Category Archives: Risk Management

Playing With Fire: Hidden Risks Lurking in Your Supply Chain

Modern supply chains are fraught with risk that can result in volatility and increased operational costs, large and sometimes devastating losses, and long term damage to the corporate reputation. These risks can be organized into four major categories, but non-compliance risks alone, the first category, should be more than enough to scare you.

Of the four major categories of risk, the costs of non-compliance risk is often the easiest to quantify, and the corresponding price tag of regulatory violations alone can be enough to halt a supply chain in its tracks as the bank account is bled dry.

Corresponding costs can range from the $3.0M, $3.19M, and $4.95M fines from the recent settlements by Washakie Renewable Energy, ExxonMobil, and Noble Energy for violations of the energy policy, clean water, and clean air acts, respectively through the 13.2M settlement by Lumber Liquidators for violating the Lacey Act to the $81.6M in fines that Wal-Mart had to pay in 2013 for the mishandling of products that became damaged or were returned and became hazardous waste, of which $60M was a result of violations to the Clean Water Act and $14M was a result of Federal Insecticide, Fungicide and Rodenticide (FIFRA) violations.

But environmental acts aren’t the only acts that can result in large fines. There are also worker’s rights acts, where even simple filing errors can cost over 1M, as Abercrombie & Fitch found out when they were fined $1,047,110 for numerous technology-related deficiencies in the company’s electronic I-9 system.

And while most violations of worker’s rights law or filing requirements are rather small, the violations could increase now that anti human-trafficking and modern slavery laws are popping up that can hold your organization responsible for any violation of these laws anywhere in your supply chain, even if the infraction is caused by the supplier to the supplier of your supplier.

But these fines will still likely dwarf the fines being levied by the US Department of Justice for violations of the FCPA – Foreign Corrupt Practices Act. In 2014, the average fine for a violation was $156.6 Million, and this included a $772 Million penalty to Alstom, the second largest penalty in history.

But this is just one set of risks with an associated cost that can bleed the bank account dry and effectively cripple a global supply chain. If you would like to know what the others are, watch for Sourcing Innovation’s latest paper on Playing With Fire — 4 Hidden Risks Lurking in Your Supply Chain (coming soon), sponsored by Ecovadis.

Do You Have Your 2016 Supply Risk Management Game Plan?

Here at SI, the doctor certainly hopes so because you are going to get hit with at least one disruption this year, and chances are it is going to be fairly significant. (I.E. one that will result in, at least, a 3-month stock-out if not promptly mitigated, and not a 3-day stock out that, unless you are Apple launching an iPhone, won’t affect sales noticeably.)

As regular readers know, risk is still increasing, and the odds of your organization not getting hit with at least one significant disruption over the next 12 months is, at best, 1 in 10. You have better odds of winning a prize in a Lotto 6/49 draw (in Ontario, Canada where you win a Free Ticket and effectively get your investment matched on the next draw when your ticket matches 2 of 6 numbers) than of not experiencing a significant supply chain disruption over the next twelve months. Ouch!

But you’re overworked, underpaid, and not trained in risk management and probably don’t have a game plan yet. So what can you do?

Well, you can start by checking out the doctor‘s and the maverick‘s recent four part series on “Your Supply Risk Management 2016 Game Plan” over on Spend Matters Plus (membership required) which dives deep into how you can best define manage your supply risk programs. This series:

  • defines the types of supply disruption, product cost volatility, regulatory compliance, and reputation risk you need to plan for
  • explains why you have to think global and implement local to develop an effective strategy
  • gives you strategies to identify primary risks, mitigations, indicators, and monitors
  • helps you understand how you can align risk and reward to get support
  • helps you understand how to get more C-level visibility
  • and presents a scoring methodology that demonstrates business impact, which is critical to getting C-Level support

All four parts were up as of last month, and all four are a must read for anyone who needs to get a grip on supply risk and how to handle it. Don’t wait until it bites you in your backside three days after a critical order was supposed to arrive (but didn’t because the tier 1 supplier decided not to tell you when the tier 2 supplier didn’t supply the raw material needed for production, which is no longer available because a mine collapse reduced the available, limited, global supply by 10%). The bite a supply disruption can take out of your business is much worse than a boghog will take out of your backside. So SI strongly recommends you check out the following now:

  • Part   I: Supply Risk Definitions
  • Part  II: Developing Strategy
  • Part III: Risk and Reward
  • Part  IV: Measurement and Management

Societal Damnation 42: Pandemics

A pandemic, as defined by Wikipedia, is an epidemic of infectious disease that has spread through human populations across a large region. When people think of pandemics, they traditionally think of the big nine historical pandemics of cholera, influenza, typhus, smallpox, measles, tuberculosis, leprosy, malaria, and yellow fever, which have, at one time or another, wiped out thousands, hundreds of thousands, and sometimes even millions of people.

