Category Archives: Risk Management

Supply Risk Solutions – Taking Transparency to Thwarting

Risk and Uncertainty should be front and centre in the mind of every buyer and supply chain manager these days. Natural disasters are at an all time high, we’re still feeling the impacts of supply chain slowdowns and shutdowns during the pandemic, and political instability globally is introducing new headaches into your already fragile supply chains.

You need to maintain a handle on what’s going on in your supply base, and extended supply chain. In the beginning, this was an SRM/SXM solution which maintained information on your tier 1 suppliers, the products they supplied you, their typical on-time performance, and basic financial information. Over time these added basic risk metrics / 3rd party risk data which was supposed to give you some insight into how risky your supply base was, but considering this was usually financial information, it wasn’t a very good solution.

Then we got transparency solutions — and you know many of the big names here, which include Everstream, Interos, Resilinc, etc. — which allowed you to track your supply chain down multiple tiers to the source. Over time, these added news monitoring and event monitoring so you could get indicators of potential issues from news articles (which could include labour issues, for example) and nearby natural disasters (hurricanes, cyclones, earthquakes, etc.). Properly configured and maintained, this gave an organization instant insight into a potentially disruptive event and allowed them to take immediate action if necessary.

This was great, at least before the pandemic, because if you had 2 to 3 months of notice that your supply was going dry for a while (due to a fire, flood, or major plant damage), or longer, you could instantly switch to your secondary supplier (if you were dual-sourcing for risk mitigation) or start looking for a new source of supply. But now that supply chains are still stretched thin, supply choices are limited, raw materials are in more limited supply than ever, and supply chain cycle times in many industries are still double to quadruple what they used to be, a warning is not enough.

You need to do more than monitor the supply base, you ned to mitigate risk of disruption IN the supply base. It doesn’t matter if your risk preparedness is A+ if your supplier’s risk preparedness is F. A disruption in your supplier is a disruption to you, regardless of what plans you do and don’t have. This is where Supply Risk Solutions comes in. Not only are they one of the oldest (and first SaaS) solutions in the supply risk monitoring space (dating back to 2007), and one of the first to offer full supply chain transparency, but the first to go from transparency to disruption prevention. By ensuring your suppliers do proper risk planning, mitigation, and preparedness, your disruptions can be reduced up to 60%. That’s right. Sixty Percent!

While you can’t guarantee a disruption free supply chain — since you can’t predict (or prevent) natural disasters, political embargoes from disturbed dictators (or global reactions against them), or significant economic events (such as bank failures) which send shocks through the system — you can eliminate preventable disruptions and minimize the impacts of those non-preventable disruption events with proper identification and mitigation planning.

This is where Supply Risk Solutions is unique — it’s deep focus on enabling suppliers to identify areas of risk that could cause disruptions and providing them education, training, and resources to address those risks. Supply Risk Solutions does this based upon 16 years of supplier data that they have collected and correlated to disruptions. Based on this long-term deep analysis, they have developed and optimized a list of key indicators, and standard supplier surveys for multiple industries that collect this indicator data.

In addition, as they directly serve over 23% of the global semiconductor industry and 36% of the US Healthcare market, they have very deep data on disruptions, mitigations, and improvements that can be generated in these supply bases and they do an exceptional job here. (Especially as they have been doing it for years and years, getting better every year as their database gets deeper and more extensive.)

The solution, which is always free for suppliers and their suppliers, allows a supplier to define their employees who need access to the system as well as the suppliers they use as tier 1 inputs. When a supplier is added by a customer, they get an invitation to complete or share a standardized risk assessment with the customer for every site they will be using. Since the solution was designed to be single sign on for the supplier and give them complete access to, and control over, all of their data, if they have already completed the survey (for the categories they are supplying), they can share their existing survey. If they have not for one of more sites they are using, they can complete it for those sites and just share just the data the new customer needs.

But the real power of the platform is that once a supplier fills out the survey, that captures the key risk and disruption indicators for that type of supplier, the platform computes a risk of disruption profile and identifies key actions and mitigations the supplier should take to considerably decrease the chances of disruption in the future. And the actions and mitigations work. With almost two decades of data, they know what works and what helps.

