Managing Supply Chain Risk

L5M2
Absolom Mukonyo (MCIPS Chartered, FCMI, FSCM, MILT)
LO3
Risk Mitigation Strategies in Supply Chains
 • Risks need to be identified, so as to implement an effective risk
management process
• Once identifies risks need to be communicated throughout the
organisation
• They also need to be quantified so as to assess them. This
3.1 Identify use of measure of risk requires understanding of probability and
impact
Probability & • Probability is likelihood that an event will occur
Impact • Impact is the effect the risk has on the organisation or supply
chain
Assessment to • Quantifying risks require a general understanding of
Manage Risks mathematics, more specifically statistics, which is a branch of
mathematics which deals with collecting, classification,
analysis, and interpretation of numerical facts or data.
• Quantifying risks could be done quantitatively (using numerical
approach) or qualitatively (using qualitative approach such as
asking for opinions to rate the risk).
• Mitigation of risks is a necessary part of risk management to
minimise negative impact on the organisation
 Sources of risks can be internal or external

Once identified, risks must be recorded in a risk register

Internal & Internal risks can arise due to

• Lack of availability of key personnel

External Risks • Lack of availability of appropriate machines, and machine breakdown
• Issues with technology like breakdown of ERP, cyberattacks, etc causing

– must be identified disruption and loss of data

• Procurement fraud committed by employees e.g. wrong use of resources,
bribes, etc

External risks can arise due to

• Global economic and financial instability

• Natural disasters like floods, fires, pandemics etc
• Interruption of water, electricity etc,
• Technological disruptions etc
Stages of the Risk Management Process
Establish Establish the context –e.g., global, national or local, entire supply chain or category

Identify Identify risks – wherever they exist in the supply chain

Analyse Analyze the risks – e.g., look at what causes the risks, and why they are considered a risk

Evaluate the risks – e.g., how will identified risks be managed – avoided, eliminated, transferred to a
Evaluate third party etc.

Treat risks – where they can not be transferred, eliminated, or avoided – this involves developing a
Treat contingency plan – to know how to appropriately respond should the risk occur

Monitor and review- risks need ongoing monitoring and review to ensure there is an update, new risks
Monitor and review are identified, analyzed and evaluated – as well as developing new management protocols and
contingency plans
 • 1. Qualitative methods for risk assessment are relatively rapid in practice,
cost effective and easily understood
• The results from the qualitative assessments are not an accurate estimate of
risk i.e., are imprecise
• However, they provide a rather descriptive result and often with sufficient
information for planning responses. The results from these assessments also
set the foundation for more detailed quantitative analysis
Approaches to • Qualitative approaches use Probability and Impact Matrix – which is one the
most commonly used qualitative assessment method. It is based on the two
Risk assessment components of risk, probability of occurrence and the impact on objective(s) if
it occurs. The matrix is a two-dimensional grid that maps the likelihood of the
risks occurrence and their effect on the (project) objectives. The risk score,
often referred to as risk level or the degree of risk, is calculated by multiplying
Qualitative vs Quantitative the two axes of the matrix i.e. Risk = Impact x Probability
• 2. Quantitative assessment methods provide more accurate analysis results
than the qualitative assessment. However, they are costlier and often time
consuming, so only the risk prioritized by the qualitative assessment are
analysed. Common approaches are:
• 1, Sensitivity Analysis - determines the variables which have the greatest
effect on the risk
• 2, Expected Monetary Value Analysis – impact is assigned monetary
value – threats are assigned negative (-) while opportunities are assigned
positive (+). (Same as probability-impact assessment)
• 3, Monte Carlo Simulation -
 • In a qualitative approach to risk assessment:
• Probability or likelihood refers to the chance of the risk becoming
an event
• Impact refers to the size of the effect of the potential event
Qualitative approaches are subjective & based on opinions
Qualitative The colours red, amber and green allow stakeholders to understand the
risk level at a glance.
approaches to • Risks in the top right-hand corner of the grid – high and very high –
are risks that are too large for an organisation to continue with.
risk Examples include health and safety risks, legal compliance and
serious sustainability issues.
assessment These risks will need to be terminated if the impact or
probability cannot be reduced.
• Risks in the bottom left-hand corner of the grid – low and very low –
can be tolerated.
They may require ongoing monitoring to check whether the risk status
has changed.
• Risks in between can either be transferred or treated.
Transferring the risk can involve insuring it or outsourcing it to
a suitable supplier
 Assessing
probability and
impact of risk

