Monthly Archives: February 2007

Protiviti: Manage Risk, Reap Reward

Your supply chain will be disrupted. Bet on it. You’ll win. The only two things more absolute in this world are death and taxes. I’ve told you that there is Real Risk in your supply chain. I’ve reviewed the basics of Managing Business Risk. I’ve even went so far as to tell you that Your Supply Chain is NOT Secure. But I still feel that I have not even come close to drilling the point home as to how at risk you are every minute of every hour of every day or how likely it is that your supply chain is going to be disrupted in a big way – and how much this will cost you if you are not prepared.

But that’s a post for another day. Today, I’m going to start helping you identify where you can go to get help, and the first company I’m going to point out to you is Protiviti, specialists in Independent Risk Consulting with an in-house expert group on Supply Chain Risk. Rising from the ashes of the old Arthur Anderson back in 2002 (with a little help from Robert Half International), Protiviti has more than quadrupled in size without diverging from their core practices of internal auditing, technology risk management, and business risk management (where the supply chain group resides).

Recently, I was fortunate enough to be able to talk to one of the leaders of the Supply Chain Risk group at Protiviti and talk about how they help clients identify, mitigate, and manage supply chain risk and I was quite satisfied with what I heard. Rather than trying to sell you a big black binder with an industry standard system generated risk management plan (which is not as useful as you might think since every company is different and has different risks), they instead work with you using a well-defined methodology that they’ve refined over the years to build a complete picture of the risks you face (a risk assessment), the mitigations you have in place or available to you, and a plan for managing those risks going forward. Furthermore, they help you build appropriate cross-functional teams that they work with throughout the process to make sure that when they are done, you understand not only what your risks and mitigations are, but how they were derived and how you carry the process forward.

The first thing they do, and you must commit to this for the process to work, is a risk assessment that evaluates your overall operations, supporting supply chain, regulatory environment, and organizational goals to help them build a risk profile that helps you understand where your risks are, the probability of them happening, and the dampening effect of any mitigations you currently have in place. They then categorize the risk universe into meaningful groupings, such as operations, supply base, distribution chain, and regulatory environment, that can be addressed and evaluated from a similar functional perspective. Then, working with your cross-functional teams, they help you qualify the probabilities, potential impacts, and mitigations that you can use to address them, including controls and monitors that you already have in place today. They then help you refine any identified and approved mitigations into processes and procedures that you can use to detect and manage a risk. After all, risk management is not a one-time project, but a continual process. However, you have to start somewhere, and a project focussed on supply risk is a great place to start.

They also assist you in putting in place critical and sustainable/repeatable risk management capabilities including, but not limited to, strategies, policies, processes, organizational accountabilities, information for decision-making, continuous identification, monitoring and control, tools and methodologies, and base data integrity procedures.

However, what I really liked hearing was that Supplier Relationship Management (SRM), Contract Lifecycle Management (CLM), and Compliance Management (CM) best practices done right were really risk management processes. SRM is not about managing your supplier, it’s about managing the risk associated with a supplier not performing. CLM is not about keeping track of a contract over it’s lifetime, but about making sure the critical terms of the contract, designed to mitigate your risk, are adhered to. CM is not about making sure your purchasers don’t go rogue, it’s about managing maverick spend to non-approved suppliers that increases your risk. After all, the key to long-term sustained financial performance is not cost savings – you’re always going to have to spend money – it’s cost avoidance – making sure you don’t spend any more than you have to. I know a lot of executives, and CFO’s in particular, these days only care about cost savings, but they’re just a bunch of short-sighted nitwits who need a good smack up-side the head. After all, there’s a limit to how much you can save! Once you’re performing at the best-in-class level, sourcing every category at market value, and optimally allocating the award so as to minimize your Total Value Management (TVM) lifecycle cost (or Total Cost of Ownership on steroid cost) – there’s nothing left to save – the best you can do in such a situation, should you be enlightened enough to reach it, is to avoid unnecessary spending. You avoid unnecessary spending by making sure everything goes according to plan. You do that by managing risk.

