Category Archives: Risk Management

Regulatory Damnation 35: Health and Safety

Health and Safety, generally referred to as Occupational Safety and Health (OSH) or Workplace Health and Safety (WHS) in North America, refers to regulations and regulatory management concerned with the safety, health, and welfare of employees, be they full time, part time, contingent, day labourer, or unpaid intern. In an advanced organization, it’s a key component of CSR (Corporate Social Responsibility) as the health and welfare of any person doing any task for the organization is a key concern of any responsible organization.

So why is this a damnation? Is this not only the right thing to do but something you want to do as an injured or unwell employee is not productive? It’s a damnation because in some countries of the world, it’s becoming a regulatory nightmare. And not only is failure to comply with the regulations, some of which may go beyond common sense, a huge fine, but if someone gets injured and your organization failed to comply with the regulations, in some countries (and the United States in particular) that’s a million-plus lawsuit waiting to happen.

It’s a massive risk management activity that often adds very little value to the organization.

First, you need to either have your lawyer spend cycles researching all relevant OSH laws to your business at the municipal, state, and federal levels and make sure you are fully compliant, or shell out thousands upon thousands (upon thousands) of dollars to an expert OSH law firm that will provide you a list of all regulations you need to adhere to, minimum requirements, and example programs.

Then you need to identify all hazards of the

  • physical and mechanical variety
    and make sure all personnel have the appropriate safety gear and safety training and supervision if they are new to the task
  • biological and chemical variety
    and make sure all personnel have the appropriate safety gear, training, and supervision and make sure that the risk of exposure is minimized as much as it can be (and only qualified, certified personnel are allowed in the lab where the deadly virii are kept)
  • psychosocial variety
    and make sure all personnel are kept as far away from them as possible (which may mean keeping the CEO away from general assemblies, as he* is likely a psychopath)

Then you need to document your research, your policies, your training methods, your enforcement methods, and your regular review activities in case the OSHA (Occupational Safety and Health Administration) or its equivalent comes knocking at your door (as the result of complaints, injury, and/or lawsuits).

And if you’re in Procurement, not only do you have to worry about the safety and health of your employees (who might have to travel to dangerous regions for site visits of what could be danger-ridden factories), but of your supplier’s employees as well. If their practices aren’t up to par and a major disaster happens at one of their facilities, it’s your corporate brand that is going to take the hit when the dust settles and multiple worker’s rights group are quick to point out the failings in your supply chain.

It’s yet another time-sucking task that should be easy and obvious but isn’t thanks to mountains of legislation and suppliers who care more about money than people.

* Most CEOs are men. It’s probably because (considerably) more men than women have been diagnosed as psychopaths. (If most CEOs are psychopaths and most psychopaths are men, then we have a logical explanation for why most CEOs are men outside of sexism.)

Seventeen Hundred and Fifty Years Ago Today

What may have been the deadliest tsunami of all time devastated the city of Alexandria, Egypt. The tsunami, caused by the Crete earthquake (which was estimated to be an 8.0 on the Richter scale), killed over 5,000 people in the city and more than 45,000 outside the city. However, the damage from the tsunami (which was estimated to be more than 100 feet high) was not limited to Alexandria and affected the entire eastern and southern shores of the Mediterranean and also devastated a number of cities (in what is now Libya and Tunisia) and almost wiped out Greco-Roman civilization in North Africa. The death toll is estimated to be somewhere between 300,000 and 500,000!

And yet, way too many people are still surprised when massive tsunamis, such as last year’s Chile Tsunami, 2013’s Solomon’s Tsunami, or significant 2011 Japan Tsunami strike, devastate cities, and cause major disruptions to our supply chains.

These events have been recorded for over 2,441 years, ever since Thucydides described how the tsunami of 426 in the Malian Gulf affected the Peloponnesian War, and we know the exact date for major historical tsunamis all the way back to 79 AD (when the eruption of Mount Vesuvius, which buried Pompeii and Herculaneum)! Every time a major earthquake or volcanic eruption occurs along the coast, which is where most occur because that’s where most of the fault lines between tectonic plates are, they happen. And massive damage and disruption results. We should not be surprised and we should be prepared.

And even though SI usually restricts its history lessons for the weekend, this event was so significant, and so overlooked, it had to make an exception.

