BMGT478C Exam 1
know the risks that are inherent in supply chains
volatile customer demand quality control failures for products and processes political instability natural disasters bankruptcy of supplier failure of supply chain partners transportation failures
What are the primary benefits of simulation?
Simulation gives a detailed quantitative analysis of events that might occur It uses a dynamic representation of a situation, with a computer model imitating real world operations over a typical period The computer can simulate a large number of typical results, and then analyze performance, find variations and compare results, giving a wide range of information One major benefit is that it allows management to explore different options without disrupting real operations Biggest problems is designing and building a simulation model that represents actual operations Also very time consuming
What is the rationale for managers to adopt a "Laissez-faire" approach toward risk?
"Why should I put effort into planning for events that will probably never happen?" Answer: some events may be unlikely, but when they do occur the consequences are catastrophic (i.e. insurance on your house)
Three General Classifications of Supply Chain Risks: Organizational Risk
(Process, Control) Procedure risks: lack of formal procedures, lack of quality control system Decision risks: bureaucracy (red tape), lack of authority, lack of decision support Communication risks: cultural differences, language barriers, misunderstanding Knowledge risks: lack of formal education, lack of training, unskilled labor **Probably the most preventable, internal to the focal firm, external to the supply chain
Three General Classifications of Supply Chain Risks: Environmental Risks
-Macro risks: economic shifts, recession, labor costs, exchange rates, customs Policy risks: actions and sanctions of governments, shifts in legislation Competition risks: uncertainty about competitors' moves and actions Resource risks: lack of human resources, capital or technology **External to the firm, external to the supply chain
List the minimum criteria responses to supply chain risk.
Allow the supply chain to continue working normally, or with minimum disruption Be effective in dealing with risks Allow appropriate and efficient use of resources Comply with all laws and regulations
"Six Mistakes Executives Make in Risk Management." → What does the article conclude about the quantification of risk?
Anyone looking for a single number to represent risk is inviting disaster Risk managers should avoid using methods and measures connected to standard deviation, such as regression models, r-squares, and betas Research shows that the way a risk is framed influences the people's understanding of it Managers should look for ways in which risk can be presented to ensure that you aren't being taken in by the the framing of the math
Identify, define, and differentiate among the strategies available for addressing supply chain risk, e.g., avoid, transfer, mitigate, respond, monitor, accept
Avoid: proactive action that eliminates the possibility of an event Transfer: proactive action (often financial or legal) that shifts risks to a third party Mitigate: proactive action that reduces the (financial) impact if an event occurs Respond: Predetermined actions taken after an event occurs in order to reduce the impact Monitor: continuous scanning of the environment triggering alternative actions of the implementation of certain measures if predefined thresholds are exceeded Accept: decision to bear risk exposure without taking any additional actions
What is the nature of this tool (scenario analysis), i.e., how does it work?
By analyzing future conditions and adjusting decisions, they can develop a set of reasonable decisions that will probably yield the desired results Relies on a mixture of expertise, judgement, brainstorming, analyses, and guesswork Cannot produce probabilities for the scenarios
"Seven Myths to Beat Before They Beat You" → What advice does the article give regarding corporate social responsibility?
CSR and higher profits are not mutually exclusive When CSR is aligned with business value, it can generate a new stream of revenue or an innovative way to reduce costs Designing products by taking into account quality and life cycle costs can lead to efficient packaging, a lower transportation carbon footprint, less material, waste reduction and better recycled material
Under what circumstances might you oppose or not oppose a change.
Can oppose change if manager has prior notice of a change Should not oppose if it would take a lot of time/money with little chance of success
8 Types of SC Risk: make contingency plans
Come into effect after a risky event actually occurs Managers take no immediate action, but prepare plans to deal with an event that might occur Often referred to as a "Plan B" Ex: a company's normal plans might include moving goods by low-cost road transport, but there is a sudden emergency order it has a contingency plan of using higher-cost air freight
What are the two main factors that determine how risks are treated?
Consequence & Likelihood
Main Goals of FMEA
Recognize and evaluate the potential failures of a product or process and the effects of the failure Identify actions, which could eliminate or reduce the chance of the potential failure occurring Document the entire process
Estimating risk is critical to managing risk, what tools are available to estimate risk?
