Supply_Chain_Risk_Management_An_Emerging_Disciplin…_—-_Pg_185–205.pdf

164  •  Supply Chain Risk Management: An Emerging Discipline

. 5.. Fulghum,. David,. Bill. Sweetman,. and. Jill. Dimascio.. “China. Chips:. Counterfeit.
Components. Reveal. Political. Hype. and. Bureaucratic. Muddle. in. Washington.”.
Aviation Week and Space Technology,.June 4–11,.2012:.68.

. 6.. European.Banking.Board.terms.and.definitions.

. 7.. Accessed.from.http://www.pwc.com/.us/.en/.cfodirect/.publications/.dataline/2012-
10-sec-.adopts-.conflict-.minerals-.rule-.public-.and-.nonpublic-.companies-.in-.many-.
industries-.are-.affected.jhtml.

. 8.. USA. Conference. Board. &. Center. for. Responsible. Enterprise. &. Trade. Report,.
August.2012.

. 9.. Accessed.from.http://www.brainyquote.com/.quotes/.quotes/.k/karlkraus152098.html.

Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.

C
o
p
yr

ig
h
t
©

2
0
1
4
.
T

a
yl

o
r

&
F

ra
n
ci

s
G

ro
u
p
.
A

ll
ri
g
h
ts

r
e
se

rv
e
d
.

165

9
Emerging Risk Management
Frameworks for Success

Our.focus.in.this.chapter.will.be.on.emerging.frameworks.that.are.being.
leveraged. to. drive. successful. supply. chain. risk. management. (SCRM).
initiatives.. We. will. become. grounded. with. basic. definitions. and. explore.
some. of. the. new. frameworks,. standards,. and. rules. and. regulations. that.
frame.the.supply.chain.risk.management.landscape..We’ll.then.profile.the.
frameworks.from.several.research.organizations’.perspectives.and.present.
several. leading. companies. who. are. utilizing. these. frameworks. to. imple-
ment. risk. initiatives. within. their. organizations.. We’ll. conclude. by. high-
lighting.several.benefits.to.be.derived.from.utilizing.these.frameworks.

What iS a fRaMeWORk?

A.framework.is.a.skeletal,.openwork,.or.structural.frame..This.term.also.
describes.a.frame.of.reference,.which.includes.an.arbitrary.set.of.axes.with.
reference. to. which. the. position. or. motion. of. something. is. described. or.
physical.laws.are.formulated.1.One.professional.organization.profiles.the.
term.framework.in.several.perspectives..One.perspective.provides.a.con-
cept. revolving. around. organizational. design. by. viewing. a. framework. as.
an. organizational. structure. to. support. the. strategic. business. plans. and.
goals.of.an.enterprise.(e.g.,.for-.profit.and.not-.for-.profit.companies)..Given.
the. mission. and. business. strategy,. the. organizational. structure. design.
provides. the. framework. within. which. operational. and. management.
activities. will. be. performed.. A. second. perspective. revolves. around. the.
operating. environment. and. views. a. framework. as. the. global,. domestic,.

Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.

C
o
p
yr

ig
h
t
©

2
0
1
4
.
T

a
yl

o
r

&
F

ra
n
ci

s
G

ro
u
p
.
A

ll
ri
g
h
ts

r
e
se

rv
e
d
.

166  •  Supply Chain Risk Management: An Emerging Discipline

environmental,. and. stakeholder. influences. that. affect. the. key. competi-
tive. factors,. customer. needs,. culture,. and. philosophy. of. each. individual.
company.. This. environment. becomes. the. framework. in. which. business.
strategy.is.developed.and.implemented.2

fRaMeWORkS SuppORting the neW Supply
Chain RiSk ManageMent diSCipline

Whether. you. are. in. operations,. finance,. distribution,. banking,. or. aca-
demia,.several.frameworks.are.critical.for.supply.chain.risk.management..
Recall.that.Chapter 1.defined.SCRM,.which.is.expanded.here.to.refer.to.
the.implementation.of.strategies.to.manage.everyday.and.exceptional.risks.
within. the. supply. chain. through. continuous. risk. identification,. assess-
ment,.mitigation,.and.management.with.the.objective.of.reducing.vulner-
ability.and.ensuring.sustainability..We.view.SCRM.as.the.intersection.of.
supply.chain.management.and.risk.management..Let’s.discuss.several.of.
the.critical.frameworks.

