Category Archives: Best Practices

The One Big Benefit Of NOT Going AI …

You don’t have to worry about your AI vendor going toes-up when power costs go through the roof and your AI vendor can no longer charge pennies for compute when its costs rapidly become dollars and it can’t pass them on due to contractual commitments to existing clients (or to new clients who won’t pay dollars for computations that might return hallucinations).

The new generation of AI tech — Gen-AI LLMs / AGI — requires way more compute power than the last generation, 100 to 10000 times more on average, for most requests. Grids are stretched and beginning to break. We’re at the point where only nuclear can power the data centre needed for a modern Gen-AI/AGI offering. And, as per Koray Köse’s recent article on AI leadership is about who controls the power, U.S. nuclear plants operated at 92.3% capacity last year. OUCH!

THERE IS NO ENERGY LEFT!

You can’t build a new nuclear plant overnight — if you can even build one at all anymore! Last year, DOGE’s Firing Fiasco at the NNSA stretched an already stretched organization even more. Many returned to work, but not all, but budget cuts likely left them without the capacity to even properly monitor existing aging nuclear infrastructure, yet alone approve more plants.

And it’s not even clear how much know-how is left in the US to build new plants. The Vogtle Units 3 and 4 in Georgia were the first units built from scratch in over three decades. The experience and expertise isn’t there to safely build these plants en-masse.

And the last thing the US wants to risk is another meltdown. Three Mile Island wasn’t a Chernobyl, but all it takes is a rushed private sector job with a lack of proper oversight and testing and one small mistake to trigger the next meltdown on US soil.

In other words, the power isn’t there for more AI.

So those organizations that can do without modern AI, that can use classic solutions with fit-for-purpose last generation AI that requires a fraction of the power and can run on already strained, non-nuclear, grids will be the big winners when the power squeeze hits and the Big AI players start dropping like flies.

AI is Exacerbating the Need for Global Data Centres NOT Controlled By US Firms!

A recent post by Joël Collin-Demers on why Your LLM Doesn’t Need a US Passport pointed out two very important facts that you’re probably not aware of but should be:

1. Your company is feeding sensitive data to US-based LLMs every single day.

2. The US CLOUD Act lets American authorities demand data from any US-based provider REGARDLESS of where their servers sit in the world!

In other words, you’re giving the USA full access to all of your proprietary and confidential data anytime they want it — in full breach of your data localization laws if you’re NOT in the US and in a country with such laws (and if you’re not in the US and don’t yet have data localization laws to adhere to you will soon have such laws to deal with as a result of the US global over-reach for your data to feed its AI).

This is not just an AI problem (which, if you think you really need, you have other non-US options if you are not a US company as per Joel’s extensive list), it’s an overall SaaS/SaS problem. If you’re not a US company, you need to make sure that not only your data, but all of your applications (including, but not limited to, AI) are hosted in non-US owned data centres off of US soil without safe harbour agreements.

The Best Article Xavier Olivera Has Ever Written!

In what “good” looks like today, and what it enables next, Xavier writes:


The next phase of P2P evolution will not be defined by who adds the most AI features fastest. It will be defined by who builds systems that make better decisions easier, safer and more repeatable, without losing the discipline that P2P was designed to enforce in the first place.

Truer words have never been spoken, especially in the Age of AI hype where the A.S.S.H.O.L.E. floods us with AI BS faster than we’ve ever been flooded with tech propaganda before!

Gen-AI LLMs (which are now powering the AGI craze, because if the first offering flops, just tweak and relaunch it with a few new buzzwords and claim it just needed more time, processing power, and tweaking) are not intelligent. They’re not even reliable. Hallucinations are a core function, Predictions are based on data available, even if it’s incomplete, incorrect, or indicative of actions known to be wrong for the situation in question that is typically an exception to the rule (or pattern). And many actions that can be taken automatically by these systems can’t be reversed (as there is not only no mechanism, but when they trigger an external event, the ability to reverse an incorrect action is completely out of your control).