Data Mining Failure Mode Effect Analysis (FMEA)
Data Mining
Data mining can analyze historical data to improve prediction capability. Some of the common analytic approaches used by data miners are Estimation of parameters of past performance: means, standard deviations, correlations, and associations for hypothesis testing, these tools will not lead to patterns but are more useful in analyzing the data to identify the most relevant sets of data to concentrate further analysis Clustering/segmentation: this approach is used to logically group observations on the basis of similarity in their characteristics, reducing the level of heterogeneity in the data Classification/discrimination: the process of assigning observations to predetermined number of classes Prediction: formal mathematical models are built for the purpose of predicting the occurrence of the phenomenon
Identify and differentiate between internal and external risk in supply chains: External Factors
Demand: loss of major accounts, volatility of demand, concentration of customer base, short life cycles, innovative competitors, buying too much/little Environment: natural disasters, terrorism and war, regulatory changes, tax, duties, quotes, strikes Supply: dependency on key suppliers, downtime, consolidation in supply markets, quality issues, potential disruption, replenishment - lead times & variability
"Seven Myths to Beat Before They Beat You" → What were the two myths associated with IT?
Deploy the latest, greatest IT → Business needs must drive IT strategy, not the other way around, need to relate business strategy to the core operational and supply chain capabilities that IT needs to enable, support, or enforce Ignore IT - it's just another commodity → Despite problems and challenges presented by IT, companies must still try to take advantage of the many operational benefits that new IT systems have to offer
FMEA
Failure Mode Effect Analysis Failure analysis used to evaluate the potential failures of a product/process, the effects of that failure, and then identify actions which could eliminate or reduce the chance of that failure occurring
"Learning from Toys: Lessons in Managing Supply Chain Risk in the Toy Industry." → What role do children play in the toy industry?
Fickle and changing children are the toy industry consumer Kids' purchasing power is growing 1996 study: kids spend $27 billion directly and influenced spending of $117 billion Kids purchasing power is growing, estimated to be $67 billion in 2001
8 Types of SC Risk: reduce the probability of the risk
I.e. safety stock Can also avoid operations where the risk occurs (i.e. can reduce the risk of piracy by avoiding the routes where piracy often occurs)
What were the key conclusions of the article, "Managing Risks to Avoid Supply Chain Break Down?"
Identifies and categorizes supply chain risks and their drivers Includes some new categories such as forecast, intellectual property, procurement, receivables, and capacity Each category of disruption can be supplier-related, internal, or customer-related SC managers are tasked with choosing supply chain risk reward trade-offs The biggest challenge companies face is mitigating supply chain risks without eroding profits The ultimate goal is to balance supply chain risk/reward relationship
List and understand the major steps in the risk management process.
Identify significant risk Consider the likelihood that the risk will materialize Assess consequences if the risks did occur Take steps to transfer, reduce, or mitigate risk
Discuss the predictive/proactive mode of risk management?
In predictive-proactive methodology to managing risks, the two main steps are predictive mode and proactive mode In predictive mode, the focus is on gathering of information on the potential risk sources The proactive mode focuses on the identification of the risks within the supply chain and assessing the risk level and setting the strategic objectives of the company To be proactive, we must have an efficient predictive process for data gathering and analysis
8 Types of SC Risk: oppose a change
Instead of accepting the change, they can individually or collectively resist and try to prevent it from happening (i.e. change in driver hours of service rules) Managers should not spend an inordinate amount of effort or expense opposing changes when they have little chance of success Often you see people continuing to resist events that are inevitable
"Learning from Toys: Lessons in Managing Supply Chain Risk in the Toy Industry." → Be familiar with the structure of the toy industry
Larger companies benefit from economies of scale, brand recognition, and resources necessary to secure licensing agreements Minor players compete on new product development, hoping to find a hit product Minor players lack the clout to secure space on store shelves and often are forced to sell through independent retail stores E-tailing is showing some promise but has proven more difficult and hoped High rate of new product failure Seasonality of demand, 45% of annual demand occurs in November and December
Explain the statement, "Supply chain risk management is the intersection of supply chain management and risk management?"
It has collaborative and structured approach, and is included in the planning and control processes of the supply chain, to handle risks which might affect the achievement of the supply chain goals
"Six Mistakes Executives Make in Risk Management." → What do the authors conclude is the biggest risk managers make?
It lies within us We tend to overestimate our abilities and underestimate what can go wrong Any corporation that doesn't recognize it Achilles' heel is fated to die because of it
How do probability of occurrence and severity of impacts relate to SC risk management?
Low consequence, low likelihood: tolerate Low consequence, high likelihood: treat High consequence, low likelihood: transfer High consequence, high likelihood: terminate
"Seven Myths to Beat Before They Beat You" → be familiar with the myths identified in the article.