This is why we’re covering them and why you should know about them. The providers we referenced above all do transparency, news monitoring, and event monitoring — like Supply Risk Solutions — and some have deeper operational resilience, cyber-monitoring, or other unique capabilities — but none are as focussed on reducing the risk of disruption in the supply base by providing you, and your suppliers, the insights, guidance, and monitoring your suppliers need to reduce your disruptions.

The reality is that it doesn’t matter how operationally resilient you are, how much insight you have into your supply chain, or how prepared you are for a disruption — if you are entirely dependent on your supply base for the products you sell or the services you need for continued operations, your resilience is ultimately their resilience, and, even worse, the supplier with the lowest resilience you are dependent on.

So you need to focus on your suppliers’ resilience, not yours. We know you don’t have the time, and that’s where SRS is also somewhat unique in that they also offer supply chain disruption monitoring and prevention as a managed service where they work with the suppliers and help them to maintain their data, understand their risk assessments and mitigations, access the necessary training and best practices, and create plans to address them. By identifying, and addressing, potential root causes of disruption before a disruption happens, many disruptions can be prevented, and those that can’t (like natural disasters), can be mitigated to the extent possible. And that’s how, for their clients, they reduce supply base risk by up to 60% (depending on the maturity of your suppliers).

Also, they have one of the best handles on what external events are likely to affect a given supplier site of all of the providers. Their database contains every natural disaster that’s ever been recorded back to 1850, and they’ve been maintaining deep data on relevant events since their formation 16 years ago. For a given event, they can predict the likelihood of occurrence and the likely impact and, based on that, recommend the most appropriate mitigation.

It’s very affordable, and if you are a US healthcare provider, you can even check out Supply Risk Solutions, and use it, for free on your top 10 suppliers to get deep insight into what it can do for you. (Since they, indirectly through partners like Vizient and HIRC, serve over 50% of the US health care industry, they likely already have all of the data on not just the top 10 suppliers for a hospital, but most of the top 100.) It’s definitely worth checking out, and when you see the value, upgrading to at least the first tier solution.

2030 is too late for Center-Led Procurement!

Especially since 2020 was too late! And organizations should have been there by then since center-led procurement was being discussed as the next generation model in the mid-2000s and, more importantly, as the futurists were predicting that the future of work, and companies, was remote and distributed last decade, every company should be “center-led” by now.

(Note that we mean “center-led” and not “centralized” where one central office handles all major procurement projects globally. We mean center-led where a centralized function determines the best procurement path for each category — which could be centralized, distributed, multi-level, or mixed — and provides guidance to all of the global teams and makes sure they build the right procurement — and supply chain — models up front.)

In fact, by now, all organizations should be working off of a virtual center-led model where the “center” is the Procurement A-Team, where the members could literally be spread out over the 6 continents to “locally” absorb the situations in each geography before making decisions and to always have someone available to answer questions on not just a follow-the-sun but follow-the-local-business hours model.

And while virtual / remote / distributed work still seems to be an entirely new thing that most companies didn’t think of before the pandemic and that most companies are trying to eliminate entirely now that the pandemic has been declared over (even though the next pandemic is just around the corner and, yet again, no one is prepared for it), those of us in IT and Supply Chain have been doing it for two decades (and the doctor has been primarily been working remote for the past 19 years — the tech has been there, and has worked, for two decades … and now that high speed is in just about every urban area globally, there’s no reason a hybrid/virtual model cannot work and work well).

The reality is that the pandemic not only brought global supply chains crashing down but brought to light the high risk embedded in them a few of us saw a decade ago, which went beyond the obvious risks of “all your eggs in one basket” (even though Don Quixote was published in 1605) and “The Bermuda Triangle*1, but also included the risks of relatively centralized procurement where one team in one part of the globe made the all-our-eggs-in-the-China-basket*2 and managed the relationship with one team at one factory in another part of the globe; so if either team got completely locked down with little remote/virtual support (and we saw some countries limit people to 1KM from their homes and China lock down entire cities and not even let people leave their apartments), the entire chain was shut down even beyond the worst case that some of us were envisioning a decade ago (and made our definitions of bad — which was factory goes out of business, shipping lane closes, or ship sinks — look good by comparison because, at least then, you could still go to work and travel to find a new factory, organize a new lane, or spin up the factory 24/7 until you remade the order).