Another tidbit worth repeating is that they are currently working with Michigan State University(and AMR) on a new certification program for C-level executives in value chain risk management to help them understand, and proactively manage, risk. After all, considering one supply chain disruption can wipe out all of your strategically sourced savings, it’s critical that not only you, but your financial decision makers, understand this and allow you to invest in the methodologies and tools you need to make sure that if something really bad happens (your primary contract manufacturer’s plant goes up in smoke, for example), you know about it in time to do something about it (such as immediately route all your orders to your secondary manufacturer) before your supply chain shuts down, and you lose millions of dollars in sales.

So when you embark on your next risk management planning effort, be sure to put Protiviti on your list of potential vendors. (The reality is that such an effort is something you should never embark upon entirely in house – you’ll never see all of your own weaknesses.)

Lean Services

Last week at Aptium Global’s private 10 Ways to Significantly Improve EBITDA and Reduce Operational Risk in Your Portfolio Companies, Lisa Reisman, Mark Pruitt, and Ara Surenian presented ten real-world examples of cost reduction and EBITDA improvement in small and middle market operations that proved that Lean can be used to save significant amounts of money even in categories where annual spend is in the low seven digits. Jason Busch did a good job of summarizing the event at the macro-level in his post Small / Middle Market Private Equity Investments and Spend Management, so, with the kind permission of Aptium Global, today I am going to detail the first of two case studies that serve to illustrate that not only can lean significantly improve operations in companies with revenue as small as ten or twenty million, but do so outside of traditional manufacturing operations.

This first example is based on the results obtained by Aptium Global for the US Division of a high-end manufacturer (in tubing) for the automotive market. This division was finding it extremely difficult to “baseline” services spending, such as machining or heat treating, which was generally based on price per piece quotes, compounded by the fact that many pieces were of odd sizes and shapes, and further compounded by the fact they are usually produced on the basis of capacity and/or geographic proximity.

By creating a pricing matrix that included piece grade, weight, and invoice value, Aptium Global was able to calculate a price per pound for each service to estabish a baseline. This allowed the division to source strategically as it allowed for a straightforward negotiation process, provided a way for savings to be monitored on an on-going basis, and fixed pricing going forward. Furthermore, since the baseline reduced sourcing confusion, it allowed the division to spend more time on quality control and develop of on-going process control methods to insure that quality issues were detected quickly, and the supplier notified promptly.

As a result of the implementation of this simple lean sourcing methodology, the division was able to realize an average savings of over 20% on services spending. Furthermore, the net operational improvements allowed the division to rationalize their supply base and reduce their three (3) day lead time to twenty-four (24) hours.

Next entry: Lean Commodity Sourcing

Winning the Battle on Risk: Information and Technology

Today I’d like to welcome back Jim Lawton, VP and General Manager of Open Ratings, a D&B company, back for a follow-up on his Five Types of Supply Risk piece and the role of information and technology in risk mitigation.

Let’s face it – the single best way to reduce your exposure to risk introduced by suppliers is to know them. And I mean really know them. For any of the five types of risk we identified last time, it means having insight well beyond what you track today. Not only how much they cost you, but also how much they cost your competitors – and how well they perform for your competitors. It means knowing about everything from EPA and OSHA violations and changes in their leadership to their growth plans and whom else they do business with.

Some great sources of information into just how well your suppliers are doing, include things like:

Real estate transactions
Legal actions
ITAR filings (esp. in the case of dealing with overseas suppliers)
SEC filings
Tax returns

At its worst, it means knowing things about them that they aren’t likely to tell you. So you need to go out and find it.

Sure. Given the likely state of your procurement operations – more suppliers, not less –

in spite of rationalization; suppliers 12 time zones away operating in countries with much more lax reporting regulations and fewer resources to actually manage all of this, odds are good that right now you are asking “how much time does this guy actually think I have to spend investigating every little bit of data and figuring out if it matters to me!?!”

The good news is that you don’t have to do. Technology makes it possible. Think about it: Intelligent systems are everywhere. Your car tells you when it needs service and books an appointment at the dealer; your GPS system gives you an up-to-the-minute way to navigate out of a traffic jam; your house knows when you are home and turns the lights on just as you move into each room.

So why shouldn’t it be possible to apply smart solutions to make your life easier – and shrink the risk factor.

