Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
risk_catalog:model_tab [2014/03/27 11:46] tina.cvahte@fl.uni-mb.si |
risk_catalog:model_tab [2016/01/19 14:15] (current) tina.cvahte@fl.uni-mb.si |
||
|---|---|---|---|
| Line 4: | Line 4: | ||
| * [[risk_catalog:model_tab|Model]] | * [[risk_catalog:model_tab|Model]] | ||
| * [[risk_catalog:about_tab|About]] | * [[risk_catalog:about_tab|About]] | ||
| + | * [[risk_catalog:application_tab|Application]] | ||
| </WRAP> | </WRAP> | ||
| Line 19: | Line 20: | ||
| **Risk evaluation** as the final step of risk assessment as defined in ISO 31000 is the process of deciding about which risks need treatment and the priority for treatment implementation. This step can not be generalized and is therefore not in the scope of this risk catalog, but is entirely dependant on specific organizations. | **Risk evaluation** as the final step of risk assessment as defined in ISO 31000 is the process of deciding about which risks need treatment and the priority for treatment implementation. This step can not be generalized and is therefore not in the scope of this risk catalog, but is entirely dependant on specific organizations. | ||
| + | |||
| + | |||
| ====Risk catalog==== | ====Risk catalog==== | ||
| Line 24: | Line 27: | ||
| With our model we developed a tool for companies that are prepared to combine internal and external knowledge for identifying and defining risks. | With our model we developed a tool for companies that are prepared to combine internal and external knowledge for identifying and defining risks. | ||
| - | The Risk catalog that represents the final product of this process, can be a permanent and valuable tool for a company's and supply chain's risk management processes. The catalogue has to be examined and complemented on a regular basis to ensure actuality. It provides a base for risk management processes throughout the chain. | + | The Risk catalog that represents the final product of this process, can be a permanent and valuable tool for a company's and supply chain's risk management processes. The catalog has to be examined and complemented on a regular basis to ensure actuality. It provides a base for risk management processes throughout the chain. |
| + | |||
| + | The current catalog with its identified risks is accessible [[risk_catalog:data_tab|here]]. | ||
| - | Link to [[risk_catalog:data_tab]] | ||
| ====Dimensions of risk definition==== | ====Dimensions of risk definition==== | ||
| - | ==List of groups by ISO 28000== | ||
| - | This model is structured so that it complements an international standard on security in supply chains, ISO 28000. In this standard, several fields from where risks to a company or a supply chain can originate are defined. Each identified risk is placed in one of these groups. You can find the description of a certain code and all connected risks if you click on a code. | ||
| - | ==List of affected publics== | + | ===List of groups by ISO 28000=== |
| - | When defining risks and their influences, we can take a different approach as that of most today's literature on the subject. If we assume that only people can perceive themselves and inanimate things cannot, we can also assert that finally, a certain risk can only influence people, who are susceptible to perceptions. According to this theory we segment all people, involved in a supply chain and its surroundings, to different publics, that is different groups of people with same interests or functions. When defining risks in our model, we say that one dimension of risk identification is exactly that – defining, which publics are affected by a certain risk. The publics, defined in our model so far, are shown below. You can find the description of a certain code and all connected risks if you click on a code. | + | |
| + | This model is structured so that it complements an international standard on security in supply chains, ISO 28000. In this standard, several fields from where risks to a company or a supply chain can originate are defined. Each identified risk is placed in one of these groups. | ||
| + | |||
| + | |||
| + | ^Code^Description| | ||
| + | |PHY|Physical failure threats and risks, such as functional failure, incidental damage, malicious damage or terrorist or criminal action.| | ||
| + | |OPT|Operational threats and risks, including the control of the security, human factors and other activities which affect the organizations performance, condition or safety.| | ||
| + | |NAT|Natural environmental events (storm, floods, etc.), which may render security measures and equipment ineffective.| | ||
| + | |OUT|Factors outside of the organization’s control, such as failures in externally supplied equipment and services.| | ||
| + | |STK|Stakeholder threats and risks such as failure to meet regulatory requirements or damage to reputation or brand.| | ||
| + | |SEC|Design and installation of security equipment including replacement, maintenance, etc..| | ||
| + | |IDC|Information and data management and communications.| | ||
| + | |CON|A threat to continuity of operations.| | ||
| + | |||
| + | |||
| + | ===List of affected publics=== | ||
| + | |||
| + | When defining risks and their influences, we can take a different approach as that of most today's literature on the subject. If we assume that only people can perceive themselves and inanimate things cannot, we can also assert that finally, a certain risk can only influence people, who are susceptible to perceptions. According to this theory we segment all people, involved in a supply chain and its surroundings, to different publics, that is different groups of people with same interests or functions. When defining risks in our model, we say that one dimension of risk identification is exactly that – defining, which publics are affected by a certain risk. The publics, defined in our model so far, are shown below. | ||
