164 • Supply Chain Risk Management: An Emerging Discipline
. 5.. Fulghum,. David,. Bill. Sweetman,. and. Jill. Dimascio.. “China. Chips:. Counterfeit.
Components. Reveal. Political. Hype. and. Bureaucratic. Muddle. in. Washington.”.
Aviation Week and Space Technology,.June 4–11,.2012:.68.
. 6.. European.Banking.Board.terms.and.definitions.
. 7.. Accessed.from.http://www.pwc.com/.us/.en/.cfodirect/.publications/.dataline/2012-
10-sec-.adopts-.conflict-.minerals-.rule-.public-.and-.nonpublic-.companies-.in-.many-.
industries-.are-.affected.jhtml.
. 8.. USA. Conference. Board. &. Center. for. Responsible. Enterprise. &. Trade. Report,.
August.2012.
. 9.. Accessed.from.http://www.brainyquote.com/.quotes/.quotes/.k/karlkraus152098.html.
Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.
C
o
p
yr
ig
h
t
©
2
0
1
4
.
T
a
yl
o
r
&
F
ra
n
ci
s
G
ro
u
p
.
A
ll
ri
g
h
ts
r
e
se
rv
e
d
.
165
9
Emerging Risk Management
Frameworks for Success
Our.focus.in.this.chapter.will.be.on.emerging.frameworks.that.are.being.
leveraged. to. drive. successful. supply. chain. risk. management. (SCRM).
initiatives.. We. will. become. grounded. with. basic. definitions. and. explore.
some. of. the. new. frameworks,. standards,. and. rules. and. regulations. that.
frame.the.supply.chain.risk.management.landscape..We’ll.then.profile.the.
frameworks.from.several.research.organizations’.perspectives.and.present.
several. leading. companies. who. are. utilizing. these. frameworks. to. imple-
ment. risk. initiatives. within. their. organizations.. We’ll. conclude. by. high-
lighting.several.benefits.to.be.derived.from.utilizing.these.frameworks.
What iS a fRaMeWORk?
A.framework.is.a.skeletal,.openwork,.or.structural.frame..This.term.also.
describes.a.frame.of.reference,.which.includes.an.arbitrary.set.of.axes.with.
reference. to. which. the. position. or. motion. of. something. is. described. or.
physical.laws.are.formulated.1.One.professional.organization.profiles.the.
term.framework.in.several.perspectives..One.perspective.provides.a.con-
cept. revolving. around. organizational. design. by. viewing. a. framework. as.
an. organizational. structure. to. support. the. strategic. business. plans. and.
goals.of.an.enterprise.(e.g.,.for-.profit.and.not-.for-.profit.companies)..Given.
the. mission. and. business. strategy,. the. organizational. structure. design.
provides. the. framework. within. which. operational. and. management.
activities. will. be. performed.. A. second. perspective. revolves. around. the.
operating. environment. and. views. a. framework. as. the. global,. domestic,.
Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.
C
o
p
yr
ig
h
t
©
2
0
1
4
.
T
a
yl
o
r
&
F
ra
n
ci
s
G
ro
u
p
.
A
ll
ri
g
h
ts
r
e
se
rv
e
d
.
166 • Supply Chain Risk Management: An Emerging Discipline
environmental,. and. stakeholder. influences. that. affect. the. key. competi-
tive. factors,. customer. needs,. culture,. and. philosophy. of. each. individual.
company.. This. environment. becomes. the. framework. in. which. business.
strategy.is.developed.and.implemented.2
fRaMeWORkS SuppORting the neW Supply
Chain RiSk ManageMent diSCipline
Whether. you. are. in. operations,. finance,. distribution,. banking,. or. aca-
demia,.several.frameworks.are.critical.for.supply.chain.risk.management..
