and to boost shareholder value. Claiming success in supply network risk management is about more than simply having a plan in a binder. To truly achieve resiliency, traditional plans need to be re-engineered and more voices added to the supply network risk management discussion. Managing resiliency is not just about quickly recovering from catastrophic events; it is about avoiding or minimizing exposure to such risks in the first place.

Read more from Markus Groth:
“Spoilt for Choice - Finding the Right Risk Financing for Supply Network Interruptions”

Spoilt for Choice - Finding the Right Risk Financing for Supply Network Interruptions

riskmethods welcomes a guest post from Markus Groth, Head of Marsh Risk Consulting and Council Member of Marsh’s Business Interruption Center of Excellence.

As the world economy changes with increasing velocity, global supply networks grow correspondingly more complex and vulnerable. While rapid advancements in automation, single sourcing, cloud computing, and off-shoring in emerging economies have provided competitive efficiencies for organisations, these advantages are threatened by a growing array of risks – from cyber-warfare campaigns, opportune terrorism, and global pandemics to traditional risks arising from natural disasters and economic disruptions. In this volatile business environment, a deep understanding of supply network ecosystems and the organisational resiliency to respond quickly to threats and their impact is critical to business success.

Many organisations are under enormous pressure to reduce costs in their supply network and improve efficiency, whilst also finding ways to improve customer service and responsiveness. Reducing costs can often result in the unintentional increased exposure to risks of disruption, and companies must understand and manage the complex web of risks that arise.

From a risk strategy standpoint the various risk financing options that are available and that may cover financial losses and extra costs resulting from supply network interruptions should always be taken into account – at least at the risk treatment selection stage which is about finding the right return on risk investments and implementing actions accordingly.

Risk managers have historically looked to contingent business interruption (CBI) and contingent extra expenses (CEE) insurance as a way to mitigate financial risks associated with loss events that affect their suppliers and customers. CBI reimburses insureds for loss of net profits and necessary continuing expenses resulting from an interruption of business due to insured physical loss or damage at a supplier or customer location(s). CEE reimburses insureds for the additional expenses over and above normal operating costs to avoid or diminish an interruption of business following insured physical loss or damage at a supplier or customer location(s). The cause of the interruption – a fire or an earthquake, for example – must be from a covered peril and must result in physical damage that inhibits the third-party supplier or customer from being able to supply or receive the insured’s goods.

CBI and CEE, however, do not cover the increasingly frequent disruptions that many organisations face that are not related to physical damage. For example, the eruptions of Iceland’s Eyjafjallajokull volcano caused little physical damage to insured property, yet air traffic was interrupted, leading to significant disruptions and delays in the transport of goods and services into and out of Europe. Following the events of 2011 in Japan, many buyers of CBI and CEE came to realise it often is restricted to first-tier suppliers, meaning that CBI or CEE resulting from damage to “indirect” second- or third tier suppliers will not be covered.

Emerging risk financing solutions for covering supply network interruptions are considerably broader than CBI and can offer additional protection. In addition to indemnifying for business interruption and extra expenses resulting from physical damage to a supplier or customer (i.e. typically excess of “all risk” programme CBI and CEE limits), supply chain insurance products also offer insureds protection against non-physical interruptions to their supply networks, such as strikes, riots, ingress / egress, service interruption, pandemics and more. Such coverage can be tailored to an insured’s unique supply network exposures.

Insureds should review all of their risk financing options carefully with their insurance advisors. Whichever product(s) or tailor-made alternative risk transfer solutions an insured decides to purchase, it is imperative to provide underwriters with complete, accurate and thorough data in order to differentiate its risk profile from other companies. The most successful organisations will be those that make insurance decisions as part of a broader approach to supply network risk management that optimizes risk investments against the value of the business, product, or service to the organisation.