| + | |||
| + | |||
| + | ^Code^Description| | ||
| + | |IMP|Infrastructure maintenance personnel| | ||
| + | |EMP|Equipment maintenance personnel| | ||
| + | |DRV|Drivers| | ||
| + | |FIS|Financial sector| | ||
| + | |PLN|Planning sector| | ||
| + | |ITP|IT personnel| | ||
| + | |MNG|Management| | ||
| + | |INP|Internal public| | ||
| + | |OPE|Operational sector employees| | ||
| + | |BUY|Buyers| | ||
| + | |OWN|Owners| | ||
| + | |CCU|Company customers| | ||
| + | |ALL|Everybody affiliated with the company| | ||
| + | |||
| + | |||
| + | ===List of affected logistics resources=== | ||
| + | |||
| + | As we identify risks we need to be aware that there are four main resources of logistics operations in supply chains: the flow of goods or services, information, logistics infrastructure and suprastructure and people. Any risk, occurring in a supply chain, can have an effect only on one or more of these resources. If we wish to effectively manage risks, we need to be aware of logistics resources that a specific risk possibly affects. That is why this dimension of defining risk in our model is to ascertain which resources of logistics can be affected by an identified risk. | ||
| + | |||
| + | |||
| + | ^Code^Description| | ||
| + | |FLW|Flow of goods or services| | ||
| + | |INT|Information| | ||
| + | |ISL|Logistics infrastructure and suprastructure| | ||
| + | |PPL|People| | ||
| + | |ALS|All logistics sources| | ||
| + | |||
| + | |||
| + | ===Supply chain risk origin=== | ||
| + | A supply chain is a complex system of several organizations that work together in a specific environment. Based on the extent of possible risk origins regarding the supply chain, we can define risks according to this dimension in our model. | ||
| + | |||
| + | |||
| + | ^Code^Description| | ||
| + | |COM|Internal risk, in a company that is included in the supply chain.| | ||
| + | |SCR|A risk, derived from the supply chain as a whole.| | ||
| + | |OSC|A risk, derived from outside the supply chain.| | ||
| + | |ANY|A risk which can be derived from any of these scope definitions.| | ||
| + | |||
| + | |||
| + | ===Segmentation according to levels of logistics planning=== | ||
| + | |||
| + | In every organization, different levels of planning and control occur. These levels represent the importance of decisions of a certain level and also the time span in which they are relevant. The same can be said for risks in an organization – they appear on different levels of significance and impact, and can correlate to levels of logistics planning. Risks in supply chains can be segmented into levels of strategic, tactical and operational risks, correlative to levels of logistics planning. Strategic risks are on the highest level of significance and influence strategic logistics planning. Tactical risks influence tactical planning and operational risks influence day-to-day plans and operations. This is defined of our risk definition model. | ||
| - | ==List of affected logistics resources== | ||
| - | As we identify risks we need to be aware that there are four main resources of logistics operations in supply chains: the flow of goods or services, information, logistics infrastructure and suprastructure and people. Any risk, occurring in a supply chain, can have an effect only on one or more of these resources. If we wish to effectively manage risks, we need to be aware of logistics resources that a specific risk possibly affects. That is why this dimension of defining risk in our model is to ascertain which resources of logistics can be affected by an identified risk. You can find the description of a certain code and all connected risks if you click on a code. | ||
| - | ==Supply chain risk origin== | + | ^Code^Description| |
| - | A supply chain is a complex system of several organizations that work together in a specific environment. Based on the extent of possible risk origins regarding the supply chain, we can define risks according to this dimension in our model. You can find the description of a certain code and all connected risks if you click on a code. | + | |SPL|Strategic risk| |
| + | |TPL|Tactical risk| | ||
| + | |OPL|Operational risk| | ||
| - | ==Segmentation according to levels of logistics planning== | ||
| - | In every organization, different levels of planning and control occur. These levels represent the importance of decisions of a certain level and also the time span in which they are relevant. The same can be said for risks in an organization – they appear on different levels of significance and impact, and can correlate to levels of logistics planning. Risks in supply chains can be segmented into levels of strategic, tactical and operational risks, correlative to levels of logistics planning. Strategic risks are on the highest level of significance and influence strategic logistics planning. Tactical risks influence tactical planning and operational risks influence day-to-day plans and operations. This is defined of our risk definition model. You can find the description of a certain code and all connected risks if you click on a code. | ||
| Link for download {{risk_catalog:supplychainriskcatalog_orig.csv}} | Link for download {{risk_catalog:supplychainriskcatalog_orig.csv}} | ||