Recall.that.Chapter 1.defined.SCRM,.which.is.expanded.here.to.refer.to.
the.implementation.of.strategies.to.manage.everyday.and.exceptional.risks.
within. the. supply. chain. through. continuous. risk. identification,. assess-
ment,.mitigation,.and.management.with.the.objective.of.reducing.vulner-
ability.and.ensuring.sustainability..We.view.SCRM.as.the.intersection.of.
supply.chain.management.and.risk.management..Let’s.discuss.several.of.
the.critical.frameworks.
enterprise Risk Management (eRM) framework
As.mentioned.in.Chapter 1,.the.general.ERM.framework.has.been.around.
for. many. years,. emanating. from. the. finance. and. classical. risk. insurance.
disciplines..We’ll.take.a.high-.level.view.at.ERM.first,.and.then.dig.deeper.
with. profiles. from. CAS,. the. Casualty. Actuarial. Society.. Recall. that.
Chapter 1.provided.one.perspective.of.ERM..A.second.perspective.is.from.
CAS,.which.has.defined.ERM.as.the.discipline.by.which.an.organization.
in. any. industry. assesses,. controls,. exploits,. finances,. and. monitors. risks.
from. all. sources. for. the. purpose. of. increasing. the. organization’s. short-.
and.long-.term.value.to.its.shareholders.
ERM. can. also. be. described. as. a. risk-.based. approach. to. managing. an.
enterprise,. integrating. concepts. of. strategic. planning,. operations. man-
agement,.and.internal.control..ERM.is.still.evolving.to.address.the.needs.
of. various. stakeholders. who. want. to. understand. the. broad. spectrum. of.
risks.facing.complex.organizations.and.their.supply.chains.to.ensure.they.
are.appropriately.managed..Government.regulators.and.debt-.rating.agen-
cies. have. increased. their. scrutiny. of. the. risk. management. processes. of.
many.companies.
Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.
C
o
p
yr
ig
h
t
©
2
0
1
4
.
T
a
yl
o
r
&
F
ra
n
ci
s
G
ro
u
p
.
A
ll
ri
g
h
ts
r
e
se
rv
e
d
.
Emerging Risk Management Frameworks for Success • 167
COSO eRM framework
An. important. perspective. about. risk. is. put. forth. by. the. Committee. of.
Sponsoring.Organizations.of.the.Treadway.Commission.(COSO),.a.well-.
known. group. formed. to. help. businesses. develop. their. internal. control.
systems..Thousands.of.organizations.have.incorporated.COSO’s.Internal.
Control.Integrated.Framework.to.help.manage.their.activities..In.2001,.in.
response.to.a.heightened.awareness.of.global.risk,.COSO.partnered.with.
PriceWaterhouseCoopers.to.develop.a.framework.that.would.enable.orga-
nizations. to. evaluate. and. improve. enterprise. risk. management.. COSO.
defines.ERM.as.follows:
A.process,.effected.by.an.entity’s.board.of.directors,.management.and.other.
personnel,.applied.in.a.strategy.setting.and.across.the.enterprise,.designed.
to.identify.potential.events.that.may.affect.the.entity,.and.manage.risk.to.
be.within.its. risk.appetite,.to. provide. reasonable. assurance. regarding.the.
achievement.of.entity.objectives.3
Eight. interrelated. components. comprise. COSO’s. ERM. framework..
These.components.are.derived.from.the.way.management.runs.an.enter-
prise.and.are.integrated.within.the.management.process..These.eight.com-
ponents,.which.are.also.relevant.to.our.discussion.of.SCRM,.comprise.a.
fully.developed.ERM.system:
•. Internal Environment..The.internal.environment.sets.an.organiza-
tion’s.tone,.including.how.risk.is.viewed.and.addressed.by.an.orga-
nization’s. people,. including. its. risk. management. philosophy,. risk.
appetite,.integrity,.and.ethical.values.
•. Objective Setting.. Enterprise. risk. management. ensures. that.
management. has. a. process. to. set. objectives. and. that. the. chosen.
objectives.support.the.entity’s.mission.and.are.consistent.with.its.
risk.appetite.
•. Event Identification.. Internal. and. external. events. affecting. the.
achievement.of.objectives.must.be.identified,.distinguishing.between.
risks.and.opportunities..Opportunities.are.channeled.back.to.man-
agement’s.strategy.or.objective-.setting.processes.
•. Risk Assessment..Risks.are.analyzed.in.terms.of.their.likelihood.and.
impact..This.is.used.as.a.basis.for.determining.how.to.manage.risks.