enterprise Risk Management (eRM) framework

As.mentioned.in.Chapter 1,.the.general.ERM.framework.has.been.around.
for. many. years,. emanating. from. the. finance. and. classical. risk. insurance.
disciplines..We’ll.take.a.high-.level.view.at.ERM.first,.and.then.dig.deeper.
with. profiles. from. CAS,. the. Casualty. Actuarial. Society.. Recall. that.
Chapter 1.provided.one.perspective.of.ERM..A.second.perspective.is.from.
CAS,.which.has.defined.ERM.as.the.discipline.by.which.an.organization.
in. any. industry. assesses,. controls,. exploits,. finances,. and. monitors. risks.
from. all. sources. for. the. purpose. of. increasing. the. organization’s. short-.
and.long-.term.value.to.its.shareholders.

ERM. can. also. be. described. as. a. risk-.based. approach. to. managing. an.
enterprise,. integrating. concepts. of. strategic. planning,. operations. man-
agement,.and.internal.control..ERM.is.still.evolving.to.address.the.needs.
of. various. stakeholders. who. want. to. understand. the. broad. spectrum. of.
risks.facing.complex.organizations.and.their.supply.chains.to.ensure.they.
are.appropriately.managed..Government.regulators.and.debt-.rating.agen-
cies. have. increased. their. scrutiny. of. the. risk. management. processes. of.
many.companies.

Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.

C
o
p
yr

ig
h
t
©

2
0
1
4
.
T

a
yl

o
r

&
F

ra
n
ci

s
G

ro
u
p
.
A

ll
ri
g
h
ts

r
e
se

rv
e
d
.

Emerging Risk Management Frameworks for Success  •  167

COSO eRM framework

An. important. perspective. about. risk. is. put. forth. by. the. Committee. of.
Sponsoring.Organizations.of.the.Treadway.Commission.(COSO),.a.well-.
known. group. formed. to. help. businesses. develop. their. internal. control.
systems..Thousands.of.organizations.have.incorporated.COSO’s.Internal.
Control.Integrated.Framework.to.help.manage.their.activities..In.2001,.in.
response.to.a.heightened.awareness.of.global.risk,.COSO.partnered.with.
PriceWaterhouseCoopers.to.develop.a.framework.that.would.enable.orga-
nizations. to. evaluate. and. improve. enterprise. risk. management.. COSO.
defines.ERM.as.follows:

A.process,.effected.by.an.entity’s.board.of.directors,.management.and.other.
personnel,.applied.in.a.strategy.setting.and.across.the.enterprise,.designed.
to.identify.potential.events.that.may.affect.the.entity,.and.manage.risk.to.
be.within.its. risk.appetite,.to. provide. reasonable. assurance. regarding.the.
achievement.of.entity.objectives.3

Eight. interrelated. components. comprise. COSO’s. ERM. framework..
These.components.are.derived.from.the.way.management.runs.an.enter-
prise.and.are.integrated.within.the.management.process..These.eight.com-
ponents,.which.are.also.relevant.to.our.discussion.of.SCRM,.comprise.a.
fully.developed.ERM.system:

•. Internal Environment..The.internal.environment.sets.an.organiza-
tion’s.tone,.including.how.risk.is.viewed.and.addressed.by.an.orga-
nization’s. people,. including. its. risk. management. philosophy,. risk.
appetite,.integrity,.and.ethical.values.

•. Objective Setting.. Enterprise. risk. management. ensures. that.
management. has. a. process. to. set. objectives. and. that. the. chosen.
objectives.support.the.entity’s.mission.and.are.consistent.with.its.
risk.appetite.

•. Event Identification.. Internal. and. external. events. affecting. the.
achievement.of.objectives.must.be.identified,.distinguishing.between.
risks.and.opportunities..Opportunities.are.channeled.back.to.man-
agement’s.strategy.or.objective-.setting.processes.

•. Risk Assessment..Risks.are.analyzed.in.terms.of.their.likelihood.and.
impact..This.is.used.as.a.basis.for.determining.how.to.manage.risks.

