Category Archives: Risk Management

2025 Is Just Another Year … But Is It All Doom and Gloom? Part 5 (Risk Reduction)

It’s just another year, unless you look beyond the hype, identify true talent, give them real solutions, and then truly tackle the threats … with strategies for success.

Supplier (Plant) Shut Down

In reality, typically only three things shut down a supplier:

  • Bankruptcy
  • Disasters
  • Governments

With respect to each of these:

  • you can typically predict bankruptcy from financial monitoring, which is easily available for public companies, semi-available for private companies that survive off of international trade (just monitor the public trade data), and highly correlated with a noticeable decrease in quality or performance (which can be predicted off of your data)
  • you can’t predict disasters, but based on geo-location, you can predict type and likelihood, and subscribe to news-based event monitoring services to identify when one happens that likely impacts your supplier (and then verify) so you know the minute a disruption occurs, and not three months later when the order doesn’t materialize
  • governments will generally only shut down a company if it is a fraudulent enterprise or when they are taking something over that was private; your category expert consultant can let you know whether or not the country the supplier/plant is in has a history of forced public acquisition or is eyeing restrictions on the industry (and otherwise, the risk is pretty much non-existent)

Supplier Becomes Unreachable

This usually happens as a result of three things:

  • sanctions
  • border closings
  • customs / port shutdowns due to strikes

With respect to each of these:

  • sanctions are typically politically driven and hard to predict, but a sanction list monitoring service can inform you within 24 hours if a supplier or connected party has been sanctioned
  • border closings usually result from trade wars or real wars, and news monitoring can indicate potential that can be monitored, and once the threat gets too high, you can proactively identify new / switch suppliers
  • customs / port contracts with unions in terms of validity dates are typically public knowledge, and you can monitor when they end, and whether there is any news that negotiations have started once you get close (say 3 months) to expiry … as well as monitor statements put out by both sides during negotiations that could indicate a strike (vote) (and look at the history to see how often a strike [vote] results in a strike, how long it usually lasts, etc.)

Supplier Loses Access to Raw Materials

With respect to a supplier losing supply, they have the same risks you do with respect to supply lines, plus two more major ones and one more minor one:

  • sanctions, border closings, and strikes
  • mine collapse / crop destruction from a natural disaster
  • government reclamations or limitations on natural resource extractions
  • mine / well runs dry!

With respect to each of these risks, if you map your supplier’s critical supply chain:

  • you can monitor sanction lists for sub-tier suppliers and news sources for events that would lead to border closings and strikes as you do for your suppliers
  • you can monitor news sources for events that indicate a natural disaster that would threaten or destroy raw material supply
  • you can research past history and monitor news sources for indications a government might restrict access to or reclaim natural resources from the private supplier in your supply chain
  • you can contact environmental experts to determine when a given source a sub-tier supplier depends on might run out!

Logistic Route Cut-Off

This is pretty straightforward to enumerate. In addition to port closures above, you have:

  • major carrier strikes and failures (as only public postal services can run deficits ad infinitum)
  • natural disasters that take down major roads, bridges, and ports
  • intermediate border closings on current routes

And the way you handle each of these is to:

  • monitor the financial scores from the financial monitoring services and the union contract expiry dates to know when you need to look for negotiations and negotiation status to try and predict if you will need to lock in new carrier contracts before competitor quotes go through the proverbial roof in response to your carrier striking
  • monitor news sources for natural disaster events along your major supply routes
  • monitor geopolitical situations across countries on your routes

Procurement risk management doesn’t have to be hard to not only be good enough, but considerably better than your peers. Dwell on that.

2025 Is Just Another Year … But Is It All Doom and Gloom? Part 4 (Risk Redux)

It’s just another year, unless you look beyond the hype, identify true talent, give them real solutions, and then truly tackle the threats.

Risk Management IS Easy

And so is getting started with risk management as long as you approach it correctly! The key is not to try and identify every conceivable risk that might impact your business (there are literally too many to enumerate now and trying will drive you mad — but if you really want to try, we suggest starting with the 101 Damnations that SI chronicled for you back in 2015), but to identify what impacts would seriously hurt your business and work backwards to risks from there.

For example, if your primary revenue stream is products, what are your major product lines where a disruption would significantly hurt (and possibly even end) your business? Analyze the Bills of Material and identify what are the key components that can’t be easily sourced from a different vendor because they are proprietary and/or need a specialized manufacturing process. It doesn’t matter how much you spend on them or with the supplier, it matters how hard it would be to replace the component if it suddenly became unavailable.

Once you identify those critical components, look at

  • the supplier,
  • where the supplier is located,
  • what critical material inputs the supplier needs to make the component, and
  • how it gets the component to you.