The Future of Procurement – Take 2

When Kelly Barner from BuyersMeetingPoint asked us to join in by making a prediction on “What does the Future of Procurement Hold?” we immediately had varying thoughts. Our first take was “THE END OF SUPPLIER RELATIONSHIP MANAGEMENT“. We now would like to share with you our 2nd prediction:


The goals for procurement are currently: 1. Savings, 2. Savings, 3. Savings – as well as KPIs such as performance, quality and logistics. Supply chain risk management (SCRM) has so far not made its mark in these performance metrics in most organizations.

We recently gave a talk at a SCRM event, together with our customer Belimo, who impressed upon purchasing agents the value of SCRM as a personal objective in terms of their suppliers. The question to the audience as to which companies this applies to yielded only one response.

And yet we hear almost daily from our customers that further globalization and worldwide goods procurement are crucial in order to remain competitive. To generally benefit from this, however, you should be prepared for potential risks – risks along the entire supply chain, which go far beyond financial key figures and which can cause disruptions that result in damage amounting to millions.

We understand very well that there is a conflict of goals when it comes to procuring the most cost-effective goods – which are highly likely not being produced in the most low-risk areas of the world, though.  Should these savings not, however, be seen in the light of damage worth millions, which is caused by a disruption in the supply chain?

We are of the opinion that there is a huge opportunity for procurement here: Combining the “old KPIs” price, quality, performance and delivery reliability with the goal of ensuring protection against risks along the supply chain by way of SCRM will provide procurement with a high leverage effect as regards participation in the company’s success.

And as has been proven by Accenture’s current study “Accenture Global Operations Megatrends Study – Focus on Risk Management”, SCRM also contributes to ROI: nearly all of the 1000 companies represented in the study receive a return on their investment (ROI) in risk management. Only 7% are, however, generating returns of over 100% on their SCRM investments. Why? Because precisely only these 7% have a continuous approach to SCRM: they make SCRM a priority, centralize their responsibility for risk management and invest aggressively in risk management with a specific focus on end-to-end supply chain visibility and analytics.

If you want to learn more how our customers measure the ROI of SCRM and what further studies and experts say see our blog post ROI of Supply Chain Risk Management – 12 Examples


ROI of Supply Chain Risk Management – 12 Examples

Everyone knows that mitigating risk in the supply chain is very important. Nevertheless supply chain risk management often is still not one of the top priorities in procurement compared to other activities related to increase savings. Even though experts fear that supply chain risk could already rise again over the next three months according to the latest CIPS Risk Index Report.

We collected some facts & figures on the impact and ROI of SCRM from our customers’ experience, from recent studies and some examples which might be useful to increase SCRM’s importance and relevance:

What our customers say

  • Hit rate increase of risk events 85%  (compared to google alerts)
  • Early risk warning means a reduction of reaction time of 1.5 days
  • Elimination of manual effort 1hour/day per purchaser/logistic responsible
  • One hour production standstill = $ 250,000

What studies say

  • 88% of companies have suffered significant disruption in the past at the cost of £200,000 over the last 12 month (1)
  • Supply  chain  disruptions  reduce  shareholder  value  by 7% (2)  
  • One-point decrease in reputation score associated with ~$5 billion lower average market value (3)
  • ~50% savings in contingent business interruption insurance rates by proving supply chain visibility (4)

What already happened

  • General Motors lost over $2bn due to labor strike that disrupted production in several US states
  • Canon had a negative impact of $607 million on net sales and a reduction in operating profit of $225 million due to Thailand floods in 2011
  • BMW had a production stop due to Iceland ash cloud  in 2010 – 7,000 vehicles were affected
  • The share prices of Toyota fell by 16% and Honda by 13% within five days of the Japan earthquake in 2011

If you want to increase the visibility in your supply chain and mitigate risk, learn more about how to monitor all kinds of risks, minimize the impact and proactively take actions. See also our SUMMER SPECIAL of >50% http://www.riskmethods.net/en/home

(Sources: 1) Zurich 2012, “The Weakest Link”; 2) Word Economic Forum, “Building Resilience in Supply Chains”; 3) Cirano, “Corporate Reputation: Is your most strategic asset at risk”; 4) Source: Sourcing Innovation, “The ROI of Supply Chain Resiliency”)

Managing Supply Chain Risks Successfully – Part 3: Implementation of risk management


riskmethods welcomes a guest post from Kai Busse, expert for the procurement area and founder of Pexin Consult.