•. Risk Response..Management.selects.various.risk.responses,.includ-
ing.avoiding,.accepting,.reducing,.preventing,.or.sharing.risk..A.set.
Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.
C
o
p
yr
ig
h
t
©
2
0
1
4
.
T
a
yl
o
r
&
F
ra
n
ci
s
G
ro
u
p
.
A
ll
ri
g
h
ts
r
e
se
rv
e
d
.
168 • Supply Chain Risk Management: An Emerging Discipline
of.actions.are.developed.that.align.risks.with.the.entity’s.risk.toler-
ances.and.risk.appetite.
•. Control Activities.. Policies. and. procedures. are. established. to. help.
ensure.risk.responses.are.carried.out.
•. Information and Communication..Relevant.information.is.identi-
fied.and.communicated.in.a.form.and.time.frame.that.enable.people.
to. carry. out. their. responsibilities.. Effective. communication. flows.
down,.across,.and.up.the.organization.
•. Monitoring.. The. entirety. of. enterprise. risk. management. is. moni-
tored.and.modifications.are.made.as.necessary..Enterprise.risk.man-
agement.monitoring.is.accomplished.through.ongoing.management.
activities,.separate.evaluations,.or.both..Management.makes.modifi-
cations.to.the.ERM.plan.as.required.
iSO Standards
Most.of.us.probably.know.something.about.the.International.Organization.
for.Standardization.(ISO).standard.organization,.but.for.those.of.you.who.
are.not.familiar.with.this.standards.body,.we’ll.start.with.some.basic.foun-
dational. elements. of. this. worldwide. organization.. Founded. in. 1947. in.
Geneva,.Switzerland,.ISO.is.an.international.standard-.setting.body.com-
posed.of.representatives.from.various.national.standards.organizations.to.
promote. worldwide. proprietary,. industrial,. and. commercial. standards..
The. official. languages. of. the. ISO. are. English,. French,. and. Russian.. The.
organization.adopted.the.abbreviation.ISO.based.on.the.Greek.work.isos
(meaning.equal).as.its.universal.short.form.name.of.their.organization.
The.organization.known.today.as.ISO.began.in.1926.as.the.International.
Federation.of.the.National.Standardizing.Associations.(ISA),.whose.focus.
was.mainly.on.mechanical.engineering..It.was.disbanded.in.1942.during.
World.War.II.but.was.reorganized.under.its.current.name.in.1947..ISO.is.
a.voluntary.organization.comprising.163.member.countries,.whose.mem-
bers. are. recognized. authorities. on. standards,. each. one. representing. one.
country..The.bulk.of.the.work.of.ISO.is.done.by.2,700.technical.commit-
tees,.subcommittees,.and.working.groups..Each.committee.and.subcom-
mittee.is.headed.by.a.secretariat.from.one.of.the.member.countries..ISO.is.
funded.by.a.combination.of.(1).organizations.that.manage.specific.projects.
or.loan.experts.who.participate.in.technical.work,.(2).subscriptions.from.
Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.
C
o
p
yr
ig
h
t
©
2
0
1
4
.
T
a
yl
o
r
&
F
ra
n
ci
s
G
ro
u
p
.
A
ll
ri
g
h
ts
r
e
se
rv
e
d
.
Emerging Risk Management Frameworks for Success • 169
member.bodies,.which.are.in.proportion.to.each.country’s.gross.national.
product,.and.(3).the.sale.of.the.standards’.work.products..With.that.as.our.
backdrop.regarding.the.organization,.let’s.talk.about.what.this.standards-.
setting.body.has.developed.relative.to.our.SCRM.discipline.
ISO 31000..The.purpose.of.this.standard,.introduced.in.2009,.is.to.pro-
vide.principles.and.generic.guidelines.on.risk.management..It.seeks.to.pro-
vide. a. universally. recognized. paradigm. for. practitioners. and. companies.
employing. risk. management. processes. to. replace. the. myriad. of. existing.
standards,.methodologies,.and.paradigms.that.differed.between.industries,.
subject.matters,.and.regions..The.scope.and.intent.of.this.standard.is.to.pro-
vide. generic. guidelines. for. the. design,. implementation,. and. maintenance.
of.a.risk.management.process.throughout.any.organization,.regardless.of.
industry..The.standard.is.designed.to.enable.all.strategic,.management,.and.
operational.tasks.of.an.organization,.through.projects,.functions,.and.pro-
cesses,.to.be.aligned.to.a.common.set.of.risk.management.objectives.