Probability/
impact
matrix/chart
Risk Assessment

risk = likelihood x
impact

Qualitative risk
matrix
 • The approach uses the coloured probability versus impact matrix
• It is a quick, easy and understandable method of scoring risk
• Users are asked to score the likelihood and impact of the risk and
colours are applied to the matrix to make it easy to read and
understand
• The risk levels are shown in various colours – red, amber and green
– being the most used.
• Risks in the top right hand corner are took big and must be
Qualitative terminated if there is no way to reduce impact or probability
approach • Risks in the bottom left hand corner are low level and would be
tolerated while maintaining ongoing monitoring
• The remainder of the risks would be transferred (passed on to a
third party e.g. via insurance, or outsourcing to those more skilled
and knowledgeable) nor treated (some action taken to manage the
risk e.g. through auditing, inspections etc.
• The risk register – must contain all sources of risk, as well as their
possible impact and probability
 • Supply Chain Vulnerability – is the level of an organisation’s exposure to
disturbances/disruptions to smooth continuity of its operations due to
risks in its supply chain
• As supply chain become long and more complex, the supply chain
vulnerability increases.
• So, organisations must always conduct vulnerability assessments – to
identify weak spots where risks lie, and hence design plans to deal with
those risks
• Areas that vulnerability assessments must be made include
• Quality
Supply Chain • Natural disasters
• The environment
Vulnerability • IT
• HR
• Buildings Vulnerability assessments should not
Supply chain vulnerability is • Finance just be focused on the first tier of
considered to be increasing due to. • Marketing suppliers.
• Political instability • Fraud They need to be driven further down
• Lengthening supply chains • Fire the supply chain to look for potential
• The focus on becoming Leaner • Security weak spots
and more efficient • Health & safety
Vulnerability assessments/sources of risk

Areas where a vulnerability assessment

may highlight issues

Supply chain vulnerability occurs –

within and external to the supply chain –
as a result of
the following factors
 • Organisations can use two different approaches to rate risks
• On one side, others use qualitative approaches where they may simply ask the
opinions of experts
• The qualitative approach has the problem of being subjective.

Quantitative • Probability – a quantitative approach to risks assessment

approach to risk • Quantitative approaches to rate risks may be based on collating statistical evidence
of risks i.e. historical statistical data (backward-looking) compiled over time to
forecast likelihood of risks
assessment • This is a mathematical approach, which has the advantage of being more objective
- collects historical statistical • The quantitative approach uses statistics, branch mathematics which is used to
collect, classify, analyse, and interpret numerical data or facts
evidence over time to predict • The most used approach is use of probability – to calculate the likelihood or chance
likelihood of risks of a risk event happening
• A probability lies between 0 and 1 – chances of impossibility, or not happening at all
being 0 (or 0%) and chances of certainty or definitely happening being 1 (or 100%).
• The higher the probability of an event, the more likely it is that the event will occur.
• Probability can be expressed as a decimal, or a fraction
• Probability can also be expressed as a percentage (%)
• The probability of all the events in a sample space adds up to 1 - Law of Total
Probability – i.e. If there are n number of events in an experiment, then the sum of
the probabilities of those n events is always equal to 1.
 Probability means likelihood or possibility. Probability or likelihood refers to the chance of the
risk becoming an event
Probability is a measure of the likelihood of an event to occur - simply how likely something is to
happen.
Probability of event to happen P(E) = Number of favourable outcomes/Total Number of outcomes
Examples and Solutions
1) There are 6 pillows in a bed, 3 are red, 2 are yellow and 1 is blue. What is the probability
of picking a yellow pillow?
Ans: The probability is equal to the number of yellow pillows in the bed divided by the
total number of pillows, i.e. 2/6 = 1/3.

