Supplier Risk Management - PG&E, Pacific Gas And Electric
Supplier RiskManagementSchulmynn LeungManager, Supply Chain Strategy &Operations
Supplier Risk ManagementBackgroundWhat is Supplier Risk Management?A systematic approach to identify, assess, and mitigate risk in PG&E’s supplybase. Today, Supplier Risk Management is an industry best practice that worldclass organizations have adopted to reduce vulnerability and ensurecontinuity.What are examples of situations that left unidentified wouldnegatively impact PG&E’s ability to provide services for ourcustomers? A sole source supplier of a key product or service goes out of business (orrefuses to supply PG&E) suddenly and without warning due to naturaldisaster, terrorist act, regulatory shut down, or financial weakness.Critically licensed software is suddenly made unavailable for use at PG&E dueto contractual terms or failure of the company licensing the software to PG&E.
Supplier Risk Management ProcessStep 1: DefineSupplierPopulationStep 2: RiskSegmentationModelStep 3: RiskScoring Model- InherentInputStep 4:ControlEffectiveness& ResidualSubtotalStep 5:ResidualRisk:MitigationStep se:Purpose:Identifypopulation ofsuppliers inSupplier RiskprogramEvaluateeach supplierthrough aninitial risksegmentationanalysis providing aconsistentand efficientmeans forPG&E tosegmentexisting orpotentialsuppliersIdentifySupplierrisksinherent tothe material /servicebeingpurchasedEvaluateeffectivenessof supplier (orsuppliercandidates)to manageinherent risksEnsure thatsuppliers areappropriatelymonitored,managed,and reportedon throughoutthe supplierlifecycleEnsure thatthe riskmanagementprocess offboardssuppliers whoare no longerprovidingservices/products to PG&E
Supplier Risk Management ProcessStep 1: DefineSupplierPopulationStep 2: RiskSegmentationModelStep 3: RiskScoring Model Inherent InputStep 4ControlEffectiveness& ResidualSubtotalStep 5:ResidualRisk:MitigationStep 6:OffboardingPurpose: Identify population of suppliers in Supplier Risk programScope: Any supplier who conducts business with PG&Es can be considered inscope for the program, but emphasis is placed on those considered:Enterprise StrategicPortfolio PreferredValuedCritical/Sole SourcedSuppliers.Suppliers that engage in any high risk activitiesdefined by category management.
6XSSOLHU 5LVN 0DQDJHPHQW %DFNJURXQG Supply Chain Risk - Program Growth - Number of Suppliers600500400300576200100208570201220132014
Step 2 – Risk Segmentation ModelStep 1: DefineSupplierPopulationStep 2: RiskSegmentationModelStep 3: RiskScoring Model Inherent InputStep 4ControlEffectiveness& ResidualSubtotalStep 5:ResidualRisk:MitigationStep 6:OffboardingPurpose: Evaluate each supplier through an initial risk segmentation analysis providing a consistent and efficient means for PG&E to segment existing orpotential suppliers.Scope: Each supplier rated ‘critical’ or ‘high’ in the Risk Segmentation Model(Step 2) gets a secondary risk segmentation analysis leveraging the Supplier RiskScoring Model (Step 3), this is conducted annually to validate / update supplierplacement, and for each new supplier or service added
Step 3 - Inherent Risk AssessmentStep 1: DefineSupplierPopulationStep 2: RiskSegmentationModelStep 3: RiskScoring Model Inherent InputStep 4ControlEffectiveness& ResidualSubtotalStep 5:ResidualRisk:MitigationStep 6:OffboardingPurpose: Identify Supplier risks inherent to the material / service beingpurchased.Scope: Each supplier rated ‘critical’ or ‘high’ in the Risk Segmentation Model(Step 2) gets a secondary risk segmentation analysis – this provides the supplier’s‘inherent input’ score. This score assesses each supplier’s risk without taking intoconsideration any mitigation or controls that are currently in place.This uncontrolled risk score is referred to as Inherent Risk. The Inherent Riskscore is calculated without the input of the supplier and is focused on four majorrisk categories: Financial Operational Regulatory/Reputational Information Security
Step 3 - Inherent Risk AssessmentStep 1: DefineSupplierPopulationStep 2: RiskSegmentationModelCategoryFinancialStep 3: RiskScoring Model Inherent InputStep 4ControlEffectiveness& ResidualSubtotalStep 5:ResidualRisk:MitigationSupplier risk areasFinancial impactSupplier viabilityBusiness continuityOperationalSupplier marketOperational lier locationRegulatory exposure / relianceReputational exposureConfidential dataSupplier PG&E systems accessManaging critical PG&E recordsStep 6:Offboarding
Step 4 – Control Effectiveness & ResidualSubtotalStep 1: DefineSupplierPopulationStep 2: RiskSegmentationModelStep 3: RiskScoring Model Inherent InputStep 4ControlEffectiveness& ResidualSubtotalStep 5:ResidualRisk:MitigationStep 6:OffboardingPurpose: Evaluate effectiveness of supplier (or supplier candidates) to manageinherent risksScope: How is the Residual Risk score calculated?Control Effectiveness is assessed based on the status of the supplier in variousPG&E internal control programs as well as completion of a risk questionnaire bythe Supplier.Once all of the controls are identified and evaluated, a “Residual Risk” score iscalculated based on the strength of the controls in place.
