The Coca-Cola Company Risk Assessment Workshop DRAFT

RISK MANAGEMENT FRAMEWORK

RISK IDENTIFICATION PROCESSES A.

EMERGING AND UNKNOWN RISK SIGNALS

B.

S. C. RISKS (VIA TEAMS AND SURVEYS)

C.

PROJECT RISKS (PM SYSTEMS

D.

RISK TREATMENT EFFECTIVENESS OUTPUTS

CRISES LEARNINGS  MODIFY ANALYTICS  MODIFY SCREENING  ID NEW SIGNAL SOURCES

AND OTHER)

SUPPLY CHAIN LEADERSHIP

SUPPLY CHAIN RISK DASHBOARD MONITOR RISK TREATMENT EFFECTIVENESS INSTALL MONITORING POINTS SYSTEMATIZE MONITORING

RISK ANALYTICS & DECISION SUPPORT OPERATIONAL RISKS

EMERGING RISKS

STRATEGIC RISKS

ANALYZE EVALUATE PRIORITIZE

HOLISTIC VIEW OF RISKS “SUPPLY CHAIN RISK” MANAGEMENT TEAMS IMPLEMENT ACTIONS AND/OR FACTOR RISKS INTO PLANNING*    

(multi-functional members)

Deep dive analysis of specific strategic risk Implement risk treatment for new operational risk Take action to leverage upside of an emerging risk Modify strategy based on risk landscape

* examples of possible actions, not all-inclusive

ERM Committee

SUPPLY CHAIN RISK WORLD Unique and common risk events exist across the supply chain and at each organizational level Identified risk events are analyzed for probability and consequence, thereby defining the risk level Assessed risks are evaluated and risk treatment options are developed Risk treatment is optimized, implemented and monitored Strategic risks are generally out of our direct control, and must be factored into business planning.

Operational risks are generally within our direct control, and must be factored into business operations. COUNTRY STABILITY

MATERIAL QUALITY

COST

MATERIAL AVAILABILITY

Buy INBOUND LOGISTICS

CONVERSION EFFICIENCY

Make WATER USE

ENERGY USE

PRODUCT QUALITY

Move

ENVIRONMENTAL COMPLIANCE

WATER QUALITY

PRODUCT SAFETY

WORKER SAFETY

PRODUCT SECURITY

Sell OUTBOUND LOGISTICS

Note: risks listed above are indicative of the scope of supply chain risks and risk areas, and may not include all risks

Demand

   

RISK MANAGEMENT DEPLOYMENT AT EACH LEVEL AND ENTITY

A Risk Register is created and managed at each level and entity, and identified risks are incorporated into on-going business routines

Develop Initial Risk Register TOP-DOWN AND BOTTOM-UP VISIBILITY TO RISKS (TRANSPARENCY)

GROUP RISKS BUSINESS UNIT RISKS COUNTRY RISKS

AND AGGREGATED UPWARDS THROUGH THE ORGANIZATION

RISKS ARE ASSESSED AND OPTIMIZED AT THE LOCALLY RELEVANT LEVEL,

CORPORATE RISKS

 Use historical and current risk assessments, maybe supplemented by surveys  Perform high-level ranking and screening to identify significant risks

One-time

Perform Risk Analyses  Bow-tie method to identify causes, consequences  Identify existing and new risk treatments  Establish risk owner and action items  Link to other risks in system  Refine risk register

Initial analyses, then as-needed

Quarterly Risk Team Reviews  Review action item status  Review emerging and new risks  Review effectiveness of existing risk treatment  Perform new or review existing risk analyses  Update and refine risk register

Quarterly meetings to supplement business meetings

Factor Risks into Business Planning  Ensure strategic and operational risks are considered in annual business planning  Use risk information in on-going business processes

Annual basis aligned with business planning