The.implementation.of.this.standard.is.to.be.applied.within.existing.man-
agement.systems.to.formalize.and.improve.risk.management.processes.as.
opposed.to.wholesale.substitution.of.legacy.management.practices..When.
implementing.ISO.31000,.attention.should.be.given.to.integrating.existing.
risk.management.processes.into.the.new.paradigm.addressed.in.the.stan-
dard..The.focus.should.be.centered.around.the.following:
•. Transferring.accountability.gaps.in.ERM
•. Aligning.objectives.of.the.governance.frameworks.with.ISO.31000
•. Embedding.management.system.reporting.mechanisms
•. Creating.uniform.risk.criteria.and.evaluation.metrics
Using. ISO. 31000. can. help. organizations. increase. the. likelihood. of.
achieving.their.objectives,.improve.the.identification.of.opportunities.and.
threats,. and. effectively. allocate. and. use. resources. for. risk. management..
ISO. 31000. cannot. be. used. for. certification. purposes. but. does. provide.
guidance.for.internal.or.external.audit.programs..Organizations.can.com-
pare. their. risk. management. practices. against. internationally. recognized.
benchmarks.for.effective.management.and.corporate.governance.
A.Risk.Insurance.and.Management.Society.(RIMS).survey.of.risk.pro-
fessionals.found.that.22%.of.firms.use.the.COSO.standard.as.their.ERM.
framework,. while. 23%. follow. the. international. ISO. 31000. standard..
Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.
C
o
p
yr
ig
h
t
©
2
0
1
4
.
T
a
yl
o
r
&
F
ra
n
ci
s
G
ro
u
p
.
A
ll
ri
g
h
ts
r
e
se
rv
e
d
.
170 • Supply Chain Risk Management: An Emerging Discipline
Twenty-.six.percent.of.firms.say.they.do.not.follow.a.particular.standard.
or. framework.4. A. large. percentage. is. not. sure. or. has. nothing. significant.
in.place.
ISO 73.. This. new. Risk. Management. Vocabulary. standard,. updated. in.
2009,. provides. a. wide. breadth. of. terms.. This. standards. body. has. been.
updating. the. vocabulary. recently. to. take. into. account. the. growing. need.
for. additional. terms. and. taxonomy. within. global. supply. chains.. Some.
commonly. used. risk. terms. in. this. standard. are. risk. management,. risk.
assessment,. risk. analysis,. risk,. risk. source,. risk. evaluation,. risk. criteria,.
risk. avoidance,. risk. transfer,. risk. reduction,. risk. mitigation,. risk. reten-
tion,. risk. optimization,. risk. acceptance,. risk. financing,. risk. control,. risk.
communication,.risk.perception,.stakeholder,.and.interested.party,.just.to.
name.few..Many.of.these.terms.have.been.defined.in.our.earlier.chapters.
and.will.be.discussed.in.subsequent.chapters.as.well.
Besides.the.ISO.standard,.the.new.Supply.Chain.Council.supply.chain.
risk.model,.residing.in.the.new.SCOR.11.0,.is.available..The.SCOR.com-
munity.has.performed.a.comprehensive.update.to.its.supply.chain.models,.
metrics,. and. terminologies,. including. an. updated. view. of. supply. chain.
risk.5.APICS.has.also.aggressively.developed.a.body.of.knowledge.cover-
ing.SCRM.for.members.and.customers.
ISO 28000.. This. standard. is. also. new.. It. was. developed. in. 2010. and.
is. actually. a. series. of. standards,. all. under. the. umbrella. of. 28000,. which.
broadly.covers.the.requirements.for.a.security.management.system.within.
the. supply. chain.. The. standards. inside. 28000. are. 28001,. 28002,. 28003,.
