Key message: time to lift your head out of the sand and acknowledge the elephant in the room
Although the term SIPOC has been around for a number of years many risk professionals and managers alike have failed to use this most valuable tool. It was staring them in the face but hey there must be more fancy and elegant tools around. Wrong. Not only is SIPOC a good management tool but risk managers, consultants and advisors should take this opportunity to review it in order to understand its implications on an organisation’s risk footprint. Footprint in this context means the actions decisions, activities and impacts of the business across its whole value chain.
Value chain in this context means Suppliers, Inputs, Processes, Outputs and Customers (SIPOC). If we are truly doing our job and identifying all of an organisation’s threat & opportunity events then it is time to pull our heads out of the sand and acknowledge that the complete value chain must be taken into account. Simply saying the supply chain belongs to our agents, third parties or whoever is not good enough anymore. If organisations are going to offer themselves as truly socially responsible then get down and dirty with the SIPOC tool.
Courtesy of Getty Images
When you take a helicopter view of an organisation, its business and activities, and then the impacts of those activities on those surrounding, I have found it valuable to complete the SIPOC exercise to establish the true business footprint. Once this is known it is amazing how many threat and opportunity (risk) events are identified. They were there, we knew them but they went out of our consciousness because we had written them off as someone else’s problem.
Had those major international brands, which were linked to the factories that caught fire in Bangladesh, completed the SIPOC exercise, then I believe many of the negative risk events could have been avoided, reputations kept in tack and buyer demand for their products maintained. Alas the elephant in the room was ignored despite having the right tool to both assess and mitigate the risks.
So I put a challenge to you all to get out a pen and paper and plot your organisation’s SIPOC and then review your risk registers in light of these findings. How many have you actually missed?