Risk Management and Supply Chain Risks 23
A U.S. organization is developing a patent on a new product it will sell in several well-developed overseas countries. What is the easiest way for this organization to seek national and international patent protection?
File one international patent application in the U.S. In the U.S., the Patent Cooperation Treaty allows organizations to file an international patent application and seek patent protection in 115 countries with one application to the U.S. Patent and Trademark Office (USPTO) if the applicant has filed a foreign filing license.
Organizations can use ISO 31010 to improve their risk management processes in which way?
It supplies information on the selection and application of risk assessment techniques. The standard shows how to select techniques based on what resources are available, how much uncertainty is present and its nature, and the relative complexity of the system.
What tool can assist in identifying risk at an organization that has previously conducted risk analyses and retains the results of those analyses?
Risk checklist Since risk analysis has been conducted in the past at the organization, a checklist of risks from other processes or projects can be reviewed to see what applies.
What can a risk manager use to shorten the risk identification process?
Risk checklists and documentation and assumption reviews Risk checklists and documentation and assumption reviews look at past risk identification processes conducted by the organization. Reviewing these sources can give a new risk identification process a jump start.
risk register
A report that has summary information on qualitative risk analysis, quantitative risk analysis, and risk response planning. This register contains all identified risks and associated details.
ISO 31000
A standard adopted by the International Organization for Standardization that outlines principles and a set of guidelines to manage risk in any endeavor. The standard includes guidelines for understanding risk, developing a risk management policy, integrating risk management into organizational processes (including accountability and responsibility), and establishing internal and external risk communication processes. [This] is not a management system standard and is not intended or appropriate for certification purposes or regulatory or contractual use.
risk appetite
Amount and type of risk that an organization is willing to pursue or retain.
risk tolerance
An organization's or stakeholder's readiness to accept a threat or potential negative outcome in order to achieve its objectives.
Which of the following countermeasures against theft of intellectual property is most likely to be effective?
Asking distributors to look for counterfeits and inform the organization The key to reducing the impact of counterfeiting is to know when it is occurring. Organizations can encourage their distributors to look for counterfeits and inform them when counterfeits are found. They can educate employees and channel partners regarding counterfeit problems. Research by Chaudry et al. (see bibliography) indicates that these steps can be effective. However, their research shows that advertising the inferiority or dangers of counterfeits to customers or providing rewards to distributors for not purchasing counterfeits have proven less effective.
Who bears the risk of loss in a FOB Origin contract once the carrier is on route to its destination?
Buyer The U.S. Uniform Commercial Code (UCC), Section 2-509, states that the risk of loss in a FOB Origin contract passes to the buyer when the inventory is duly delivered to the carrier.
Proactively managing risk rather than being reactive provides which of these benefits to the organization?
Competitive advantage Managing risk proactively gives an organization an edge over its competition because the organization will respond to risks quickly, become more flexible, and feel prepared in the face of uncertainty.
What is a prerequisite for the process of managing risk in the supply chain?
Discover the organization's risk tolerance. Prior to identifying and assessing risks and developing and executing a response plan, a prerequisite is to develop a risk strategy by discovering the organization's tolerance toward risk taking and the maturity level of its risk management process.
What is an essential component of any risk management system?
Economical application of resources The APICS Dictionary, 15th edition, defines risk management as "the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities."
What is a proactive benefit of risk planning for an organization?
Employees and supply chain partners are prepared. With a risk strategy and plan in place, supply chains improve their chance of keeping material, information, and payments flowing through the network even if a risk event occurs. Risk planning prepares employees and supply chain partners with valuable and actionable information based on substantiated risk data, it allows for risks to be shared among partners who are prepared to play their parts responsibly, and it keeps the supply chain flexible through contingency planning.
An organization conducts due diligence with all of its tier 1 suppliers to minimize risks of supply chain disruptions. What is a significant residual risk?
Failures originating at the tier 2 level or below The need for multi-tier due diligence is evidenced in a report by Zurich, a global insurer. Part of the report stated that 40 percent of all disruptions had a root cause from below the tier 1 supplier level. Performing due diligence only with direct suppliers would not catch a large number of potential failures.
Which is an expense that may still be needed in multiple countries prior to a new product launch even after the organization files an international patent application?
Getting in-country patent, liability, and tax law review From a compliance perspective, it is important to get in-country representation and legal review to protect the organization's interests. Organizations need to review not only each country's patent, trademark, and copyright laws but also product liability laws and relevant tax laws.
The executive team of a 3PL has identified an organizational opportunity to create a better, consistent approach toward risk management. What tool should the 3PL start with to begin the process of creating and using a consistent approach?
ISO 31000 The ISO 31000 framework, at a high level, is an iterative process that starts with an executive-level mandate and commitment toward risk management. This leads to the customization and design of the framework itself, which is then implemented, monitored and reviewed, and continually improved based on review results, which leads back to further customization and design.
Which ISO supporting standard places emphasis on controls assessment, consequence analysis, likelihood analysis and probability estimation, preliminary analysis, and uncertainties and sensitivities?
ISO 31010 ISO 31010 is a supporting standard for ISO 31000 that places emphasis on controls assessment, consequence analysis, likelihood analysis and probability estimation, preliminary analysis, and uncertainties and sensitivities.