Probability Independent events

• If two events, A and B are independent they can occur simultaneously i.e. at the dame time

theory Mutually exclusive events

• If either event A or event B can occur but never both simultaneously, then they are called
mutually exclusive events.
Not mutually exclusive events
• If the events are not mutually exclusive i.e. may happen at the same time
Conditional probability
• Conditional probability is the probability of some event A, given the occurrence of some other,
B Bayes' theorem describes the probability of an event based on the condition of occurrence of
other events. It is also called conditional probability.
• Three commonly used probability distributions – 1. NORMAL, 2. BINOMIAL & 3. POISSON
Distributions
 • The normal distribution is the most important & most common type of distribution pattern
used to assess the probability of events
• In this distribution, most values tend to be in the middle (the mean/average) of the range
• Normal distribution requires a large sample. And is used for single events

Normal • There are two main parameters of normal distribution in statistics namely mean and
standard deviation.
• A small sample size is less likely to follow a normal distribution pattern
Distribution • Normal distribution is used as the basis of value at risk (VAR) calculations
• Important properties/Characteristics of the normal distribution:
• In a normal distribution, the mean, median and mode are equal.(i.e., Mean = Median=
also called the Gaussian Distribution Mode).
• The total area under the curve should be equal to 1.
The probability density function of • The normally distributed curve should be symmetric at the centre. Has a bell shape
normal or gaussian distribution is • There should be exactly half of the values are to the right of the centre and exactly half of
the values are to the left of the centre.
given by; • The normal distribution should be defined by the mean and standard deviation.
• The normal distribution curve must have only one peak. (i.e., Unimodal)
• The curve approaches the x-axis, but it never touches, and it extends farther away from
the mean.
• The midpoint of a normal distribution is the point that has the maximum frequency,
meaning the number or response category with the most observations for that
variable
• The midpoint of the normal distribution is also the point at which three measures –
x is the variable mean, median & mode - fall:
μ is the mean • So for any normal distribution, 99.7% of the observations will fall within 3 standard
σ is the standard deviation deviations from the mean.
The Normal Distribution has:
mean = median = mode Convert the values to z-scores ("standard scores").
symmetry about the centre E.g., A survey of daily travel time had these results (in minutes):
26, 33, 65, 28, 34, 55, 25, 44, 50, 36, 26, 37, 43, 62, 35, 38, 45, 32, 28, 34
50% of values less than the mean The Mean is 38.8 minutes, and the Standard Deviation is 11.4 minutes
and 50% greater than the mean
To convert 26:
first subtract the mean: 26 − 38.8 = −12.8,
then divide by the Standard Deviation: −12.8/11.4 = −1.12 The standard normal
So, 26 is −1.12 Standard Deviations from the Mean distribution is a normal
distribution with mean
Here are the first three conversions of 0 and a standard
deviation of 1
Original Value Calculation Standard Score
(z-score)
26 (26-38.8) / 11.4 = −1.12
33 (33-38.8) / 11.4 = −0.51
65 (65-38.8) / 11.4 = +2.30

To standardise, the z-score formula can be used, and it will give the same value as the standard score above:

z= x−μ
σ

where z is the "z-score" (Standard Score)

➢ For any standard normal distribution, 99.7% of the observations will fall within 3 x is the value to be standardized
standard deviations from the mean. μ ('mu") is the mean
➢ For any standard normal distribution, 95.45% of the observations will fall within 2 σ ("sigma") is the standard deviation
standard deviations from the mean.
➢ For any standard normal distribution, 68.27% of the observations will fall within 1
standard deviations from the mean.
 • Given mean =3500hrs, standard deviation = 500hrs
• What % of parts will survive up to 4500hrs?
• Here mean (μ) = 3500hrs
• Standard deviation (σ) = 500hrs
• X = 4500hrs
• Plug into the formula : z = x − μ
σ

