Glossary of Supply Chain Risk and Resiliency Terms
- Additive Manufacturing: A process of combining design software with a physical printer to making three dimensional solid objects; also called 3D printing.
- Artificial Intelligence (AI): sometimes referred to as machine intelligence, is intelligence demonstrated by machines. Artificial intelligence features machines or devices that have software that learns from experience, adjusts to new inputs, and performs human-like tasks.
- Bankruptcy Predictor: A quantitative approach that uses financial data and algorithms to predict the likelihood of supplier or customer bankruptcy.
- Big Data: extremely large data sets that may be analyzed computationally to reveal patterns, trends, and associations, especially relating to human behavior and inter- actions; usage refers to the general use of predictive analytics, user behavior analyt- ics, or certain other advanced data analytical methods that extract value from data.
- Blockchain: a shared, immutable ledger that facilitates the process of recording transactions and tracking assets in a business network. An asset can be tangible (a house, a car, cash, land) or intangible (intellectual property, patents, copyrights, branding). Virtually anything of value can be tracked and traded on a blockchain network, reducing risk and cutting costs for all involved.
- Buffer Stock: The level of extra stock that is maintained to mitigate risk due to un- certainties or events affecting either the demand or supply side of the supply chain; also called safety stock.
- Business Continuity Plan: Plan to ensure continuity of business operations in the event of a serious incident that impacts the organization.
- Business Impact Analysis: Analysis to assess the potential damage, loss or disruption that would be caused by the failure of critical business processes.
- Carrying Charge: The cost to maintain inventory across the supply chain; comprised of the cost of capital, cost of storage, and the combined cost of obsolescence, deterioration, and loss.
- Cloud-based Supply Chain Risk Assessment Tool: A risk assessment tool that allows users to gain insight into a company’s risk capabilities across an entire supply chain.
- Cluster Analysis: An analysis of the geographic concentration of entities within a supply chain to determine if any clusters present unusual risk.
- Cognitive Bias: A systematic pattern of deviation from the norm or rationality in judgment.
- Cognitive Computing: technology platforms that, broadly speaking, are based on the scientific disciplines of artificial intelligence and signal processing. These platforms encompass machine learning, reasoning, natural language processing, speech recognition and vision (object recognition), human–computer interaction, dialog, and narrative generation.
- Collaborative Planning, Forecasting, and Replenishment (CPFR): A framework that aims to enhance supply chain integration by supporting and assisting joint practices between companies within a supply chain.
- Commodity or Category Risk Plans: Risk assessment plans developed by procurement to analyze the risks associated with sourcing a commodity (such as cobalt) or categories of purchases (such a semiconductor chips)
- Concurrent Product and Process Development: An approach to product development that involves the simultaneous development of products and the physical processes required to produce them, and the simultaneous rather than sequential involvement of functional groups.
- Conflict Mineral Rules: A law that requires U.S. publicly traded companies to verify their supply chains do not rely on tin, tungsten, tantalum, and gold that originates in certain regions of Africa.
- Contracting: the process of developing a contract, which is a legally enforceable agreement between two or more parties
- Corporate Social Responsibility: A self-regulating business model that helps a company be socially accountable to itself, its stakeholders, and the public.
- Cost-to-Serve: Involves the calculation of the profitability of a customer account, based on the actual business activities and overhead costs incurred to service that customer.
- Crisis Response Teams: Formally established teams that respond quickly to a risk event or occurrence; team composition includes individuals who are familiar with a specific item, process, commodity, market, etc.
- Cyber Insurance: cyber risk insurance, also known as data breach insurance, provides protection for cyber risk and cyber related events. Data breaches and theft of personal information are simply one segment of cyber risk, there are many others.
- Cyber Security: refers to the body of technologies, processes, and practices de-signed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be referred to as information technology security.
- Cycle Time Measures: measures that identify how long a task or process is required to complete.
- Data Science: a multi-disciplinary field that uses scientific methods, processes, algorithms, and systems to extract knowledge and insights from structured and unstructured data. It’s the same concept as data mining and big data, which now leverages the most powerful hardware, the most powerful programming systems, and the most efficient algorithms to solve problems.