What do we do if an event that poses a threat to our organization does in fact occur? Being prepared means that half the battle is already won. If you are already using a standardized process in terms of initiatives and preventive action related to savings initiatives, supplier development or implementation of material group strategies in Procurement, everything else is easy. If not, it’s also no problem.

Not every risk necessarily requires an action plan. What is important is to filter out the really dangerous risks from the vast range of identified risk events. For this, determine thresholds for your risk figures. If a threshold is exceeded, the introduction of countermeasures must then however be immediately investigated.

If an (hopefully rare) event that requires countermeasures then does in fact occur, these measures must be initiated quickly and effectively and be impactful. Your employees who have been assigned responsibility must know precisely what to do. For this, develop a standardized procedure that deals with all relevant information and steps in support of the action plan.

The document includes the following items:

Basic information:

  • What risk event are we dealing with
  • When did the event occur
  • Allocation of the risk event to a risk class. The risk class describes the danger potential  
  • Which product groups and categories and which supply chain(s) are affected
  • Which suppliers are affected
  • Which business units are threatened as a result of the event, and have the units been informed about the serious threat
  • Who has overall responsibility for the risk action plan(s)

Action plans (in many cases several individual preventive actions):

  • Initiated individual preventive actions
  • Designation of short-term and long-term action plans
  • Expected result from individual preventive actions
  • By when must the action plan be completed
  • Severity (progress) of individual preventive actions
  • Who is responsible for the individual preventive actions (where applicable, part of RAPID® model)

Results documentation:

  • Time of completion of individual preventive actions
  • Did the result live up to expectations? If not, what was the actual result?
  • Were follow-up actions or additional action steps necessary?

Check whether you can define standard preventive actions for certain scenarios.

If your organization has complex supply chains that necessitate the inclusion of a large number of persons, you should structure the decision-making process using the RAPID® model or a similar model. Specified decision-making channels result in gaining valuable time and completion of documentation of the overall action plan.image

RAPID® is a registered trademark of Bain & Company, Inc.

If you have implemented all three steps, you are well prepared for future risks. Each process requires practice, however. So, start with the areas that already show an increased risk potential, even if no serious threats are present.  This training will be of great benefit to you at a later stage and counteract latent risks on a preventive basis.

Be a supply chain risk management champion! Your internal customers and management will thank you for it.

Read more "Managing Supply Chain Risks Successfully":
Part 1: Risk Prevention
Part 2: Establishing a Risk Monitoring

How to REACH transparency within your Supply Chain Network (1/2)


by Karsten Wunsch

If you believe in GARTNER – like a lot of people do – you might confirm that Supply Chain Visibility is the topic #1 for Executive Supply Chain Managers. Or at least should be…

A recent study provided by Supply Chain Insights discovered that around 80% of the questioned companies had on average 3 material disruptions in 2013. When I talk to Procurement Managers I usually ask the following question: “How can you know that your suppliers are still able to produce and deliver tomorrow?” In many cases the answer is that they have contractual obligations with their suppliers to be informed if anything could affect the production.

How shall that work? Let’s imagine that you would be “preferred customer” for your suppliers and that you would be the first they would call in case of emergency – a lot of “would’s” and there are more to come… The probability is very high that the supplier would wait as long as possible and would have several internal legal discussions before he contacts you. Especially if the term that he has to inform you regarding disruptions is close to the term that he has to pay penalties for non-delivery…

42% of disruptions happen beyond Tier 1 (Business Continuity Institute, 2013) which is a growth of 3% compared to 2011. Keeping that in mind everybody can estimate on its own how effective and reliable the information flow described above could be.   