Reduce costs at all costs Invest in maximum flexibility Apply the same strategy across the board Deploy the latest, greatest IT Ignore IT - it's just another commodity Treat corporate social responsibility as charity Leave operations at functional level
Be familiar with the primary conclusions of the benchmark study on supply chain risk management by the Aberdeen Group.
More than 80% of supply managers at 180 global enterprises reported that their companies experienced supply disruptions within the past 24 hours Supply glitches negatively impacted their companies' customer relations, earnings, time-to-market cycles, sales, and overall brand perception It found that more than 75% of companies expect supply risks to increase over the next three years And yet only 49% of organizations have bothered to implement a supply performance management and risk management program Enterprises that have adopted comprehensive supply risk assessment and management programs, which include the leverage of deep supplier and market information, have reduced the frequency of supply risks, and outperformed their peers in supply performance cost More specifically, best-in-class companies that have had programs in place for at least three years, measure over half of their supply base regularly, and engage in risk management in a least 70% of their supply base enjoy 92% effectiveness in product and service quality 91% on-time-delivery 87% price competitiveness 85% service and performance capability
Which is the most extreme response to risk?
Move to another environment
8 Types of SC Risk: transfer, share, or deflect the risk
Moves some or all of the risk from one organization in the supply chain to someone willing to handle the risk Managers do not generally like risk, so they are inclined to transfer risk, especially when the cost of transferring is significantly lower than the expected cost of absorbing the risk In some cases, transfer can be significantly increase risk because the party whom it is being transferred may not be aware of the risk they are being asked to absorb Three ways: Insurance (most common) →Essentially pooling or sharing of risk and sharing the cost of risk →Insurance premium=expected value of the loss +operating costs + profit →The greater the risk, the greater the premium Hedging →When there is uncertainty about the future price, a company can reduce risk by agreeing to price now for a product at a future date Subcontracting → Another form of sharing risks comes with third party logistics or subcontracting → Responsibilities of each party are specified in form of a contract including the allocation of risk → Actual division of risk depends on numerous factors including the relative power of the organization, the attitude of risk, the premium, and control of risk
How can network models be used in risk managemnet?
Network models can find Maximum flow: the maximum amount of materials that can flow between two points in the network The shortest path: the shortest travel time or minimum distance between two points in the network Transportation problems: assign customers to facilities and give the fastest and lowest cost deliveries Set covering: to show the location of facilities needed to make sure that every customer is within a specified maximum distance of a facility Facilities location: to show the location of facilities that give the lowest average distance/time to customers
Know the appropriate response to risk depending on the scope of the risk.
No universal response to risk If the risk is not extremely large, may choose to ignore and then accept the results Most extreme response is "move"
Three General Classifications of Supply Chain Risks
Organizational Network Environmental
"Learning from Toys: Lessons in Managing Supply Chain Risk in the Toy Industry." → How does the "fad" nature of toys come into play in supply chain risk management.
Oversupply can kill demand for fad-sensitive products; scarcity is a powerful selling tool Challenge is for supply to just meet demand while dodging financial risks of global supply chains
8 Types of SC Risk: adapt to it
Passive response Managers accept that an event is inevitable and try to adapt operations to fit the new circumstances Ex: risk that demand or a product might suddenly fall, managers modify operations so that they would still be profitable at lower demands Requires organization to be agile and able to change operations quickly to respond to changing conditions Environment controls the rate and direction of change
How does hedging relate to risk management or risk mitigation?
Proactively thinking in advance to buy now
Identify and differentiate between internal and external risk in supply chains: Internal Risk
Process: manufacturing yield variability/quality, lengthy set up times, inflxible processes, equipment reliability, limited capacity/bottlenecks, outsourcing key business processes, product complexity Risk/Response Contingency: awareness, prevention, remediation, knowledge Controls: poor pipeline visibility, inappropriate rules that distort demand, lack of collaborative planning/forecasts, bullwhip effects due to multiple echelons, proprietary technology
"Learning from Toys: Lessons in Managing Supply Chain Risk in the Toy Industry." → How does the structure of the industry affect risk?
Product risk associated with seasonality, volatility of fads, new product adoptions and short product life Public's perception of safety and toy company ethics related to the use of child labor are also elements of risk There are also product supply risks Concern for manufacturing capacity during crunch periods Longer supply chains, as well as currency and political risks are also present Long lead times between demand and supply
What is the key difference between quantitative and qualitative risk?