•. Risk Response..Management.selects.various.risk.responses,.includ-
ing.avoiding,.accepting,.reducing,.preventing,.or.sharing.risk..A.set.

Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.

C
o
p
yr

ig
h
t
©

2
0
1
4
.
T

a
yl

o
r

&
F

ra
n
ci

s
G

ro
u
p
.
A

ll
ri
g
h
ts

r
e
se

rv
e
d
.

168  •  Supply Chain Risk Management: An Emerging Discipline

of.actions.are.developed.that.align.risks.with.the.entity’s.risk.toler-
ances.and.risk.appetite.

•. Control Activities.. Policies. and. procedures. are. established. to. help.
ensure.risk.responses.are.carried.out.

•. Information and Communication..Relevant.information.is.identi-
fied.and.communicated.in.a.form.and.time.frame.that.enable.people.
to. carry. out. their. responsibilities.. Effective. communication. flows.
down,.across,.and.up.the.organization.

•. Monitoring.. The. entirety. of. enterprise. risk. management. is. moni-
tored.and.modifications.are.made.as.necessary..Enterprise.risk.man-
agement.monitoring.is.accomplished.through.ongoing.management.
activities,.separate.evaluations,.or.both..Management.makes.modifi-
cations.to.the.ERM.plan.as.required.

iSO Standards

Most.of.us.probably.know.something.about.the.International.Organization.
for.Standardization.(ISO).standard.organization,.but.for.those.of.you.who.
are.not.familiar.with.this.standards.body,.we’ll.start.with.some.basic.foun-
dational. elements. of. this. worldwide. organization.. Founded. in. 1947. in.
Geneva,.Switzerland,.ISO.is.an.international.standard-.setting.body.com-
posed.of.representatives.from.various.national.standards.organizations.to.
promote. worldwide. proprietary,. industrial,. and. commercial. standards..
The. official. languages. of. the. ISO. are. English,. French,. and. Russian.. The.
organization.adopted.the.abbreviation.ISO.based.on.the.Greek.work.isos
(meaning.equal).as.its.universal.short.form.name.of.their.organization.

The.organization.known.today.as.ISO.began.in.1926.as.the.International.
Federation.of.the.National.Standardizing.Associations.(ISA),.whose.focus.
was.mainly.on.mechanical.engineering..It.was.disbanded.in.1942.during.
World.War.II.but.was.reorganized.under.its.current.name.in.1947..ISO.is.
a.voluntary.organization.comprising.163.member.countries,.whose.mem-
bers. are. recognized. authorities. on. standards,. each. one. representing. one.
country..The.bulk.of.the.work.of.ISO.is.done.by.2,700.technical.commit-
tees,.subcommittees,.and.working.groups..Each.committee.and.subcom-
mittee.is.headed.by.a.secretariat.from.one.of.the.member.countries..ISO.is.
funded.by.a.combination.of.(1).organizations.that.manage.specific.projects.
or.loan.experts.who.participate.in.technical.work,.(2).subscriptions.from.

Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.

C
o
p
yr

ig
h
t
©

2
0
1
4
.
T

a
yl

o
r

&
F

ra
n
ci

s
G

ro
u
p
.
A

ll
ri
g
h
ts

r
e
se

rv
e
d
.

Emerging Risk Management Frameworks for Success  •  169

member.bodies,.which.are.in.proportion.to.each.country’s.gross.national.
product,.and.(3).the.sale.of.the.standards’.work.products..With.that.as.our.
backdrop.regarding.the.organization,.let’s.talk.about.what.this.standards-.
setting.body.has.developed.relative.to.our.SCRM.discipline.

ISO 31000..The.purpose.of.this.standard,.introduced.in.2009,.is.to.pro-
vide.principles.and.generic.guidelines.on.risk.management..It.seeks.to.pro-
vide. a. universally. recognized. paradigm. for. practitioners. and. companies.
employing. risk. management. processes. to. replace. the. myriad. of. existing.
standards,.methodologies,.and.paradigms.that.differed.between.industries,.
subject.matters,.and.regions..The.scope.and.intent.of.this.standard.is.to.pro-
vide. generic. guidelines. for. the. design,. implementation,. and. maintenance.
of.a.risk.management.process.throughout.any.organization,.regardless.of.
industry..The.standard.is.designed.to.enable.all.strategic,.management,.and.
operational.tasks.of.an.organization,.through.projects,.functions,.and.pro-
cesses,.to.be.aligned.to.a.common.set.of.risk.management.objectives.