However, with virtual center-led, you not only have a team that knows how to work distributed and remote, and who knows how to use that setup to better mitigate operational risks, but who also has a risk-mitigation mindset that any supply base should also be distributed and different locations remote from each other (two factories in the same town is not risk-mitigation; an earthquake destroys the roads, the entire town gets quarantined, or political borders shut and its effectively one cut-off source of supply) and will help the different parts of the organization design more risk-adverse, or at least risk-aware, supply chains — tapping into local expertise in each part of the world to make the best decision and allowing the organization to move management of the chain around as needed and local teams (because you’re not sourcing your Canadian snow-plow and igloo building services from India, for example) to always have remote access to guidance and best practices in snow-removal services RFP construction (and know how from Norway and Japan).

In other words, center-led procurement (of which you can find a lot of guidance on in the archives here and over on Spend Matters, especially since, now retired, Peter Smith of Spend Matters UK was a guru on this as well as sustainability) of the virtual kind is what you need to be doing now if you want to last until 2030.


*1 which, while statistically no more dangerous than any other part of the oceans, exemplifies the fact that even the biggest ships, with an entire year of your inventory on board, can sink, especially when oceanographers have finally realized [even though mathematicians working with wave models understood this concept decades ago] that rogue waves are not a once a in decade occurrence, but a DAILY occurrence on this planet, it’s just that the ocean is so big that the fraction ever covered by ships is so microscopic that the chances of any ship encountering a rogue wave are infinitesimal on a ship-by-ship basis)

*2 likely thanks to McKinsey, although many of the Big 5/6/8 followed suit quickly thereafter and proclaimed China the future

Visibility is Key to Managing Suppliers

For the first part of this week, we have been talking about the significant overlap between sourcing and supplier management and the necessary platform elements needed to support both. Key elements included performance, relationship, and risk management, because all are necessary for sourcing and supplier success.

Spend Matters recently ran a 3-part series on a sub-set of the issue, based on a recent interview with Ecovadis, that talked about how Visibility is Key to Managing CSR Risks in Indirect Spend (Part I, Part II, and Part III). But visibility is needed for more than just addressing risks in indirect spend. It’s also needed for addressing risks in direct spend.

Direct spend has all the same risks, they just aren’t one step removed through an intermediary. And you have to trace all of the products down to the raw materials to identify not only in your supply base, but your supplier’s supply base, their supplier’s supply base, and their supplier’s down to the mine, the farm, or the harvester.

But it’s not just the suppliers you need visibility into, it’s the environment that surrounds them. After all, a natural disaster can cut them off. An economic downturn can render them bankrupt if the currency they do business in (and keep the majority of their cash on hand in) crashes. A geo-political uprising can cut them off at the border. A port strike can cut off their primary shipping routes. And so on. You need a full 360-degree view around the supplier to ensure success.

But how do you get that? You can’t watch everything everywhere, and when you consider the extent of the global supply chain, you almost have to.

That’s why it’s key to have a platform that can integrate with 3rd party sources as you will need to integrate dozens, if not hundreds, of data sources to keep on top of all of the data you need to populate the models to evaluate and track the risks.

And that’s why two of the key elements we look for in a platform are integration and dynamic data model extensibility. You never have enough data. Without the right data, you don’t have the visibility, and that’s key to success. Or at least to preventing major unexpected disruptions.

Five Years Ago We Told You to Blame the Bankers …

… for the biggest risks in your supply chain, as per our classic post where we told you don’t blame the lawyers, blame the bankers because they were ultimately responsible for three of the top four most likely risks to disrupt your supply chain.

(Even though the doctor can sympathize with William Shakespeare when he said the first thing we do, let’s kill all the lawyers, the lawyers are not responsible for the current state of the global economy, the bankers are. And while it’s true that the lawyers are not innocent, happily taking the bankers money to do things that disrupt entire economies, it is the bankers that were the ringleaders here.)

