Supply Risk Solutions – Taking Transparency to Thwarting

Risk and Uncertainty should be front and centre in the mind of every buyer and supply chain manager these days. Natural disasters are at an all time high, we’re still feeling the impacts of supply chain slowdowns and shutdowns during the pandemic, and political instability globally is introducing new headaches into your already fragile supply chains.

You need to maintain a handle on what’s going on in your supply base, and extended supply chain. In the beginning, this was an SRM/SXM solution which maintained information on your tier 1 suppliers, the products they supplied you, their typical on-time performance, and basic financial information. Over time these added basic risk metrics / 3rd party risk data which was supposed to give you some insight into how risky your supply base was, but considering this was usually financial information, it wasn’t a very good solution.

Then we got transparency solutions — and you know many of the big names here, which include Everstream, Interos, Resilinc, etc. — which allowed you to track your supply chain down multiple tiers to the source. Over time, these added news monitoring and event monitoring so you could get indicators of potential issues from news articles (which could include labour issues, for example) and nearby natural disasters (hurricanes, cyclones, earthquakes, etc.). Properly configured and maintained, this gave an organization instant insight into a potentially disruptive event and allowed them to take immediate action if necessary.

This was great, at least before the pandemic, because if you had 2 to 3 months of notice that your supply was going dry for a while (due to a fire, flood, or major plant damage), or longer, you could instantly switch to your secondary supplier (if you were dual-sourcing for risk mitigation) or start looking for a new source of supply. But now that supply chains are still stretched thin, supply choices are limited, raw materials are in more limited supply than ever, and supply chain cycle times in many industries are still double to quadruple what they used to be, a warning is not enough.

You need to do more than monitor the supply base, you ned to mitigate risk of disruption IN the supply base. It doesn’t matter if your risk preparedness is A+ if your supplier’s risk preparedness is F. A disruption in your supplier is a disruption to you, regardless of what plans you do and don’t have. This is where Supply Risk Solutions comes in. Not only are they one of the oldest (and first SaaS) solutions in the supply risk monitoring space (dating back to 2007), and one of the first to offer full supply chain transparency, but the first to go from transparency to disruption prevention. By ensuring your suppliers do proper risk planning, mitigation, and preparedness, your disruptions can be reduced up to 60%. That’s right. Sixty Percent!

While you can’t guarantee a disruption free supply chain — since you can’t predict (or prevent) natural disasters, political embargoes from disturbed dictators (or global reactions against them), or significant economic events (such as bank failures) which send shocks through the system — you can eliminate preventable disruptions and minimize the impacts of those non-preventable disruption events with proper identification and mitigation planning.

This is where Supply Risk Solutions is unique — it’s deep focus on enabling suppliers to identify areas of risk that could cause disruptions and providing them education, training, and resources to address those risks. Supply Risk Solutions does this based upon 16 years of supplier data that they have collected and correlated to disruptions. Based on this long-term deep analysis, they have developed and optimized a list of key indicators, and standard supplier surveys for multiple industries that collect this indicator data.

In addition, as they directly serve over 23% of the global semiconductor industry and 36% of the US Healthcare market, they have very deep data on disruptions, mitigations, and improvements that can be generated in these supply bases and they do an exceptional job here. (Especially as they have been doing it for years and years, getting better every year as their database gets deeper and more extensive.)

The solution, which is always free for suppliers and their suppliers, allows a supplier to define their employees who need access to the system as well as the suppliers they use as tier 1 inputs. When a supplier is added by a customer, they get an invitation to complete or share a standardized risk assessment with the customer for every site they will be using. Since the solution was designed to be single sign on for the supplier and give them complete access to, and control over, all of their data, if they have already completed the survey (for the categories they are supplying), they can share their existing survey. If they have not for one of more sites they are using, they can complete it for those sites and just share just the data the new customer needs.

But the real power of the platform is that once a supplier fills out the survey, that captures the key risk and disruption indicators for that type of supplier, the platform computes a risk of disruption profile and identifies key actions and mitigations the supplier should take to considerably decrease the chances of disruption in the future. And the actions and mitigations work. With almost two decades of data, they know what works and what helps.

This is why we’re covering them and why you should know about them. The providers we referenced above all do transparency, news monitoring, and event monitoring — like Supply Risk Solutions — and some have deeper operational resilience, cyber-monitoring, or other unique capabilities — but none are as focussed on reducing the risk of disruption in the supply base by providing you, and your suppliers, the insights, guidance, and monitoring your suppliers need to reduce your disruptions.

The reality is that it doesn’t matter how operationally resilient you are, how much insight you have into your supply chain, or how prepared you are for a disruption — if you are entirely dependent on your supply base for the products you sell or the services you need for continued operations, your resilience is ultimately their resilience, and, even worse, the supplier with the lowest resilience you are dependent on.

