Monthly Archives: November 2023

Source-to-Pay+ Part 5: Supply Chain Risk (Generic)

In Part 1 we noted that Risk Management went much beyond Supplier Risk, and the primitive Supplier “Risk” (or should we say “Uncertainty”) Management application that is bundled in many S2P suites. Then, in Part 2, we noted that there are risks in every supply chain entity; with the people and materials used; and with the locales they operate in. In Part 3 we moved onto an overview of Corporate Risk and then in Part 4 we took on Third Party Risk (in Part 4A and 4B).

But there’s much more to risk than just the (internally focused) corporate risks and the third party (supplier) risks. There are also supply chain risks. Today we are going to discuss the basic supply chain risks that an organization can expect to keep track of with a generic supply chain risk management application.

Capability Description
Multi-tier Mapping A good supply chain risk management system will map the organization’s known supply chain and allow them to track what facilities are located where, at least to the extent that they supply a higher tier that eventually leads to a good or service being delivered to a company location. This will include the tier 1 suppliers, the tier 2 suppliers they use, the known locations of the suppliers they use, all the way down to the raw materials. It will include intermediate warehouses, ports, (cross)-docks, rail yards, and FTZs used by the organization.

The organization will be able to search by product, and see the known supply chain. Search by location, see the suppliers who are there, and then see all the products that flow through those suppliers at that location.

Geo-Political Tracking For ever region the organization does business in, the platform tracks news and events related to the geo-political climate. Government decisions, labour unrest, increases in crime, terrorist activity, man-made disasters and other, related, events will be tracked. Government stances on issues, local business preferences, likely election outcomes, and anything that could cause a change in the political climate will also be tracked.

For each government decision, labour unrest, terrorist activity, man-made disaster, closure, etc, the platform will associate it with all affected suppliers and supply chain network nodes (warehouses, ports, etc.) in the network. In addition, any news or events that may turn into an event of interest will also be referenced.

Economic Tracking For every region the organization does business in, the platform will track the local economics. How is the currency trading against the primary currencies used by the organization and is it increasing or decreasing in value. How is the local job market, is unemployment decreasing or increasing? How is local consumer spending?

All of the above are indicators of the local economy. The organization is interested in not only how much it will cost for the goods now and tomorrow, but, if they are selling in the local economy, how likely it is the local market will (continue to) be able to afford the products, and how likely the supplier will be able to attract and retain the workforce it needs to serve the organization.

Natural Disasters For every region, and every region between every region the company sources from and every region they sell in, the organization tracks natural disasters, their impacts, and, if recovery is necessary, the state of recovery. It also tracks natural disaster risk, and any nearby (weather) events that could turn into a disaster (hurricanes forming over the ocean, tremors that could signal an earthquake, lava flows that could signal a volcanic eruption, etc.).

In addition to tracking the disasters that have happened, might happen, and will happen again, it also tracks the impact a disaster will have for every day a supplier’s operation is disrupted. The platform will contain the ability to model the cost of a disruption at every tier 1 node and propagate that down the chain.

Disruption Tracking The platform will also contain the ability to track arbitrary disruptions, track the recovery status, model the potential impact, and track the actual impact.

This will normally form the foundation of a control centre, which will be integrated with the analytics and monitoring capability (which, as we noted in our last three parts, will be covered in a separate article), and allow the organization to centrally track, manage, and mitigate organizational risks.

Transport Mapping & Tracking As noted above, the platform will track every region, and every region between every region, that the company operates in and use this information to map and track the organization’s transport networks. Every node used by every carrier will be tracked, every lane will be mapped, and every route monitored to the extent possible by the application.

This normally won’t be a full fledged transport risk management platform, which will be something we cover in another article, but will provide enough foundations that a third party application can be linked in or data feeds imported.

Moreover, a Generic Supply Chain Risk Management Application will also contain a host of generic analytics/planning/monitoring capabilities, but since many of these are common, and since stand alone risk-focussed analytics applications are also part of the plethora of offerings out there, instead of discussing these generic features in this and every other article, as we noted in our coverage of Corporate Risk, we will instead discuss these capabilities in an article dedicated to Risk Analytics and Monitoring.