28004,. and. 28005.. You. may. not. have. stumbled. into. this. standard. as. of.
yet. because. it’s. actually. listed. under. “Ships. and. Marine. Technology”.
on. the. ISO. website.. This. is. not. surprising. to. us,. because. most. of. today’s.
global.trade.is.done.by.cargo.ships.circling.the.globe.in.a.complex.pattern..
Nonetheless,.the.ISO.28000.series.of.standards.are.applicable.to.all.modes.
of. transport,. air. cargo. included,. considering. all. the. threats. within. that.
industry.and.others..We’ll.briefly.introduce.you.to.all.the.standards.in.this.
series.and.then.profile.28002.individually.
•. 28001—Best. practices. for. implementing. supply. chain. security,.
assessments.and.plans,.and.requirements.and.guidance
•. 28002—Development.of.resilience.in.the.supply.chain
•. 28003—Requirements.for.bodies.providing.audit.and.certification.of.
supply.chain.security.management.systems
Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.
C
o
p
yr
ig
h
t
©
2
0
1
4
.
T
a
yl
o
r
&
F
ra
n
ci
s
G
ro
u
p
.
A
ll
ri
g
h
ts
r
e
se
rv
e
d
.
Emerging Risk Management Frameworks for Success • 171
•. 28004—Guidelines.for.the.implementation.of.ISO.28000
•. 28005—Electronic.Port.Clearance.(EPC).part.1.and.part.2
Published. in. September. 2010,. ISO. 28002. covers. security. management.
systems. for. the. supply. chain. and. the. development. of. resilience. in. the.
supply. chain.. Resilience. is. the. adaptive. capacity. of. an. organization. in. a.
complex.and.changing.environment..It.also.describes.the.capability.of.an.
organization.to.prevent.or.resist.being.affected.by.an.event.or.the.ability.
to. return. to. an. acceptable. level. of. performance. in. an. acceptable. period.
of. time. after. being. affected. by. an. event.. This. newly. published. standard.
attempts. to. provide. insights. into. how. an. organization. can. engage. in. a.
comprehensive. and. systematic. process. of. prevention,. protection,. pre-
paredness,.mitigation,.response,.continuity,.and.recovery.
Jan. Husdal,. an. early. and. prolific. SCRM. blogger,. has. done. follow-.up.
work. on. these. ISO. standards. and. has. provided. various. process. maps,.
which.provide.us.a.perspective.on.how.the.standards.group.is.looking.at.
both.internal.and.external.supply.chain.security.6.Figure 9.1.is.an.illustra-
tion.of.one.such.map.for.ISO.28002..Husdal.notes.that.the.process.maps.
are.similar.to.the.SCOR.model.approach.
Reassessment
of risk program
Reassessment
of supply chain
Reassessment
of risk exposure
Reassessment
of risk sources
ISO 28002:2010
Establish a Supply
Chain Risk Management
(SCRM)
Program and Apply
Resources
De�ne the Supply
Chain and Risk
Objectives
Monitor Supply Chain
Environment for Risks
Execute Risk
Treatment Programs
Quantity and Priorities
Risks-Goals
Identify Supply Chain
Risks
Reassessment of
management actions
Continuous risk
monitoring
figuRe 9.1
ISO.28002..(Source:.Husdal,.Jan,.SCRM.Blog,.2013..http://www.husdal.com/2010/11/04/
iso-28002-supply-.chain-.resilience/.)
Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.
C
o
p
yr
ig
h
t
©
2
0
1
4
.
T
a
yl
o
r
&
F
ra
n
ci
s
G
ro
u
p
.
A
ll
ri
g
h
ts
r
e
se
rv
e
d
.
172 • Supply Chain Risk Management: An Emerging Discipline
governance, Risk, and Compliance (gRC)
The.GRC.framework.has.been.around.for.some.time..Through.discovery,.
this.framework.has.been.continuously.scrutinized.and.criticized.as.some-
what.ill-.defined..However,.much.more.rigor.has.been.spent.recently.review-
ing. and. solidly. codifying. this. framework.. The. next. segment. attempts. to.
provide.some.context.on.this.subject,.which.we.feel.supports.the.founda-
tion.for.successful.SCRM..The.following.describes.the.three.basic.tenets.of.
this.framework:.governance,.risk.management,.and.compliance.
