The client chose MetricStream replace their manual risk assessment processes with a more efficient, automated, and integrated approach. MetricStream Supply Chain Risk Assessment Solution provides a central, Web-based framework to consolidate and map together all supply chain risk assessment data, processes, products, sites, and owners. The solution streamlines and automates the supply chain risk assessment lifecycle – ranging from pre-work and risk planning, to sourcing of risks, exposure quantification, mapping, and issue management. This systematic and integrated approach simplifies risk assessments, improves risk transparency and accountability, and strengthens risk reporting and decision-making.
Below are the key highlights of the solution:
Centralized Risk Library: The solution captures and maps together all risks, products, sites, and risk assessments in a common library. This inter-mapping between various data elements has not only improved risk transparency, but also enhanced the efficiency of risk assessments. Instead of manually identifying which risk assessment is associated with which product or site, users have all the information they need at their fingertips. As soon as they trigger a particular risk assessment, the solution pulls up all the required data at one go, including the type of assessment, and the products and sites that need to be assessed. So all that the user needs to do is go in and assess those risks.
Product and Site Categorization: Before a risk assessment, all products are categorized into three types based on various factors. Similarly, all sites in which the products are manufactured are classified into three tiers. Depending on the product type or site tier, risk assessments and schedules are prioritized.
The MetricStream solution has completely automated this process of categorizing products and sites, thereby making it easier and more efficient for the SCRM group to determine which entities and risks need to be assessed on priority. The solution also links all risks to the associated site type (e.g. internal manufacturing unit, third-party distribution center), and risk assessment type (product risk assessment, site risk assessment, or joint risk assessment). This way, when a user triggers an assessment for a particular risk, the system tells them exactly which assessment should be conducted, and in which site.
In the next phase of implementation, the solution will further automate the risk assessments. After the first assessment is conducted, the solution will have the intelligence to automatically replicate the same assessment the next time. It will determine which products or sites need to be assessed based on their respective type or tier. This way, users do not have to spend time in planning and scoping their risk assessments.
Joint Risk Assessment: In some cases, the company conducts joint risk assessments for those sites that manufacture only one product or component. Both the product and the site are assessed at the same time to optimize efficiency. The MetricStream solution provides the intelligence to identify all the risks associated with each product and site, so that both assessments can be done together at one shot.
Determination of Sources of Risk: A week before the risk assessment, the MetricStream solution provides a form for users to initiate their groundwork for the assessment. The solution then routes this data to the SCRM group to determine the sources of risk. During this stage, users assess all the risks based on their impact and likelihood, as well as the preparedness of the organization to deal with these risks. The solution automatically scores these risks, and ranks them as high, medium, or low based on inbuilt methodologies and algorithms. The risk assessor then flags those risks that need to be assessed further, and the solution automatically moves them to the next level.
Exposure Quantification: In this stage of risk assessments, high-ranked risks are analyzed in greater detail. The MetricStream solution provides a 3x9 grid to assess the risks based on impact, likelihood, and preparedness, wherein each of these parameters is further sub-divided into cost, quality and compliance, and demand. Essentially, there are nine parameters which tell the user whether a risk should be ranked as high, medium, or low. The solution automatically scores these risks, and helps flag and route the critical ones for the last level of assessments.
Risk Mitigation Plan Map: In this phase, the MetricStream solution helps create a risk mitigation plan for the critical risks, and automatically routes it to the sector leads who are responsible for the product or site which these risks are associated with. These leads are expected to implement the risk mitigation plan, and bring down the risk score. The solution helps in tracking this process by maintaining a comprehensive map detailing the risks, scores, and mitigation plans. Every quarter, it enables the risk scores to be updated, and helps determine if further efforts are required to mitigate the risks.
Issue Management: All high risks that are shortlisted in the map phase are treated as risk issues. The MetricStream solution routes each of these issues through a systematic process of investigation, analysis, and remediation. Each issue is marked with a unique ID so that it can be easily tracked as it moves from one stage to the next. Automated alerts and notifications help keep the process on track, and make sure that the responsible personnel remediate the issues within the stipulated timelines.
Reporting: The MetricStream solution provides the ability to automatically capture and roll up risk assessment data, and populate risk reports. This automated approach saves time and effort. Coupled with powerful graphical dashboards, the reports provide close to real-time information on the risk assessments conducted, critical risk areas identified, and the impact of these risks on the company’s revenue. Armed with this risk intelligence, the management team is well-positioned to make informed and proactive business decisions.
Analytics: In the next phase of implementation, the MetricStream solution will provide complete and real-time visibility into all the key risks that have been assessed, along with their impact and mitigation plans. It will also track the effectiveness of mitigation strategies based on how well the risk score is coming down. In addition, based on the risk assessments results, the solution will automatically suggest areas of improvement and preventive actions, so that the management team can decide on the best course of action in a timely manner.