- Design for “X”: A technique where the term “X” represents different aspirations (i.e., objectives) development teams consider even before beginning design work.
- Design of Experiments: A quality management technique used by Six Sigma quality practitioners that features the use of controlled experiments and statistical analysis to reduce process variability.
- Delphi Method: also known as Estimate-Talk-Estimate (ETE) is a structured communication technique or method, originally developed as a systematic, interactive forecasting method which relies on a panel of experts. The technique can also be adapted for use in face-to-face meetings and is then called mini-Delphi.
- Digital Twins: a digital replica of a living or non-living physical entity; refers to a digital replica of potential and actual physical assets, processes, people, places, systems, and devices that can be used for various purposes.
- Digitization: The application of new technologies, including sensors, artificial intelligence, cloud computing, and predictive analytics that is rapidly changing the way many companies design, manufacture, distribute and service products; linking the physical and digital world; sometimes referred to as the fourth industrial revolution or Industry 4.0.
- Discrete-event Simulation: A method to model the operation of a system as a discrete sequence of events in time.
- Early Involvement: The process of involving suppliers, customers, functional groups, or other key stakeholders early in a business process or endeavour.
- Enterprise Risk Management (ERM): Integrated and coordinated approach to all the risks faced by an organization.
- Extended Value Chain: Also called the extended enterprise; it not only includes the immediate value chain but also sub-tiers of suppliers and customers and other stakeholders.
- Financial Ratio Analyses: The inputting of financial data into ratios to analyze various aspects of supplier and customer financial health and performance.
- Flexibility: The ability of an organization to be agile, adaptable, and responsive to change, particularly changes brought about by demand shifts and risk events.
- General Data Protection Regulation (GDPR): A law providing data protection and privacy that applies to all citizens within the European Union (EU) and the European Economic Area (EEA).
- Governance, Risk, and Compliance (GRC): Integrated approach to risk management and risk assurance based on three lines of defence.
- Gross Margin Return on Inventory Investment (GMROII): A metric that provides insight into total financial performance; identifies the amount of gross profit earned for each dollar invested in inventory on an annual basis.
- Hedging: Involves the simultaneous purchase and sale of contracts, often over a time frame that coincides with a purchase contract to protect gains volatility; two common types of hedging include currency and commodity.
- Insurance: Risk response for risks outside risk appetite that the organization wishes to transfer or share with another party(s).
- Internet of Things (IoT): a system of interrelated computing devices, mechanical and digital machines, objects, animals, or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. The IoT is comprised of a sensor network of billions of smart devices that connect people, systems, and other applications to collect and share data.
- ISO Risk Standards: A series of global standards developed by The International Organization for Standardization that provide risk management guidance.
- Logistics Management: The process of planning, implementing, and controlling the efficient, effective flow and storage of goods, services, and related information from the point of origin to the point of consumption for the purpose of conforming to customer requirements.
- Modern Slavery Act 2015: An Act of the Parliament of the United Kingdom to com- bat modern slavery in the supply chains of UK based companies and consolidate previous offences related to trafficking and slavery.
- Multiple Source: The use of more than one supplier or carrier for an item or service.
- Natural Language Programming: an ontology-assisted way of programming in terms of natural-language sentences, e.g. English. A structured document with con- tent, sections and subsections for explanations of sentences forms a NLP document, which is actually a computer program. Natural languages and natural-language user interfaces include Inform7, a natural programming language for making interactive fiction.
- Network Design: Includes the physical design and development of global supply chains. Design considerations include supplier locations, port and transportation routes, operations, distribution centre location, distribution routes, customer service centres.
- New Product Development Framework: A multi-step approach that guides the development of new products and services through a series of phases, steps, mile- stones, etc.
- Operations Management: The systematic design, direction, and control of process- es that transform inputs into services and products for internal, as well as external, customers.
- Predictive Analytics: the branch of advanced analytics which uses data to make predictions about unknown future events. It utilizes many techniques, including data mining, statistics, modeling, machine learning, and artificial intelligence to analyze current data to make predictions about the future.