So you need to focus on your suppliers’ resilience, not yours. We know you don’t have the time, and that’s where SRS is also somewhat unique in that they also offer supply chain disruption monitoring and prevention as a managed service where they work with the suppliers and help them to maintain their data, understand their risk assessments and mitigations, access the necessary training and best practices, and create plans to address them. By identifying, and addressing, potential root causes of disruption before a disruption happens, many disruptions can be prevented, and those that can’t (like natural disasters), can be mitigated to the extent possible. And that’s how, for their clients, they reduce supply base risk by up to 60% (depending on the maturity of your suppliers).

Also, they have one of the best handles on what external events are likely to affect a given supplier site of all of the providers. Their database contains every natural disaster that’s ever been recorded back to 1850, and they’ve been maintaining deep data on relevant events since their formation 16 years ago. For a given event, they can predict the likelihood of occurrence and the likely impact and, based on that, recommend the most appropriate mitigation.

It’s very affordable, and if you are a US healthcare provider, you can even check out Supply Risk Solutions, and use it, for free on your top 10 suppliers to get deep insight into what it can do for you. (Since they, indirectly through partners like Vizient and HIRC, serve over 50% of the US health care industry, they likely already have all of the data on not just the top 10 suppliers for a hospital, but most of the top 100.) It’s definitely worth checking out, and when you see the value, upgrading to at least the first tier solution.

“Generative AI” or “CHATGPT Automation” is Not the Solution to your Source to Pay or Supply Chain Situation! Don’t Be Fooled. Be Insulted!

If you’ve been following along, you probably know that what pushed the doctor over the edge and forced him back to the keyboard sooner than he expected was all of the Artificial Indirection, Artificial Idiocy & Automated Incompetence that has been multiplying faster than Fibonacci’s rabbits in vendor press releases, marketing advertisements, capability claims, and even core product features on the vendor websites.

Generative AI and CHATGPT top the list of Artificial Indirection because these are algorithms that may, or may not, be useful with respect to anything the buyer will be using the solution for. Why?

Generative AI is simply a fancy term for using (deep) neural networks to identify patterns and structures within data to generate new, and supposedly original, content by pseudo-randomly producing content that is mathematically, or statistically, a close “match” to the input content. To be more precise, there are two (deep) neural networks at play — one that is configured to output content that is believed to be similar to the input content and a second network that is configured to simply determine the degree of similarity to the input content. And, depending on the application, there may be a post-processor algorithm that takes the output and tweaks it as minimal as possible to make sure it conforms to certain rules, as well as a pre-processor that formats or fingerprints the input for feeding into the generator network.

In other words, you feed it a set of musical compositions in a well-defined, preferably narrow, genre and the software will discern general melodies, harmonies, rhythms, beats, timbres, tempos, and transitions and then it will generate a composition using those melodies, harmonies, rhythms, beats, timbres, tempos, transitions and pseudo-randomization that, theoretically, could have been composed by someone who composes that type of music.

Or, you feed it a set of stories in a genre that follow the same 12-stage heroic story arc, and it will generate a similar story (given a wider database of names, places, objects, and worlds). And, if you take it into our realm, you feed it a set of contracts similar to the one you want for the category you just awarded and it will generate a usable contract for you. It Might Happen. Yaah. And monkeys might fly out of my butt!

CHATGPT is a very large multi-modal model that uses deep learning that accepts image and text as inputs and produces outputs expected to be inline with what the top 10% of experts would produce in the categories it is trained for. Deep learning is just another word for a multi-level neural network with massive interconnection between the nodes in connecting layers. (In other words, a traditional neural network may only have 3 levels for processing with nodes only connected to 2 or 3 nearest neighbours on the next level while a deep learning network will have connections to more near neighbors and at least one more level [for initial feature extraction] than a traditional neural network that would have been used in the past.)

How large? Large enough to support approximately 100 Trillion parameters. Large enough to be incomprehensible in size. But not in capability, no matter how good its advocates proclaim it to be. Yes, it can theoretically support as many parameters as the human brain has synapses, but it’s still computing its answers using very simplistic algorithms and learned probabilities, neither of which may be right (in addition to a lack of understanding as to whether or not the inputs we are providing are the right ones). And yes it’s language comprehension is better as the new models realize that what comes after a keyword can be as important, or more, than what came before (as not all grammars, slang, or tones are equal), but the probability of even a ridiculously large algorithm interpreting meaning (without tone, inflection, look, and other no verbal cues when someone is being sarcastic, witty, or argumentative, for example) is still considerably less than a human.

It’s supposed to be able to provide you an answer to any query for which an answer can be provided, but can it? Well, if it interprets your question properly and the answer exists, or a close enough answer exists and enough rules for altering that answer to the answer that you need exists, then yes. Otherwise, no. And yes, over time, it can get better and better … until it screws up entirely and when you don’t know the answer to begin with, how will you know the 5 times in a hundred it’s wrong and which one of those 5 times its so wrong that if you act on it, you are putting yourself, or your organization, in great jeopardy?