The.implementation.of.this.standard.is.to.be.applied.within.existing.man-
agement.systems.to.formalize.and.improve.risk.management.processes.as.
opposed.to.wholesale.substitution.of.legacy.management.practices..When.
implementing.ISO.31000,.attention.should.be.given.to.integrating.existing.
risk.management.processes.into.the.new.paradigm.addressed.in.the.stan-
dard..The.focus.should.be.centered.around.the.following:

•. Transferring.accountability.gaps.in.ERM
•. Aligning.objectives.of.the.governance.frameworks.with.ISO.31000
•. Embedding.management.system.reporting.mechanisms
•. Creating.uniform.risk.criteria.and.evaluation.metrics

Using. ISO. 31000. can. help. organizations. increase. the. likelihood. of.
achieving.their.objectives,.improve.the.identification.of.opportunities.and.
threats,. and. effectively. allocate. and. use. resources. for. risk. management..
ISO. 31000. cannot. be. used. for. certification. purposes. but. does. provide.
guidance.for.internal.or.external.audit.programs..Organizations.can.com-
pare. their. risk. management. practices. against. internationally. recognized.
benchmarks.for.effective.management.and.corporate.governance.

A.Risk.Insurance.and.Management.Society.(RIMS).survey.of.risk.pro-
fessionals.found.that.22%.of.firms.use.the.COSO.standard.as.their.ERM.
framework,. while. 23%. follow. the. international. ISO. 31000. standard..

Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.

C
o
p
yr

ig
h
t
©

2
0
1
4
.
T

a
yl

o
r

&
F

ra
n
ci

s
G

ro
u
p
.
A

ll
ri
g
h
ts

r
e
se

rv
e
d
.

170  •  Supply Chain Risk Management: An Emerging Discipline

Twenty-.six.percent.of.firms.say.they.do.not.follow.a.particular.standard.
or. framework.4. A. large. percentage. is. not. sure. or. has. nothing. significant.
in.place.

ISO 73.. This. new. Risk. Management. Vocabulary. standard,. updated. in.
2009,. provides. a. wide. breadth. of. terms.. This. standards. body. has. been.
updating. the. vocabulary. recently. to. take. into. account. the. growing. need.
for. additional. terms. and. taxonomy. within. global. supply. chains.. Some.
commonly. used. risk. terms. in. this. standard. are. risk. management,. risk.
assessment,. risk. analysis,. risk,. risk. source,. risk. evaluation,. risk. criteria,.
risk. avoidance,. risk. transfer,. risk. reduction,. risk. mitigation,. risk. reten-
tion,. risk. optimization,. risk. acceptance,. risk. financing,. risk. control,. risk.
communication,.risk.perception,.stakeholder,.and.interested.party,.just.to.
name.few..Many.of.these.terms.have.been.defined.in.our.earlier.chapters.
and.will.be.discussed.in.subsequent.chapters.as.well.

Besides.the.ISO.standard,.the.new.Supply.Chain.Council.supply.chain.
risk.model,.residing.in.the.new.SCOR.11.0,.is.available..The.SCOR.com-
munity.has.performed.a.comprehensive.update.to.its.supply.chain.models,.
metrics,. and. terminologies,. including. an. updated. view. of. supply. chain.
risk.5.APICS.has.also.aggressively.developed.a.body.of.knowledge.cover-
ing.SCRM.for.members.and.customers.