• So, Z = (4500-3500)/500 = 2
•
An example •
So look at 2.0 in the distribution table (z = 2.0 under 0.0)
For Z = 2,0 the shaded area is = 0,9772
• (the area is the same as probability)
• So the probability that the parts will fail is 97.72%
• Reliability = 1 – 0, 9772 = 0,0228
• That is 97.72% parts will fail up to 4500hrs and 2.2 % will
survive
 • 1. Mean – μ (meu)
• The mean is the average of the numbers. It is a quicker and easy method
• The mean determines the location of the peak, and most of the data points are clustered around the
mean in a normal distribution graph.
• It is easy to calculate: add up all the numbers, then divide by how many numbers there are.
• Given 9, 2, 5, 4, 12, 7
• The mean is (9+2+5+4+12+7) / 6 = 39/6 = 6.5
• So, the mean = 6.5
• 2. Standard deviation - σ (sigma) ( ie. distance values in the curve). – it is 1 s.d. in the curve
• Standard deviation is the measure of variation between the values in a range of data
Basic Statistics • Standard deviations shows how much the individual values vary from the mean
• Standard deviation as being steps away from the mean
• So the standard deviation measures the dispersion of a dataset relative to its mean
• To calculate the standard deviation of the sample numbers i.e. 9, 2, 5, 4, 12, 7
Variance = Square root • 1. Work out the Mean (the simple average of the numbers)
of standard deviation • 2. Then for each number: subtract the Mean and square the result
• 3. Then work out the mean of those squared differences.
• 4. Take the square root of that and you are done!
• Lower standard deviation concludes that the values are very close to their average/mean i.e. data are
clustered around the mean – i.e. the curve is steeper
• Higher values mean the values are far from the mean value i.e data are more spread out – i.e. curve
is flatter
• A standard deviation close to zero indicates that data points are close to the mean, whereas a high or
low standard deviation indicates data points are respectively above or below the mean.
• Standard deviation value is never a negative. The number of standard deviations from the mean is
also called the "Standard Score", "sigma" or "z-score".
• In a normal distribution, the standard deviation defines the width of the graph
Standard deviation – given sample 9, 2, 5, 4, 12, 7
Xn Xn - mean Square difference
9 9-6.5 = 2.5 2.52 = 6.25 Sample Standard Deviation Formula
2 2-6.5 = -4.5 -4.52 = 20.25
5 5-6.5 = -1.5 -1.52 = 2.25
4 4-6.5 = -2.5 -2.52 = 6.25
12 12-6.5 = 5.5 5.52 = 30.25
7 7-6.5 = 1.5 1.52 = 2.25
Sum = 39 Sum of square difference
= 67.5
N=6 n-1
= 6-1
Population Standard Deviation Formula
=5
So, mean So standard deviation =
= 39/6 √(67.5/5)
= 6.5 = 3.674234614
= 3.7 (1.d.p)
 • Value at risk (VaR) is a measure of the risk of loss for investments
• Value at risk (VaR) quantifies financial risk levels within an
organisation/supply chain/product/portfolio over a particular
timeframe
Value at risk • Value at risk (VaR) is a way to quantify the risk of potential losses for a
firm or an investment. It is usually used by investment banks
(VaR) • Risk managers use VaR to measure and control the level of risk
exposure.
• More specifically, Value at Risk (VAR) calculates the maximum loss
expected (or worst case scenario) on an investment, over a given time
measures the risk of loss period and given a specified degree of confidence
for investments • There are three methods of calculating VAR:
1. the historical method,
2. the variance-covariance method/ parametric method – uses the
mean and standard deviation i.e. assumes normal distribution
3. the Monte Carlo simulation.
• The advantage of using VaR is that it is easy to understand and use in
analysis hence why it is often used by investors or firms to look at their
potential losses.
• The disadvantage of using VaR is that there isn’t a standardised process
for gathering the data needed to determine the VaR, which means that
different value at risk methods can lead to different results.
 • A binomial distribution is a discrete probability distribution that gives only two
possible results/outcomes –yes, or no, pass or fail, or success or failure, head
or tail etc. - It is usual for dual outcome based repeated activities
• A single success/failure test is also called a Bernoulli trial
• The main difference between the binomial distribution and the normal
distribution is that binomial distribution is discrete, whereas the normal
distribution is continuous. It means that the binomial distribution has a finite
amount of events, whereas the normal distribution has an infinite number of
Binomial events
• Binomial distribution is a common probability distribution that models the
distributions probability of obtaining one of two outcomes under a given number of
parameters.
• The value of a binomial is obtained by multiplying the number of independent
trials by the successes.
Properties of Binomial Distribution
• There are two possible outcomes: true or false, success or failure, yes or no.
• There is ‘n’ number of independent trials or a fixed number of n times
repeated trials.
• The probability of success or failure varies for each trial.
• Every trial is an independent trial, which means the outcome of one trial does
not affect the outcome of another trial
Binomial Distribution Examples
And Solutions
• Example 1: If a coin is tossed 5 times, find the probability of: (a) Exactly 2 heads, (b) At
least 4 heads.
• Solution:
• (a) The repeated tossing of the coin is an example of a Bernoulli trial. According to the
problem:
• Number of trials: n=5
• Probability of head: p= 1/2 and hence the probability of tail, q =1/2
• For exactly two heads: x=2
• P(x=2) = 5C2 p2 q5-2 = 5! / 2! 3! × (½)2× (½)3
• P(x=2) = 5/16
• (b) For at least four heads,
• x ≥ 4, (x ≥ 4) = P(x = 4) + P(x=5)
• Hence,
• P(x = 4) = 5C4 p4 q5-4 = 5!/4! 1! × (½)4× (½)1 = 5/32
• P(x = 5) = 5C5 p5 q5-5 = (½)5 = 1/32
• Therefore,
• P(x ≥ 4) = 5/32 + 1/32 = 6/32 = 3/16
 • Poisson distribution is a probability distribution that is used to
show how many times an event is likely to occur over a specified
period i.e fixed time interval.
• Poisson can be used to estimate how many times an event is likely
to occur within "X" periods of time. It is a discrete function (and
the variable can only take the values 0, 1, 2, 3, etc., with no
fractions or decimals).
Poisson • It is a count distribution.