Qualitative Risk: don't ignore risk just because you can't quantify it
"Learning from Toys: Lessons in Managing Supply Chain Risk in the Toy Industry." → Identify the unique aspects of the toy industry that make it susceptible to risk?
Rapid change and uncertainty Demand is fad driven and highly volatile Requires constant innovation Short life-cycles Susceptible to cannibalization Global supply chains for supply and demand Currency and political risk are problematic Sensitive product safety issues
"Learning from Toys: Lessons in Managing Supply Chain Risk in the Toy Industry." → What are the options for dealing with seasonality?
Reduce seasonality and new product adoption risk through licensing Increase product life and lifetime sales by matching product and channel strategies (focus on quality control in production, different products may require different channels) Reduce seasonality by increasing the number of channels (develop alternative channels, use innovative channels such as fast food restaurants, place toys near check out to take advantage of impulse purchases) Smoothing demand and building longer life products through variety strategies (new versions of products and product extensions make it easier to obtain shelf space and customer acceptance, use of rolling mix - increase product variety by continually introducing slightly different versions of the same product)
"Learning from Toys: Lessons in Managing Supply Chain Risk in the Toy Industry." → Be familiar with the various risk management strategies that might be employed in the toy industry to reduce risk.
Reducing capacity risk by outsourcing and building a flexible web of pattern Use information, air freight, and warehouse consolidation to improve supply/demand matching Reducing currency and political risks through operational hedging (i.e. operate and source in several different countries)
"Six Mistakes Executives Make in Risk Management." → Are redundancy and leverage good things according to the authors?
Redundancy consists of apparent inefficiency; idle capacities, unused parts, and money that isn't put to work We have been taught that the leverage is good, it may not be → leverage is the opposite of redundancy → leverage = debt If you are highly leveraged, you could go under if you company misses a forecast, interest rates change, or other risks crop up Overspecialization hampers companies' evolution The theory of comparative advantage ignores unexpected change Redundancy and parallel paths create less vulnerability and you have lower risk (but you also have higher costs→ buffer stocks, safety stocks, alternative suppliers, excess production capacity
Give examples of external risks. How should managers approach this category or risk?
Risks that are outside the organization and beyond its influence or control Ex: natural and political disasters and major macroeconomic shifts throughout the world Management focus should be on identification and mitigation of their impact
Define robustness as the term relates to SC risk.
Robustness: regaining stability, the ability to endure changes in the environment without adapting In business, the ability to survive (resilience) is more important than robustness A resilient supply chain is impacted, but is able to come back to a stable state
In the article, "Managing Risk: A New Framework," what did BP learn about rules based risk management?
Rules based risk management will not diminish either the likelihood or the impact of a disaster Article attempts to identify those risks which can be managed through a rules-based model and which require alternative approaches
What role do Business Continuity Plans and Contingency plans have in risk management?
Should not wait to see what damaging events occur and then start thinking about a response Be prepared
What are the key factors that affect response to risk?
Some risks affect a single organization while others affect the whole industry in which it works An organization specific risk leads to individual and isolated responses An industry-wide risk affects all organizations in the same industry For industry-wide risks, the best responses are collaborative
According to the "One Graph," what is the ultimate goal of supply chains in an ideal world?
Store In Stock: right goods, right place, right time, right cost
Three General Classifications of Supply Chain Risks: Network Risks
Supply Chain, Supply/Demand Supply risks: disruption of supply, inventory and schedules, incoming delays Operational risks: failure of breakdown of operations, changes in technology Demand risks: variations in demand, changes in customers' likes and dislikes Security risks: theft, counterfeiting, terrorism, piracy, infrastructure breakdown **External to focal firm, internal to supply chain
Network Models
Supply chain networks of connected nodes with risks occurring to the nodes or connections Network models are concerned with the flow through the networks, sometimes call "graph theory" Can analyze what would happen if parts of the chain are deleted (i.e. the impact of losing parts of the chain) Each node has a fixed capacity and takes a certain time to traverse Network models allow managers to examine capacity and time affects if links are no available
"Seven Myths to Beat Before They Beat You" → What are the three key strategies for improving supply chain flexibility?
System Design: carefully designed manufacturing or distribution of networks. Parallel paths. Process Design: flexible workforce, cross training, varied procurement contracts, dual sourcing Product Design: modular product architecture, standardized components, component substitution, and postponement strategies
"Seven Myths to Beat Before They Beat You" → How should a manager decide how much flexibility to incorporate into their supply chains? What are the trade-offs?