And its now being touted as the natural language assistant that can not only answer all your questions on organizational operations and performance but even give you guidance on future planning. I’d have to say … a sphincter says what?

Now, I’m not saying properly applied these Augmented Intelligence tools aren’t useful. They are. And I’m not saying they can’t greatly increase your efficiency. They can. Or that appropriately selected ML/PA techniques can’t improve your automation. They most certainly can.

What I am saying are these are NOT the magic beans the marketers say they are, NOT the giant beanstalk gateway to the sky castle, and definitely NOT the goose that lays the golden egg!

And, to be honest, the emphasis on this pablum, probabilistic, and purposeless third party tech is not only foolish (because a vendor should be selling their solid, specialty built, solution for your supply chain situation) but insulting. By putting this first and foremost in their marketing they’re not only saying they are not smart enough to design a good solution using expert understanding of the problem and an appropriate technological solution but that they think you are stupid enough to fall for their marketing and buy their solution anyway!

Versus just using the tech where it fits, and making sure it’s ONLY used where it fits. For example, how Zivio is using #ChatGPT to draft a statement of work only after gathering all the required information and similar Statements of Work to feed into #ChatGPT, and then it makes the user review, and edit as necessary, knowing that while the #ChatGPT solution can generate something close with enough information and enough to work with, every project is different and an algorithm never has all the data and what is therefore produced will never be perfect. (Sometimes close enough that you can circulate it is a draft, or even post it for a general purpose support role, but not for any need that is highly specific, which is usually the type of need an organization goes to market for.)

Another example would be using #ChatGPT as your Natural Language Interface to provide answers on performance, projects, past behaviour, best practices, expert suggestions, etc. instead of having the users go through 4+ levels of menus, designing complex reports/views and multiple filters, etc. … but building in logic to detect when a user is asking a question on data versus asking for a prediction on data vs. asking for a decision instead of making one themself … and NOT providing an answer to the last one, or at least not a direct answer. For example, how many units of our xTab did we sell last year is a question on data the platform should serve up quickly. How many units do we forecast to sell in the next 12 months is a question on prediction the platform should be able to derive an answer for using all the data available and the most appropriate forecasting model for the category, product, and current market conditions. How many units should I order is asking the tool to make a decision for the human so either the tool should detect it is being asked to make a decision where it doesn’t have the intelligence or perfect information to do and respond with I’m not programmed to make business decisions or return an answer that the current forecast for the next quarter’s demand for xTab for which we will need stock is 200K units, typically delivery times are 78 days, and based on this, the practice is to order one quarter’s units at a time. The buyer may not question the software and blindly place the order, but the buyer still has to make the decision to do that.

And no third party AI is going to blindly come up with the best recommendation as it has to know the category specifics, what forecasting algorithms are generally used, why, the typical delivery times, the organization’s preferred inventory levels and safety stock, and the best practices the organization should be employing.

AI is simply a tool that provides you with a possible (and often probable, but never certain) answer when you haven’t yet figured out a better one, and no AI model will ever beat the best human designed algorithm on the best data set for that algorithm.

At the end of the day, all these AI algorithms are doing is learning a) how to classify the data and then b) what the best model is to use on that data. This is why the best forecasting algorithms are still the classical ones developed 50 years ago, as all the best techniques do is get better and better and selecting the data for those algorithms and tuning the parameters of the classical model, and why a well designed, deterministic, algorithm by an intelligent human can always beat an ill designed one by an AI. (Although, with the sheer power of today’s machines, we may soon reach the point where we reverse engineer what the AI did to create that best algorithm versus spending years of research going down the wrong paths when massive, dumb, computation can do all that grunt work for us and get us close to the right answer faster).

Source-to-Pay+ is Extensive (P18) … Time to Break Down the CORNED QUIP of Supplier Management, C-Side

We know records only have A and B sides, but Supplier Management is not flat, it’s a multi-surface convex polyhedral and, as such, it has a C-Side. If today’s cat’s could fly, they would be “flippin’ to the ‘C’ side, finished with the ‘B’ side, nothin’ on the ‘A’ side, so tired of the inside, to the ‘C’ side, to the ‘C’ side“. (Confused? Back in the 80s, it was the case that Cats Can Fly.)

As discussed in Part 16 and Part 17, having identified Supplier Management as the next solution after Spend Analysis, we quickly realized that identifying the right solution would be difficult as supplier management has as many aspects on its own as Source-to-Pay (S2P) has. Not only do we have to decide upon which core capabilities in the CORNED QUIP mash are important to our organization, but we have to make sure that the solution covers the baseline requirements for each capability that is important. Our last two posts reviewed the more “classic” offerings in the SXM space which, as you may have noticed, had one thing in common — they were all internally focussed on supporting the buyer with managing the current supplier base in some aspect.