 So why is Supply Chain Transparency not a standard for each and every company yet? Due to missing tools, support and especially the lack of understanding, it was nearly impossible in the past to handle the topic without massive budget and capacities.

But the market has changed: REACH, Dodd Frank Act, public sanctions such as the ones against Russia – there are a couple of regulations which have been recently announced or became effective.  They helped to evangelize the market to get more sensitive regarding Supply Chain Visibility:


REACH is a regulation which is obligatory for all member states of the European Union. On a high and rough level, REACH covers all chemicals which are produced or imported into the EU with an amount of over 10 tons per year (1 ton from 2018 on). Each and every chemical has to be Registered using an specific dossier. This dossier will be Evaluated and might be Approved. In case of critical CHemicals the approval might be limited to specific applications.  

This approval and especially the limitation is a very important point as it forces the whole supply chain to communicate over multiple tiers.

First of all companies need transparency from whom they buy. If they source outside the EU where REACH is currently not obligatory they might be responsible to register the substance on their own. And even if the substance and the supplier are registered but the usage does not fit to the approved limitations you might be in charge to adjust the registration.

To avoid unnecessary costs and possible delays it makes sense to discuss applications through the whole value creation chain.

REACH is not only obligatory for chemical companies but also affects a broad range of industrial sectors and companies. Being compliant to REACH is a continuous task.

Dodd Frank Act – 1502 (see also our May blog post)

Section 1502 of the Dodd Frank Act covers the usage of conflict minerals and has been a challenge for many companies in the last months and especially for the tin processing electronic sector.  The idea of the regulation is to ensure that in conflict regions mining is done in compliance with CSR and no illegal operations are funded with the money.

Each company which is SEC-listed has to ensure that itself as well as their suppliers are compliant. The problem is that most suppliers don’t have the processes and tools in place to drive compliance into their own supply chain. The deeper you dive the lower leverage you have.

Without a satisfying answer from your supplier you might be forced to look for an additional source. This might cause extra costs and delays which are not foreseeable and certainly not budgeted. Therefore the easiest way might be to support your suppliers and receive value able information regarding your 2nd Tiers in return.

The good news is that every mineral has to be smelted. Smelters are a perfect choke point to check where minerals are coming from. You might want to check out following web-page: www.conflictfreesourcing.org which shows a list of more than 150 smelters which are audited to be free of conflict mineral.

First reports had to be finished until June 2014. I recently joined a webinar discussing the results of the first reporting wave. One interesting take away for me was a question for the audience regarding their compelling event. More than 50% of the participants stated that they are not SEC-listed but currently feel a high pressure from their customers.

It seems that section 1502 has reached the 2nd Tier and the next reporting wave is about to come!

Sanction list screening

The Krim crisis is getting worse day by day. Europe is very uneven to sharpen sanctions. USA is not – they have added a couple of additional persons and companies on the black list. Keeping in mind that the biggest French bank was fined of nearly 9 billion US$ for the violation of US-Sanctions just 3 weeks ago – each and every company which is making business with the USA and Russia should be alarmed – especially as sanction checking is often an initial process and not done on a daily base. I don’t know how the Supreme Court would judge sanction validations in lower tiers of a supply chain but I bet you don’t want to be the first to find it out.    

