Monthly Archives: January 2012

Risk Mitigation 2012: Geopolitical

In our last post, we covered some potential mitigations for each of the top three environmental risks that we identified in our Risk 2011 series. In this post, we are going to cover some potential mitigations for each of the top three geopolitical risks as we continue our series of posts inspired by the World Economic Forum‘s recently released 6th annual Global Risks report, 2011 edition.

03: Corruption

Corruption can take many forms — bid rigging, bribery, collusion, fraud, embezzlement, organized crime, price fixing, and thievery just to name a few. Each of these can be devastating to your supply chain. Bid rigging, collusion, and price fixing can significantly increase your costs. Bribery and thievery can result in a loss of your IP and product plans which could negate years and tens of millions to hundreds of millions of research and development. Embezzlement and fraud could drain your organization of necessary operating capital and organized crime could result in an entire warehouse of inventory disappearing overnight.

While big rigging, collusion, and price fixing by your suppliers can’t be prevented, if the organization suspects it might be occurring, it can always invite new, unexpected, but pre-qualified, suppliers to a bid to minimize the possibility, or at least provide it with other options if multiple suppliers appear to be colluding. This is the best defence since, even if collusion and price fixing can be detected and proven, by the time government intervention occurs, it can be much too late.

And while one cannot prevent thieves from trying to steal your IP and products, steps can be taken to keep your IP secure. All electronic copies can be encrypted and kept secure on the network behind password protected firewalls, printed copies can be restricted to secure areas, and all unnecessary copies can be destroyed by destructive shredding. And your shipping plans can be kept on a need to know basis, and valuable merchandise can be kept in guarded secure warehouses.

Bribery, fraud, and embezzlement can also be prevented against to different degrees. With respect to bribery, an organization can watch for signs of an employee who recently improved his lifestyle significantly with no obvious means to do so (i.e. no recent inheritance or lottery win), determine if such employee had access to sensitive data, and the chance to sell it. In this case, if such an action was deemed likely, the organization could assume the data fell into the wrong hands and take preventative measures. With respect to embezzlement, an organization should insure that all transactions are reviewed by a second individual, and all transactions above a considerable amount should be co-reviewed by the CFO and another executive officer within two business days. And external audits should be conducted regularly. Other types of fraud could be harder to detect, but regular financial reviews are an organization’s best chance of detecting fraud before too much damage occurs.

02: Terrorism

Not only is terrorism on the rise, but so are the number of terrorist and extremist groups and agendas — and it’s almost impossible to predict which group will form, and be “crossed” by your organization well in advance of when it happens. But if an organization keeps up with global intelligence, it can keep up with what organizations have commercial, and corporate agendas, identify if it produces any goods or services that might be targeted by such groups, and identify if it operates in any high risk areas. If it does, it can take steps to protect its operations and its goods.

01: Geopolitical Conflict

Fortunately, most conflicts that would threaten an operation escalate over time. Again, if an organization keeps up with political happenings in a region, it can identify those regions most likely to be at risk of geopolitical conflict and determine if such conflict could impact operations or cut off supply. If factories could be cut off, the organization can identify back-up facilities and create plans for bringing them on-line quickly. If warehouses could be cut off, critical goods can be relocated. Knowing allows plans to be created.

Risk Mitigation 2012: Environment

In our last post, we covered some potential mitigations for each of the top three societal risks that we identified in our Risk 2011 series. In this post, we are going to cover some potential mitigations for each of the top three environmental risks as we continue our series of posts inspired by the World Economic Forum‘s recently released 6th annual Global Risks report, 2011 edition.

03: Climate Change

There is very little that a single corporation can do to prevent climate change. It can reduce it’s carbon emissions until they are almost zero, but if all of the other corporations don’t follow suit, the climate will change. And even if many other corporations follow suit, a major volcanic eruption that spewed cubic kilometres of ash into the air could significantly affect climate, as could a significant asteroid impact that sent cubic kilometres of dirt into the air and triggered a chain of volcanic eruptions.

However, if the temperature keeps rising, it is a given that sea levels will rise, droughts will worsen, and deserts will expand. These are three aspects of climate change an organization can plan for and take steps to minimize their impact. The organization can take care not to build near the ocean where the ground level is near sea level, as these areas would not only be at high risk of flooding as a result of high rains or tropical storms, but could be under sea level in the years to come. It can also avoid building near the edges of deserts as the water supply could become scarce as time goes on. And it can expect droughts in hotter regions and be sure to create additional reservoirs just in case.