Governance.. Governance. describes. the. overall. management. approach.
through. which. senior. executives. direct. and. control. the. entire. organiza-
tion,. using. a. combination. of. management. information. and. hierarchical.
management. control. structures.. Governance. activities. ensure. that. criti-
cal. management. information. reaching. the. executive. team. is. sufficiently.
complete,. accurate,. and. timely. to. enable. appropriate. management. deci-
sion.making.and.provide.the.control.mechanism.to.ensure.that.strategies,.
directives,.and.instructions.from.management.are.carried.out.systemati-
cally.and.effectively.7.Aberdeen.Group.has.synthesized.this.definition.by.
saying.that.governance.includes.the.frameworks.and.tools,.policies,.pro-
cedures,. controls,. and. decision-.making. hierarchy. employed. to. manage.
the.business.8
Risk Management..Risk.management.is.a.set.of.processes.through.which.
management.identifies,.analyzes,.and.where.necessary.responds.appropri-
ately. to. risks. that. might. adversely. affect. realization. of. the. organization’s.
business. objectives.. The. response. to. risks. typically. depends. on. their. per-
ceived. gravity. and. involves. controlling,. avoiding,. accepting,. or. transfer-
ring.those.risks.to.a.third.party..Whereas.organizations.routinely.manage.
a.wide.range.of.risks,.commercial/.financial,.information.security,.external.
legal,.and.regulatory.compliance.risks.are.arguably.the.key.issues.in.GRC.
Compliance..Compliance.means.conforming.to.stated.requirements..At.
an.organizational.level,.it.is.achieved.through.management.processes.that.
identify.the.applicable.requirements,.defined.by.laws,.regulations,.contracts,.
polices,.etc.;.assess.the.state.of.compliance;.assess.the.risks.and.potential.
costs. of. noncompliance. against. the. projected. expenses. to. achieve. com-
pliance;. and. hence. prioritize,. fund,. and. initiate. any. corrective. actions.
deemed. necessary.. Aberdeen. Group. views. compliance. as. meeting. the.
required. or. mandated. regulations. that. are. governmental,. industry. spe-
cific,.or.internally.imposed.9
Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.
C
o
p
yr
ig
h
t
©
2
0
1
4
.
T
a
yl
o
r
&
F
ra
n
ci
s
G
ro
u
p
.
A
ll
ri
g
h
ts
r
e
se
rv
e
d
.
Emerging Risk Management Frameworks for Success • 173
With. much. more. focus. on. risk,. many. research. organizations,. such. as.
Aberdeen.Group,.AMR.(now.Gartner),.and.others.have.revisited.the.GRC.
framework..It.seems.apparent.to.some.that.executives.are.viewing.effective.
compliance.and.risk.management.as.opportunities.for.corporate.growth,.
keeping. in. mind. that. customers. and. partners. will. always. choose. to. do.
business.with.a.company.possessing.fewer.liabilities..Furthermore,.being.
aggressive. in. building. a. business. is. about. taking. risks,. so. by. having. an.
effective. risk. management. structure. in. place,. a. company. can. essentially.
be. bolder. in. addressing. new. market. opportunities.. And. finally,. compli-
ance. is. crucial. in. establishing. new. grounds. for. business,. such. as. global.
or. regional. expansion,. which. requires. companies. to. meet. a. strict. set. of.
guidelines.in. . for. the. company. to. conduct. successful. business.. The.
following.quote.sums.up.well.the.importance.of.the.GRC.framework:
The.challenges.with.risk.management.are.in.embedding.an.understanding.
of. the. risk. management. process,. ownership. of. risks. within. the. business,.
and. the. cultural. change. required. for. a. truly. risk-.aware. decision-.making.
culture. rather. than. being. seen. as. a. compliance. obligation.. To. overcome.
these. challenges. we. have. been. conducting. risk. management. training. for.
all.staff,.increasing.engagement.and.constantly.iterating.in.all.communica-
tions.that.risk.management.is.to.assist.the.business.in.achieving.objectives.