But do we still blame all the bankers? Well, yes, we blame them for the economic risks that continue to persist to this day. But we no longer blame them for the top three risks in our global supply chains.

That honour goes to … The United States of America. Yes, that’s right. The root cause of the three biggest risks in your supply chain is the United States of America. (And not China, although there is a massive risk there as well. And if we wait a few more years, they might get their turn on top.)

How can it be? How can the United States be the single cause of the three biggest risks in your supply chain?

To explain that, we’ll start by repeating them for those of you that have not read The Global Risks Report 2019, 14th Edition, from the World Economic Forum.

According to this report, produced in partnership with Marsh & McLennan Companies and Zurich Insurance Group, the three biggest risks are:

  1. Extreme Weather Events
  2. Failure of Climate Change Mitigation and Adaptation
  3. Natural Disasters

and, as should be obvious, these are all interconnected.

Many (if not the majority of) natural disasters are the result of extreme weather events, and many (if not the majority of) extreme weather events are, whether your choose to believe facts or not, the result of the failure of climate change mitigation and adaptation.

And why has climate change mitigation and adaptation failed? Because it hasn’t happened. And why hasn’t it happened? Because countries aren’t aggressively working toward it. And why is that not the case? Because only 175 parties, of 197, have ratified The Paris Agreement (the UN Convention on Climate Change) … and one party that initially accepted has withdrawn (and done so in a very public manner). Guess what that country is? You guessed it!

The United States of America has withdrawn from the Paris Agreement. If the country that is responsible for approximately 25% of global GDP refuses to support the most important initiative in the world (which still falls short of where we need to be to truly mitigate climate change, but would make a substantial impact on slowing climate change down), especially when it comes to preventing the three biggest risks in your supply chain, then that country is unilaterally responsible for those risks.

So next time a typhoon sinks the freighter carrying all your goods, don’t blame God, Poseidon, or Mother Earth. Blame the United States of America. Or, if you really want to, blame Trump. But don’t blame God or nature because, with the current rate of increase in the number of natural disasters annually, there will soon be a 90% chance that it the natural disaster is 100% the result of climate change brought on by the United States inaction to do anything about it.

Single Multi-Tier Risk Mitigation Strategies Don’t Mitigate Risk

Last year we penned a post on how single tier risk mitigation strategies don’t mitigate risk and that they may, in fact, increase risk. As we indicated in our previous post, the following standard single-tier risk mitigation strategies have the potential to increase risk:

    • Dual Sourcing
      without careful planning, both suppliers could use the same Tier 2 source
    • Alternate Design
      can simply reduce / eliminate the need for one rare raw material in favour of another material that ends up being more rare
  • Financial Risk Monitoring
    for shakey suppliers isn’t enough to catch production shortcuts that a supplier might be taking to cut costs that increase your risk when the product is used or sold
  • Replacement Product Lines
    can share parts and suppliers that actually increase risk from a disruption

We indicated that if you wanted to truly mitigate risk, you have to go multi-tier and work with your supplier to identify the most likely risks in their, and your, supply chain and how to mitigate them.

And this is a great start, but simply using the least risky supplier at each tier doesn’t help you if a random natural or man-made disaster takes out a supplier for a few months (or permanently). There needs to be a dual sourcing strategy, and a well planned one. Using two suppliers in the same region or that use the same raw material source is not dual sourcing. Alternate design that is specific to a small supply base that could be wiped out with a single disaster or single market event is not sound alternate design. Financial risk monitoring using third parties that don’t have deep insight into certain markets, regions, or mining operations is not enough — by the time an issue is detected, it could be too late. And of course, trading one product line with known risks for another with unknown risks is pretty much the opposite of risk mitigation.

That’s why you not only need multi-tier risk mitigation in a single supply chain, but multiple supply chains with multi-tier risk for any critical products or product lines. As per our recent post on how the risk disconnect is still big, Sourcing and Procurement need to place a much bigger focus on risk to ensure negotiated scenarios are actual scenarios to realize the savings and value the organization expects.