distribution • Poisson distributions are often used to understand independent

events that occur at a constant rate within a given interval of time.
• A Poisson Process meets the following criteria:
1. Events are independent of each other. The occurrence of
one event does not affect the probability another event will
occur.
2. The average rate (events per time period) is constant.
3. Two events cannot occur at the same time
Poisson
distribution
Examples of probability for
Poisson distributions
• On a particular river, overflow floods occur once every
100 years on average. Calculate the probability of k = 0, 1,
2, 3, 4, 5, or 6 overflow floods in a 100-year interval,
assuming the Poisson model is appropriate.
• Because the average event rate is one overflow flood per
100 years, λ = 1
 Normal Binomial Poisson
❑ Most common type of ❑ Used where there are only 2 ❑ It is the probability of an
distribution possible outcomes event happening in a certain
time i.e. how often an event
can occur in a given/certain
time
Normal, ❑ Most values occur in the
middle of a range
❑ Is discrete i.e. not
continuous
❑ An event can happen any
number of times throughout
Binomial & ❑ It is a bell curve
the given period, without
affecting probability of
another event happening
Poisson within the same period
❑ The longer the time period,

Compared the higher the likelihood of

the vent happening
❑ It is continuous ❑ The is only one outcome for ❑ Is discrete
each trial, with each trial
having the same probability
of success, and each trial is
independent of other trials
 End of 3.1
• Was a pleasure

• Let us do 3.2 next