So as the evangelism is done and the market is aware of the necessity of Supply Chain Visibility the next step is to implement tools and processes as well as to leverage existing information and the network to gain transparency. I will cover this topic in my next blog…

The Future of Procurement – Take 1

Kelly Barner from BuyersMeetingPoint started an “Open Call for Predictions: What does the Future of Procurement Hold?”. What a great idea – thanks Kelly for this initiative! We immediately started collecting our thoughts about what the future might bring for procurement. This is our first take, which we would like to share with you:


Over the last decade, the topic of Supplier Relationship Management (SRM) has dominated strategic procurement. The benefits and objectives are clear to see: increased supplier performance, reduced costs, development of relationships with suppliers, defined optimization potential. To a certain degree, risks in the supplier base can also be identified as part of SRM. In most cases, however, this applies to creditworthiness checks of direct suppliers.

But what happens with subcontractors along the supply chain?

According to the current Supply Chain Insights LLC study “Can you afford the risk?”, only 18% of companies interviewed have transparency over their 2nd and 3rd tier suppliers. A recent example of a large German sports item manufacturer, who appeared in the media at the end of June, is proof of this: Following a media report about disastrous conditions at a plant in El Salvador, PUMA stopped orders as one of the business partners was not using authorized subcontractors. According to the media report, PUMA had no knowledge about this supplier, but instead, a damaged image.

And what happens with locations and hubs along the supply chain?

Increasing internationalization, global networking and shifting of value added processes are a real development. Disruptions in the supply chain – be they of an economic, structural, political or ecological nature – can have fatal consequences for security of supply in terms of organizations and their corporate success.  A research study of PwC (Global Supply Chain and Risk Management Survey, 2013) revealed that more than 60% of respondents saw their performance indicators drop by 3% or more in 2012 as a result of a disruption in their global supply chain. This means that besides suppliers, supply-related risks along all transfer points, interim storage sites and logistics hubs must be monitored in order to secure supply.

We are convinced that the trend in future is going to be towards transparency over the entire supplier network, including location and country risks of 1-n tier supply routes. Previous supplier-centric approaches in terms of quality, stability and price of partners must be supplemented by supply security aspects along all supply routes as well as compliance aspects as regards 1-n tier relationships.

Companies in all sectors must continue to focus on their suppliers and supplier relationships – they will however have to take this a step further, namely to include the entire supply chain into their management.

So, we are not predicting that supplier management will no longer be relevant – but a holistic
1-n tier supply chain management approach will enter a new era: The conversion of SRM and SCM has started.

Managing Supply Chain Risks Successfully – Part 2: Establishing a risk monitoring


riskmethods welcomes a guest post from Kai Busse, expert for the procurement area and founder of Pexin Consult.

Using the risk groups defined in your risk prevention strategy as the basis, determine risk indicators that will form the basis of risk monitoring in future. The suitability of a risk indicator can easily be checked by posing the following question:

-          Can a risk that is listed in our risk prevention strategy be identified based on the occurrence of an event (in terms of this indicator)?

An example: The frequently used indicator for supplier creditworthiness is suitable for identifying supply risks. If, however, image risks are the focus of monitoring, this indicator can safely be dispensed with.


Once all risk indicators have been determined, they must be correlated in terms of level of priority. This results in a risk matrix. The following rule of thumb applies: The highest weighting is assigned to the highest loss potential. Do you assign this rating in Procurement only? No! Other departments are in a much better position to assess and quantify the impact of certain events. Consequently, as is the case with strategy development, a collaborative, cross-departmental approach also applies here. Apply a modified form of utility value analysis as part of a workshop. Rate all risk indicators with points from 1 – 100. Perhaps, for purposes of easier orientation, assign value ranges to the impact (“very low impact 0 – 20” to “jeopardizes continued existence 90 – 100”). Then correlate the scores – and you have your risk matrix. Once your monitoring is up and running, use the same pattern to allocate criticality ratings ranging from low to high to events that occur or general incidents (e.g. country risks). This means that you will have a current risk figure for every indicator, and this figure will be updated with all new information received and assigned the weighting of the risk indicator, resulting in an overall risk figure. But the risk matrix must now first be populated.

