The mind-set has not changed... (or: results of the 4th survey on risk management in the logistics industry)

My colleague, Prof. Dr. Dirk Lohre of Heilbronn University, and I have been conducting empirical research in the logistics industry since 2008. Our intention has been - and still is - to monitor the status of risk management in logistics companies, to identify trends and developments, and to give recommendations to companies.

This year (2015), we have carried out the 4th survey on risk management in the logistics industry. And - to put it in a nutshell: The situation, i.e. the degree of application and also (and even more important) the mind-set of logistics service providers regarding risk management has not changed. That is the main result of this year's survey - and you could stop here, if you are not interested in any details.

If you, however, would like to get a more detailed idea of what the status of risk management in this industry is, please do carry on...

Before we look at results, let me give you some numbers on the survey: The online questionaire used for the survey was available from March to April 2015. The survey was promoted using social media channels (xing.com) and by our media partner EuroTransportMedia Verlags- und Veranstaltungs-GmbH. 73 companies have answered our survey.

Figure 1: Top 5 future risks for logistics companies

Let us look at some selected results. First, we were interested in the top risks from the perspective of logistics companies. Figure 1 above shows future risks and the percentage of companies that see those risks within their personal top 5 risks (multiple answers were possible). As in our previous studies, human resource related risks are seen as the top future risk. In our current survey, those risks are also seen as #1 of the current risks - and this is a change to previous years. The HR related risks have two basic causes: On the one hand, the current and future lack of truck drivers is obvious. On the other side, logistics processes and process chains are becoming increasingly complex, for example due to ongoing globalization and still increasing tendencies of outsourcing logistical business processes (contract logistics). To cope with those new challenges, more well-educated staff is required.

Although energy prices have decreased for some time, companies see fluctuations in energy prices as the #2 future risk. This is understandable, since energy cost are a major driver of total cost, especially for those companies with a focus on trucking.

It is interesting, that the top 5 risks differ from the top risks in the Allianz Risk Barometer (take a look at our blog entry from March 'Our number one is... Supply Chain Risks! (But beware of Cyber Crime!)': There, the top risks are business interruption and supply chain, natural catrastrophes, and fire and explosions. Cyber crime - a risk that is becoming more and more important - is not within the top 5 risks; however, 39 % of the LSP's see cyber risks as important risks.

Figure 2: Application of risk management in the logistics industry

Even if competition is becoming stronger, logistics process chains show an increased complexity, and German law requires risk management, the application of risk management in the logistics industry is on a relatively low level. As figure 2 displays, only a little bit more than half of the LSP's have a risk management in place. Looking at the development from 2008 until now, the use of risk management has not changed much over time. Instead, the percentage values are more or less constant over time. We still see a group of some 25-30 % of the companies that do not have risk management in place, and also do not plan to implement risk management soon. Thus, the need for risk management is not seen by many logistic service providers.

Figure 3: Methods used in risk management in the logistics industry

Those LSP's who have a running risk management in place, show - in average - only a medium level of maturity. Take, for example, the methods used for risk identification and assessment. As figure 3 shows, the methods most commonly used are expert and employee consultations, checklists and brainstorming. More sophisticated methods, such as FMEA, fault tree analysis, or simulation are only used by less the 3 out of 10 LSP's. Even risk maps, as an easy tool for communicating risks, are only used by 30 % of the companies. It is somehow irritating, that a risk inventory is not used by any of the companies - or that the term 'risk inventory' is maybe just unknown.

To sum it up: Comparing the results of our surveys over time, we do not see significant changes in both the application of and the maturity of risk management in the logistics industry. Both offer room for improvement. We forecast, however, an increasing pressure by customers, banks, and insurance companies on LSP's to implement a risk management system.

The full report Huth, M./Lohre, D.: Risikomanagement in der Speditions- und Logistikbranche: Bestandsaufnahme zu Verbreitung und Reifegrad, Discussion Papers in Business and Economics (17), Fulda 2015 (unfortunately only in Germna) can be downloaded here: fuldok.hs-fulda.de/opus4/frontdoor/index/index/docId/349

Huth, M./Romeike, F. (Hrsg.): Risikomanagement in der Logistik: Konzepte - Instrumente - Anwendungsbeispiele, Wiesbaden: Springer Gabler 2015

In eigener Sache - and sorry, guys, this post is in German.

Gemeinsam mit Frank Romeike, einem der führenden Köpfe im Bereich Risikomanagement, habe ich das Buch "Risikomanagement in der Logistik: Konzepte - Instrumente - Anwendungsbeispiele" herausgebracht. In 17 Kapiteln werden grundlegende, aber auch branchenbezogene Risikomanagement-Themen aufgegriffen und diskutiert, die für ein effektives Logistik-Risikomanagement relevant sind.