SIM was collecting the information and, hopefully, providing the SMDM foundations for the buyer’s S2P applications. SRM was managing the relationship for the benefit of the buyer, and while it may include collaborative elements, all were meant to serve the buyer, not the supplier, who would only benefit if the benefit served the buyer. SPM was managing the performance of the supplier using buyer-centric metrics. SCM was ensuring the supplier adhered to government, regulatory, and industry regulations. SQM was about ensuring the supplier met your quality requirements. And, finally, SUM was managing your uncertainty and risk as a buyer, supplier be damned.

And that’s why we need a C-side (and a D-side). First of all, as a buyer, you may not have the right suppliers for your organization. And if this is the case, there’s no point managing them when you should be finding, and managing, other, better, suppliers. Secondly, the best supplier performance results from the best plans and processes, which are those processes best suited to the supplier, and those are usually a result of supplier collaboration, interaction, and suggestion. Plus, relationships grow when both sides grow, and classic SRM solutions do not enable the supplier.

Today we dive into the two (2) primary C-side capabilities, Network (SNM) and Discovery (SDM) management, which are key to building a better base of suppliers (and supply).

Network Management.

We’ll admit that the concept of a “Supplier Network” is not new, as many providers have been claiming to have them for well over a decade, although we’d argue that the “networks” they were selling were not true networks as they were closed, still organized entirely for the buyer’s success, and extremely focussed on a single organization, or collective. It was not a “network” in any sense of the word except it was the word chosen by the marketers to massage their message into one that was hopefully mesmerizing to the marketplace. Network is much more than centralizing a bunch of suppliers in a directory and opening it up to an industry. Much more. And, unlike a decade ago, we’re happy to say that some vendors have decent capabilities as well as decent network sizes.

It’s not a network if it is restricted to the set of suppliers you are currently, actively, doing business with. That’s just a directory. It has to, at least, contain all the suppliers that you could be doing business with (as that’s a key capability for discovery, but note that a network is just a foundation for discovery and not everything you truly need for discovery). It also has to contain all the suppliers your suppliers are doing business with (as that is required for orchestration, a key emerging capability in supplier management). And, most importantly, it must allow new suppliers to join at their pleasure as well as yours. A closed network is not helpful. Plus, you have the foundations for a closed network already in your SIM (even if you don’t realize it).
True Bi-Directional Graph Support
The original “networks” were primarily designed for one-way communication from a buyer to a (potential) supplier. But that’s NOT a network. The definition of a network is a group or system of interconnected people or things that allows for bidirectional communications. That means two way communication! A modern network needs to allow any party to communicate with any other party. Suppliers should be able to find potential buyers as well as potential suppliers to them as well as potential partners who can help with services or even production augmentation.
Extensive Bi-Directional Search Support
The network needs to support extensive search across all fields of all entities and allow any entity to search for any other entity for any purpose of interest. Buyers should be able find suppliers that (claim to) specialize in carbon steel cladded pressure valves with thickness > 100 mm for heat transfer in hot water based heating systems and suppliers should be able to find buyers in the solar power heating industry. Detailed search by products, capabilities, location, and so on.
Anonymous Statistics, Classifications, and Reviews
The network should collect data on how many active relationships there are, how a supplier (and its products) have been classified by buyers, and anonymized reviews on performance and overall ratings. Similarly, it should collect data on how a buyer is classified by suppliers, and anonymized reviews on performance and obligation management of the buyer by (verified) suppliers.
Verification and Trust Support
The network must verify that entities on the network are real, and before reviews are allowed to be posted (and then anonymized into overall reviews and ratings), the other party (that must already be verified on the network), must verify the relationship. The network should require relationships to be disclosed when they begin, and must keep reviews completely private until the relationship is disclosed. To ensure honesty and transparency, the platform should limit access to certain functionality (e.g. ratings, project based collaboration, etc.) until a relationship is confirmed. The network functionality, and specifically the verification functionality, must be designed to engender trust and truthfulness on the network. A network that is not trusted will, ultimately, not be used.

Discovery Management.

Innovation, and even renovation, requires rejuvenation. An organization needs to regularly find new suppliers with new technologies, methodologies, and ideologies in order to constantly improve itself. As a result, discovery is critical. But unless you are part of a supplier network that contains suppliers you aren’t using, you can’t do discovery at all. But, and this is the kicker, no network will contain every supplier as most suppliers won’t join a network until “invited” by the buyer (and then only if the buyer mandates it for the supplier to do business with that buyer), and often the supplier that is missing is the one the buyer needs.

