Category Archives: Risk Management

Environmental Damnation 18: Natural Disasters

Natural Disasters are on the rise. As per a 2011 publication from THINK Executive, from the 1970s to the 1990s, the number of natural disasters occurring worldwide has tripled. It is predicted that both natural and man-made disasters will increase five times in the next fifty years. Ouch!

Why? First of all, we’re still polluting and major energy and raw material consumers, including the USA, China, and India still won’t sign the Kyoto Protocol. This means that continual extreme climate change (which is better terminology than global warming because that’s only one * of extreme climate change) which brings category 5 hurricanes, tsunamis, deadly heat waves, and blizzards with snowfalls worse than any in recorded history are going to continue to occur on a regular basis.

Secondly, while there have been a number of earthquakes above 8 in recent years, there have only been two really deadly earthquakes since the 1976 Tangshan earthquake – in particular, the Kashmir quake of 2005 and the Haiti quake of 2010. But the tectonic plates are in constant stress and while it can never be predicted when they will slip, they will slip and the quake will be devastating. And not only is it likely that hundreds of thousands or millions of people will be seriously injured, or killed, but the region it hits will be entirely devastated. An entire city can be destroyed over night. Every office, every plant, every warehouse, and every truck when the road they are on is swallowed up.

Thirdly, and following on the last point, a considerable portion of the worlds population lives on the ring of fire — the west coasts of North and South America, the east coasts of russia and China, and a considerable part of Australasia. About 12% of Canada’s post population lives in BC; about 16% of US population lives on the west coast; Chile, Peru, Columbia, and Venezuela are almost entirely coastal; Korea, Japan, Taiwan, Philippines, Vietnam, Cambodia, Thailand, Laos, Myanmar, Malaysia, Singapore, Indonesia, Papua New Guinea, Bangladesh, Sri Lanka, New Zealand, and habitable Australia are almost entirely coastal; and a considerable portion of India’s and China’s population are coastal. Not only is this area at high risk of quakes, but it’s at high risk of devastating volcanic eruptions as well. The 2010 eruptions of Eyjafjallajökull were nothing in comparison to the devastating eruptions that have happened in the past. While there are not that many disastrous eruptions on record, the Krakatoa eruption of 1883, which was heard up to 3,000 miles away, destroyed most of the island, unleashed tsunamis which killed more than 36,000 people, and spewed clouds of ash into the sky more than 6 miles high which lingered for months. And almost everyone knows the story of Pompeii which was buried by an eruption. While the most devastating eruptions are a lot less frequent than devastating earthquakes, occurring as infrequently as every 50,000 years as compared to every 50 years or so, even an eruption as powerful as Krakatoa could disrupt supply chains in the region for a year or two.

We could go on, but you get the point. Disaster you can’t prevent, and likely can’t even predict, is always in the shadows, waiting for the worst possible time (when everything else is going wrong) to strike.

A Few Reasons Why Your ERP is a Disaster Waiting to Happen

In our last post we said that If You Still Rely On ERP, You Could End Up in the Supply Chain Disaster Record Books, and we meant it. Over-reliance on outdated and antiquated ERP systems is just a disaster waiting to happen, and here are just a few reasons why in half a dozen supply chain areas.

Sourcing and Contract Management

A critical requirement of a multi-round RFX or multi-round negotiation is the ability to support multiple prices at different volume levels and price history. One of the biggest ERP systems on the market today still does not support this simple, basic, requirement. It’s crazy, but it’s true. And without the ability to store proper prices, volume breaks could be missed and millions could be lost.

Procurement

A critical part of Procurement is m-way matching between the invoice, purchase order, and goods receipt. And a critical part of procurement performance management is tracking each mismatch. How often does a supplier over-bill? How often does a supplier under-ship? This can only be tracked if there is a complete invoice history, but many so-called “modern” ERPs only allow for one version of an invoice. So when it is corrected, the history is lost. And a supplier’s true performance is never known. Performance that could cost you dearly if an under shipment results in a stock out that costs millions in revenue.

Logistics

A critical part of logistics is tracking not only order dates and received dates, but required ship-by dates, receive-by dates, and outbound ship-by dates to avoid missing customer requirements. Some ERPs can only track the date the PO was cut and the date the goods were received — that’s not enough. Another critical part of logistics is ensuring that each carrier has enough insurance to cover the replacement cost of the load, which requires tracking the cost of the load and the insurance coverage of the carrier. With respect to this, the best the average ERP system can do is allow you to look up the PO total and, if you are lucky, extract the last copy of an insurance certificate stored as a PDF in a blob or similar structure in the document store. No meta-data to tell you what’s in the certificate or if it’s even still valid — which could expose you to a huge liability.

Forecasting

Most ERP systems are still using 20 year old forecasting models, and look at what these models did for Cisco and Nike! Should you still be using them?

Compliance

Most of these systems were built before the introduction of acts like 10+2, REACH, SOX, and WEEE — acts which require you to track, report, and store certain data to maintain compliance with these acts. Compliance which is critical to avoid fines, penalties, seizures, [temporary] business closures, and even criminal charges. Compliance which is not maintained by ERP systems that aren’t set up to store all of the data required on an import/export form, track detailed BoM (Bill of Material) data to ensure acts like REACH and WEEE are not violated, and the detailed audit trails required to satisfy SOX.