ISO 28000.. This. standard. is. also. new.. It. was. developed. in. 2010. and.
is. actually. a. series. of. standards,. all. under. the. umbrella. of. 28000,. which.
broadly.covers.the.requirements.for.a.security.management.system.within.
the. supply. chain.. The. standards. inside. 28000. are. 28001,. 28002,. 28003,.
28004,. and. 28005.. You. may. not. have. stumbled. into. this. standard. as. of.
yet. because. it’s. actually. listed. under. “Ships. and. Marine. Technology”.
on. the. ISO. website.. This. is. not. surprising. to. us,. because. most. of. today’s.
global.trade.is.done.by.cargo.ships.circling.the.globe.in.a.complex.pattern..
Nonetheless,.the.ISO.28000.series.of.standards.are.applicable.to.all.modes.
of. transport,. air. cargo. included,. considering. all. the. threats. within. that.
industry.and.others..We’ll.briefly.introduce.you.to.all.the.standards.in.this.
series.and.then.profile.28002.individually.

•. 28001—Best. practices. for. implementing. supply. chain. security,.
assessments.and.plans,.and.requirements.and.guidance

•. 28002—Development.of.resilience.in.the.supply.chain
•. 28003—Requirements.for.bodies.providing.audit.and.certification.of.

supply.chain.security.management.systems

Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.

C
o
p
yr

ig
h
t
©

2
0
1
4
.
T

a
yl

o
r

&
F

ra
n
ci

s
G

ro
u
p
.
A

ll
ri
g
h
ts

r
e
se

rv
e
d
.

Emerging Risk Management Frameworks for Success  •  171

•. 28004—Guidelines.for.the.implementation.of.ISO.28000
•. 28005—Electronic.Port.Clearance.(EPC).part.1.and.part.2

Published. in. September. 2010,. ISO. 28002. covers. security. management.
systems. for. the. supply. chain. and. the. development. of. resilience. in. the.
supply. chain.. Resilience. is. the. adaptive. capacity. of. an. organization. in. a.
complex.and.changing.environment..It.also.describes.the.capability.of.an.
organization.to.prevent.or.resist.being.affected.by.an.event.or.the.ability.
to. return. to. an. acceptable. level. of. performance. in. an. acceptable. period.
of. time. after. being. affected. by. an. event.. This. newly. published. standard.
attempts. to. provide. insights. into. how. an. organization. can. engage. in. a.
comprehensive. and. systematic. process. of. prevention,. protection,. pre-
paredness,.mitigation,.response,.continuity,.and.recovery.

Jan. Husdal,. an. early. and. prolific. SCRM. blogger,. has. done. follow-.up.
work. on. these. ISO. standards. and. has. provided. various. process. maps,.
which.provide.us.a.perspective.on.how.the.standards.group.is.looking.at.
both.internal.and.external.supply.chain.security.6.Figure 9.1.is.an.illustra-
tion.of.one.such.map.for.ISO.28002..Husdal.notes.that.the.process.maps.
are.similar.to.the.SCOR.model.approach.

Reassessment
of risk program

Reassessment
of supply chain

Reassessment
of risk exposure

Reassessment
of risk sources

ISO 28002:2010

Establish a Supply
Chain Risk Management
(SCRM)
Program and Apply
Resources

De�ne the Supply
Chain and Risk
Objectives

Monitor Supply Chain
Environment for Risks

Execute Risk
Treatment Programs

Quantity and Priorities
Risks-Goals

Identify Supply Chain
Risks

Reassessment of
management actions

Continuous risk
monitoring

figuRe 9.1
ISO.28002..(Source:.Husdal,.Jan,.SCRM.Blog,.2013..http://www.husdal.com/2010/11/04/
iso-28002-supply-.chain-.resilience/.)

Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.

C
o
p
yr

ig
h
t
©

2
0
1
4
.
T

a
yl

o
r

&
F

ra
n
ci

s
G

ro
u
p
.
A

ll
ri
g
h
ts

r
e
se

rv
e
d
.

172  •  Supply Chain Risk Management: An Emerging Discipline

governance, Risk, and Compliance (gRC)

The.GRC.framework.has.been.around.for.some.time..Through.discovery,.
this.framework.has.been.continuously.scrutinized.and.criticized.as.some-
what.ill-.defined..However,.much.more.rigor.has.been.spent.recently.review-
ing. and. solidly. codifying. this. framework.. The. next. segment. attempts. to.
provide.some.context.on.this.subject,.which.we.feel.supports.the.founda-
tion.for.successful.SCRM..The.following.describes.the.three.basic.tenets.of.
this.framework:.governance,.risk.management,.and.compliance.