Das Buch ist am 19. Oktober 2015 bei Springer Gabler erschienen und bspw. hier bei Amazon erhältlich: http://www.amazon.de/gp/product/3658058951/ref=as_li_tl?ie=UTF8&camp=1638&creative=6742&creativeASIN=3658058951&linkCode=as2&tag=huthlogistikcons

Global MMOG/LE: an example how a standardized supplier evaluation can be used for assessing risks

The automotive industry is one of the most important industries for Germany (and also in many other industrial countries worldwide). For logistics and supply chain management, there arise certain requirements due to the increasing number of derivate products that lead to a further rising complexity of the global supply chain. Additional challenges exist due to changes in supply markets and due to volatile regional demand markets.

Against this background of this trend, supplier management serves as an approach to guarantee an effective supply chain. One element of supplier management is supplier evaluation, which generates information for the selection of new suppliers and for the development of current suppliers. To keep the effort for a supplier evaluation low, companies in the automotive sector developed a standardized evaluation approach. For this development, Odette International and Automotive Industry Action Group (AIAG) worked strongly together. The approach had been published as ‘Global Materials Management Operations Guideline/Logistics Evaluation’ (in short: Global MMOG/LE), and is available in various languages as a tool for Microsoft Excel.

The objectives of the Global MMOG/LE are:

• “Produce a common SCM evaluation that can be used by all business partners, both internal and external.
• Establish the components of an SCM system for suppliers of goods and services within the automotive industry […].
• Enable SCM continual improvement plans to be developed and prioritized, thus enabling time to be spent on those activities that offer the greatest benefit.
• Provide a basis for benchmarking activities and identify ‘Best Practice Criteria’ of SCM processes for driving continual improvement plans.” (AIAG, Odette: GLOBAL MMOG/LE – Introduction and Instructions, 2014.)

 The evaluation is structured into 6 chapters:

1. Strategy and improvement
2. Work organization
3. Capacity and production planning
4. Customer interface
5. Production and product control
6. Supplier interface

For the 197 questions (or better: criteria) of the Global MMOG/LE there exists some prioritization:

• F1 criteria have the lowest importance. ‘Complying with F1 criteria contributes to the organization’s long-term sustainability and/or competitiveness.’ (AIAG, Odette: GLOBAL MMOG/LE – Introduction and Instructions, 2014.)
• ‘If an F2 criterion is not met, the organization’s performance and/or customer satisfaction may be seriously affected.’ (AIAG, Odette: GLOBAL MMOG/LE – Introduction and Instructions, 2014.)
• F3 criteria focus on fundamental requirements for business processes. ‘If an F3 criterion is not met, there is a high risk of interruption and/or incurring increased costs to the organization's and/or customer's operations.’ (AIAG, Odette: GLOBAL MMOG/LE – Introduction and Instructions, 2014.)

Figure 1 – Global MMOG/LE’s assessment sheet (screenshot from the Microsoft Excel-based 'Global MMOG/LE')

Figure 1 shows a screenshot of the assessment sheet of the Global MMOG/LE tool. It indicates the importance of the criteria by different colors (white, yellow, and red). It also shows met and unmet criteria by using green and red background color.

In chapter 2, you can find a sub-chapter, that explicitely deals with ‘risk assessment and management’. However, in each chapter one can identify questions that show a link to risk and risk management. But let’s look at chapter 2 first.

Table 1 lists criteria of sub-chapter 2.5, which explicitly focuses on risk assessment and management. The importance of risk management immediately becomes by realizing that 3 out of the 7 criteria are F3 criteria – and thus are essential for a company’s performance. One of the F3 criteria evaluates the existence of a process for risk assessment, the other two F3 criteria focus on emergency plans. It is important to note, that if any F3 criteria is not met, the supplier will automatically be ranked as a C supplier (the lowest and not achievable rank).

Table 1: Risk-related criteria from sub-chapter 2.5 (source: AIAG, Odette: GLOBAL MMOG/LE, 2014)

Beside sub-chapter 2.5, there are more criteria that explicitly or implicitly focus on risk and risk management. Some of those criteria are listed in table 2. Again one can realize that most of the criteria are of F2 or F3 type.

Table 2: Selected further risk-related criteria (source: AIAG, Odette: GLOBAL MMOG/LE, 2014)

Let us sum up the findings from using the Global MMOG/LE:

• The Global MMOG/LE had been developed as an industry-wide standard for logistics evaluations. This purpose is satisfied to a high degree.
• The structure of the catalogue of criteria is not intuitively understandable. For example, if it had followed the widely used SCOR model, there had been a better structured basis for the assessment. (See, for example, the post on using SCOR for risk management in the electronic industry in a post from November 2014.)
• Risk management is covered both explicitly and implicitly. On the one hand, there is sub-chapter 2.5, which lists seven criteria (three of them F3 criteria), that explicitly cover risk management topics. On the other hand, one can identify a large number of questions in other chapters, that also deal with risk and risk assessment.
• Global MMOG/LE does not explicitly identify risks. It rather lists criteria that should lead to an effective risk management.