The critical risks, that you have to monitor for, mitigate, and manage if they arise are precisely those risks that would

  • shut down the supplier
  • cut the supplier off from you
  • cut the raw material supply to the supplier
  • cut off the logistics routes you depend on

That’s it. Yes, there are more risks. Yes, they could occur. Yes, they could have a big impact on your brand and your business. But chances are that as long as you keep getting product in, selling that product, and moving it out, i.e. as long as you have assurance of supply, everything else will eventually blow over or be forgotten. Even if there is a temporary disruption in profit, it will return and the business will continue. Sensationalist media can’t keep people’s attention if it tries to sell them the same story everyday, so unless your product actually kills people, you don’t really need to worry about brand damage (unless it’s due to a lack of quality control, but you should already be ensuring that on every contract signature and critical shipment). (Plus, preventing brand damage for something out of your control is PR’s job anyway!)

If you analyze these four risks, and cross-correlate with the World Economic Forum’s Global Risk Report, you’ll see that most of the time there’s not that many risks with a reasonably significant chance of occurrence that you really need to worry about. (Except Pandemics! There’s going to be more of those as the world still isn’t ready for them and wont’ make the investment to get ready for them.)

Focus on identifying the risks around supplier and supply, and you’ll be leagues ahead of your peers.

Myth-busting 2025 2015 Procurement Predictions and Trends! Part 7

Introduction

In our first instalment, we noted that the ambitious started pumping out 2025 prediction and trend articles in late November / early December, wanting to be ahead of the pack, even though there is rarely much value in these articles. First of all, and we say this with 25 years of experience in this space, the more they proclaim things will change … Secondly, the predictions all revolve around the same topics we’ve been talking about for almost two decades. In fact, if you dug up a Procurement predictions article for 2015, there’s a good chance 9 of the top 10 topic areas would be the same. (And see the links in our first article for two “future” series with about 3 dozen trends that are more or less as relevant now as they were then.)

In our last instalment, we continued our review of the 10 core predictions (and variants) that came out of our initial review of 71 “predictions” and “trends” across the first eight articles we found, in an effort to demonstrate that most of these aren’t ground-shattering, new, or, if they actually are, not going to happen because the more they proclaim things will change …

In this instalment, we’re again continuing to work our way up the list from the bottom to the top and continuing with “Risk & Compliance”.

Risk and Compliance

There were 10 predictions across the eight articles which basically revolved around “risk management strategies” with some sideline focus on the need for “resilience”, “cybersecurity”, and “compliance”. As with almost every “prediction” and “trend” in this series, this is yet another prediction that makes headlines every year, no more important this year than the last, and no more likely to get any more attention until a major event happens that significantly disrupts the organization, a disruption that could have been prevented with better risk management systems and processes. Before we discuss further, as is our custom, we will list the ten predictions.

  • Blockchain
  • Cybersecurity and Data Privacy
  • Cybersecurity in Procurement
  • Compliance
  • Enhanced Risk Management Strategies
  • Expansion of Risk Management Strategies
  • Geopolitical Instability Shapes Risk Management
  • Resilient Supply Chains
  • Risk Management and Resilience will continue to be a Priority
  • Risk Management

Risk has been increasing year over year for over two decades. It should be front and center in every organization, especially given the facts that very few organizations that have been around for any length of time haven’t been impact to some degree by a disruption event and the chance of an organization of any size not experiencing a disruption in the next year is close to zero. And it does make the top of the charts in the board room, but, unfortunately, it’s still not making the top of the charts in the priorities when it comes to new solution acquisition and new process introduction. In most organizations, it’s just being pushed down to the tactical personnel who execute daily tasks. Personnel who may not have enough of a big picture understanding to manage risk properly in their decisions.

However, given the need for resilience in the age of constant supply chain uncertainty and disruption (due to epidemics and pandemics; border closings and sanctions; strikes and port shutdowns; reduced cargo capacity from perfectly good transport ships being junked during COVID, Houthis in the Red Sea, and Panamanian droughts, trade wars, reduced/cut-off rare-earth/raw material supply etc.), risk should be even more prominent and more actively addressed. Leading organizations will double down on resilience and supply assurance strategy and survive the disruptions relatively unscathed, and those who don’t double down on resilience and supply assurance won’t. It’s that simple.

Given that almost 3/4 organizations were hit with a cyberattack in 2023, which was an all time high and which was only projected to increase in 2024, cybersecurity concerns should also be at an all time high, but given that most organizations relegate that to IT, we know it’s not going to get much better in Procurement. It needs to, considering how much organizational finance flows through Procurement, but it won’t change much.

Finally, organizations know they need to comply with regulation, so compliance is always at the edge of the Procurement mindset, but beyond minimal requirements, it never gets much attention, regardless of how much a few analyst firms or vendors try to push it.

What Should Happen? (But Won’t!)