As already mentioned, current and valid information is the key to successful risk monitoring and management. Suitable data sources must then be identified for your risk indicators. Besides internal sources, countless data providers operating on a global/regional, commercial or non-commercial basis are available to you. When selecting your data providers, take note of the frequency of data updates. The data provider should have its own research capacities and make the data available to you in a workable format.

Unfortunately not all information required is readily available in a prepared format. Address data is core information for recognizing at an early stage whether your supply chains are threatened by natural disasters, strikes, unrest, weak infrastructure, political instability and a whole lot more. This mainly applies to production, development and service locations of your suppliers and their subcontractors, as well as to central logistics hubs that form part of your supply chain’s path. Internally available address data for suppliers can only be used to a limited extent in many organizations, as ERP systems often only provide commercial addresses, and not risk-relevant locations. Information on 2-n TIER suppliers is frequently not available at all. For this, there is unfortunately no way around cumbersome research among all suppliers affected. Ideally you should integrate the obligation to provide information on subcontractors’ location addresses in your standard contracts.

For each risk indicator, determine the data update cycle. Available real-time data should also be processed in the same way. Fortunately the addresses do not change that often, which means that an update every six months or every year suffices.

Which suppliers are then actually included in your monitoring necessarily follows from the product and/or material groups defined in your strategy. In this regard, organizations often choose to include the suppliers with the highest revenues in their monitoring. This is a decision for which they could pay dearly, as missing Cent items can also cause severe production disruptions. The wider the base of suppliers included, the higher the chance of recognizing all risks that occur. It is essential to assign one employee to each supplier as the person responsible for risk monitoring and management. Who is responsible for which supplier in most cases also follows from the responsibility linked to product or material groups.

Done! Once you have developed the matrix, assigned responsibilities and researched, assessed and included the initial data, you will for the first time have a comprehensive overview of the current risk situation of your supply chains.

I will deal with the implementation of risk management in the third part of my blog series.

Read more "Managing Supply Chain Risks Successfully":
Part 1: Risk Prevention
Part 3: Implementation of Risk Management

The interdependency of Supply Chain Risk Management and Business Continuity Management


by Eberhard Raue

This blog series outlines the relationship between Supply Chain Risk Management (SCRM) and Business Continuity Management (BCM). In order to provide a transparent view it is necessary to bring BCM and SCRM in perspective to Enterprise Risk Management (ERM) and Supply Chain Management (SCM).  

As of today many of the hereinafter described processes are represented by isolated standards. In consequence many solutions targeting the specific areas have been developed in silos.

Definition of terminology is important when it comes to discussions about Business Processes. Consequently this is true for discussions on BCM and SCRM.

Another aspect is where to position BCM, SCRM and ERM. Arising questions are:

  • Where to position each solution and how do they correlate to each other?
  • Which solution is part of which other solution or complementing other solutions?
  • Is the particular discussed solution to be considered a standalone solution, e.g. is BCM a standalone solution or is it even a part of an Enterprise Resource Planning (ERP) or ERM solution?
  • Is SCRM a standalone solution or is it a part of an ERM solution?

Definitions and answers to questions are found in many publications, last but not least in Wikipedia. A clear answer often enough remains missing. Best of all is when definitions are represented in ISO standards or equivalent documents.

Nevertheless to bring it all under one umbrella remains challenging!


Business Continuity

Business Continuity (BC) is defined as the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. (Source: ISO 22301:2012)

Business Continuity Management

Business Continuity Management (BCM) is defined as a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. (Source: ISO 22301:2012)

Risk Management (=ERM)

The de facto standard for Risk Management (RM) is the ISO 31000, it provides a framework for RM. It defines Risk as “Effects of uncertainty on objectives”.

An extension to ISO 31000 is provided through the Austrian Standards Institute (ON) by the ONR 49000 rules, dealing with “Risk Management for Organizations and Systems”. The ON-Rules are typically used in order to document the development during the process of definitions towards standardization.