02: Earthquakes & Volcanic Eruptions

Earthquakes can’t be prevented, and can’t be reliably predicted, but they are inevitable, and they are more likely in certain areas. Specifically, on the edge of active tectonic plates and near the Ring of Fire, the Mid-Atlantic Ridges, and the Mediterranean-Asian seismic belt. If you must maintain, or use, production facilities at, or near, these areas, make sure that you have secondary facilities available to you that can be ramped up quickly in case the primary are temporarily, or permanently, taken out by an earthquake.

The same goes for volcanos, but many volcanos that erupt are, or were recently, active. Thus, if there is, or was (in the past few hundred years) an active volcano in the nearby region, take the same precautions as you would if the production facility is in a major earthquake zone.

01: Flooding

Flood are becoming more common in recent years, and the devastation they can cause can be significant and far reaching. With sea levels projected to rise, the planet expected to warm, and the climate expected to change accordingly, the risk of floods is on the rise. As a result, you can expect more floods in years to come. Identify each location near the ocean, and especially near areas at risk of any kind of tropical storm (such as a hurricane, cyclone, or tsunami), and plan for the worst. As with earthquakes and volcanos, have secondary facilities lined up and ready to ramp up at a moment’s notice. And have one or more ways to quickly relocate inventory should the need arise.

Risk Mitigation 2012: Society

In our last post, we covered some potential mitigations for each of the top three technology risks that we identified in our Risk 2011 series. In this post, we are going to cover some potential mitigations for each of the top three societal risks as we continue our series of posts inspired by the World Economic Forum‘s recently released 6th annual Global Risks report, 2011 edition.

03: Economic Disparity

Economic disparity can negatively impact a Supply Management organization in a number of ways. An obvious impact is if the majority of the target population in the geographic regions in which the parent organization operates, and wishes to sell the product, cannot afford the goods or services being offered. In this case, Supply Management will be stressed to lower the price point or risk serious resource cutbacks as the organization faces reduced revenues and operating resources.

This is a hard risk to counter in that an average global multi-national cannot make a significant impact on a national economy. While BNP Paribas has assets that are greater than the GDP all of France (2.68 Trillion compared to France’s 2.56 Trillion GDP), even Walmart only has assets of 181 Billion (which is barely greater than the GDP of Pakistan). Once you get out of the Global 1500, where only 27 companies control more than 1 Trillion of Assets, only 217 companies control more than 100 Billion of assets, only 400 companies control more than 50 Billion of assets, only 904 companies control more than 20 Billion of assets, and only 1437 companies control more than 10 Billion of assets, you see that the ability of an average corporation to make a significant dent on an economy is miniscule.

However, an organization can prepare for it. By following economic trends and consulting leading economists and strategic intelligence agencies, it can create potential scenarios (using scenario planning) of what its target economies are likely to look like next quarter, next year, and in three years time. From this, it can determine what consumer price points it will likely need to meet to hit sales target, and determine what “cost” targets it will need to stay under or, if the cost of production cannot be brought down to the target cost, what value it will need to bring to justify a higher cost point, and, eventually, a higher sales price. And if an organization knows a year in advance of a potential economic decline, it has time to identify new designs, new materials, and new sources of supply in an effort to meet the cost targets that the organization feels are necessary to survive.

02: Food Security

People need to eat. As a result, they need access to safe, secure sources of staple foods at an affordable price point. If they don’t have access to safe, secure sources of staple foods at an affordable price point, they riot — as we have seen in Tunisia, Algeria, Bangladesh, Mogadishu, India, China, and even the UK and Canada last year. When people riot, property gets destroyed — property that could include your delivery trucks, your goods in your warehouses, and even your production plants.

This is another risk that you can’t do much about. You can be a good citizen and not corner the market and artificially drive up prices in the name of greed, but you can’t prevent a greedy, money-grubbing, wall-street-type from being evil and doing the last thing that should be done in a time of need. All you can do is try to predict where riots are most likely to occur if food becomes insecure, which of your assets are most at risk, and take steps to physically protect them. And while SI believes they are a blight on the landscape, electric chain-link fences and, in extreme cases, “armed” guards (tasers and/or other non-lethal choices, please) may be necessary to keep not only your goods, but your people, secure.

01: Water Security

Not only do people need water, but supply chains need water. First of all, supply chains need energy. Energy production requires water. For example, in the USA, about 2 US gallons of water must evaporate to create one kilowatt hour of energy. Steel, which is a component of many goods, requires 62,000 gallons of water for the production of a single ton. Semi-conductor fabrication plants often require up to 2,000 gallons of water per minute.

