470 likes | 658 Views
Creating Value Through Resilience An insurer’s perspective on supply chain risk management. Supply Chain Risk Leadership Council February 2007 Tim Astley Strategic Risk Zurich Risk Engineering. Structure of presentation. Overview of SCRM – setting the context Tools and techniques
E N D
Creating Value Through ResilienceAn insurer’s perspective on supply chain risk management Supply Chain Risk Leadership Council February 2007 Tim Astley Strategic Risk Zurich Risk Engineering
Structure of presentation • Overview of SCRM – setting the context • Tools and techniques • Where is value added?
E.G. LEVEL 1 Process Value creation (production) LEVEL 2 Infrastructure Physical flow (logistics) LEVEL 3 Organisation networks Strategic (partnerships) The concept of supply chain networks* * From Cranfield University – Supply Chain Risk
Where does Zurich fit in to the supply chain picture? Supplier – insurance products (quotes, policies, claims) Customer – e.g. outsourced services, IT Partner / advisor – tools and techniques Stakeholder – risk transferee (Property, BI, Liability, Marine/Cargo, D&O, etc)
Liability Marine Marine Liability S1 SL1 M1 M2 CL1 C1 What supply chain risks interest an insurer? D&O Property BI customer supplier How well are these understood?
What does an insurer want to know? • As much information about the risks as possible(!) • How well are they understood? • How well are they managed? • How well are they controlled? • The better a risk is managed and controlled, the more comfortable an insurer is (and the CEO)
Why are things changing? • Greater complexity • Change of risk profile when a company outsources • High profile / high cost insured events • BI claim frequently > property damage • Focus on resilience
Supply chain risks? • Risks in a company’s supply chain which threaten the success and reputation of the business. • What does this mean in practice? • Properly managing the supply chain • Optimising / protecting the profit flow • Focussing on resilience • Two perspectives on the same thing: • SCRM • Loss-of-Profits Insurance
A few words about resilience The ability of an organisation to resist being affected by an incident OR The ability to recover (quickly) from major disruptions back to normal business processes
Resilience • Influenced by internal organisation, resources & supply chain. • May be inherent, a reflection of ability and commitment, … … or the result of careful planning • Can imply slack, surplus, spare, redundancy – and cost • Or good BCM • Investors like it - expect a “no-surprises” result • It is music to an insurer’s ears
How does this lead to engagement in the bigger conversation? • Enterprise Risk Management • Business Continuity Management • Supply Chain Risk Management • Traditional (Insurance) Risk Management
ERM, BCM, SCRM • The supply chain is relevant in each • Insurers are interested in aspects of each, just as the Board and shareholders and other stakeholders are interested… • …just from a different perspective • But still evidence of ‘silo’ thinking • Need to coordinate the disciplines
What tools and techniques does Zurich use to evaluate supply chain risks? • ‘Traditional’ • Risk grading and benchmarking • Interdependency analysis • Qualitative risk analysis techniques • Adherence to standards • Risk quantification
‘Traditional’ • Site risk assessments • Evaluations and risk improvement recommendations • Due diligence • Standards of care guidelines • e.g.Marine
Risk grading and benchmarking • Risk Grading • e.g.Property, BI, BCM, Extended Perils, General & Product Liability, Machinery Breakdown • Benchmarking • Promotes best practice (internal & external) • Particular value in asset management • Less easy for evaluating SC complexity
Interdependency analysis • Risk definition • Supply chain mapping • Loss of profits modelling
Risk Definition Key risks rated as shown: 1. Like-for-like sales growth 2. Customer satisfaction 3. IT network resilience 4. Sarbanes Oxley 5. Health and safety 6. Business Continuity 7. Legislation 1 6 Likelihood 7 2 5 4 3 Impact NEED TO UNDERSTAND WHAT EACH RISK REALLY MEANS
Loss of Profits Cost of Temporary Solution Loss of profits modelling Total Insurable Loss Cost = • Loss of Profits…+ …Costs of the temporary solution (ICOW) Need full understanding of supply chain and associated risks ICOW GP Time
Supplier Supply chain mapping Strike a balance between pragmatism and complexity
Qualitative risk analysis • Scenario definitions • Risk profiling • Risk interdependency mapping. • Risk appetite (e.g. BIA)
Scenario definitions • Structured approach to gain common understanding of risk • Risk profiling 1 6 Likelihood 7 2 5 4 3 Impact
1 6 7 2 5 4 3 Qualitative risk analysis – Zurich approach Risk appetite Likelihood Impact
1 6 7 2 5 4 3 Qualitative risk analysis in BCM • Business Impact Analysis (BIA) • Identify the key processes and activities • Determine the impact upon the business if these were disrupted or lost • Consider the GAP (MAO, RTO, etc). E.g. financial, market, customer loyalty impacts • Conduct a risk analysis to identify the potential threats – prioritise resources Likelihood Impact
1 6 7 2 5 4 3 Qualitative risk analysis • Enables: • Effective communication of risks • Understanding of interrelationships • Prioritisation • Focus on key issues • Efficient BCM / SCM / ERM Likelihood Impact
Yourhealth com TotalRisk Profiling on Healthwatch 14.04.2000 Probability Annual Loss Amount Quantitative techniques • Actuarial techniques • Retention studies • Total cost of risk • Evaluation of real loss / claims data • ‘Simulation’ of data in difficult areas • Combine and analyse
Risk quantification • Enables: • Greater insight into exposure analysis • Efficient capital allocation • Total view