Source-to-Pay+ Part 4B: Third Party Risk, Part 2

In Part 1 of this series we noted that Risk Management went much beyond Supplier Risk, and the primitive Supplier “Risk” Management application that is bundled in many S2P suites (which is really more of a Supplier “Uncertainty” Management module). Then, in Part 2 of this series, we noted that there are risks in every supply chain entity; with the people and materials used; and with the locales they operate in. Then in Part 3 of this series we discussed inwardly focussed Corporate Risk Management, which some companies offer partial solutions to in the form of GRC (Governance, Risk, and Compliance) solutions.

Then, yesterday in Part 4A, we began our discussion of third party risks and outlined some of the specific baseline capabilities that such a solution should possess. Today we complete our discussion of third party risk and outline the remainder of baseline capabilities that we believe such a solution should possess.

Sustainability An organization needs to be sustainable, which it can only be if the suppliers it uses are sustainable as well. As such, a TPRM solution needs to monitor the sustainability of its suppliers. Their carbon footprint, or at least the footprint of the products/services they provide, associated GHG emissions, and (fresh)water utilization, especially if significant or beyond the norm (and reducable).

This part of the application should integrate with third party data feeds and assessments on sustainability as well as the integrated assessment module.

Commodity Markets Sudden, unexpected, price increases represent a great risk to the organization, no matter where they occur in the chain. Since it’s usually the supplier (or the supplier’s supplier) who buys the raw materials from the commodity markets, the organization often doesn’t know about the price increase until it’s too late. Thus, it’s critical that an organization monitor the commodity markets for any raw materials it needs in considerable quantity that can have a significant impact on its financials.

Thus, a good TPRM system will integrate with commodity market feeds and track the raw materials used in the relevant Bill of Materials of the organization. As such, the system should also integrate with the ERP and be able to pull in the raw materials the organization’s suppliers need to acquire in large quantities on a regular basis.

Location Considerations There’s a lot of risk associated with a location. Geopolitical, economic, natural disaster, and so on. The system should track all of the locations associated with each third party, the risks associated with the location, the likelihood, and, if possible, the potential impact.

This part of the solution should tie into the event monitoring, sentiment monitoring, third party feeds, and any other indicators that could indicate a location-based risk. When one is detected, all of the (potentially) impacted suppliers should be identified, and the potential severity of the event also identified.

Certificates The solution must track all appropriate certificates / certifications for third parties that the organization needs to verify that the organizations are compliant with regulations, have the appropriate insurance, and so on.

A good solution will also integrate with third parties that can verify the existence/issuance of the certificate, the dates of validity, and other key meta-data.

Industrial Accidents It’s important to keep track of any industrial accidents in the third parties you do business with, whether they have been cleaned up, what the impacts were, and whether or not the third parties have taken steps to prevent similar accidents from happening again. A supplier that could be shut down at any time due to an accident which has more than a negligible chance of occurring is not a reliable supplier. Plus, this can also impact reputation / brand.

Thus, the application needs to tap into organizational filings and disclosures to identify past accidents, event monitoring to identify accidents as they happen, assessments to get updates from suppliers as they clean up / recover, action plans that capture what the supplier/third party plans to do, and monitoring.

Recalls Just like its important to keep track of industrial accidents, it’s also important to keep track of recalls. For what, how often, and how severe. A supplier that has to regularly do recalls has quality (management) issues and is not a supplier you want to be relying on.

It’s important that the application track recalls, track any updates on those recalls, and track any news stories that led to those recalls. You also want to know how often a supplier has had to do a recall in the past.

Related Parties We’ve more-or-less stated this in many of the sections above, but it’s critical that you track the parties related with a supplier/third-party of interest. Those that supply, service, or invest in the third parties you rely on should also be tracked. In addition to tracking these, it’s critical to maintain the relevant relationships between the parties and keep this up to date.

The system should integrate with third party corporate registries that track ownership and relationship information and update the relationships in the TPRM as necessary.