The challenge is to identify the trade-off between risk mitigation strategies and cost Flexibility is not free The higher the degree of flexibility, the more expensive it is to achieve Questions to ask: how much flexibility do I need? how can I achieve it? what will it cost? what are the benefits? do the benefits outweigh the costs?
8 Types of SC Risk: move to another environment
The most extreme option Admitting that events are so risky that an organization cannot work with them Possible re-organize and move to another market or industry that does not have the risk The most extreme version of this occurs when an organization finds it too risky to stay in its own business environment, but cannot move to another so it stops working and closes down
Define strategy risks, how should these be managed?
These are risks associated with the deliberate actions taken by organizations to generate high returns Higher the risk - higher the rewards Strategy risks cannot be managed through rules based control models Rather, a risk management strategy designed to reduce the probability that the assumed risk actually materialize and to improve the company's ability to manage or contain the risk events should they occur
What are the primary impacts of disruptions or adverse activities associated with supply chains?
These consequences may have adverse impacts on the organization including loss of sales, lower revenues/profits, lost customers, loss of market share, loss of business Even a relatively small supply chain disruption caused by a localized event may have consequences around the global economic system
Risk conscious cultures should be agile, resilient, sustainable, and adaptable. What does this mean?
This is good business strategy: Remain agile to avoid risk Be resilient to respond, adapt, and absorb risk Develop methodologies that are sustainable to scale and maintain risk solutions
To what extent can managers control risk?
Typically managers have no control over the causes of events that affect the supply chain Further, they have little control over the consequences of events in the supply chain
8 Types of SC Risk: ignore or accept the risk
Used when risk is small & consequences are small (low probability and small consequences) Expected value from the risk is less than any remedial action à don't want to spend a lot of money if the risk is very small Called risk acceptance, retention, or internalization Should be strategic/intentional (although many times it's not because managers may fail to identify a risk or underestimate the consequences)
define scenario analysis
Uses the possible effects of a series of decisions Assembles a small group of experts who construct a likely of series of decisions Next they construct a set of plausible future conditions that might follow from these decisions assess black swan events
What is the relationship between vulnerability and risk?
Vulnerability: the susceptibility of a supply chain towards the harm of a particular supply chain disruption The vulnerability of the supply chain is a function of the characteristics of the supply chain. This means that the structure of the supply chain is an antecedent of supply chain vulnerability This suggests that by changing the supply chain structure through more effective design, vulnerability can be reduced As vulnerability is reduced, risk is reduced as well
"Six Mistakes Executives Make in Risk Management." → What does the article say about Black Swan events?
We have an abysmal record of predicting Black Swan events By focusing our attention on a few extreme scenarios, we neglect other possibilities and in the process become more vulnerable It's much more productive to focus not on predicting the events, but to prepare for the eventuality and ensure that we can handle the consequences if they do occur
"Six Mistakes Executives Make in Risk Management." → What are the six mistakes executives make in risk management?
We think that we can manage risk by predicting extreme events We are convinced that studying the past will help us manage risk We don't listen to advice about what we shouldn't do We assume that risk can be measured by standard deviation We don't appreciate that what's mathematically equivalent isn't psychologically so We are taught that efficiency and maximizing shareholder value don't tolerate redundancy
is it appropriate to always refer to risk as a negative?
no it can be positive as well such as winning the lottery substitute typical definition for chance
Four Categories of Risk: Operational Risk
risks associated with tactical activities within the supply chain (ex: poor supplier quality, late deliveries due to port delays, safety issues, excessive inventory)
what does it mean to say that not all risks are equal
different scoring results Consequences: insignificant, minor, moderate, major, catastrophic Likelihood: almost certain, likely, possible, unlikely, rare high consequence, low probability = black swan
"Risk Management: Welcome to the New Normal" → relationship between globalization and risk
most participants are looking to international customers for future market growth, yet few are prepared for the complexity that results from serving global customers with regionally customize products
understand general nature of risk
anything can happen at any time, no one is not susceptible to risk every individual and every organization is subject to risk every day, many times each day
"Risk Management: Welcome to the New Normal" → risk appetite
different managers/organizations have different willingness to risk (more or less willing to take risks)
what are the benefits of risk categorization
different mitigation techniques, tactics, tools, and strategies exist for each category of risk and for each cause of risk in the supply chain
Four Categories of Risk: Strategic Risk
based on decisions made by executives (ex: mergers and acquisitions, assessment of the overall competitive environment, social trends and compliance, global) strategic risks are taken by management, intentional behavior and decision making, the reason to maximize profit, taking actions to maximize profits can be risky (decision making) → you should identify all the possible risks, work to minimize exposure to the risks, but still would probably take the risk if you felt that the reward was greater than the risk
What is meant by "single point of failure"?