However, many of the diseases that cause pandemics are still alive and well, and new ones are cropping up all the time. Cholera, easily spread by contaminated water, is caused by bacteria, and still causes 100,000 deaths a year world wide. Influenza is constantly mutating and new strains of bird flu and swine flu which, without proper treatment and prevention, could easily cause millions of deaths are alive and well. And while typhus (typhoid fever) has mostly been eradicated, cases are still being reported in poorer African and South American countries and the bacteria still exists.

As far as we know the smallpox virus has been eliminated in the wild, with no reported cases in 38 years, but never say never, as typhus, which should also have been eradicated by now, is still cropping up. There are still almost 500,000 reported cases of measles a year, even though immunization against measles is easy. Tuberculosis is caused by bacteria and infects about 1% of the global population each year, with 9 Million new cases in 2013 and almost 1.5M deaths.

Leprosy still affects almost 200,000 people globally a year. Malaria, caused by parasitic protozoans transmitted by malicious mosquitos, is still rampant with over 200 Million infections a year, which resulted in 660,000 deaths in 2010. Yellow fever is another infection, caused by a virus, transmitted by murderous mosquito, that infects about 200,000 people a year and annually kills 30,000. And while these pandemics are primarily restricted to the equatorial climates, as temperatures warm and climate changes, those pesky mosquitos could start to migrate northwards.

But this isn’t the only list of highly contagious infectious diseases we have to watch out for. In addition to the ongoing HIV/AIDS pandemic, now we have SARS (Severe Acute Respiratory Syndrome), a viral disease that cannot be cured or prevented that has an average fatality rate of 10% and that spreads easily by close person-to-person contact though respiratory droplets and which could spread like the great fire of 1666 through a dense metropolis. We also have the five strains of the Ebola virus, which spreads easily through contact with bodily fluids (including respiratory droplets or sweat) or infected bats or primates, and Ebola has an average mortality rate of 50%. We have the Marburg virus that causes Marburg Hemorrhagic fever which is a rare, but severe, fever caused by a filovirus (like Ebola) that has a mortality rate of up to 80%. We have hantavirus pulmonary syndrome with a 36% mortality rate in the US that is spread by contact with exposure to droppings of infected mice. (Which means an uncontrolled mice population could bring a new black death that, with unprecedented levels of population density, puts the first round to shame. Remember, just because mice commissioned the earth, that doesn’t mean they won’t kill us all when they are done with their little experiment.)

We could go on, but you get the picture. Not all countries have centres for disease control as advanced as the CDC or the ability to rapidly contain epidemics which could, in today’s hyper-connected and ultra-densely populated world, easily transform into global pandemics overnight. Hollywood might worry about us all contracting a hyper-infectious disease that turns us into zombies, but the reality is that the next plague will probably skip that step and make corpses of us all instead.

So why is SI being so grim? Because, despite the focus of most sites that focus in on the physical, financial, and information supply chains, the reality is that supply chains still run on people. People (control the machines that) make the goods. People control the money (even if it is just the people in banks sometimes). And people input the data that our information systems run on. Without people, supply chains will come to a halt from both an inbound (with no one to supply) and an outbound (with no one left alive to buy) perspective. Not only must we be ever vigilant in keeping our employees safe, but we must be even more vigilant in keeping them well. We need them alive.

And for those dreamers among you, you can forget about replacing your workers with robots or computer algorithms. Remember that we have been promised replacement robot workers since Elektro was debuted at the 1939 New York World’s Fair, but engineers still have not delivered. Not just because we have no true AI (and that’s a good thing*), but because we are still unable to construct systems as flexible and adaptable as the organic systems created by nature.

* what use would intelligent robots have for ugly sacs of water besides to harvest our bioelectric energy?**

** bonus points if you get the two references contained within

Regulatory Damnation 35: Health and Safety

Health and Safety, generally referred to as Occupational Safety and Health (OSH) or Workplace Health and Safety (WHS) in North America, refers to regulations and regulatory management concerned with the safety, health, and welfare of employees, be they full time, part time, contingent, day labourer, or unpaid intern. In an advanced organization, it’s a key component of CSR (Corporate Social Responsibility) as the health and welfare of any person doing any task for the organization is a key concern of any responsible organization.