Today, data aggregation solutions are able to do what you would do, if you had the time: scan thousands of sources – regulatory agency sites, financial and credit reports, news releases, tax and real estate filings, competitors’ internal systems and much, much more. With a million documents on your desk, you’d pick out what matters and analyze it within the context of your own business. Using your years of experience and deep knowledge about the supplier, you’d decide to act on it if needed. You might switch suppliers or intervene to shore up a critical supplier.

Information, technology and you. Risk on the run. Life is good.

Embracing Complexity

Recently, Supply and Demand Chain Executive ran an article on Embracing Complexity that pointed out that supply networks that are becoming increasingly extended and complex; integration between companies and their trading partners is becoming deeper at the systems and process levels; and emerging technologies like radio frequency identification are producing ever-growing mountains of supply chain data and that these and other factors threaten to overwhelm the systems that companies rely on to monitor and manage their flows of goods and 20^th century systems may be inhibiting companies from moving toward a 21^st century supply chain.

In addition, it presented Lawrence Davis’, a senior fellow at NuTech Solutions, insights into problems with current supply chain technologies. In short, he believes that contemporary solutions do not allow companies to optimize at the appropriate level of aggregation and that companies should be able to use solutions to optimize across their sourcing and procurement, production and distribution processes all at the same time; that software solutions that optimize based on deterministic assumptions about how long it will take for any given process to be completed produce “perfect” schedules that do not allow for breakdowns of machinery, traffic jams, defective parts, and other real-world assumptions; and that stochastic simulations which employ embedded agents that follow the company’s business rules are required.

They got the problems right, but I’m not sure I agree with the proposed solutions. Here’s a short list of reasons why.

Optimizing at the appropriate level of aggregation has always been a discipline-independent problem and we’ve always managed. It’s as much a process problem as a technology problem. It all comes down to using appropriate levels of abstraction that allow us to connect larger and larger problems. And it works. You don’t need to simultaneously optimize all of your categories and all of your lanes – a problem you can’t solve. You can optimize all of your buys using high-order freight approximations, then collectively optimize your freight costs and distribution network.
Deterministic models can be used on approximations and ranges as well as precise models. Yes, the results are still “perfect ranges”, but you can capture most of the likely outcomes. Moreover, none of the technologies proposed will capture every exception and you’ll still need exception management.
Stochastic simulations are a good methodology for determining what could go wrong, but the key is identifying a set of collaborative systems that can embed the company’s business rules – because, as I just said, the processes are as important, if not more so, than the technology.
The technologies proposed – “genetic algorithms”, “evolutionary computation”, and “deterministic simulation” are not silver bullets – just like the ERP was not the silver bullet you needed to manage your supply chain. They have their uses, but they are not that much better than today’s technologies, if they are better at all (as they all have their drawbacks).
You’ll never be able to optimize everything. For that, you’d need a model that accounts for everything (and first of all, we can’t model the market), then you’d need an expensive High Performance Computing Cluster with hundreds (or thousands) of processors and a significant amount of memory, and finally you’d need an algorithm that can take advantage of the highly parallel machines – and you’ll quickly find that most of today’s optimization technologies, or at least the sound and complete ones, do not have efficient massively parallel implementations.

It’s true we still have a long way to go in supply chain, and that we do have to embrace technology, but we have to be careful of over-relying on new technologies, particularly those that have drawbacks as significant as the advantages they are being promoted for, to solve all of our problems. Although some things change, some things will stay the same – and the constant is that no matter what, we are going to need more brain power and good old fashioned human ingenuity to get to the 21st century supply chain.

One can wish it were otherwise, but as a technologist and former academic who could spend countless posts educating you not only on “genetic algorithms”, “evolutionary computation”, and “deterministic simulation” but also on “fractal geometry” (the basis for NuTech’s logo), “chaotic dynamical systems”, and “complexity theory”, it’s not the case. Technology is just a tool – the real solutions will come from the brains who can identify the problems, identify the process solutions, and then put the appropriate technology in place to back it up.

It’s the new age of the D-D-S-N!

To the tune of Y.M.C.A. by the Village People.

Young man, there’s no need to feel down.
I said, young man, pick yourself off the ground.
I said, young man, there’s no need to frown.
We have a new name for the problem.

Young man, there’s a term you should know.
I said, young man, when you need to save dough.
Look into it, and I’m sure you will find …
It will turn water into wine.