Category Archives: Risk Management

Supplier Risk: The Tip of the Iceberg


Today’s guest post is from Nick Ford, Director of Customer Service & Delivery, EMEA, Xchanging (which also owns MM4 and Spikes Cavell and which has built up a fairly extensive S2P suite over the past couple of years).

Titanic, the ship not the film, has more in common with your business than you probably realise. Both are massive entities, run by people with years of experience, moving full steam ahead, in a sea of risk, assuming that they’ll be able to see and manoeuvre around any danger that presents itself. The problem, with both your business and Titanic, is the unseen danger — the risks below the surface. Titanic, as we all know, was taken down by an iceberg — sliced open along the hull by the ice beneath the surface of the ocean. If your business isn’t careful, the same thing could happen. I’m talking about supplier risk.

Supplier risk is an iceberg. The tip of the iceberg, that visible 10%, is the financial risk. A supplier’s financial performance is well documented and publicly available. It’s easy to understand their financial position, to monitor their reports and turnover and make an assessment on their viability. Traditionally, this has been the primary way organisations have measured supplier risk but it’s not the whole picture. Underneath the surface lies an absolute plethora of ‘other’ risks that need to be monitored and measured — just like an iceberg — and, just like and iceberg they have the potential to sink your business.

There are three main categories of supplier risk: financial, supply chain and corporate social responsibility — and then there are multiple tiers within each of those categories, across multiple dimensions. It’s those multiple levels, as you move further and further down the supply chain, where the bulk of risk sits. When you consider executive changes, geographical risks, political risks, disaster planning, and stress testing, to name just a few factors, you begin to see supplier risk as an enormous subject.

What some of the more progressive organisations are doing now, is looking at the next 4 or 5 levels of supplier risk. They’re doing this via a structured process in order to understand what their true supplier risk profiles are and to be able to measure and monitor them on a quarterly basis. Procurement should be about managing risk proactively rather than just protecting the suppliers and services that come into your organisation.

Currently, however, most organisations aren’t doing a sufficient amount of supplier risk management, they’re just doing the basics. What’s happening in procurement departments is they are doing what is appropriate to the risk appetite of the organisation. If there’s a very strong appetite within the organisation to manage operational risk, then you’ll tend to find that risk is also higher up the agenda for the CPO or Procurement Director. It’s very high on the agenda in financial services and the oil and gas industry for example, less so in retail and manufacturing. Supplier risk management is reactive at the moment, but I think that will change over the next 5-10 years. It has to.

Along with increased appetite for risk, I think there will be a lot more investment in technology in this area over the next 5-10 years. There’s been a lot of investment in the area of supplier relationship management over the past few years. Going forward, I can see those tools extending dramatically into the risk area. There will be a proliferation of supply risk management tools that come onto the market which bring together the more basic areas of risk, like financial performance and revenue, with all of these other, deeper areas of risk, creating a dashboard that allows you to see your complete risk position — the whole iceberg — at any point in time. Currently, outside of the oil and gas sector, there isn’t really a demand for this type of tool but as risk moves up the procurement agenda, CPOs will reach a point where they’ll need this level of in-depth supplier visibility.

You can find very good data now on the financial risk of suppliers. Executive changes, stock holding changes and financial performance, are all public knowledge and very binary — you either have it or you don’t. The tip of the iceberg is pretty much under control for most procurement departments. When you move below the surface and begin to look at the more strategic and proactive areas of supplier risk, that’s where organisations are currently leaving themselves open to damage. Effective risk management requires creativity. It means stress-testing your supply chain, assessing your suppliers’ suppliers, executing scenario and what-if planning. Unfortunately, it will probably take a few disasters to truly move risk higher up the corporate agenda — it took the sinking of the Titanic to make supplying enough lifeboats for everyone on board law — but if procurement wants to be seen as a strategic function, they’ll need to start addressing the rest of the iceberg.

The Dirty Dozen (A 101 Damnations Preamble)

No, we are not referring to the 1967 Robert Aldrich war film based on E.M. Nathanson’s 1965 novel about 12 prisoners who are recruited for an attack on a chateau on the night before the D-Day invasion of June 6, but instead the 12 types of damnations that plague you and your Procurement organization on a daily basis.

As we indicated in yesterday’s post, there are dozens upon dozens of challenges being thrown at us on a daily basis. And whether or not they are hurled at us with malicious intent is irrelevant — they still cause us nothing but grief and agony and divert our attention away from strategic planning, (should-cost) modelling, and supply assurance.

In fact, as our upcoming series will unveil, there are (at least) 101 damnations that we have to contend with on a daily basis. And that’s too many to address without some sort of framework. That’s why we have the dirty dozen — the 12 factions of risk, stress, and, in some cases, even malice that attempt to thwart us at every turn and hasten our decline from the order we create with our awards and partnerships into the chaos that, in the end, brings about the downfall of every organization.
Need we remind you that three of the most profitable companies ever, adjusted for inflation, were the Dutch East India Company, the South Sea Company, and the Mississippi Company (which were worth approximately 7.4 Trillion, 4 Trillion, and 6 Trillion in 2012 dollars) are now defunct? Like the Microsoft, Apple, and Exxon-Mobil’s of today, they were worth more than many countries, but corruption, uncontrolled speculation, and the bursting of a real-estate bubble brought each of these companies to ruin.

In the series that follows we will address each of the primary damnations in each of these categories. However, before we begin, will define each of these categories so that you may get a glimpse of the terror within.