Location, Product, Capability, and Other Targeted Searches
Along with deep filter capability. Most networks support basic searches, but if there are hundreds to thousands of suppliers, a buyer can’t review, and thus can’t invite, them all just to find out that most of the suppliers aren’t (currently) right for the organization, so there is a need to do very precise, targeted, searches to uncover the suppliers that are most likely to be the most relevant to the buying organization today. Deep filters and drill downs on a result, and the ability to define similar or like searches, and filters, using existing top-rated suppliers, products, etc.
Open Search beyond the organization, the community, and the active supply base
If a network is built up only from the suppliers the buyer, or the vendor’s customers, are actively using, that’s not going to contain all the relevant suppliers out there and the likelihood of discovering new suppliers over time is going to quickly trend to zero. If it’s open, and suppliers can join on their own, that’s better in theory, but the reality is that there are so many “directories” and “networks” out there, the supplier is not going to join unless that supplier wants to do business with one of the buyers who only uses that network. As a result, the likelihood of finding a relevant supplier over time, while not zero, is close to zero. A discovery platform has to be constantly scouring business registries and relevant sites to identify new suppliers, collect the data, use various sources to cross validate the supplier’s existence and, if a beneficial owner or official email can be identified, invite the supplier to proactively register, verify, and enhance their profile WITH a sampling of relevant buyers to them on the discovery platform, where they would be presented as potential suppliers.
Proactive web-search and web-site monitoring
Not only should the discovery platform be regularly scouring registries and likely sources for new suppliers, but new website registrations (that might soon be backing registered businesses) and new websites to collect additional relevant data. Also, it’s important to keep the database up to date because you don’t want dead suppliers, which means that registries and websites should be checked at least annually for unused suppliers, and more often for regularly used / contacted suppliers as an out of date website, a significant employee count reduction on LinkedIn, and considerably less activity on social media could indicate the company is winding down or in trouble (well before it is marked as inactive in a registry, which tends to only happen on nonpayment if an official registry, and sometimes doesn’t happen at all in other registries).
(Anonymized) Statistics, Ratings, and Reviews
Anonymized statistics, ratings (even if Y/N for a capability), and reviews such as how often the supplier is selected for a shortlist, reviewed, awarded, and rated is very useful criteria for a buyer who is looking for a supplier that might be more appropriate or less risky. Ratings on skills, customer support, etc. would also be quite useful. Detailed reviews on capability, performance, product quality, and capability are also very useful. Buyers need to know more than just that the supplier exists and provides product X and service Y. They need deeper insight when given a bevy of options but no clear way to differentiate between ten potential suppliers that are new to them.

Also, as you may have guessed by now, the best discovery product is built on a network and two of the best uses for a network are discovery and collaboration. The two go hand-in-hand, because, frankly, the C-Side supports Collaboration.

Source-to-Pay+ is Extensive (P17) … Time to Break Down the CORNED QUIP of Supplier Management, B-Side

Having identified Supplier Management as the next solution after Spend Analysis, we quickly realized that identifying the right Supplier Management solution would be difficult as supplier management has as many aspects on its own as Source-to-Pay has. Not only do we have to decide which core capabilities in the CORNED QUIP mash are important to our organization, but we have to make sure that the solution covers the baseline requirements for each capability that is important.

In our last post, Part 16, we reviewed three (3) classic features of Supplier Management. Today we will look at the next three (3) in the hopes that when we provide you a list of vendors later in this series, you will have the basic information you need to properly evaluate the vendors that choose to return the RFP that you send to them. Let’s get to it.

Compliance Management. (GRC)

Supplier Compliance Management (SCM) address the compliance, and often the Governance-Regulatory_Risk-Compliance, aspects of the supply base in an effort to ensure compliance from the source. In today’s ultra-complicated global regulatory environment, it’s hard to keep on top of everything a company has to be in compliance with from a product and operational perspective, especially when it produces goods in one country, transports through intermediate countries (which require strict compliance with ALL local laws if you are not transporting through a FTZ), and then sells the product in ten other countries. This is where you either need a huge amount of manpower, or technology. Plus, while some violations amount to nothing more than a small fine (which is often cheaper than hiring the manpower to dot the i’s and cross the t’s), violating anti-trust, human trafficking, banned substance, or debarred/prohibited/banned companies can land an organization, and in some countries its C-Suite, in major trouble. For many companies, this is one of the most overlooked, but critical, elements of supplier management.