Given this harsh reality, while they can monitor and make suggestions on how to govern, they can not govern and they do not count as governance. Governance is the only way to get to better, safer, and repeatable decisions. In reality, these Gen-AI /AGIs count as risk. Any error made with respect to a commitment (transaction, obligation, contract, large financial transfer) is an error that increases organizational jeopardy!

Governance is predictability, determinism, explainability, and traceability. This is not modern LLM-based Gen-AI / AGI system, but a traditional RPA or modern ARPA system (where all suggested rule and workflow changes and adaptations to prevent a future exception from occurring must be approved by a human) where all actions are governed by unbreakable rules, all exceptions are approved by a human, and all actions are completely traceable and 100% explainable — with no lies.

Remember that when you’re looking for your next Procurement solution, or you’ll end up with one that is worse, more dangerous, and less repeatable than the last generation solution you have now. For example, let’s say you implement an agent that monitors the inbound email channel for supplier communications regarding payment instructions and invoices. A communication comes in requesting a change of banking details for a supplier. The IPs and source domain look good so the change, and the change is to another bank local to the supplier (that they did business with in the past), so the update is sent to the AP system. The next day, an invoice comes in from the supplier for 10 times the number of units on the last PO. It’s from a supplier where shipment quantities never match the PO and where the buyer always approves the discrepancies, so the invoice is automatically paid. The next day another request comes in to change the bank account back to the original. It also passes the AI’s sniff test, so it happens. No one notices that a multi-million dollar payment was made to a fake supplier on a fake invoice, until the real invoice comes in a few days later, gets rejected because the PO has been matched, and the supplier flags an issue two weeks later when its AR team finally gets around to processing the exception, the AP team investigates, tells the supplier an invoice was paid, a back and forth occurs, and when the supplier finally gets the “proof”, informs the buyer that is NOT their bank account. By now, over three weeks and a day have passed, and the funds are unrecoverable as the thieves transferred the money out of the country and closed the fake account the day the fake invoice was paid. This is the “governance” you’ll get from an unintelligent agentic solution (masquerading as an AI employee) that does everything on probabilities.

Exact Purchasing is a Pocket Cube Part 5

Today we conclude our discussion of the pocket cube for exact purchasing, focusing on the low risk, but high complexity categories.

High Complexity, Low Risk, Low Impact: Spend Governance

In this situation, which Kraljic would likely also classify as “bottleneck” and Busch as “relationship governance”, Busch is quite close. High complexity, but low risk, is all about governance. It’s not about managing generic market risk, because that’s low, but managing assurance of supply because the complex requirements dictate that there aren’t a lot of suppliers who can supply the product, part, or raw material you require to your exacting specifications.

However, because the category is low impact and disruptions are recoverable, the focus is more on spend management across a potential supply base than supply assurance across a limited supply base. This is a key distinction. You’re not going to waste time going above and beyond in relationship building for something that isn’t critical, no matter how limited the global supply base might be. You’re going to go above and beyond for what is.

Potential categories here would be data centre construction (where there are multiple providers for everything, unless it’s an AI data center and you need Nvidia processors), BPO (for standard back-office functions), and facility management (which is run of the mill).

This brings us to our last category:

High Complexity, Low Risk, High Impact: Relationship Governance

When the complexity and impact are high, but you’re not too concerned about risk, you’re managing the relationship, even though this would likely be “strategic” category for Kraljic and “cost architecture for Busch. You’re making sure that the proven product from the sourced supplier at the pre-negotiated price points flows consistently and reliably. Especially when any disruption at all will be impactful and you know you can’t necessarily replace a source overnight.

Unlike other categories where you are focussed on the end-to-end price points (transaction-centric categories), market signals (market risk categories), and BoMs (cost architecture categories), in this category you are focussed as much on the obligations and SLAs, forecasts and consumptions, associated value-add services, and factors where the suppliers deliver against the complexity that you need.