While it’s hard to maintain food security, as unpredictable and unpreventable natural disasters can wipe out entire crops in a province or state overnight, with a little planning and foresight, water security can be maintained. While most of it is not drinkable, almost 71% of our planet is covered by water. And it’s relatively easy to clean water with modern technology. You can build your own desalination and filtration plants and your own pumping stations and not rely on public utilities, which might already be facing undue strain. You can even make the extra investment to make the water drinkable. Or, if the cost is too high, you can form a cooperative with your manufacturing neighbours that also need water for the purposes of forming your own local water utility. We should never be in need for water.

Risk Mitigation 2012: Technology

In the last six posts we covered the World Economic Forum‘s recently released 6th annual Global Risks report, 2011 edition. The report was filled with risk, thirty-seven types of risk divided into five categories to be precise. In the last five posts, we covered the top five risks in each category — Technology, Society, Environment, Geopolitics, and the Economy — from Sourcing Innovation’s perspective.

However, just knowing that your supply chain is fraught with risk is not very useful. That’s a given in these trying and troublesome times. What’s more useful is knowing what you can do about it. In the next five posts we will cover some ideas for planning and preparing for each risk Sourcing Innovation identified as a top three category risk to your supply chain, starting with Technology.

03: Threats from New Technology

As per our last post on technology, if a competitor latches onto, and implements a new technology before your company, it may be able to lower its production and operating costs well below your production and operating costs. Should this happen, the competitor may also be able to increase its revenue at the expense of yours. Then your organization will face declining revenues with higher costs. Profits will disappear. And bankruptcy could follow. But it does not have to be this way.

Instead, your supply management organization can keep up with technological advancement and stay on the leading edge. It can identify new technologies as they are brought to market, follow them, and, as soon as they show maturity and promise, bring them into the organization. Then it can be the company that lowers its production and operating costs, and increases its revenues, before the competition.

02: Online Data and Information Security

Average hackers may want consumer credit card data for quick, easy, illicit gain, but hackers employed by corporations for purposes of corporate espionage want your data — and your supply management data in particular. What are you making? What are the specifications? Where? With who? When are you shipping? From Where? With what carrier? If any of this data finds its way to your competition before you’re ready to release a new product, the losses could be crippling. What if your competitor is able to use your plans to jump-start their development of a better version and beat you to market? What if thieves intercept your critical shipments and sell your product on the black market?

Fortunately, you can protect your data. There are some very simple things you can do. First of all, you can encrypt all of your data with an industrial strength encryption algorithm using industrial strength encryption programs tested and proven secure, to the degree possible, by third party security firms. Secondly, you can secure your systems from penetration by using industrial strength firewalls and anti-malware software. Virtually unbreakable encryption is good. But hackers not even having your encrypted data is even better. Thirdly, you can avoid third-party multi-tenant cloud solutions that you have no control over. First of all, you have no idea where you data is. Maybe it’s on a hardened server behind two firewalls in a guarded secure-access retina-scan and thumb-print facility that is designed to withstand bombs, and maybe it is on a back-up server in the open back-room of the managing company’s offices. You don’t know. Secondly, even if the server is guarded by firewalls and “locked-down” to installed applications only, if even one database on the server is broken by a hacker, whether or not it is your system, that can be used as an entry point to gain access to the entire system. Unless its your virtual Fort Knox, it’s not as secure as you think it is.

01: Critical Information Infrastructure Breakdown

Make sure all critical data is stored on secure servers in secure facilities that are geographically remote and accessible 24/7. Also have a third data centre location that can be brought online, with a complete copy of backed-up data, within 24 hours if the primary or secondary facility goes down (and make sure incremental backups are performed at least hourly). Make sure these facilities have redundant fibre channels, from redundant providers, inbound and outbound, and make sure that there is a satellite link for retrieving critical data should all channels suddenly go dark. Also make sure these facilities have UPS and at least 24 hours of backup power to insure that all necessary data can be extracted should the wire-lines go down or the facility need to be abandoned (due to geopolitical unrest in the region or a long-term power or line failure; and if this is the case, be sure there are auto-destruct programs in place that will wipe all data via multiple, random, writes). Make sure that you have a disaster response plan in place that has identified the location of a back-up operations centre that can be brought on-line in case your main operations centre goes dark. Make sure each satellite office knows where the back-up operations centre will be and how to contact that location should the head office or one or more satellite locations become unreachable. It might not be possible to plan for every contingency, but it is possible to devise a plan that would cover most contingencies and allow operations to resume, at least minimally, within 24 hours.