Integrated Regulatory Requirements & Guidance
The entire point of a compliance solution is to ensure that the suppliers are complying with appropriate government regulations to ensure that the organization doesn’t get in trouble for something a supplier did (which the organization can get in trouble for if the supplier has slavery or human trafficking in their supply chain, uses banned substances in the product, engages in bribery, and so on). The providers of the solution should be extremely familiar with the regulations in each country their solution supports, should encode all of the information that needs to be tracked and checked, and should capture all of the information needed to ensure the suppliers are being compliant with the necessary regulations, based upon the buyer’s geography, the supplier’s geography, and the products the supplier is making on behalf of its buyers.
Automated Tracking and Alerts on (Potential) Non-Compliance
A buyer doesn’t have time to log in to a system everyday to check what’s going on with current suppliers and current projects, nor should they have to manually update reports and status checks. The system should automatically be pulling in all necessary data for monitoring from both internal and external systems at the frequency those systems are updated (although more often then daily is typically not necessary if the system the data is being pulled from updates the public / available data more than once a day), updating the affected models and status checks at each pull, and immediately alerting the buyer through email, messaging service, and/or any internal project management system the buyer logs into daily (through an API integration) if a supplier is in non-compliance with a critical regulatory requirement (that could get the buying organization into hot water).
Custom Regulatory Requirement Support
No SCM solution is going to support every regulation out of the box, especially if it is both industry and locale specific to just one country that the majority of the provider’s client base doesn’t do business in. However, if your organization does business in that country and is subjected to that regulation, you need to ensure compliance, and you don’t want to use another tool to do so. Thus, it’s critical that the platform support the definition of additional regulations, the requirements that need to be tracked, the data that will indicate compliance or non-compliance, and where that data will come from. Then, the platform can be extended to meet all of the organization’s compliance needs.

Quality Management.

If all a company (like a retailer) is buying is commodity goods or fixed services, and one supplier can quickly be switched out for another, quality management may not be that important. However, if a company is reliant on selling custom, or customized, manufactured goods or systems, quality is critical. If the organization gets a reputation for selling products that don’t work, or if the warranty costs skyrocket, the company could be in serious financial trouble. Internal Supplier Quality Management (SQM), vs relying on a supplier or a third party, is critical.

Support for at least one major PIP: Six Sigma, Kaizen, PDCA etc. (PIP: Process Improvement Paradigm)
Quality doesn’t just happen, it’s the result of a best-practice manufacturing process such as Six Sigma, Lean, Kaizen, or PDCA (Plan, Do, Check, Act). (There are more.) A good quality management platform will support at least one of these process improvement paradigms, and preferably support the PIP typically used by your organization and/or your preferred suppliers. (It should support multiple paradigms, but no one platform will do everything.) It should be easy to instantiate instances of the process and customize it for the project at hand.
Support for at least one major vertical specific Quality process: APQP, DFSS, 8D, etc.
In some verticals, and/or for some suppliers, you will need to use very specific quality-based manufacturing processes such as Advanced Quality Product Planning, Design for Six Sigma, or Eight Disciplines. These processes are used for particular products and need to be supported for the design, or analysis post-design / prototype manufacturing, to try and discover what didn’t work as planned. The processes should also be customizable for variances used by the organization.
Quality Specific Metric Based Tracking and Benchmarks
It should allow for the definition and tracking of metrics specific to quality, as well as the creation of organizational benchmarks by supplier and category, and pull in any necessary data from other systems — the user should not have to punch out to a performance management application just for this. If you can’t track quality improvements, or lack thereof, then you can’t actually manage quality.

Uncertainty Management. (Risk)

Supplier Uncertainty Management (SUM) is the next generation of a supplier risk management solution. Why uncertainty? Firstly, by the time you detect a “risk“, it could be too late. If you don’t see that iceberg until it’s too late to steer the ship, you’re going down. The key to success in risk management is to identify uncertainty, detect leading indicators, investigate, and, if necessary, initiate action early. And while you may get a lot of warnings that don’t require any (immediate action), it’s better than not getting that one warning that the one critical control chip that can only be made by that one supplier is not going to materialize in six weeks because the supplier’s plant was just shut down by a fire (that they decided against telling you about). In this situation, you’re going to need every single day you can get to identify substitute designs and chips you can order from other suppliers to create alternate, acceptable, products to fulfill your orders or risk losing customers. Secondly, SRM is already taken as an acronym. (Note that, over time, a good solution will allow you to adjust the thresholds and the warnings the solution produces so that the majority of alerts you get actually need some sort of [immediate] action.)