- Probabilistic Models: Models where uncertainty is explicitly considered in the analysis; also called stochastic models.
- Process Maps/Value Stream Maps: Physical or graphical representations of organizational processes or the value streams that are designed to create customer value.
- Product Portfolio Management (PPM): A business management practice that helps managers take a holistic view of their product portfolio and assess their products’ current level(s) of success.
- Qualitative Risk Indicators: Non-quantitative “signals” or indicators in the market- place that suggest a deeper investigation of a supplier or customer is in order.
- Risk: The effect of uncertainty on objectives.
- Risk Analysis during New Product Development: The explicit consideration of supply chain risk early during the development of new products and services.
- Risk Analysis or Assessment: Means by which significant risks are evaluated and prioritized by undertaking the three stages of risk recognition, risk rating, and risk ranking.
- Risk Appetite: Amount and type of risk that an organization is willing to pursue or retain; also referred to as risk tolerance or risk propensity. Individuals or entities that attempt to minimize or even avoid risk are said to be risk averse.
- Risk Assessment: Process of evaluating or assessing the potential impact of every day and exceptional risks that could affect or disrupt supply chain operations.
- Risk Communication: The process whereby relevant risk information is identified and communicated in a form and timeframe that enables people to carry out their risk responsibilities
- Risk Compliance: Includes the internal activities taken to meet required or man- dated rules and regulations, whether they are governmental, industry-specific, or internally imposed.
- Risk Control Room: A central command center where information is collected, categorized, analyzed, prominently displayed, and widely disseminated to the right people, at right place, at the right time.
- Risk Culture: The system of values and behaviors present in an organization that shapes risk decisions of management and employees.
- Risk Event: A discrete, specific occurrence that negatively affects a decision, plan, firm, or organism; a risk that has become a reality.
- Risk Exposure: Level of risk to which the organization is actually exposed, either with regard to an individual risk or the cumulative exposure to the risks faced by the organization.
- Risk Governance: Includes the frameworks, tools, policies, procedures, controls, and decision-making hierarchy employed to manage a business from a risk management perspective.
- Risk Heat Maps: A risk map that uses color coded display of risks, such as red, yellow, or green designation to identify risk probability and severity.
- Risk Identification: The systematic approach taken by an organization to identify the risks that it faces across its supply chain and operations.
- Risk Management: Process which aims to help organizations understand, evaluate, and take action on all their risks with a view to increasing the probability of success and reducing the likelihood of failure.
- Risk Management Framework: Set of activities that support the risk management process, referred to as the risk architecture; arrangements for designing, implementing, monitoring, reviewing, and continually improving risk management.
- Risk Measures: Quantifiable indicators that assess how well an organization or business is achieving its desired supply chain risk and resiliency goals and objectives; measures or indicators whose primary focus is risk, including time-to-recovery (TtR) and value-at-risk (VaR).
- Risk Mitigation: actions taken to reduce either the likelihood of a risk occurring or to minimize the extent of its impact after occurrence.
- Risk Monitoring: Process whereby the entirety of supply chain risk is monitored with modifications made, as necessary, to risk management or business decisions.
- Risk Planning: Proactive approaches employed to identify, assess, mitigate, and manage supply chain risks in an effort to implement risk response actions.
- Risk Preparedness: The continuous cycle of planning, organizing, training, equip- ping, exercising, evaluating, and taking corrective action in an effort to ensure effective coordination of supply chain risk events.
- Risk Prevention: Steps taken to ensure an identified risk does not become a risk event.
- Risk Priority Numbering (RPN) Indexes: Quantitative models that consider multiple factors to arrive at a single risk indicator score.
- Risk Probability: An estimate of the likelihood of a risk occurring
- Risk Register: A record of the significant risks faced by an organization, the controls currently in place, additional controls that are required, and the responsibility for control activities.
- Risk Reporting: The process of creating summaries of supply chain risks and opportunities, the status of treatment actions, and an indication of trends in the incidents of supply chain risks
- Risk Resilience: The ability to recover from or adjust to misfortune or change; the ability to “bounce back” from a risk event.