And while this has little relevance for Supply Management, a very historical event in American history happened 150 years ago today. At 6 pm in the town square of Springfield, Missouri, “Wild” Bill Hickok shot, and killed, Davis Tutt in what is, on record, the first “quick draw gunfight” that is commonly portrayed in western movies. (For this act he was arrested with murder, which was reduced to manslaughter before the trial, which resulted in his acquittal under the unwritten law of the “fair fight”.

Environmental Damnation 18: Natural Disasters

Natural Disasters are on the rise. As per a 2011 publication from THINK Executive, from the 1970s to the 1990s, the number of natural disasters occurring worldwide has tripled. It is predicted that both natural and man-made disasters will increase five times in the next fifty years. Ouch!

Why? First of all, we’re still polluting and major energy and raw material consumers, including the USA, China, and India still won’t sign the Kyoto Protocol. This means that continual extreme climate change (which is better terminology than global warming because that’s only one * of extreme climate change) which brings category 5 hurricanes, tsunamis, deadly heat waves, and blizzards with snowfalls worse than any in recorded history are going to continue to occur on a regular basis.

Secondly, while there have been a number of earthquakes above 8 in recent years, there have only been two really deadly earthquakes since the 1976 Tangshan earthquake – in particular, the Kashmir quake of 2005 and the Haiti quake of 2010. But the tectonic plates are in constant stress and while it can never be predicted when they will slip, they will slip and the quake will be devastating. And not only is it likely that hundreds of thousands or millions of people will be seriously injured, or killed, but the region it hits will be entirely devastated. An entire city can be destroyed over night. Every office, every plant, every warehouse, and every truck when the road they are on is swallowed up.

Thirdly, and following on the last point, a considerable portion of the worlds population lives on the ring of fire — the west coasts of North and South America, the east coasts of russia and China, and a considerable part of Australasia. About 12% of Canada’s post population lives in BC; about 16% of US population lives on the west coast; Chile, Peru, Columbia, and Venezuela are almost entirely coastal; Korea, Japan, Taiwan, Philippines, Vietnam, Cambodia, Thailand, Laos, Myanmar, Malaysia, Singapore, Indonesia, Papua New Guinea, Bangladesh, Sri Lanka, New Zealand, and habitable Australia are almost entirely coastal; and a considerable portion of India’s and China’s population are coastal. Not only is this area at high risk of quakes, but it’s at high risk of devastating volcanic eruptions as well. The 2010 eruptions of Eyjafjallajökull were nothing in comparison to the devastating eruptions that have happened in the past. While there are not that many disastrous eruptions on record, the Krakatoa eruption of 1883, which was heard up to 3,000 miles away, destroyed most of the island, unleashed tsunamis which killed more than 36,000 people, and spewed clouds of ash into the sky more than 6 miles high which lingered for months. And almost everyone knows the story of Pompeii which was buried by an eruption. While the most devastating eruptions are a lot less frequent than devastating earthquakes, occurring as infrequently as every 50,000 years as compared to every 50 years or so, even an eruption as powerful as Krakatoa could disrupt supply chains in the region for a year or two.

We could go on, but you get the point. Disaster you can’t prevent, and likely can’t even predict, is always in the shadows, waiting for the worst possible time (when everything else is going wrong) to strike.

A Few Reasons Why Your ERP is a Disaster Waiting to Happen

In our last post we said that If You Still Rely On ERP, You Could End Up in the Supply Chain Disaster Record Books, and we meant it. Over-reliance on outdated and antiquated ERP systems is just a disaster waiting to happen, and here are just a few reasons why in half a dozen supply chain areas.

Sourcing and Contract Management

A critical requirement of a multi-round RFX or multi-round negotiation is the ability to support multiple prices at different volume levels and price history. One of the biggest ERP systems on the market today still does not support this simple, basic, requirement. It’s crazy, but it’s true. And without the ability to store proper prices, volume breaks could be missed and millions could be lost.

Procurement

A critical part of Procurement is m-way matching between the invoice, purchase order, and goods receipt. And a critical part of procurement performance management is tracking each mismatch. How often does a supplier over-bill? How often does a supplier under-ship? This can only be tracked if there is a complete invoice history, but many so-called “modern” ERPs only allow for one version of an invoice. So when it is corrected, the history is lost. And a supplier’s true performance is never known. Performance that could cost you dearly if an under shipment results in a stock out that costs millions in revenue.