Governance.. Governance. describes. the. overall. management. approach.
through. which. senior. executives. direct. and. control. the. entire. organiza-
tion,. using. a. combination. of. management. information. and. hierarchical.
management. control. structures.. Governance. activities. ensure. that. criti-
cal. management. information. reaching. the. executive. team. is. sufficiently.
complete,. accurate,. and. timely. to. enable. appropriate. management. deci-
sion.making.and.provide.the.control.mechanism.to.ensure.that.strategies,.
directives,.and.instructions.from.management.are.carried.out.systemati-
cally.and.effectively.7.Aberdeen.Group.has.synthesized.this.definition.by.
saying.that.governance.includes.the.frameworks.and.tools,.policies,.pro-
cedures,. controls,. and. decision-.making. hierarchy. employed. to. manage.
the.business.8

Risk Management..Risk.management.is.a.set.of.processes.through.which.
management.identifies,.analyzes,.and.where.necessary.responds.appropri-
ately. to. risks. that. might. adversely. affect. realization. of. the. organization’s.
business. objectives.. The. response. to. risks. typically. depends. on. their. per-
ceived. gravity. and. involves. controlling,. avoiding,. accepting,. or. transfer-
ring.those.risks.to.a.third.party..Whereas.organizations.routinely.manage.
a.wide.range.of.risks,.commercial/.financial,.information.security,.external.
legal,.and.regulatory.compliance.risks.are.arguably.the.key.issues.in.GRC.

Compliance..Compliance.means.conforming.to.stated.requirements..At.
an.organizational.level,.it.is.achieved.through.management.processes.that.
identify.the.applicable.requirements,.defined.by.laws,.regulations,.contracts,.
polices,.etc.;.assess.the.state.of.compliance;.assess.the.risks.and.potential.
costs. of. noncompliance. against. the. projected. expenses. to. achieve. com-
pliance;. and. hence. prioritize,. fund,. and. initiate. any. corrective. actions.
deemed. necessary.. Aberdeen. Group. views. compliance. as. meeting. the.
required. or. mandated. regulations. that. are. governmental,. industry. spe-
cific,.or.internally.imposed.9

Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.

C
o
p
yr

ig
h
t
©

2
0
1
4
.
T

a
yl

o
r

&
F

ra
n
ci

s
G

ro
u
p
.
A

ll
ri
g
h
ts

r
e
se

rv
e
d
.

Emerging Risk Management Frameworks for Success  •  173

With. much. more. focus. on. risk,. many. research. organizations,. such. as.
Aberdeen.Group,.AMR.(now.Gartner),.and.others.have.revisited.the.GRC.
framework..It.seems.apparent.to.some.that.executives.are.viewing.effective.
compliance.and.risk.management.as.opportunities.for.corporate.growth,.
keeping. in. mind. that. customers. and. partners. will. always. choose. to. do.
business.with.a.company.possessing.fewer.liabilities..Furthermore,.being.
aggressive. in. building. a. business. is. about. taking. risks,. so. by. having. an.
effective. risk. management. structure. in. place,. a. company. can. essentially.
be. bolder. in. addressing. new. market. opportunities.. And. finally,. compli-
ance. is. crucial. in. establishing. new. grounds. for. business,. such. as. global.
or. regional. expansion,. which. requires. companies. to. meet. a. strict. set. of.
guidelines.in. . for. the. company. to. conduct. successful. business.. The.
following.quote.sums.up.well.the.importance.of.the.GRC.framework:

The.challenges.with.risk.management.are.in.embedding.an.understanding.
of. the. risk. management. process,. ownership. of. risks. within. the. business,.
and. the. cultural. change. required. for. a. truly. risk-.aware. decision-.making.
culture. rather. than. being. seen. as. a. compliance. obligation.. To. overcome.
these. challenges. we. have. been. conducting. risk. management. training. for.
all.staff,.increasing.engagement.and.constantly.iterating.in.all.communica-
tions.that.risk.management.is.to.assist.the.business.in.achieving.objectives.