Low-Code/No-Code Open API Based Data Integration
The old age that you can’t manage what you can’t measure is true, and it’s doubly so where risk or uncertainty is involved. You need a lot of data, metrics on that data, benchmarks and historical trends to compare against to detect uncertainty before it becomes certain disruption. And it doesn’t matter how many data feeds are “out-of-the-box” because they will never, ever, cover everything you need now and definitely will never, ever, ever cover everything you will need as new regulations arise, new suppliers enter the picture, new software products enter your corporate ecosystem, new events happen in the world, and so forth. You need to be able to quickly and easily integrate the data you need when you need it, dynamically extending the schema as necessary to support it and altering the uncertainty detection models as needed to take the new data into account.
Built-In and Custom Metric-Based Risk Models
It’s hard to detect a potential issue before it occurs without a lot of data, and models that appropriately process that data to identify trends or patterns that have typically (with reasonably high probability) led to disruptions in the past when those trends or patterns emerged. And it’s harder still to create those models if you just don’t have the expertise in risk-based modelling. As a result, the platform should come with a number of standard, built-in, models for the industry you’re in relevant to you and your tier 1 suppliers. However, every organization’s situation is slightly different in terms of its geographic location, size, primary customer market, primary supply market, reliance on certain products or manufacturers, reliance on certain raw materials, and so on. So, while each company in an industry will generally face the same risks, the probability of a specific event occurring, or risk materializing, will be different. As a result, many of the models will need to be tweaked. Furthermore, if the company is introducing a new product type or line of business, that could come with unique risks, the organization may need a custom model built from scratch. Plus, as new regulatory requirements, good and bad, rear their ugly heads, it’s important to identify which suppliers could be at risk of not being able to meet them in time so that the organization can either proactively work with those suppliers to address the new regulatory requirements or find new suppliers. Flexible modelling is everything.
Semantic and Sentimental News and Event Monitoring (Integration)
Not all relevant data for identifying uncertainty in the supply chain, or supply base, is numeric. Some of it is semantic, and contained in news stories about events that directly impact the supplier or indirectly impact its customers in other countries. If a flood takes out the local power station, it’s out of operation until the flood subsides and the power station is repaired. If that’s two weeks, and it takes the supplier two weeks to minimally repair its plant and start production again, the supplier is out for a month. If you were expecting your order in five weeks, it’s not happening. A border closure for political reasons will cut off your supply, and if you’re the only foreign customer in your country, the supplier may not be aware until it tries to ship. Semantic news and event monitoring is critical, either internal to the product or through a subscription service. Also, if sales are highly dependent on brand perception, semantic monitoring of social media is highly critical because if brand perception drops, sales will drop, and the organization will have to quickly reduce future orders or get stuck with excess inventory, which it will lose out on when it has to fire-sale that inventory to avoid (environmentally damaging) dumping.
Customizable Alerts and Triggers
The models need to be continuously re-run as relevant data enters the system (which should be daily) and the user alerted to a change that is significant or exceeds a threshold. Rush fans have known for forty (40) years that a distant early warning is key because that’s just the tip of the disaster iceberg. Moreover, the organization should be able to define it’s own thresholds and change tolerance as its experienced engineers and product managers will know when they should at least be taking a quick look behind the curtain to see if it’s just a temporary loop or the beginning of a downward spiral that needs to be intercepted and prevented.

In our next instalment, we’ll move on to some of the newer, or at least broader, capabilities emerging in the Supplier Management landscape.

Source-to-Pay+ is Extensive (P16) … Time to Break Down the CORNED QUIP of Supplier Management, A-Side

So, we’ve implemented e-Procurement, adopted Spend Analysis, and identified Supplier Management as the next Source-to-Pay solution to implement. But it has as many aspects on its own as Source-to-Pay has, so finding the right solution is going to be tough. First we have to decide which aspects of the CORNED QUIP, as identified in Part 15, the organization needs, and then we need to make sure that the solution has the necessary features for each aspect the organization needs. What are those features? Let’s take the aspects one by one, starting with some of the classic capabilities first.

Information Management.

Supplier Information Management (SIM) is where it all began back in the early 2000s. Some would even argue that it began with the formation and launch of Aravo, one of the first pure Supplier Management solutions, and possibly the last surviving great granddaddy in the Supplier Management space. (Aravo was among the first to get big name clients, including Google, using a pure-play SIM platform.)

Almost every Supplier Management solution does basic Supplier Information Management because you can’t really do any supplier management without tracking basic information. (However, these solutions are not all equal in terms of depth and breadth, and the degree of differentiation is quite large.) The core, and the point, of a SIM solution was the centralization of all supplier information for tracking, access, and reporting purposes, which, long ago, was seen as the foundation for management. As a result, the core capabilities required are both limited and fairly obvious:

Extensible Schema
If the schema is fixed or has very limited extensibility, it’s not a modern SIM solution — every S2P system can store the supplier information the S2P system needs to function in a fixed, or limited extensibility, schema. A modern SIM solution has to support unlimited extensibility so that an organization can use it as the supplier master data management (SMDM) solution.
Fuzzy Search
More technically, full reg-ex (regular expression) search across all data fields for partial/like matches as well as weighted rankings (using customized similarity models) for finding the right suppliers (with existing relationships) to meet buyers’ needs.
Customizable Approval Flows
Just like every S2P solution contains a fixed schema that captures the supplier information it needs to function, any that require supplier interaction have a basic onboarding flow. As such, a modern SIM solution needs to have customizable onboarding flows with customizable approval rules.
Customizable Alerting
The platform should support configurable rule-based alerts that can be defined on any field, dimension, or derived dimension to alert a user when a threshold is reached or a value is detected, especially as a modern SIM solution should be the foundation for SMDM. This sounds vague, but the capability has to be very generic and flexible because neither a relationship, performance, compliance, or uncertainty solution will be able to detect everything on their own.
A relationship system that tracks active supplier relationships may not detect that a person just entered into the system as a rep is one that you dealt with in the past (at another supplier that consistently performed poor when you needed to interact with that rep). A performance solution will only detect performance for projects and suppliers actively being tracked, and may not be able to compare that to full historical benchmarks (or realize that the increase in performance correlated to a decrease in ESG activity). A compliance solution will detect compliance with regulations, but not necessarily with corporate goals designed to meet anticipated regulations, or how the compliance affects performance. The uncertainty solution will only be able to identify risks based on the integrated data sources and the integrated models, which won’t cover everything. Nor will it be useful to build risk models for situations that are currently irrelevant for the organization. However, the organization should be detecting whether it may need to build new, or augment, existing models — and that will often be if a value in the database exceeds a threshold. (E.g. The organization is not currently doing a detailed risk of financial failure predictions, but an OTD KPI dropping below a threshold is a signal to start, and that data is currently only tracked in the inventory management solution, and pushed to the SIM, serving as the SMDM, in the weekly cross-enterprise system synch.)

