The past three years have seen a number of man-made and natural disasters bring risk management demands to the forefront of executives and board directors. Fat-tail risks that have a low probability, but a very high impact to the organization, such as the Japanese tsunami, the Gulf of Mexico oil spill or the euro-zone liquidity crisis, have been front and center, creating a renewed interest in enterprise risk management (ERM) practices.

John Brown, Director, Risk Management, Supply Chain & Technical at Coca-Cola answered a series of questions written by marcus evans before the forthcoming 6th Annual Enterprise Risk Management Conference, March 19-20, 2013 in Chicago, IL. All responses represent the view of Mr. Brown and not necessarily those of Coca-Cola

When it comes to quantifying risks within the supply chain, are there sure-fire approaches or methods to apply? Why or why not.

John Brown: The sure fire approach is to map your supply (value) chains, delineating the flow of value contribution from each node (value-adding operation) and through each link. As is normally the case, however, the sure-fire approach is not easy to implement, especially since the “map” must extent to tier 2, 3 and beyond suppliers, and downstream through customers to end consumers.  The effort and resources it takes to complete this mapping is insurmountable for most companies.  Some excellent work is taking place to visualize value chains by mining data in enterprise applications, such as SAP. But there are challenges even in this approach, which at best captures tier 1 suppliers. I am hopeful that elegant (and affordable) solutions will be developed in the next few years.

What are some of the vital steps an organization must take to mitigate risks in the supply chain associated with fat-tail risks like Hurricane Sandy?

JB: Interesting question, and no easy answer. Risk management is essentially prevention, and few company reward structures are geared to prevention activities (as compared to reaction, such as crisis management).  Part of the difficulty is that it is next to impossible to demonstrate that risk management activities prevented an uncertain event from occurring.  The steps most companies can take today include understanding where they have critical dependencies, such as single-sourced materials or services, suppliers who are susceptible to external events, or vulnerable transportation/logistics links. And then establish arrangements to avoid a major disruption in the value creation chain. The challenge with this approach is that it ultimately increases your cost-of-goods, relative to a steady-state environment.  Where it pays off is if you experience a disruption and are able to flex with it.  A more fundamental approach is to design products and services with a view of minimizing exposure to disruptions.

When it comes to risk buckets, how is The Coca Cola Company currently managing risks within the supply chain?

JB: You would think that the beverage industry is relatively simple. Yet it is an amazingly complex system, especially for a globally diverse company. Our approach has been to develop a common methodology and tools to identify, analyze and mitigate risks at every locally relevant business entity. We then use technology to create an aggregated view of risks at successively higher organizational levels. This approach ensures that risks are identified and managed at the local level, which in itself is true risk management across the enterprise. The sweet spot is where we can identify systemic risks across multiple entities and then apply higher level resources to solve these risks once, instead of multiple times, and with sometimes different approaches. Likewise, some risks that are seen at higher organization levels (which tend to be more strategic in nature) can be communicated to local entities as a watch-out. The strategies and processes we developed in the supply chain and technical areas have been adopted by the ERM team, so we have a single, unified approach to risk management across the company.

What are some of the types of risks that are overlooked when it comes to the supply chain?

JB: Supply chain organizations tend to be focused on sourcing, making, moving and selling--and as such sometimes have a blind spot relative to external events that can significantly impact value chains.  Some of these risks exist in the political and social arenas, human resources, public perceptions, large-scale economic changes, and sometimes in the critical linkages in global value chains. The Fukushima earthquake (and the ensuing tsunami and  nuclear power impacts), the Thailand floods, the Eyjafjalla volcanic eruption, and the Middle East unrest all exposed weaknesses that crept into value chains as we continued to find ways to increase productivity and reduce costs.  It will always be a challenge to employ risk prevention in the face of constant pressures to reduce costs.

As a speaker for the 6th Annual Enterprise Risk Management Conference, what do you look forward to most about attending this event?

JB: Learning about the strategies, tools and techniques companies are using to implement risk management programs, with a focus on effectiveness and efficiency. Risk management is an evolving discipline, with many approaches and espoused best practices. Over the last few years I’ve seen a gradual move towards a common set of guiding principles, with a focus on identifying and preventing risk events. This is a critical step in my view, and ISO 31000 has provided a foundation.  Too many risk management programs focus on compliance or reaction. So, the move towards a focus on prevention is welcomed.

John J. Brown, a registered professional engineer, Associate in Risk Management-ERM (ARM-E) and Certified Protection Professional (CPP), has worked directly in the risk management field for well over a decade, and indirectly most of his career. Since joining The Coca-Cola Company in April 2008, John has developed a risk management strategy and processes for the Company's global value chain, and is currently implementing that strategy.

For more information please contact Michele Westergaard, Senior Marketing Manager, Media & PR, marcus evans at 312-540-3000 ext. 6625 or

Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!