Risk and Compliance Manager
Liberty International Underwriter

A.set.of.primary.objectives.underlie.those.companies.that.are.best-.in-.class.
in.terms.of.utilizing.the.GRC.framework..These.companies:

•. Drive. the. organizational. alignment. of. executive. and. staff. agendas.
through.effective.governance

•. Understand. risks. in. terms. of. dollar-.value. impact. and. corporate.
brand.equity

•. Prioritize.organizational.initiatives.based.on.risk.type.and.risk.level.
of.severity

•. Create. additional. revenue. opportunities. by. meeting. compliance.
requirements.for.selling.into.new.markets/.regions

A.set.of.strategic.capabilities.needed.to.achieve.bottom-.line.results.from.a.
GRC.framework.include.promoting.accountability.within.the.organization.

Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.

C
o
p
yr

ig
h
t
©

2
0
1
4
.
T

a
yl

o
r

&
F

ra
n
ci

s
G

ro
u
p
.
A

ll
ri
g
h
ts

r
e
se

rv
e
d
.

174  •  Supply Chain Risk Management: An Emerging Discipline

through. effective. communications,. providing. visibility. and. access. to.
dynamic.regulatory.requirements,.standardizing.work.flow.for.risk.identi-
fication.and.mitigation,.systematically.monitoring.key.risk.indicators,.and.
centralizing. risk. information. and. data.. Figure  9.2. illustrates. Aberdeen’s.
profile. of. a. best-.in-.class. GRC. framework.. Table  9.1. provides. some. new.
performance.measures.emerging.within.the.GRC.framework.

Pressures Actions Capabilities Enablers
• Increase in

regulatory
requirements

• Promote accountability
within the organization
through e ective
communication

• Provide visibility and
access to dynamic
regulatory requirements

• Standardized
work�ow for risk
identi�cation and
mitigation

• Systematic
monitoring of key
risk indicators

• Centralized
repository for risk
information & data

• Standardized
procedure to
communicate
management
direction

• Governance, risk &
compliance solutions

• Risk management tools
• Work�ow automation
• ERP, Enterprise Resource

Planning
• Safety compliance

solutions
• Environmental solutions
• Financial modeling
• IT security solutions
• Regulatory portals
• Sustainability solutions
• Supply chain

management
• EPM, Enterprise

Performance
Management

figuRe 9.2
Best-.in-.class.GRC.framework.

taBle 9.1

Governance,.Risk,.and.Compliance.Metrics

GRC Metric GRC Measurable Values

Year-.over-.year.change.in.
risk.value

Percentage.change.in.risk.value.in.the.past.2 years.(risk value.
is.defined.as.monetary.equivalent.of.the.liability)

Year-.over-.year.change.in.
compliance-.related.cost

Percentage.change.in.compliance-.related.cost.in.the.past.
2 years.(e.g.,.cost.of.delayed.production,.recalls,.stop-.
shipments,.fines,.penalties.incurred.from.non-.compliance)

New.market.revenue New-.market.revenue,.as.a.result.of.compliance,.as.a.
percentage.of.total.revenue.in.the.past.12 months

Compliance.audit.
success.rate

Percentage.of.compliance.audits.that.yielded.positive.results.
in.the.past.12 months

Governance.effectiveness Percentage.of.management.directives.executed.successfully.in.
the.past.12 months

Source:. Aberdeen.Group,.“Effective.GRC.Management:.Strategies.for.Mitigating.Risks.and.Sustaining.
Growth.in.a.Tough.Economy,”.May.2012.

Schlegel, Gregory L., and Robert J. Trent. Supply Chain Risk Management : An Emerging Discipline, Taylor & Francis Group, 2014.
ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1680353.
Created from apus on 2021-06-27 06:19:38.

C
o
p
yr

ig
h
t
©

2
0
1
4
.
T

a
yl

o
r

&
F

ra
n
ci

s
G

ro
u
p
.
A

ll
ri
g
h
ts

r
e
se

rv
e
d
.

Emerging Risk Management Frameworks for Success  •  175

We.will.end.our.GRC.conversation.with.some.comments.from.a.senior.
risk.manager.at.McKesson,.the.nation’s.oldest.and.largest.health.care.ser-
vices. company.. The. senior. manager. of. IT. governance,. risk,. and. compli-
ance.at.McKesson.provides.his.view.about.the.GRC.framework.when.he.
says. that. …