Step 4 – Controls ReviewedStep 1: DefineSupplierPopulationStep 2: RiskSegmentationModelStep 3: RiskScoring Model Inherent InputStep 4ControlEffectiveness& ResidualSubtotalFinancial Completion of PG&E Credit Risk ReviewValid Insurance certificates loaded In ExegisOperational Supplier Registration in PICS Auditing systemFormal risk management program policyISO 9001 certificationBusiness Continuity Plan & Test ResultsStep 5:ResidualRisk:MitigationStep 6:Offboarding
Step 4 – Controls ReviewedStep 1: DefineSupplierPopulationStep 2: RiskSegmentationModelStep 3: RiskScoring Model Inherent InputStep 4ControlEffectiveness& ResidualSubtotalStep 5:ResidualRisk:MitigationRegulatory/ Compliance Compliance manuals and procedures Hazardous waste disposal policies Compliance and ethics training program policyTechnology/Information Security Completion of PG&E’s Third Party Security Review (TSR) ISO/IEC 27001 certified Information classification policyStep 6:Offboarding
Step 4 – Residual RiskStep 1: DefineSupplierPopulationStep 2: RiskSegmentationModelStep 3: RiskScoring Model Inherent InputStep 4ControlEffectiveness& ResidualSubtotalStep 5:ResidualRisk:MitigationStep 6:Offboarding Final Residual Risk Scores fall into four risk ratings:o Criticalo Higho Mediumo Low This Residual Risk Score along with the Inherent Risk score may beshared with Suppliers during periodic Scorecard reviews.
Step 5: Residual Risk: MitigationResidual SubtotalStep 1: DefineSupplierPopulationStep 2: RiskSegmentationModelStep 3: RiskScoring Model Inherent InputStep 4ControlEffectiveness& ResidualSubtotalStep 5:ResidualRisk:MitigationStep 6:Offboarding Now that each supplier has a Residual Score Rating we take thefollowing actions to further mitigate the risks PG&E will collaborate with Suppliers having a Critical or High ResidualScore Rating to develop specific action plans to further mitigate therisks and which may require an on-going review and monitoring of thesupplier’s risk.
QuestionsFor future questions or concerns regarding PG&E’s SupplierRisk Program:Brendan Kearney (415-973-1329) ORSchulmynn Leung (415-973-7277) ORPGESupplierRisk@pge.com
Each supplier rated ‘critical’ or ‘high’ in the Risk Segmentation Model (Step 2) gets a secondary risk segmentation analysis leveraging the Supplier Risk Scoring Model (Step 3), this is conducted annually to validate / update supplier placement, and for each new supplier or s
Single Supplier Scorecard (SSS) What is Single Supplier Scorecard (SSS) Single Supplier Scorecard reports the performance of the supplier. Internal user can select one of the Supplier Name for Single Supplier Scorecard. External user, the Supplier is pre-assigned to the dedicated Supplier. Supplier
2 Supplier Directory Services 3 Supplier User Management 4 Assessments 5 Managing Supplier Registration and Qualification 6 Managing Supplier Profiles 7 Managing Supplier Performance 8 Notifications 9 Managing Supplier Classifications 10 Managing Supplier Hierarchy. x
Expectations for supplier performance Action plans for supplier development These plans are also used by Supplier Quality Engineers as: A baseline to measure supplier growth The basis for Supplier Quality Engineer and Audit Group scheduling for supplier visits A platform for supplier assessments
S12832 AKH, INC. Supplier S95447 Akron Rubber Development Laboratory, INC. Supplier DC1150 Akron Tractor & Equip Inc DCC S36445 Alaska Marine Lines Supplier S19168 ALB KLEIN TECHNOLOGY GROUP INC Supplier S21261 Albar Industries M P A B Supplier S11106 ALBERICI CONSTRUCTORS INC HEADQUARTERS Supplier S55017 Albert Kahn Associates Inc Supplier
SUPPLIER PORTAL REFERENCE GUIDE 1.0. Overview About this Guide This guide is intended for use by those with B2P access to use the Supplier Portal including supplier searches, supplier invitations, supplier requests, and supplier maintenance requests. About Our Learning Objectives
Form 3-14-25-001 Rev 3 SUPPLIER QUALIFICATION AND APPROVAL FORM. SUPPLIER QUESTIONAIRE . Supplier Information . Supplier Name . Address . Website . State : Zip Phone . Fax : Contacts . President/Owner . . Is there an internal audit system in place for assessing effectiveness of the quality system and to assess compliance with documented
412014 and SMP Supplier Evaluation Form. Supplier Profile is a supplier evaluation and supplier requested to complete and return for one of the following reasons: (1) Preliminary Evaluation of a Potential Supplier. (2) Re-evaluation of an existing supplier. (3) Pre-Survey leading to an On-Site survey. Supplier Quality System development is .
Engineering Mathematics – I Dr. V. Lokesha 10 MAT11 8 2011 Leibnitz’s Theorem : It provides a useful formula for computing the nth derivative of a product of two functions. Statement : If u and v are any two functions of x with u n and v n as their nth derivative. Then the nth derivative of uv is (uv)n u0vn nC