Relationship Management.

What’s the point of tracking information if you don’t do anything with it? The next major solution to hit the scene was Supplier Relationship Management (SRM), where the data was used to help manage the supplier relationship. The majority of modern supplier management solutions claim to be SRM platforms, even though they have wildly different definitions of what SRM is and wildly different functions. Most definitions considerably overlap with SIM and SPM, but we don’t agree with this. While such a system needs extensive data to be effective, and must track performance, it needs to focus on managing the relationship, not the data or the numbers.

A Supplier Relationship Management solution must provide functionality geared around managing and improving the supplier relationship. This must include functionality geared towards helping a buyer identify and implement best practices to manage and improve supplier performance and, in addition to functionality geared towards helping the supplier interact with the buyer, collaborate with the buyer to proactively identify and improve processes to improve future performance.

Synchronous and Asynchronous Messaging
In addition to the standard asynchronous messaging supported by every platform with collaborative elements, it must also support synchronous messaging and real-time discussion and collaboration through voice (with auto-transcript and storage) and screen-sharing and support saving, search, and semi-automatic/assisted work/change order creation from these sessions.
Collaborative Project and/or Product Plans
The system must allow for the collaborative creation of (improvement) project plans — with milestones, tasks, and owners — as well as checks, balances, notes, and sign-offs. If the solution is for direct/manufacturing, it should also support the creation, possibly through integration hooks to CAD/CAM systems, approval, and management of product (production) plans.
Integrated Best Practice Guides
A modern solution should contain a large library of standard improvement plans for common situations, as well as automated best-practice plan selection and guidance when key metrics (either computed internally or imported from an SPM solution) exceed threshholds or predictive metrics indicate likely problems. If the platform does not provide insight, at the end of the day, it’s no better than a SIM.

Performance Management.

At the end of the day, relationships are important, but you, as a buyer, get measured on performance, and you need that from your suppliers too. Relationship management should be the foundation for improved performance management. However, performance management is more than just relationship management. It’s measurable process, and product, management, and that’s the focus of a Supplier Performance Management (SPM) capability.

KPIs and Custom KPIs
Performance is all about improving KPIs, so it should be obvious that the platform should track KPIs. But not just a small set of standard “canned” KPIs! The platform should track standard, customized, and any specific KPIs you can think of to identify potential issues or opportunities for improvement. Just like there is no one set of reports that can uncover everything of relevance in a spend analytics project, there is no one set of KPIs that can guarantee everything is running smooth and that there are no opportunities for improvement. While the standard KPIs are critical, and display major issues that need to be addressed, you want to discover those KPIs that present leading indicators that allow you to sniff out, and deal with, a problem early (before it becomes significant enough to make a noticeable difference in a standard KPI).
Internal and External Benchmarks
KPIs are good, but only measuring against your own benchmarks only tells you how good each supplier is doing against the best supplier for your business, not the average performance other businesses in your industry get from their suppliers, or their best suppliers; you want those external benchmarks built from anonymized data for deeper insight from the KPIs you calculate.
Easy Data Ingestion
Product quality is going to be in the quality / PLM system. OTD (On-Time Delivery) is going to require promised dates from the contract/PO system and receipt dates from the inventory system, etc. It’s going to be critical to get lots of data from related systems to make the maximum use of the supplier performance management module.
Performance Improvement Management
Once you detect an issue from a KPI or a benchmark, you need to do something about it. It might be as simple as contacting a supplier to find out that the root cause was force majeure and outside of their control (a flood prevented transport for three days) or just the result of a miscommunication or it might be that the supplier is repeatedly delivering defective units and there is obviously an issue with their quality control. In the latter case, you will need to start a supplier development project, and the platform should allow you to define it, track it, and, hopefully, manage the interactions (possibly through the relationship management functionality).

In our next post, we’ll move onto the next set of the more classic capabilities: Compliance, Quality, and Uncertainty Management when we flip it to the B-Side in Part 17.