The spectrum of supply chain management activity* CHANGE MANAGEMENT (implementation of modifications) PLANNING (‘ideal world’) MANAGEMENT (established supply chain) * Haywood, M. (2002), “An Investigation into supply chain vulnerability management within UK aerospace manufacturing supply chains”
When would Zurich apply these tools? PLANNING CHANGE MANAGEMENT MANAGEMENT Benchmarking, loss lessons, claims analysis Traditional - site surveys, gradings Traditional - site surveys, gradings Risk quantification – actuarial techniques, retention studies, total cost of risk Interdependency analysis Benchmarking, loss lessons, claims analysis Qualitative risk analysis techniques Qualitative risk analysis techniques Adherence to standards Adherence to standards Risk quantification
Adding value - Insurers’ perspective • Companies with genuine business resilience want credit for it. • Underwriters’ view of risk is strongly influenced by the quality of data • Insurers need: • Loss potentials accurately modelled • Continuity plans fully detailed • To be convinced that plans will succeed • To understand supply chain exposures • This will reduce doubt and allow more ‘accurate’ insurance pricing • Creating added value for all
Exceeding Probability Impact on GP (BI Loss Estimate) Adding value - the insurers’ perspective Business Continuity Plans (BCPs) Implemented Original EML
Exceeding Probability “Resilience Adjusted” EML Impact on GP (BI Loss Estimate) Adding value - the insurers’ perspective
Greater focus on BCM and SCRM greater awareness about supply chain exposures reduction of surprises more dialogue with insurers more opportunity to create value Finally…
Thank-you Tim Astleytim.astley@zurich.com+44 (0) 1423 359564+44 (0) 7730 735396
Adherence to standards • Standards in SCM? ERM – e.g. COSO, etc • Standards in BCM – e.g. NFPA 1600, BS 25999, ISO?? • BCM still not widely understood • Big kick to major customers’ desire for assurance • Knock-on effect in SC • Insurers see value • Impending internationalisation
SL1 CL1 C1 M1 S1 M2 ‘Marine’ risk management • Addresses mostly hijackingand theft • ‘Small’ loss events can create major disruptions – how big? • Can effect reputation • Surprisingly under-developed • Need to address the basics – security, handling, minimum standards of care • Use of technology – long way to go • Value to be gained
High risk Assurance of supply Partnering Low risk Process Leverage Low cost High cost SC issues in Europe – Zurich’s observations • Growing focus on CSR • Assessment and audit of suppliers (threat to brand) • Reduction of supplier base – risk-based • Outsourcing / offshoring • Supplier (and customer) positioning • Growing interest in risk measurement
Consequences Trigger Vulnerability How? How Big? What? Where? Why? How Bad? Controls? When? How Much? Analysis Parameters • DEPTH of analysis • DURATION of analysis • DATA available • SCOPE of analysis • PERSPECTIVE of analysis • TIME HORIZON Interdependent factors which determine the true value of the analysis
‘Headline’ risks • Avian flu • Pandemics • Cyber risk • Infodemics • Climate change • Single-issue campaigning • Strikes • Brand damage, etc • All impact the broader supply chain – but how?
Planning hold-ups delay expansion and refurbishment of retail outlets Year-on-year sales growth is a key industry performance measure Decline in like-for-like sales growth Competitor pre-empts legislation change Possible new legislation will change buying habits Only one supplier of key customer systems technology Failure to meet earnings targets Fire at key supplier - no BCP Loss of market share Customer systems dependent on IT infrastructure(robust back-up procedures) IT back-up systems failure Company subject to Sarbanes- Oxley legislation(extensive compliance programme underway) Company fined,MD gaoled SEC finds non-compliance Understanding Risks Better Consequences Trigger Vulnerability Damage to reputation
Interdependency analysis • Importance of value flow vs. physical flow • Proper appreciation of the risks • Address complexity • Measure financial impacts • Enables ‘what-ifs’ • Imprecise by nature • Prioritisation • Resource and capital allocation • Strategic decisions
(Deloitte BCM survey – 2005) What new issues are we faced with and how do we view them? • Greater BCM and SCRMfocus greater awareness about non-insured risks • What are the other drivers?
EXTERNAL 1 Change in regulation or tax rate Interruption to communication systems. Fuel shortage 2 3 Restrictions on use of buildings, staff availability or deliveries due to external influences 4 Insolvency (customers and suppliers) 5 Interruption at customer / supplier 6 Raw materials Extortion, fraud, theft and virus 7 Reputation 8 1 Staff illness INTERNAL 2 Fines, penalties and closures Product-related 3 4 Errors 5 Latent defects 6 Demand / competition Uninsured concerns - brief customer survey(Red = High) = Supply chain related
Possible supply chain triggers • Insolvency of customers or suppliers • Denial of access, restriction on suppliers’ use of buildings • Strikes – suppliers, transport and customers • Interruption to their utilities or communications systems • Customer / supplier staff illness • Unavailability of raw materials • Failure of supplier’s suppliers • Any other incident outside their control that prevented supply Which would be of most interest? Any more?
More value to protect - collateral damage (Iceberg principle) Insured risks Business interruption, product liability, debris removal & salvage, hire Workers compensation, public liability, assets, tooling Indirect costs Direct costs Investigation costs, loss of goodwill, brand, image, hiring, training, legal, overtime, temporary hire, loss of expertise, emergency supplies, records/data Sick pay, repairs, lost/damaged product Uninsured risks