If you look at Busch’s matrix, you’d think this was just service-categories, and most of them will fall here (because services are often complex and critical to your business, but low risk since you won’t select a risky supplier or one who doesn’t have the personnel ready to be deployed), but it’s also categories where service-augmentation is common. This could be utility categories (where the supplier is both building you a power plant or data centre and managing it for you), line equipment categories (where you need the equipment to power your production lines and suppliers to step in and fix it promptly if it breaks), software categories (where the supplier selects software and installs it for you), or any other category where the product comes with a service (including computer peripherals where the supplier handles all the warranty repair). It’s a bit of a mish-mash, and one of the most difficult to define and manage in the organization as each category that falls here could need to be managed quite differently.

This concludes our initial presentation and discussion of the pocket cube of exact purchasing, and I’m sure Jason will soon have a V2 model to present to you.

Exact Purchasing is a Pocket Cube Part 4

Today we continue our discussion of the pocket cube for exact purchasing, focusing on the high risk, but low complexity categories.

Low Complexity, High Risk, Low Impact: Continuous Market Monitoring

In this situation, which Kraljic would likely classify as a “bottleneck” and where Busch would likely say the answer is “relationship monitoring”, market risk starts to take central focus. But the answer isn’t really relationship governance, because you don’t govern a relationship for an easily replaceable item (low complexity) that has limited organizational impact, you quickly replace it. You do that by continuously scanning for market risks, and taking action right away when one is detected.

It’s very similar to what you would monitor for in a low complexity, low risk, high impact item, but instead of just monitoring the cost and the supply chain, you’re also monitoring the supply base for potential risks in the suppliers, carriers, and routes that you are using. And you are monitoring relevant index prices & future curves, oil prices and other indicators of local fuel costs, tariff announcements (and threats), currency movements, current promotions, and other related signals.

Common categories here will be less critical metals, energy, and food commodities. Most metals can be relatively easy replaced, especially if a moderate cost increase isn’t that detrimental; there are usually alternate energy / grid sources (and you can always build your own plant) that you can contract, for a bit more; and unless it’s a food commodity in limited supply globally where there is no substitute (like coffee), it’s just paying more. What falls here versus in the low complexity, low risk, high impact bucket will often be industry, and even company, dependent.

Based on this, if a disruption occurs, you rapidly re-act and re-source to other pre-approved suppliers and carriers in your extended network.

Low Complexity, High Risk, High Impact: Market Risk Management

In this situation, which would likely be “strategic” under Kraljic and “cost architecture” under Busch, you graduate from continuous market monitoring to full-blown market risk management. Market monitoring and rapid reaction is not enough, because you can’t afford any potentially preventable disruptions in a high-impact category. In this situation, you’re monitoring everything you would for a low impact category, plus any ancillary data that could impact the category — such as weather for critical deliveries that need to be made on time, geopolitical signals that could indicate (escalating) conflicts or trade barriers, correlated material or commodities that often serve as indicators of forthcoming pricing changes, and any other signals that could indicate a future impactful event.

It also means that you’re pre-defining potential mitigation plans that will allow you to re-source very quickly if something happens. You’re not doing full-blown supply chain / cost architecture design because the category is not complex, and there should be lots of potential suppliers, but you are doing full blown risk-centric monitoring because you can’t risk unnecessary impacts to your business. And you’re defining what mitigating actions you can take so that you can immediately execute on one or more of them should you detect a disruption signal. This might be shifting current supply/orders 100% to the minority supplier, re-sourcing against a pre-approved supply base, sourcing a substitute item, etc.

Common categories here will be critical metals like meteoric iron, low background steel, tool steel, and ultrahigh carbon steel; rare earths which are only mined in a few countries; and critical food commodities with limited production sites (like that all important coffee bean).

Tomorrow we will conclude our discussion of the pocket cube of exact purchasing for our last two categories.