At its actual status the ONR 49000 goes beyond ISO 31000, it defines Risk as “Effect of insecurity on targets, activities and requirements”. Rather than focusing on strategic targets only, this intents to include operational activities as well.

Supply Chain Management

Supply Chain Management (SCM) is the collaborative planning, management and control of intercompany value-chains with a network structure in which the network entities and its processes regarding flows of goods, finance and information are interrelated. SCM is a logistical management task and has an impact on product development, procurement, production and sales. Logistic is a part of SCM with an intra-organizational perspective.

Supply Chain Risk   

Supply Chain Risk (SCR) is the damage caused through a potential dysfunction or disruption in the Supply Chain, measured in relation to the likelihood of such an event. The Supply Chain Risk affects value generating performance-objects (e.g. production location, warehouses) as well as pure risk objects (e.g. weather, transport routes).      

Supply Chain Risk Management

As of today there is no standard in place for Supply Chain Risk Management (SCRM). Nevertheless the definition for this article will be:

SCRM is a component of Enterprise Risk Management. SCRM deals with the activities in order to mitigate risks in the supply chain processes of any organization. SCRM covers:

  • The identification and evaluation of risks and it’s caused damages within the supply chain.
  • The development, implementation, continuously adjustment and monitoring of an appropriate strategy and provisions based on joint activities of all supply chain members in order to reduce:
    • Probability of risk occurrence
    • Frequency of risk events
    • Size of damage
    • Time of recovery from damage
    • Time of detection of risks
    • Missing or inadequate provisions
    • Wrong allocated provisions
    • Wrong insured risks
    • Missing insurances    

Business Impact Analysis

The Business Impact Analysis (BIA) is an essential component in any kind of Risk Management, consequently it is a component in BCM and SCRM. Typically the BIA has

  • an exploratory component in order to reveal the vulnerabilities and its value and
  • a planning component in order to develop a strategy for risk mitigation.  


After analyzing many of the ongoing discussions, publications and taking standards into consideration, all in order to get the best understanding of “…how BCM and SCRM relate to each other….”, it is stated:

  • BCM and SCRM are side by side, in no hierarchal order, components of ERM.

So my next blog post will put Business Continuity Management and Supply Chain Risk Management into context to each other.

How SCRM Solution helps to save money: raw material shortage and price rise caused by fire

Shock phase
On late Monday 07th riskmethods detected the fire forced shutdown of Chevron Phillips Chemical’s plant for ethylene production at Port Arthur (Texas) and released a news message to alert customers of the Supply Risk Network about possible shortages. Remind that at this time spot market price for Ethylene was 0.5775 per lb (pound).

Multiple market sources on Tuesday said the Chevron Phillips Chemical flash fire, which reportedly injured two workers Monday night, had resulted in the 830,000 mt/year steam cracker at the company’s Port Arthur facility to be shut. It was still unclear what impact the fire might have on production or how long the shutdown could last. Company spokesman David Hastings said Tuesday that the company does not publicly comment on operational issues which indicate the still unresolved situation. Remind that spot market price for Ethylene at this time was still unchanged at 0.5775 per lb (Pound).

Awareness phase
While the following 24h hours it became very clear that the disruption is impacting the availability of Ethylene - experts say this phase is called awareness phase: companies realized that they have to take actions to secure the supply and “protect” their prices before others do.

Reaction phase
Market participants started to cover their needs from alternative sources as well at the spot market: prices rose to a 13-month all-time-high at 0.60500 per lb (pound).

Given this real-life example Supply Risk Network users were informed near-real-time of the possible shortage. Even while receiving the updated information after the event users had the opportunity to react and save 4.74% in price-increase (followed with the awareness and reaction phase). This recent example shows the importance of a comprehensive Supply Chain Risk Management and two essential aspects:  1) transparency into the entire supply chain is top-priority for buying organizations to ensure supply  and 2) an advantage in time and information is key to create a competitive edge.