A big ‚thank you‘ goes to Sascha Gröbel from the VDA for supporting this short article by giving me access to the Global MMOG/LE.

A longer version of this blog entry will be published (in German) in the upcoming book by Michael Huth and Frank Romeike: Risikomanagement in der Logistik: Konzepte – Instrumente – Anwendungsbeispiele, Springer 2015.

Our number one is... Supply Chain Risks! (But beware of Cyber Crime!)

Business interruption and supply chain risks are - by far - the most important risks for managers. Cyber risks on the other side made a significant jump into the top 10 business risks. That is the bottom line of the 'Allianz Risk Barometer - Top Business Risks 2015', published in January 2015 (see press release and downloadable files here: http://www.agcs.allianz.com/about-us/news/press-riskbarometer2015/). For the study, Allianz (Allianz Global Corporate & Specialty, or in short: AGCS) asked more than 500 managers from 47 countries, with a focus on the corporate insurance sector for both large industrial and mid-sized companies. (The term mid-sized companies, however, is in some way misleading, since it does not match the categorization by the European Union. In the Allianz survey, mid-sized companies are defined by a revenue of not more than 250 million Euros.)

Figure 1: Top Business Risks 2015. Source: Allianz Global Corporate & Specialty: Allianz Risk Barometer 2015 Appendix, http://www.agcs.allianz.com/assets/PDFs/Reports/Allianz-Risk-Barometer-2015_Appendix.pdf.

As show in figure 1, almost half of the respondents mentioned business interruptions (BI) and supply chain (SC) risks as a top risk (46 % - after 43 % in 2014). More specifically, those risks are crucial for manufacturing companies; in this industry BI and SC risks had been mentioned by more than two third (68 % - after 60 % in 2014).

On one hand, this results are accompanied by an increasing awareness of such risks and their consequences for an enterprise's business. As Mark Mitchell, Regional CEO for Asia at AGCS puts it: "Companies now have a greater understanding of the need to monitor risk aggregations, not just geographically, but also in business interruption exposures." On the other hand, AGCS identified crucial discrepancies between the awareness and actual measures and systems to prevent companies from those risks. The study states: "[...] adequate [...] business continuity management remains a gap in many multinational companies' supply chain risk management programs." And: "Interdependencies between suppliers is often a big unknown. Many businesses still do not have alternate suppliers."

One of the big 'movers' (or should we say: one of the 'rising stars'?) are cyber risks. While two years ago, cyber risks were ranked 15th (with 6 % of the respondents mentioning this type of risk), the importance of cyber risks has grown steadily: In 2014, those risks were ranked 8th, listed by 12 % of the companies. In 2015, cyber risks were mentioned as a top risk by every 6th company (17 %), and were ranked 5th. Cyber risks are ranked 2nd in Germany (32 %), 3rd in the UK (30 %), and 3rd in the US (26 %). And: cyber risks are seen as no 1 risk for the next five years.

Figure 2: Top risks for which businesses are least prepared. Source: Allianz SE/Allianz Global Corporate & Specialty SE: Allianz Risk Barometer - Top Business Risks 2015, http://www.agcs.allianz.com/assets/PDFs/Reports/Allianz-Risk-Barometer-2015_EN.pdf

However, cyber risks are crucially underestimated. 73 % (that's almost 3 out of 4 companies!) of the companies say, the risk of cyber crime is underestimated. Even worse, more than half of the companies (54 %) has not even analyzed the problem! As a consequence, 29 % of the enterprises admit not to be sufficiently prepared for cyber risks, while for other risks this number is significantly smaller (see figure 2). The most feared cyber risk is data theft and manipulation (64 %), followed by loss of reputation (48 %) and increased threat of persistent hacking (44 %).

It is interesting that a shortage of skilled talents in combination with an aging workforce is not seen as a major risk. Exceptions from this observation: This risk seems to be relevant for Australia and the USA - in those two countries, talent shortage/aging workforce are ranked within the top 10 risks.

Figure 3: Top risks for the long-term future (5 to 10 years 'plus'). Source: Allianz SE/Allianz Global Corporate & Specialty SE: Allianz Risk Barometer - Top Business Risks 2015, http://www.agcs.allianz.com/assets/PDFs/Reports/Allianz-Risk-Barometer-2015_EN.pdf

In a long-term perspective, climate change is identified as the most concerning risk, directly followed by natural catastrophes (see figure 3). This is understandable, since at least the financial lossed resulting from natural catastrophes have increased dramatically over time.