Risk and Compliance Manager
Liberty International Underwriter
A.set.of.primary.objectives.underlie.those.companies.that.are.best-.in-.class.
in.terms.of.utilizing.the.GRC.framework..These.companies:
•. Drive. the. organizational. alignment. of. executive. and. staff. agendas.
through.effective.governance
•. Understand. risks. in. terms. of. dollar-.value. impact. and. corporate.
brand.equity
•. Prioritize.organizational.initiatives.based.on.risk.type.and.risk.level.
of.severity
•. Create. additional. revenue. opportunities. by. meeting. compliance.
requirements.for.selling.into.new.markets/.regions
A.set.of.strategic.capabilities.needed.to.achieve.bottom-.line.results.from.a.
GRC.framework.include.promoting.accountability.within.the.organization.
Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.
C
o
p
yr
ig
h
t
©
2
0
1
4
.
T
a
yl
o
r
&
F
ra
n
ci
s
G
ro
u
p
.
A
ll
ri
g
h
ts
r
e
se
rv
e
d
.
174 • Supply Chain Risk Management: An Emerging Discipline
through. effective. communications,. providing. visibility. and. access. to.
dynamic.regulatory.requirements,.standardizing.work.flow.for.risk.identi-
fication.and.mitigation,.systematically.monitoring.key.risk.indicators,.and.
centralizing. risk. information. and. data.. Figure 9.2. illustrates. Aberdeen’s.
profile. of. a. best-.in-.class. GRC. framework.. Table 9.1. provides. some. new.
performance.measures.emerging.within.the.GRC.framework.
Pressures Actions Capabilities Enablers
• Increase in
regulatory
requirements
• Promote accountability
within the organization
through e ective
communication
• Provide visibility and
access to dynamic
regulatory requirements
• Standardized
work�ow for risk
identi�cation and
mitigation
• Systematic
monitoring of key
risk indicators
• Centralized
repository for risk
information & data
• Standardized
procedure to
communicate
management
direction
• Governance, risk &
compliance solutions
• Risk management tools
• Work�ow automation
• ERP, Enterprise Resource
Planning
• Safety compliance
solutions
• Environmental solutions
• Financial modeling
• IT security solutions
• Regulatory portals
• Sustainability solutions
• Supply chain
management
• EPM, Enterprise
Performance
Management
figuRe 9.2
Best-.in-.class.GRC.framework.
taBle 9.1
Governance,.Risk,.and.Compliance.Metrics
GRC Metric GRC Measurable Values
Year-.over-.year.change.in.
risk.value
Percentage.change.in.risk.value.in.the.past.2 years.(risk value.
is.defined.as.monetary.equivalent.of.the.liability)
Year-.over-.year.change.in.
compliance-.related.cost
Percentage.change.in.compliance-.related.cost.in.the.past.
2 years.(e.g.,.cost.of.delayed.production,.recalls,.stop-.
shipments,.fines,.penalties.incurred.from.non-.compliance)
New.market.revenue New-.market.revenue,.as.a.result.of.compliance,.as.a.
percentage.of.total.revenue.in.the.past.12 months
Compliance.audit.
success.rate
Percentage.of.compliance.audits.that.yielded.positive.results.
in.the.past.12 months
Governance.effectiveness Percentage.of.management.directives.executed.successfully.in.
the.past.12 months
Source:. Aberdeen.Group,.“Effective.GRC.Management:.Strategies.for.Mitigating.Risks.and.Sustaining.
Growth.in.a.Tough.Economy,”.May.2012.
Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.
C
o
p
yr
ig
h
t
©
2
0
1
4
.
T
a
yl
o
r
&
F
ra
n
ci
s
G
ro
u
p
.
A
ll
ri
g
h
ts
r
e
se
rv
e
d
.
Emerging Risk Management Frameworks for Success • 175
We.will.end.our.GRC.conversation.with.some.comments.from.a.senior.
risk.manager.at.McKesson,.the.nation’s.oldest.and.largest.health.care.ser-
vices. company.. The. senior. manager. of. IT. governance,. risk,. and. compli-
ance.at.McKesson.provides.his.view.about.the.GRC.framework.when.he.
says. that. …
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more