because of interdependencies within a supply chain, it only takes a single weak link, the single point of failure, for the entire chain to fall therefore, the risk conscious culture must be agile, resilient, sustainable, and adaptable
define risk
exposure to the chance of injury or loss hazard or dangerous chance chance of a loss degree or probability of such a loss
what is the relationship between global supply chains and risk?
global supply chains and global supply chain risk are highly correlated
be aware of the categories and types of risk faced by businesses (4 types)
hazard risk financial risk operational risk strategic risk
why is demand a central concern for risk assessment and mitigation in supply chains
if demand changes, can be unprepared if demand increases there may not be enough supply if demand decreases there may be too much supply on hand and it may be expensive
8 types of supply chain risk
ignore or accept the risk reduce probability of the risk reduce or limit the consequences transfer, share, or deflect the risk make contingency plans adapt to it oppose a change move to another environment
Four Categories of Risk: Financial Risk
internal or external financial challenges particularly with regard to suppliers
"Learning from Toys: Lessons in Managing Supply Chain Risk in the Toy Industry." → In what stage of the product life cycle are toys?
mature slow demand growth concentration of manufacturing
Four Categories of Risk: Hazard Risk
random disruptions, some of which are acts of nature such as hurricanes or floods, would also include accidents, fire, theft, and product tampering
define black swans, what is the nature of black swan events?
rare, sudden, and often totally unpredicted and unprecedented events difficult to predict (proactive) but possible to prepare for (reactive) should be addressed with continuity and contingency plans, response analysis, need to be proactive
Define risk drivers? Why are they important factors in managing risk?
risk drivers → turn risk into consequences ex: risk driver → inadequate road maintenance that makes the risk source of bad weather even worse
"Risk Management: Welcome to the New Normal" → key points/new normal
risk management techniques currently in place may not be sufficient to allow supply chain organizations to attain risk management excellence in a dangerous world an innovative set of approaches is needed we live, and businesses operate, in a world where heightened risk represents the new normal do we need to know stats?
how should these (black swan events) be addressed?
scenario analysis contingency plans proactive
how does categorization of risk relate to response to risk?
sometimes cost of preparing or responding is more than the cost of absorbing the risk so you know when its worth responding if bound to happen a lot, create a control to prevent respond in different ways depending on type of risk and likelihood
What is the focal point of the (predictive/proactive) process?
strategic objectives
8 Types of SC Risk: reduce or limit the consequences
take actions that reduce consequences I.e. wearing a seatbelt or wearing a helmet
why is risk described as an ambiguous concept
there are many definitions of risk, depending on their specific application and on the situation context risk denotes the precise probability of specific eventualities (i.e. can calculate the likelihood) technically risk has no value, so these eventualities can be beneficial or adverse
"Seven Myths to Beat Before They Beat You" → Why is cost minimization not always the ultimate goal in supply chain management?
this approach may not be appropriate in every circumstance, especially for certain product characteristics such as innovative products where responsiveness is the appropriate operations strategy even when cost is an important objective, companies need to balance cost with service invest in flexibility to reduce cost deploy the appropriate IT infrastructure for long term viability and growth also applies to corporate efforts to cut costs by utilizing low cost country manufacturing
What does it mean to say that, "Risk management is not a separate activity from management; it is management?"
this is the relationship; between risk and risk management
What is meant by preventable risks? How should this be managed?
typically internal risks that come from within the organization that do not generate strategic benefits, that are controllable and should be "eliminated" or avoided Ex: risk from unauthorized, illegal, unethical, incorrect or inappropriate actions and risks of routine operational processes Best managed through active prevention, e.g., monitoring processes and guiding people's behaviors and decisions toward desired norms Essentially, this is a rules based model
"Risk Management: Welcome to the New Normal" → difference between vulnerability and resilience
vulnerability represents the combination of likelihood of disruption and its potential severity resilience refers to the ability of the firm to recover from disruptions of any time there is a trade off between risk aversion and the willingness to accept risk, often referred to as risk appetite
what do we mean by risk triplet
what can happen and what is the cause? (the range of things that can go wrong) how likely is it that it will happen? (the probability, quantifying it, the likelihood) if it does happen, what are the consequences? (how bad can it be, what's the downside?)