Action Plans / Development Goals As we hinted at in our discussion of Industrial Accidents, it’s not enough to just track the risks, the likelihood, and indicators they are materializing / have materialized, an organization has to work with suppliers to minimize the likelihood and, should they materialize, minimize the recovery time and the impact on the organization.

The application must support the definition of a multi-stage plan, with multiple tasks per stage, collaborative development of the plan, approval workflows, and when the plan is instantiated, execution and tracking of the progress made by the third party. Basically, it’s customizable development program management for a third party.

Maturity Model The platform should support the definition of maturity models by third party (supplier) organization type, the mapping of third parties to these models, default action plans that can be instantiated to help a third party progress up the maturity model, and associated metrics to measure the aptitude of a third party at each level.

In other words, it’s not just point-based program management for the development of select capabilities in a third party, it’s integrated multi-faceted organizational management of a third party with monitoring, management, and reporting over time.

Moreover, a Third Party Risk Management (TPRM) will also contain a host of generic analytics/planning/monitoring capabilities, but since many of these are common, and since stand alone risk-focussed analytics applications are also part of the plethora of offerings out there, instead of discussing these generic features in this and every other article, as we noted in our coverage of Corporate Risk, we will instead discuss these capabilities in an article dedicated to Risk Analytics and Monitoring.

Source-to-Pay+ Part 4A: Third Party Risk, Part 1

In Part 1 we noted that Risk Management went much beyond Supplier Risk, and the primitive Supplier “Risk” Management application (that we prefer to call Supplier “Uncertainty” Management) that is bundled in many S2P suites. Then, in Part 2, we noted that there are risks in every supply chain entity; with the people and materials used; and with the locales they operate in. Then, in Part 3, we discussed inwardly focussed Corporate Risk Management, which some companies offer partial solutions to in the form of GRC (Governance, Risk, and Compliance) solutions.

Today we are going to talk about some of the third party risks and outline the function specific baseline capabilities that such a solution should possess. Before we get started on the risks, we should note that a third party risk management (TPRM) can also be used for Supplier Management as a supplier, in addition to being a second party, could also be one of the many “third parties” an organization has to worry about if it is a sub-tier provider contracted by another primary, first-tier, supplier of the organization and a good TPRM solution will contain all of the functionality in an average Supplier Risk/Uncertainty Management module in a Source-to-Pay solution and much, much more.

We’ll continue in yesterday’s format, outlining some of the key capabilities and what that may mean solution-wise. There are quite a few key capabilities. So many, in fact, that, as you may we’re actually breaking this article up into 2 parts.

Capability Description
Customizable Assessments No matter how many capabilities come out of the box, every organization is going to need to do a customized assessment of a third party at some point. Thus, any TPRM system must support the creation of customized assessments with arbitrary questions, multiple forms of answers (multi-select, numeric, free-form, etc.), customizable weighting systems (that also support group-based weightings using averages, medium, or weightings based on role) and customizable reporting on the results.

In addition, the system should come with a slew of starting, customizable assessments out-of-the-box on every area covered in the application, whether or not there are third party data feeds and assessments that can be sucked into the application for use by the client. (This is because most third party feeds and assessments come with a cost, which may not be worth it to the organization if that aspect is only relevant to a few suppliers or doesn’t cover all of the aspects an organization needs.)

Reputation/Brand As we noted in our last article, a significant risk to the company is its reputation/brand, and that includes reputation/brand risks that come from being associated with third parties with reputation/brand risks. As a result, an organization needs to keep on top of the reputation/brand of its suppliers and partners.

Thus, it needs a platform that can monitor news sources and social media and look for stories about all of its suppliers and partners that could blow up, sentiment that could propagate, and events that could cause repercussions through the supply chain.

Regulatory Compliance Organizations need to be compliant with regulations in every geography in which the organization does business, which means that it needs its core suppliers and key partners to also be compliant with those regulations. As a result, it needs to monitor all of its suppliers and their suppliers/partners for compliance with the regulations that are relevant to those suppliers/partners.

This may mean tracking certifications, tracking raw material inputs, tracking human resources assigned to projects, tracking carbon/GHG reports from the third party, and other key pieces of information. It may mean asking suppliers for additional (self) assessments, getting (temporary) access to third party data feeds, and having third party do compliance audits for you.