Risk Analysis

While there are a plethora of risks that can not be predicted due to their nature (like natural disasters, geopolitical uprisings, etc.), there are a plethora of risks that can be predicted with high likelihood if they are monitored for. However, this monitoring depends on the availability of good data. For example, supplier failure can often be predicted if the organization monitors shipments, third party risk data, and market data. If shipments get progressively later, contain higher defect rates, and third party financial ratings for a supplier get weaker every month, that’s a sign of supplier distress and a potential bankruptcy, and it’s critical that the buyer assess the supplier’s health and monitor the situation. This will only be detected if the system tracks delivery dates and defect rates, third party data, and appropriate econometric models. However, all most ERPs track is good receipt dates and returns (but no meta data tying them to orders to calculate defect rates). No market data, no financial ratings, no modern econometric models. No way to detect imminent disaster.

And this is just a short list of ERP failings that could bring imminent disaster. To find out more about ERP’s shortcomings, if you still have not done so, (register for and) download the recent white-paper by b2bconnex on Why ERP is NOT Enough. The sooner you learn this, the sooner you can correct the situation and join the leaders with a modern supply chain.

3 Best Practices in Supply Risk Management That You Are Likely Overlooking

SI has written about risk management and best practices quite a lot in the past, and a lot has been written on the subject, but when it comes to a successful risk management program, there are a few key elements that cannot be overlooked or the success of the entire program can be compromised in an instant.

Three of these core elements are very nicely summarized in a recent piece by the maverick that he published on Spend Matters last month in Part 2 of “Supply Risk Management 2015: Best Practices”. And while the doctor has seen each of these issues addressed to various levels of competency separately, he’s never seen them addressed so succinctly in unison, and that’s why he’s pointing out this particular piece. With the exception of the 2×2 best practice, which is really not that critical if you frame and approach supply risk management correctly (but that’s a point for future discussion), the piece is superbly written.

This post will briefly discuss the three elements, but the doctor strongly encourages you to download the full piece and read it in its entirety. These lessons could just save your supply chain from a major disruption.

Supply Risk Management is an Embedded Process

Risk is continuous, not a point-based event that can be addressed with a one-off program at various points along the supply chain. Natural disasters cannot be predicted, strikes can happen with very little warning, and equipment can break down for any number of reasons. Monitoring must be continuous — and this only happens if risk monitoring, mitigation, and management is embedded into all supply chain processes. Not sure how to do this? The paper has some tips to get you started.

Risk Includes Variation and Volatility

Risk is not binary, not restricted to complex categories or supply chains, and not an-all-or-nothing event. An extra 1% defect rate presents a major risk if quality assurance and pre-delivery testing is not stepped up. Bad weather that destroyed 20% of expected crop yield is a major risk if the organization was counting on a full yield to meet demand. The products are still delivered and a crop is still harvested, but it’s a disruption all the same.

Risk Scoring Must Show Business Impact

One of the biggest mistakes that the average Procurement organization makes, if not the biggest, is evaluating the impact of a risk against purchasing, and not the business as a whole. A low dollar spend could be critical if the bus cannot roll off the lot without that Grade 8 bolt. An impact on an unmanaged category, not critical to Procurement, could be devastating to Marketing. And so on. The needs of the business must come before the needs of Procurement.

For more details on these best practices and tips to get you started, check out the maverick‘s second paper on “Supply Risk Management 2015: Best Practices”. It will be worth your while.

Risk Management in Migration to Low-Cost Countries, Part I

Today’s guest post is from Diego De La Garza, Senior Project Manager at Source Once Management Services, LLC, and Source One’s expert on sourcing in Latin America.

A few decades back, corporations started to talk about migrating costs to low-cost countries. These discussions were driven by the inherent advantages that locations in East Asia, Eastern Europe, and Latin America presented. Today, this is no longer merely a strategic notion but a well-established commercial trend. Efficient migration to low-cost countries has become a necessary, competitive trait.

One of the primary reasons companies decided to migrate to low-cost countries in the first place was precisely to mitigate risk, whether by reducing cost or by decreasing the probability of supply chain or operational disruption. Eventually, this strategy became so popular that companies understood that without implementing structural changes to reduce their cost base, they could perish. Consequently, as the trend evolved into a global practice, it became clear that ignoring low-cost country sourcing within the corporate agenda was a risk itself. Today, the global sourcing paradigm is complex, and in many cases, world class organizations are now even moving out from well-known countries in Asia to “nearshore” locations in Latin America.

However, as ironic as it may be, low-cost country sourcing is so intricate that it carries significant risks if improperly managed. This preamble sets the tone to our main discussion, as risks factors, whether known or strange, will present themselves regardless of the low-cost country strategy.