- Risk Response Plan: A plan to implement actions to respond to risks, including decisions whether to tolerate, treat, transfer, or terminate (4T’s).
- Risk Severity and Probability Maps: A process by which companies identify the types of risk they may be subject to, assess the relative impact of these risks, and determine the relative probability that these risks will occur, which are then mapped on a 2x2 grid.
- Risk Taxonomy: Practice and science of naming, and classifying and defining relationships between resources, risks, goals, and business processes in the enterprise. Without a corporate wide taxonomy, every department and level would potentially speak a different risk language.
- Risk Vulnerability: Susceptible to harm or injury; usually not as quantified as risk exposure.
- Sales & Operations Planning (S&OP): A process where internal managers meet and review projections for demand, supply, and the resulting financial impact of a chosen supply chain plan.
- Single Source: The use of one supplier or carrier for an item or service as a choice.
- Sole Source: The use of one supplier for an item or service because no other viable option is available.
- Stochastic Simulation: the modeling of a system that has variables that can change stochastically (randomly), with individual probabilities. Realizations of these random variables are generated and inserted into a model of the system. Outputs of the model are recorded and then the process is repeated with a new set of random values.
- Strategy Development Portfolio Matrix: A segmentation tool that helps supply chain managers develop an appropriate strategy or approach for sourcing goods and services.
- Strategic Supply Management Framework: A cross-functional, proactive process for obtaining goods and services that features evaluating and selecting suppliers; managing suppliers; and developing and improving supplier capabilities.
- Stress Testing: A technique that tests a set of scenarios using “what-if” and statistical analysis. The primary output is a prioritization of risk scenarios based on Value- at-Risk (VaR)
- Subtle Control: An approach by management to help direct teams in ways that are not blatant or obvious.
- Supplier Audits: An objective examination and evaluation of a supplier’s performance and practices to ensure they are in conformance with ethical requirements, laws, and standards.
- Supplier Satisfaction Surveys: A formal survey used to determine the satisfaction a supplier has with a customer and to identify how that customer (i.e., the buying company) performs.
- Supply Chain: A set of three or more organizations linked directly by one or more of the upstream or downstream flows of products, services, finances, and information from a source to a customer.
- Supply Chain Disruption: An unplanned breakdown or interruption to the production or distribution nodes that comprise a supply chain.
- Supply Chain Management: Proactively managing the two-way movement and coordination (that is, the flows) of goods, services, information, and funds from raw material through end user.
- Supply Chain Mapping: The process of graphically representing the entities that comprise a supply chain, preferably beyond a firm’s tier-one suppliers and customers.
- Supply Chain Network: A network is an evolution of the basic supply chain; com- pared with a supply chain, it is a more complex structure involving a higher level of interdependence and connectivity between more organizations into a network.
- Supply Chain Operations Reference (SCOR) Model: A widely used supply chain framework for evaluating and comparing supply chain activities and their performance.
- Supply Chain Risk Management: the implementation of strategies to manage every day and exceptional risks along the supply chain through continuous risk assessment with the objective of building resilience, reducing vulnerability, and ensuring continuity.
- Supply Chain Risk and Resiliency Roadmap: A transformational framework that shows how organizations evolve or mature through various phases (education; awareness, assessment; mitigation; and management) in their risk management journey.
- Target Pricing: An approach used by product development teams to identify the price that customers are willing to pay for a product or service before design work begins.
- Telematics: a term that combines the words telecommunications and informatics to describe the integrated use of communications and information technology to transmit, store and receive information from telecommunications devices to remote objects over a network.
- Trade-offs: A compromise that involves giving up something in return for getting something else.
- Value Chain: The process or activities by which a company adds value to something, including production, marketing, and the provision of after-sales service; includes all personnel divided into primary or support activities; a broader concept than the supply chain.
- VUCA: Elements of a supply chain that have the potential to create or contribute to supply chain risk (volatility, uncertainty, complexity, ambiguity)
- 21st Century Supply Chain Risk/Maturity Model: A model that illustrates the maturing of supply chain risk and resiliency through four distinct phase - visibility, predictability, resiliency, and sustainability.