Ownership/Financials Just like your company cannot be associated with sanctioned entities, you need to be careful not to do business with suppliers who are (partially) owned or controlled by sanctioned entities as well or who are doing business with sanctioned entities to support your organization. In addition, you don’t want to be doing business with suppliers or third parties who are financially unstable, as their bankruptcy could negatively impact your business.

Thus, this system must tie into all sanctioned and denied party lists of every country it operates in, cross-reference the ownership and partners of all suppliers/third parties the company does business with against the sanction list, and monitor ownership changes as they occur. In addition, it should tie into systems that monitor financials of public companies as well as systems that judge the financial stability of private companies.

Human/Labour Rights Legislation has been introduced and/or is being considered in many jurisdictions around the world that make your organization responsible for any abuses of human or labour rights in the supply chain. It’s important to have systems that can monitor for human/labour rights in the supply chain, even if this is only through integrations with third parties that do (independent) on-site assessments.

This should also make use of the brand/reputation monitoring module that monitors news sources, events, and related data feeds to scan for anything that could indicate a human/labour rights violation.

Come back tomorrow for Part 4B as we continue our discussion of Third Party Risk.

Keelvar: Not satisfied with the hill, it’s trying to climb the mountain!

The last time we covered Keelvar on Sourcing Innovation was back in 2016 when we re-introduced Keelvar: An Optimization-Backed Sourcing Platform because it was The Little Engine that Could. (It’s last deep dive on Spend Matters was also in 2016, in Jason Busch’s 3-part Vendor Analysis that the doctor consulted on, which can be found linked here in Part 1, Part 2, and Part 3: subscription required. With subscription, you can also check out the What Makes It Great Solution Map Analysis.)

Since our last update, Keelvar has made considerable progress in a number of areas, but of particular relevance are:

  1. total cost modelling
  2. constraint definition for its optimization
  3. workflow-based event automation
  4. usability

After a basic overview of the software, the above four improvements are what we are going to focus on in this article as it is the most relevant to sourcing-based cost savings identification.

Keelvar is an optimization-backed sourcing platform (for RFQs and Auctions) that can also support extensive sourcing automation, especially once a full-fledged sourcing event has been run and a template already exists (and approved suppliers have already been defined). We will start with a review of the sourcing platform.

The sourcing platform is designed to walk a user through a sourcing event step-by-step. Keelvar uses a 7-stage sourcing workflow that they break down as follows:

  1. Design: This is where the event is defined. In this stage you define the meta information (id, name, description, contacts, etc.), the schedule, the RFI, the bid sheet (as the application supports export to/import from Excel for Suppliers who can’t figure out how to use anything except Excel), the cost calculation per unit (for analysis, optimization, and reporting), and basic event settings, especially if using an auction.
  2. Invite: This is where you select suppliers for invitation.
  3. Publish: This is where you review the design and invite list and launch it.
  4. Bid: This is the bidding phase where suppliers place bids. The buyer can see bids as they come in, get reports on activity, and manage the event as needed (extend the deadline, answer questions, and distribute the responses to all suppliers).
  5. Evaluate: This is where the mathematical magic happens. In this step you define item/lot groups, bidder groups, and scenarios. (You need to define groups for risk mitigation and quality constraints, which are impossible to define in the platform otherwise.) Scenarios allow you to find the lowest cost options under different business rules, constraints, and goals.
  6. Analyze: This is where the user can apply detailed analytics across bids and scenarios to see the differences, gaps, supplier ranks, etc. in tabular or visual formats; do detailed analysis on the individual scenarios to understand what is driving the cost or the award; and even analyze the potential awards against RFI criteria submitted by the suppliers.
  7. Award: After doing the analysis and making their decision, this is where the buyer makes their award from either a solved scenario or a manual allocation.