Logistics

A critical part of logistics is tracking not only order dates and received dates, but required ship-by dates, receive-by dates, and outbound ship-by dates to avoid missing customer requirements. Some ERPs can only track the date the PO was cut and the date the goods were received — that’s not enough. Another critical part of logistics is ensuring that each carrier has enough insurance to cover the replacement cost of the load, which requires tracking the cost of the load and the insurance coverage of the carrier. With respect to this, the best the average ERP system can do is allow you to look up the PO total and, if you are lucky, extract the last copy of an insurance certificate stored as a PDF in a blob or similar structure in the document store. No meta-data to tell you what’s in the certificate or if it’s even still valid — which could expose you to a huge liability.

Forecasting

Most ERP systems are still using 20 year old forecasting models, and look at what these models did for Cisco and Nike! Should you still be using them?

Compliance

Most of these systems were built before the introduction of acts like 10+2, REACH, SOX, and WEEE — acts which require you to track, report, and store certain data to maintain compliance with these acts. Compliance which is critical to avoid fines, penalties, seizures, [temporary] business closures, and even criminal charges. Compliance which is not maintained by ERP systems that aren’t set up to store all of the data required on an import/export form, track detailed BoM (Bill of Material) data to ensure acts like REACH and WEEE are not violated, and the detailed audit trails required to satisfy SOX.

Risk Analysis

While there are a plethora of risks that can not be predicted due to their nature (like natural disasters, geopolitical uprisings, etc.), there are a plethora of risks that can be predicted with high likelihood if they are monitored for. However, this monitoring depends on the availability of good data. For example, supplier failure can often be predicted if the organization monitors shipments, third party risk data, and market data. If shipments get progressively later, contain higher defect rates, and third party financial ratings for a supplier get weaker every month, that’s a sign of supplier distress and a potential bankruptcy, and it’s critical that the buyer assess the supplier’s health and monitor the situation. This will only be detected if the system tracks delivery dates and defect rates, third party data, and appropriate econometric models. However, all most ERPs track is good receipt dates and returns (but no meta data tying them to orders to calculate defect rates). No market data, no financial ratings, no modern econometric models. No way to detect imminent disaster.

And this is just a short list of ERP failings that could bring imminent disaster. To find out more about ERP’s shortcomings, if you still have not done so, (register for and) download the recent white-paper by b2bconnex on Why ERP is NOT Enough. The sooner you learn this, the sooner you can correct the situation and join the leaders with a modern supply chain.

3 Best Practices in Supply Risk Management That You Are Likely Overlooking

SI has written about risk management and best practices quite a lot in the past, and a lot has been written on the subject, but when it comes to a successful risk management program, there are a few key elements that cannot be overlooked or the success of the entire program can be compromised in an instant.

Three of these core elements are very nicely summarized in a recent piece by the maverick that he published on Spend Matters last month in Part 2 of “Supply Risk Management 2015: Best Practices”. And while the doctor has seen each of these issues addressed to various levels of competency separately, he’s never seen them addressed so succinctly in unison, and that’s why he’s pointing out this particular piece. With the exception of the 2×2 best practice, which is really not that critical if you frame and approach supply risk management correctly (but that’s a point for future discussion), the piece is superbly written.

This post will briefly discuss the three elements, but the doctor strongly encourages you to download the full piece and read it in its entirety. These lessons could just save your supply chain from a major disruption.

Supply Risk Management is an Embedded Process

Risk is continuous, not a point-based event that can be addressed with a one-off program at various points along the supply chain. Natural disasters cannot be predicted, strikes can happen with very little warning, and equipment can break down for any number of reasons. Monitoring must be continuous — and this only happens if risk monitoring, mitigation, and management is embedded into all supply chain processes. Not sure how to do this? The paper has some tips to get you started.

Risk Includes Variation and Volatility

Risk is not binary, not restricted to complex categories or supply chains, and not an-all-or-nothing event. An extra 1% defect rate presents a major risk if quality assurance and pre-delivery testing is not stepped up. Bad weather that destroyed 20% of expected crop yield is a major risk if the organization was counting on a full yield to meet demand. The products are still delivered and a crop is still harvested, but it’s a disruption all the same.

Risk Scoring Must Show Business Impact

One of the biggest mistakes that the average Procurement organization makes, if not the biggest, is evaluating the impact of a risk against purchasing, and not the business as a whole. A low dollar spend could be critical if the bus cannot roll off the lot without that Grade 8 bolt. An impact on an unmanaged category, not critical to Procurement, could be devastating to Marketing. And so on. The needs of the business must come before the needs of Procurement.

For more details on these best practices and tips to get you started, check out the maverick‘s second paper on “Supply Risk Management 2015: Best Practices”. It will be worth your while.