So why is this a damnation? Is this not only the right thing to do but something you want to do as an injured or unwell employee is not productive? It’s a damnation because in some countries of the world, it’s becoming a regulatory nightmare. And not only is failure to comply with the regulations, some of which may go beyond common sense, a huge fine, but if someone gets injured and your organization failed to comply with the regulations, in some countries (and the United States in particular) that’s a million-plus lawsuit waiting to happen.

It’s a massive risk management activity that often adds very little value to the organization.

First, you need to either have your lawyer spend cycles researching all relevant OSH laws to your business at the municipal, state, and federal levels and make sure you are fully compliant, or shell out thousands upon thousands (upon thousands) of dollars to an expert OSH law firm that will provide you a list of all regulations you need to adhere to, minimum requirements, and example programs.

Then you need to identify all hazards of the

  • physical and mechanical variety
    and make sure all personnel have the appropriate safety gear and safety training and supervision if they are new to the task
  • biological and chemical variety
    and make sure all personnel have the appropriate safety gear, training, and supervision and make sure that the risk of exposure is minimized as much as it can be (and only qualified, certified personnel are allowed in the lab where the deadly virii are kept)
  • psychosocial variety
    and make sure all personnel are kept as far away from them as possible (which may mean keeping the CEO away from general assemblies, as he* is likely a psychopath)

Then you need to document your research, your policies, your training methods, your enforcement methods, and your regular review activities in case the OSHA (Occupational Safety and Health Administration) or its equivalent comes knocking at your door (as the result of complaints, injury, and/or lawsuits).

And if you’re in Procurement, not only do you have to worry about the safety and health of your employees (who might have to travel to dangerous regions for site visits of what could be danger-ridden factories), but of your supplier’s employees as well. If their practices aren’t up to par and a major disaster happens at one of their facilities, it’s your corporate brand that is going to take the hit when the dust settles and multiple worker’s rights group are quick to point out the failings in your supply chain.

It’s yet another time-sucking task that should be easy and obvious but isn’t thanks to mountains of legislation and suppliers who care more about money than people.

* Most CEOs are men. It’s probably because (considerably) more men than women have been diagnosed as psychopaths. (If most CEOs are psychopaths and most psychopaths are men, then we have a logical explanation for why most CEOs are men outside of sexism.)

Seventeen Hundred and Fifty Years Ago Today

What may have been the deadliest tsunami of all time devastated the city of Alexandria, Egypt. The tsunami, caused by the Crete earthquake (which was estimated to be an 8.0 on the Richter scale), killed over 5,000 people in the city and more than 45,000 outside the city. However, the damage from the tsunami (which was estimated to be more than 100 feet high) was not limited to Alexandria and affected the entire eastern and southern shores of the Mediterranean and also devastated a number of cities (in what is now Libya and Tunisia) and almost wiped out Greco-Roman civilization in North Africa. The death toll is estimated to be somewhere between 300,000 and 500,000!

And yet, way too many people are still surprised when massive tsunamis, such as last year’s Chile Tsunami, 2013’s Solomon’s Tsunami, or significant 2011 Japan Tsunami strike, devastate cities, and cause major disruptions to our supply chains.

These events have been recorded for over 2,441 years, ever since Thucydides described how the tsunami of 426 in the Malian Gulf affected the Peloponnesian War, and we know the exact date for major historical tsunamis all the way back to 79 AD (when the eruption of Mount Vesuvius, which buried Pompeii and Herculaneum)! Every time a major earthquake or volcanic eruption occurs along the coast, which is where most occur because that’s where most of the fault lines between tectonic plates are, they happen. And massive damage and disruption results. We should not be surprised and we should be prepared.

And even though SI usually restricts its history lessons for the weekend, this event was so significant, and so overlooked, it had to make an exception.

And while this has little relevance for Supply Management, a very historical event in American history happened 150 years ago today. At 6 pm in the town square of Springfield, Missouri, “Wild” Bill Hickok shot, and killed, Davis Tutt in what is, on record, the first “quick draw gunfight” that is commonly portrayed in western movies. (For this act he was arrested with murder, which was reduced to manslaughter before the trial, which resulted in his acquittal under the unwritten law of the “fair fight”.