So now that the basics are out of the way, let’s talk about total cost modelling. As per our summary above, that starts with the bid sheet. Either in the platform, or, if you prefer, in Excel, you can define all of the cost components of interest (and even upload starting bid values from the current I2P/AP system and/or previous bid sheets). If you have an Excel sheet that breaks down the bid elements you want to collect, and the totals you want, in columnar format, with enough sample rows, you can just upload it and the platform will not only differentiate the raw data columns from the bidder columns, and map your column names to internal, mandatory, defined columns (for items, lanes, etc.), but differentiate purchaser input columns (such as destination city, country, service/product, etc.) from bidder columns (origin city, country, lane cost, unit cost, tariffs/taxes, etc), differentiate raw columns from formulas, extract the formulas, and even determine default visibility to the bidder (who won’t see the formulas, especially if hidden offsets or weightings are used). The user can, of course, correct and override anything if needed, but for each sheet process, the application learns the mappings (based on user overrides and corrections) and over time has a high success rate on import. Once the columns are defined, editing the column roles (purchaser vs. bidder, visibility, mandatory vs optional, etc. is very easy) – you can simply toggle.

In addition, and this is a major improvement over the early days (when there was no quality control on the coal being used to power that little engine), all of the inputs can be associated with one or more validation rules that can require an input be completed, from a valid set, the same as related bid values, and so on. Out of the box rules exist for easily defining uniform values across a column for a lot (if all items must come from or go to the same [intermediate] location, for example) and requiring complete coverage on a group of lots (critical if a supplier must bid all or nothing on an item, set of related items, sub-assembly of a BoM, etc.). If those don’t work, you can use advanced conditional logic on any (set of) column(s) to ensure specific conditional rules are met, especially if a value or answer is dependent on another column or value. The conditional rule generator uses the formula builder that supports all standard numeric operators and numeric columns as well as string-based matching and type/value based operators for ensuring entries come from an appropriate set of values, possibly dependent on the non-numeric value defined in another column.

In other words, because all cost elements can be defined, because arbitrary formulas can be used to define costs, and because rules can be created to ensure all cost elements are valid, the platform truly supports total cost modelling (which is one of the four pillars of Strategic Sourcing Decision Optimization [SSDO]).

For easy reference, the other three pillars are:

  • solid mathematical foundations, which we know Keelvar has from previous coverage;
  • what-if capability, which has been there since the beginning as Keelvar has always supported multiple scenarios;
  • sophisticated constraint definition and analysis — which was lacking in the past and which we will cover next.

Moving onto constraint definition, Keelvar has made considerable improvements both in the definition of bidder and lot groups and the ability to define arbitrary limit constraints on arbitrary collections of bidders and lots/items. This allows it to address the four categories required for SSDO:

  • allocation: to define minimum, fixed, or maximum allocations for a supplier
  • capacity: to take into account supplier, lane, warehouse, or other capacity limits
  • risk mitigation/group-wise allocation: ensuring that the award is split across a group of suppliers to mitigate risk, that a supplier receives a minimum amount of a group of items to satisfy an existing contract, etc.
  • qualitative: to make sure a minimum, average, quality level, diversity goal (volume-wise) or other non-cost constraint is adhered to

Keelvar has always been great at capacity and allocation but, in the past, it’s ability to define risk mitigation/group-wise allocation was limited and qualitative almost non-existent. But with proper definition of bidder and (item) lot groups, and the ability to define constraints on any numeric dimension (not just cost), one can now define the majority of foreseeable instances of both of these constraints. You can create bidder groups by geography, and ensure each geography gets a minimum or maximum allocation. (And even though you couldn’t define a 20/30/50 split directly, you know the cheapest supplier will get 50%, the most expensive 20%, and the middle one 30% by basic logic. If you wanted a 10/25/35/40, that would be a bit more difficult. But logic dictates the two cheapest get 40%, ensuring the two most expensive get 10%, if you insist each group get between 10% and 40%. A simple total-cost analysis tells you which group should be 40%, which group 35%, which group 25%, and which group 10%. And almost every other group-based allocation you would reasonably want to define would be straight-forward or close with post-scenario analysis.)

