APICS talks about frameworks from two different perspectives. First, there’s the Organizational Design – “The creation of an organizational structure to support the strategic business plans and goals of an enterprise. Given the mission and business strategy, the organizational structure design provides the framework within which the business operational and management activities will be performed.” And second, there’s the Operating Environment, or—“The global, domestic, environmental and stakeholder influences that affect the key competitive factors, customer needs, culture and philosophy of each individual company. This environment becomes the framework in which business strategy is developed and implemented.” We want to share with you three frameworks that are supporting the SCRM journey.
• ERM, Enterprise Risk Management—This framework has been around for some time, emanating from the finance and classical risk insurance disciplines. In business, ERM includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization’s objectives, assessing them in terms of likelihood and magnitude of impact, determining a response strategy and monitoring progress. By identifying and proactively addressing risks and opportunities, businesses protect and create value for their shareholders, including owners, employees, customers, regulators and society overall.
• GRC, Governance, Risk & Compliance—This framework has been around for some time as well. Some have lamented that it’s somewhat ill-defined. However, Aberdeen Group, over the years, has done a terrific job of solidifying the framework elements allowing many of us an opportunity to leverage the framework in the SCRM journey. Governance includes the frameworks and tools, policies, procedures, controls and decision-making hierarchy employed to manage the business. Risk management is the identification, management and mitigation of adverse events that could potentially impact the organization. And compliance is meeting the required or mandated regulations – governmental, industry-specific, and internally imposed.
• ISO, International Organization for Standardization—The ISO Group was established in 1947 as an international standard-setting body composed of representatives from various national standards organizations to promote worldwide proprietary, industrial and commercial standards. It’s headquartered in Geneva, Switzerland. Four new standards have emerged since 2009. ISO 31000, in 2009, covers risk management, its principles, guidelines and best practices. ISO 73 was also launched in 2009 and provides risk management terms, definitions and taxonomy. ISO 28000 was launched in 2010 and provides insight into supply chain security, and ISO 28002, also launched in 2010, profiles best practices in supply chain resiliency.
In 2014, we feel these frameworks will act as guideposts for many new supply chain risk management journeys. The frameworks will serve as platforms to accelerate the adoption rate of SCRM tools, techniques, methodologies and metrics.