Reason Magazine 2014 Quartal 2 Seite 23

Hinweis: Dies ist eine maschinenlesbare No-Flash Ansicht.
Klicken Sie hier um zur Online-Version zu gelangen.

Inhalt

key product or service lines one must ask how important each one of those lines is to the company s current overall profitability and future strategic goals Looking at those product or service lines the critical compo nent is mapping out the supply chain and identifying the sole source or limited source suppliers those are potentially the weakest links If that is not evident then the focus on assessing vulnerabilities should be done through a business impact analysis BIA The focus of the assessment should not be based on the likelihood of a disruption but rather on the severity The severity is typi cally measured in terms of lost profit and or impact on a company s future strategic goals Companies tend to look at supply chain spending in doing so As in the afore mentioned case studies the reality is that the disruptions came from a smaller supplier of a sole source or limited source supplier The assessment of severity should be based on the resulting revenue exposure To do that a supply chain BIA should be conducted by looking at critical product lines in a supply chain Specifically the goal of the analysis is to determine which suppliers in the chain can have the greatest impact on the production of a final product or service and therefore on a company s revenue stream Once the vulner abilities or weakest links in the supply chain are identified there are two critical next steps in the process assessing the supplier s business continuity plans BCP and a physi cal assessment of those critical suppliers facilities Both of these steps set the basis for developing robust risk mitigation strategies A supplier mentioning that they have a BCP should not be taken at face value BCPs are often not evaluated internally on a periodic basis To that end there are a series of ques tions that will help assess the robustness of the supplier s BCP such as Does the scope of the plan consider the loss of the entire operation facility in question Does the plan identify an executive management committee responsible for oversight of the BCP development framework structure and delineation of staff responsibilities Does the plan include a clear framework for delegation of authority or otherwise outline an incident command structure to denote key responsibilities Are there procedures in place to con duct a comprehensive testing program to ensure the effectiveness of the plan strategies and enhances awareness of plan actions Does the plan indicate the need for a periodic BIA to their supply chain vulnerabilities Does the plan address the options available to mitigate a major operation al loss at the facility in question such as the utilization of other company locations expedited equipment replacement temporary facilities or outside third parties Secondly and equally important is the physical assessment of the suppliers critical facilities Taking the suppliers word on the risk quality of their facilities is not sufficient Moreover with many suppliers in emerging markets their perspective of risk manage ment will most likely not be as robust as those in developed markets Herein lies an opportunity to create a stronger relationship with the supplier Requesting an engineer ing visit confirms the risk quality and iden tifies opportunities for partnering with the supplier to reduce their exposures If the supplier is not willing and able to participate in either an evaluation of their BCP or having an engineering visit then one has to ask the question of whether that TEMPORARY revenue LASTING market share reputation HIGH LOW In sourcing Supplier acquisition Risk transfer Alternative suppliers holding inventory Business continuity planning Risk improvement investments at supplier locations LEVEL OF PROTECTION time C O S T d ir ec t a nd in di re ct EXHIBIT 1 shows a range of strategies that can be implemented based on cost in terms of direct dollars spent and indirect time and resources and level of protection measured in terms of amount of disruption time covered RETURN ON INVESTMENT ON RISK MITIGATION ISSUE 2 2014 Reason 23 the IDEA