Common sense dictates that risk mitigation must begin with proactive and diligent research on risk potential before setting a comprehensive strategy for the migration process. Surprisingly enough, many corporations overlook this first step because foreign market research can be both expensive and time consuming. Regardless of how arduous the efforts are, some risk factors will not be identified easily or early enough. Thorough research and preparedness will always prevail as the first risk mitigation strategy. That said, many risks of low-cost country sourcing today are well-known, and best practices will facilitate managing risk from the initial stages of the migration process.

Typically, low-cost countries are surrounded by some level of both reputation and myth. Getting to know the real landscape is paramount when migrating costs. The first premise that comes to mind is that low-cost is associated with low quality. Generally speaking, this is not true, especially when we understand the strong industries in the markets we pursue. The likelihood is that where there’s expertise and a well-established industry, quality will not be an issue. What we need to determine instead is whether the location in scope has the adequate environment to sustain and develop the industry in the long-term. Beyond generating an understanding on local suppliers, labor rates, and raw materials, corporations must consider multiple areas of risk and audit the local market itself.

This is particularly important because any company migrating a manufacturing process or even a service should determine if the local market itself would be receptive to it and support regional demand. This step would mitigate risk by reducing costs and opening new markets, making the location an efficient link within the supply chain and a source of revenue.

However, quality is just one concern that needs to be considered when outsourcing to a local market. In Part II, we will explore some of the other risks that need to be addressed.

Thanks, Diego.

Geo-Political Risk


Today’s guest post is from Nick Ford, Director of Customer Service & Delivery, EMEA, Xchanging (which also owns MM4 and Spikes Cavell and which has built up a fairly extensive S2P suite over the past couple of years).

The news is dominated by geopolitical events from around the world — the spread of Ebola, the conflict in Syria, the unrest in Ferguson, ISIS and just about anything that happens in North Korea. Most people will read a few articles, watch the evening news, form an opinion, feel mad, feel glad, feel nothing. Some people will take action. They will be driven to help where they can by donating their voice, their time or their money. Then there are the people who have to leave their emotions, their political affiliations and their prejudices at the door and when disaster strikes, they have to think about business.

As procurement spreads across more and more geographical boundaries, organisations are being exposed to more and more geopolitical risk. In order to ensure the safety of their company, CPOs and Procurement Directors must proactively consider the implications of these events on the running of their businesses. They need to take into account where they are doing business, where their suppliers are doing business and where their manufacturers are located. What is the volatility of that location? What is the political stability, the currency stability and the stability of the work force within that location? How does that affect your business? Some more progressive organisations are taking this further down the supply chain and looking at where their suppliers’ suppliers are doing business.

How–to Measure Geopolitical Risk

Historically, supplier risk has ignored location factors and has instead been focused almost entirely on financial performance. This made risk a very binary exercise but the deeper and broader you go into operational risk the less it becomes about numbers and absolute answers. To truly understand a supplier’s risk profile, you must undergo stress testing and what–if scenario planning. What if war broke out in a region in which you operate? What if, suddenly, a fire broke out in a supplier’s factory and destroyed everything? Where would you transfer that work to, and quickly? What impact would that have on your lead times or your payments? What impact would that have on your customer contracts? You could come up with any number of scenarios and run them through your supply chain operating model to see what impact they could potentially have on your delivery to your customers. Once you understand what impact these events could have, you can start to defend against them.

How Geopolitical Risk Has Changed

Due to technology and access to the internet, the world is becoming a much smaller place. World news is immediate. You’re able to monitor events and changes automatically. Organisations now have an abundance of information available to them. There’s always been political unrest and risk in certain regions but now there is a far better understanding as to what’s changing on a daily basis which allows CPOs to begin to proactively safeguard against them.

The Cost of Geopolitical Risk

Reducing geopolitical risk is about supply chain analysis, disaster recovery, your ability to move to a different supply chain supply environment and how quickly you can do that should a situation arise. The other aspect of geopolitical risk to consider is the cost. From a risk perspective, in the short-term, it costs more to work with a supplier out of China than it does to buy from someone down the road. In most companies, there’s not enough emphasis placed on the increased organisational risks that occur when working with some of these low-cost suppliers. The harm done to the business should something go wrong could be irreparable. The Ebola outbreak, for instance, could have a huge negative impact on Western organisations if they are no longer allowed to import from affected countries or if new trade restrictions, regulations, or possible quarantines are implemented. When selecting suppliers, procurement teams need to take a total cost of ownership approach.

The Cost of Managing Geopolitical Risk

A total cost of ownership approach looks beyond the direct price and takes into account all of the indirect costs of using a supplier, risk and risk management included. For example, based on your risk profiling, you may want to use a double supply scenario to cover areas where you think the geographical or political risks are high. Organisations currently importing from Ebola affected sub-Saharan African may take this approach. That of course, will add to the cost of the good or service. It’s the procurement team’s job then to convince the board that although it may cost a little more, at the end of the day, it lowers the risk profile of the organisation

Supplier risks haven’t changed in the past 10 years — as far as I know there’s always been risk of war, disease or disaster — but the increase of global supply chains have left companies more exposed. Thankfully, there has also been an increase of available information to help prepare and defend against these risks. Strategic CPOs and Procurement Directors know that the best offence is a strong defence and are thus making risk management and disaster recovery a priority — even if it costs a bit more. You get what you pay for.