An organization is having issues discussing risk management priorities and responsibilities with external supply chain partners. What tool should the organization use to ensure that communication regarding risk management is clear between all parties?
ISO Guide 73 ISO Guide 73 provides the definitions of generic terms related to risk management. It aims to encourage a mutual and consistent understanding of, and a coherent approach to, the description of activities relating to the management of risk and the use of uniform risk management terminology in processes and frameworks dealing with the management of risk.
An organization wants to identify and understand the risk associated with a highly technical process that they have pioneered and use exclusively. Several process experts that designed the process still work for the company. What is the best method for the organization to use to identify the risk in question?
Interviews Interviews with the design experts that remain in the company, as well as stakeholders involved in the process currently, would likely generate the most comprehensive picture of the risk associated with the process.
What should an organization work toward when using the Governance, Risk, and Compliance (GRC) framework?
Making GRC activities part of the organizational culture For organizations using the GRC framework, the goal is to move GRC activities from feeling obligatory to being part of the culture. The framework may enable organizations to take more risks due to an understanding of their risk appetite. An indicator that the framework is succeeding is an increase in the number of governance activities undertaken over the course of the year. The framework requires that all three legs (governance, risk management, and compliance) are balanced.
Which type of organization has made filing a patent after a reasonable patent search a much riskier endeavor?
Patent assertion entities While any company owning a patent can do this, a special class of organization called a patent assertion entity (PAE), or "patent troll" has come to exist. According to a U.S. White House report,"Patent Assertion and U.S. Innovation," PAEs "focus on aggressive litigation ... asserting that their patents cover inventions not imagined at the time they were granted."
When determining risk responses, how can an organization best prepare for unknown risks?
Place money in a reserve fund. An unknown risk is one that exists but no one knows about it currently. These unforeseen risks can be addressed by putting funds in a reserve account. The size of this account, who authorizes expenditures, and the conditions under which it can be accessed are part of an organization's risk management strategy.
What can a risk manager use to shorten the risk identification process? Answers
Risk checklists and documentation and assumption reviews Risk checklists and documentation and assumption reviews look at past risk identification processes conducted by the organization. Reviewing these sources can give a new risk identification process a jump start.
Who is responsible for identifying potential failure points along the supply chain?
Risk manager Risk managers have a critical role in supply chain risk management. They must examine the supply chain to map the entire chain and understand interdependencies, identify potential failure points, and create risk awareness throughout the chain.
Which of the following components of a risk assessment process might result in shareholders requiring a greater minimum return on their investment?
Risk tolerance Organizations tend to have characteristic tolerances for risk such as risk-tolerant or risk-averse. Organizations that are willing to accept higher risks should have a higher potential for return on their investments, since investors will expect a higher return in compensation for their increased risk.
How can an organization use supply chain information networks to manage risk?
Share information with partners and internal locations to help minimize disruption caused by risk. Organizations can manage supply chain information networks to minimize supply chain risk. This includes information sharing with partners as well as internal locations, which helps all parties to be quickly informed of a real or potential disruption and respond quickly and appropriately to minimize disruption.
According to the Supply Chain Council (SCC) guidelines, which of the following has the most complete risk definition?
Skilled labor shortages of up to 10% at a Mexico plant for the first two quarters of the year The scope of each risk must be well understood before determining what would be an appropriate response. The SCC notes that each identified risk must also have a time dimension or a specific time horizon (e.g., day, month, year) and a specific perspective or view that defines the scope of the risk (e.g., boundaries, what's not included).
Which of the following is a quality that supply chain risk management must have?
Systemwide focus Risk in a supply chain can take many forms, and supply chain risk managers need to take a systemwide perspective on risk.
Which of these companies is practicing good risk management in terms of its suppliers?
The company develops detailed plans to shift work orders among several certified global suppliers in the event of labor disruptions in their countries. Single sourcing of a key material or component is not a good example of risk management, even if the supplier is the lowest-cost provider. Good risk management may involve additional costs incurred through maintaining redundancy in the supply chain and requiring additional supplier performance or assumption of risk.
risk management
The identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.
supply chain risk
The variety of possible events and their outcomes that could have a negative effect on the flow of goods, services, funds, or information resulting in some level of quantitative or qualitative loss for the supply chain.
An organization is implementing ISO 31000 risk management in response to an executive-level mandate. This mandate should include a commitment to:
develop a transparent process inclusive of all stakeholders. The ISO framework starts with an executive-level mandate and commitment toward risk management that is based on the ISO 31000 principles, which include being inclusive of all stakeholders, auditable, and transparent. Rather than considering the program to have a net cost, it should be considered to add value to the organization. Also, it should be customized to the organization rather than requiring the organization to conform to a rigid set of processes. Finally, it should unambiguously address uncertainty in an orderly, structured, and well-timed manner.
If an organization and its major supply chain partners each implement ISO 31000 and ISO Guide 73:2009 related to risk management, they should be able to:
mitigate the risk of miscommunications with external partners due to risk terminology differences. ISO Guide 73:2009, Risk Management Vocabulary, should allow various organizations to discuss risk using a common understanding of risk management terms and definitions.
The process of identifying, analyzing, and addressing an organization's exposure to uncertainty within the supply chain is known as:
risk management. Risk management is the process of identifying, analyzing, and addressing an organization's exposure to uncertainty within the supply chain.