Organizations need to prioritize the acquisition of a Risk360 solution, or the closest thing it can find, implement it, and monitor it regularly to make sure they detect risks that can impact their supply chain or operation as soon as such a risk occurs. Not after the supply has been cut, not after the organization has been locked out of all their organizational systems, not after key customers have failed and orders evaporated, not after signing a contract with a sanctioned party, and so on. Today, every decision made has to be made risk aware. And without a centralized risk management system, that will not happen.

Six down, four to go!

Resilience is About to Take on a Whole New Meaning!

In Procurement and Supply Chain, resilience (which is defined as the capacity to withstand or recover quickly from toughness) typically refers to supply resilience and the ability to adapt when a supply line gets cut off (due to a supplier bankruptcy or plant shutdown; port strike; logistics delay or loss; etc.). That’s because it used to be the biggest threats to a business’ operation was a supply disruption. Now, it’s only one threat among many that can devastate a modern business. Today’s enterprises have to deal with, among other emerging threats:

  • Natural Disasters: which can now occur close to home even if they never did before (and thanks to global warming they will soon be 10X what they were five decades ago!)
  • Rapid Cost Increases: as a result of tariffs, sanctions, embargoes, and trade wars (as per our article last week on why cost reduction ain’t happenin’, for example)
  • Cyber Attacks: which can hold part or all of their business ransom, unless they have a complete back up less than 24 hours old and are willing to take take their entire business offline, restore and build manually, and keep the business offline until the holes that were exploited by the hackers are identified and plugged
  • Business Operating System Failure: today’s enterprises run on SaaS solutions, and in today’s economic environment, some of these vendors could fail with very little notice and all of a sudden you’re unable to efficiently execute parts of your business until you find a replacement system (and if you didn’t ensure your contract contained the right to download all of your data and configuration settings at any time, and test that you could the minute the system was fully installed and populated with your data, and you can’t do so before the system goes offline, you could be in serious jeopardy — complete data access is way more important than code escrow, especially if you have no clue how to maintain and operate the system, so make sure it is in every contract you sign (and if it’s not, don’t sign)!)
  • Lack of Talent: many reasons for this:
    • Layoffs/Early Retirement: When times got tough, you happily let the boomers walk out the door, enticed Gen-X to do early retirement, and laid off the senior Gen Y talent — most of the top talent is now gone and the rest, that should have been retained, never got proper training or experience
    • Gen-AI: you fell for the bullcr@p that it would allow you to reduce your workforce and solve all your problems and not only did you not bring needed talent in, but you let more walk out the door
    • Tough Competition: smart companies are realizing that while the right tech in the right hands applied to the right problem can make employees super human, without the right talent with the right Human Intelligence (HI!), the AI tools are useless and are seeking out the talent that remains who can use tech with more audacity and resolve than ever before; and if your top talent isn’t well paid and happy, you could lose them without warning (FYI: you will if you mandate unnecessary office returns — remember, it’s about productivity, not being at a certain place at a certain time)

In other words, possible business ending events are going to arise and engulf all areas of the business and a business that can’t quickly identify, assess, mitigate, and monitor will not be a business that survives.

Resilience is going to take on a whole new meaning, so make sure your Procurement and Supply Chain departments are up to the task! You might have thought the worst was behind you now that the COVID-19 Pandemic is over, but that was just the trial run!

Are 45% of Enterprise Leaders Asleep at the Wheel?

According to a short recent article over on Supply Chain Brain on Next-Gen Supply Chains: The Transformative Role of Supply Chain Leaders in Today’s Business which quoted a GEP and Economist Study on “Next-Gen Supply Chains: The Transformative Role of Supply-Chain Leaders in Today’s Business”, 55% of enterprises anticipate a major supply chain disruption to strike at any time.

Are 45% of enterprise leaders asleep at the wheel? The chance of a disruption has been getting worse by the day for at least the last decade (if not the last two)! In 2014, Reslinc tracked almost 300 major global supply chain disruptions across natural disasters, factory explosions, labor disputes, power outages, chemical spills and geopolitical upheavals that impacted the supply chains of multiple global companies. That’s almost one major disruption a day, every day!

In 2013, at least 8 out of 10 companies had experienced a major supply chain disruption in the last two years (Supply Chain XChange). By 2014, one year later, 3 in 4 supply chain professionals admitted they experienced a chronic supply chain disruption. (APICS) Since then, natural disasters (fires, hurricanes, tsunamis, etc.) have increased year over year. Geopolitical conflicts, including wars, are on the rise. So are droughts, and now we have the double shipping whammy of the reduced capacity of the Panama canal part of the year and the ongoing Red Sea Crisis. We also have sanctions with unintended consequences, power shifting to the BRICs, world class pandemics, and a country Big X Consultancies made us 100% dependent on willing to shut down entire cities at a moment notice on an impossible zero-tolerance policy. We’re literally at the point where every company has an almost 100% chance of experiencing a considerable disruption in the next 12 months.

So I ask again, are 45% of enterprise executives asleep at the wheel?