Quality constraints such as diversity (by volume), quality (by unit), or sustainably approved (by unit) are also very straight-forward to define. For diversity, simply group all the diverse suppliers and ensure they get a minimum percentage of the volume (by unit cost if that’s your metric) to meet your goals. For quality, if every supplier has an internal quality rating, for each quality level, you can define a maximum allocation that can be allowed for that group to ensure a minimum overall quality level. (And if there was hard data by unit by supplier, you’d just define a hidden column in the bid sheet and define a limit constraint on the quality instead of the cost.) For sustainably approved (by unit), you’d simply group all the sustainable suppliers (instead of the diverse ones) and ensure they received a minimum percentage.

In addition, since we last covered Keelvar, they have incorporated soft-constraint support and made the definition thereof super easy. In the application, you can define a constraint as available to be relaxed if the total cost savings exceeds a certain value. That’s as easy (peasy) as it gets.

This takes us to workflow-based event automation. In the updated Keelvar platform, you can define a complete event workflow, and the platform will automate almost the entire event for you, handling everything until it’s time to allocate the award. Once you create an instance, which is as easy as selecting an event template for activate and defining just a few pieces of meta-data, it will auto-fill / update all of the remaining meta-data (since last time if it was previously run), extract the current, approved, supplier list, automatically request approval from the category owner, publish the RFP (or launch the auction) on the predefined date, automatically send the invites out, collect (and validate) the bids (using the predefined validation rules), run the predefined scenarios when the bidding closes, kick-off the predefined analyses and reports on those scenarios and package them up for the event owner (which can include exports), and take the buyer right to the award screen for scenario and/or manual allocation where the user can make the award if ready, review an analysis, or jump back to a scenario, alter it slightly, re-run it, and then use that modified scenario for the award definition.

In terms of process definition, Keelvar has an integrated visual workflow editor where the user can compose the mandatory steps, conditional steps, and necessary approvals at each step (which could be the category owner, a manager if the estimated event value exceeds a threshold, etc.). Each step can link to an appropriate element which can be completely customized as needed.

However, the easiest way to define an event template, and the most effective way, is to instantiate one off of a completed RFP. The built in logic and machine learning can automatically generate a complete workflow-driven template off an RFP. It can define rules for filling in all definition fields off of a few key pieces of meta-data, define rules for identifying the (recommended) suppliers for future events (for one-click approval by the category owner), suggest publication dates and bidding timeframes, define all of the bid validation rules based on the bid-sheets and defined rules, create default scenario definitions, (re)create default bid/scenario analysis and visualization reports as well as rules to auto-package and distribute exports to the event owner, and even identify the recommended scenario for award allocation.

Once the event template is automatically extracted from the completed event, a user can review it in its entirety and edit whatever they want. And then they know when they next instantiate it, it will run flawlessly. (It’s automation. Not automated. And that’s the way it should be.)

Finally, when it comes to usability, if it’s not immediately obvious, usability has been enhanced throughout the platform. But it’s easier to see it than describe it. So if you want a modern optimization-backed sourcing optimization platform, just get a demo and see it for yourself.

In closing, Keelvar is not just the last standing specialist optimization provider, they’re now one of the best. Let’s hope the next major enhancement tackles true Multi-Objective Strategic Sourcing Decision Optimization On Procurement Tends. (MOSS DO OPT!)

The first give jobs lost to OpenAI were at OpenAI? I LOVE IT!

In honour of the first five jobs that were lost to OpenAI, at Open AI (where it was announced the CEO, president, and 3 senior staff were stepping down and/or let go this week).

To the tune of I Love It by Icona Pop (feat. Charli XCX)!

I got this feeling on the winter day when you were gone
You crashed your car into the bridge
I watched, you let it burn
You threw our shit into a bag and pushed it down the stairs
You crashed your car into the bridge

I don’t care, I love it
I don’t care

I got this feeling on the winter day when you were gone
You crashed your car into the bridge
I watched, you let it burn
You threw our shit into a bag and pushed it down the stairs
You crashed your car into the bridge

I don’t care, I love it
I don’t care

I’m on an Earthern road, you’re in the Milky Way
You want me down on earth, but you’re up in space
You’re so damn hard to find, that AI took over
You said it’d take our jobs, but it f*ck3d you over!

I love it
I love it