  • Economic
    Everything the economy can throw at you from fiscal crisis to currency shocks to employment swings and the shocks they bring to your supply chain.
  • Infrastructural
    Planes, Trains, and Automobiles; the tracks and roads they travel on; and the services (water, energy, waste, etc.) infrastructure we all rely on.
  • Environmental
    Resource shortages, waste and pollution, and the fury of mother earth.
  • Geopolitical
    Governmental spats, global treaties and embargoes, and political unrest.
  • Regulatory
    Taxes, trade requirements, material bans, and labeling requirements.
  • Societal
    Crime, piracy, fraud, corruption, education, talent, worker’s right, unionization and the whims of the masses.
  • Technological
    Production technology, cyberspace, 3-D printing, robotics, IP & patents, and quantum leaps.
  • Influential
    Analysts, pundits, consortiums, and conferences. Where does the pied piper lead the rats?
  • Organizational
    Engineering, Marketing, Sales, Legal, and every other department (that might be out to get you).

  • Authoritative
    Shareholders, the Board, and your activist investors.
  • Providers
    Suppliers, carriers, BPOs/GPOs, and everyone else who can pull the supply chain rug from under your feet.
  • Consumers
    Governments, corporations, end consumers and the dollars you depend on.

Integration Point: A Global Content Provider

When we last covered Integration Point (in 2008 and 2010), we discussed their solutions for customs, security, and product classification; for free / secure trade zones and for regulatory compliance.

We talked about how their SaaS solutions helped companies with product classification under HS codes, advance notification (as required by 10+2), denied party screening (through integration with the US denied party lists), free trade / special economic zones (and identification of associated agreements), and the creation of necessary documents as well as the creation of surveys to determine if the supply base was compliant.

It was a good all-around solution, but it wasn’t a one-stop shop. While the import and export management solutions were extensive, the supply chain compliance solutions were limited; free trade was primarily ECCN, entry visibility, and country of origin; there was no automatic HS or country of origin classification; and content was primarily limited to HS/HTS codes, common import documentation, custom compliance documentation, and FTA summaries.

However, recognizing that their entire solution was dependent on good content, Integration Point, which now has twenty (20) offices across six (6) continents (and which promises an Antartica office as soon as the penguins start trading), started working on a Content Repository ten years ago and over the last decade has grown that content repository into a Global Content Repository with relevant trade data for over 185 countries. This include HS Codes, Tariff Schedules, Import/Export documentation requirements, rulings, free trade agreements, free trade and special economic zones, customs compliance programs, denied parties, sanctions and embargoes, and relevant trade acts, such as Lacey. The repository, which is maintained by a team of over 200 people globally, contains millions of base documents and millions of codings and mappings and is updated daily.

Daily updates is a critical part of a trade content repository. While some countries only update their tariff schedules a few times a year, others update their schedules monthly, and some update their schedules weekly (or more as Brazil once updated its schedules 80 times in one year). In addition, as trade relations improve or break down between countries, new trade restrictions / sanctions / embargoes are created almost overnight, denied parties get added to the list daily, and new regulations and rulings also come out on a daily basis. Correct classification, coding, and documentation is the difference between trouble-free trade and having your shipment held up for days, weeks, or months. And not shipping a restricted product to a denied party is the difference between smooth sailing and being federally investigated and fined millions of dollars. In both cases, your logistics and trade managers can only insure properly documented, legal, trade if they are on the ball with up-to-date data.

Since Integration Point has a global team, Integration Point, which sells access to its content repository as well as its trade management solutions on a subscription basis, is able to keep its repository current, which is no mean feat considering there have been over 2M updates to HS classifications alone on a global basis so far this year and over 1M updates to the import / export document database were required to capture regulation updates, trade agreement updates, form updates, and new rulings.

Integration Point now has one of the best and most complete Global Content Solutions out there and should be included in your list of content solution providers as you endeavour to get your compliance under control because Content is a Cornerstone of Compliance.

Plus, based on this content, Integration Point is now able to offer innovative solutions around country of origin determination, product classification, tariff analysis, and supply chain costing. We will cover these in future posts in early 2015.

Procurement Trend #15. System Integration with Partners

A dozen anti-trends from those wild and crazy guys still remain, and as much as we’d like to find some entertainment value in what they have to offer, we must agree with LOLCat who is bored with our continuing anti-trend coverage and, like the foxes the wild and crazy guys like to chase, instead flee from the obnoxious diatribe they thrust upon us.

So why do so many historians keep pegging system integration with partners as a future trend? I honestly can’t fathom this as Big Blue has been pushing integration projects for decades, but maybe it is because they’ve been living in the corporate cave (as Procurement is still relegated to the basement in many organizations) and:

  • e-Procurement benefits like invoice Automation require some system integration

    because invoices come from suppliers and often have to get into AP systems on the way through the e-Procurement system

  • supply chain visibility is critical for risk mitigation

    because you cannot take action to protect against a disruption if you do not know that a disruptive event occurred

  • strategic planning is improved with good data

    because even though you can make great strategic plans without data, it’s just a theoretical exercise if the plan depends on postulated conditions that do not actually exist in the real world

So what does this mean?

System integration

Not only do you need to brush up on your IT skills, but you have to brush up on your IT project management skills too. System integration projects have been responsible for some of the worst supply chain disasters in history. Don’t believe me? Review Supply Chain Digest’s top supply chain disasters and notice that 9 of the 11 top failures were as a result of technology, and all but one of these technology failures was at least partly, if not entirely, IT technology!

Supply Chain Visibility

You need to implement a multi-tier supply chain visibility. Knowing your supplier’s status is not good enough, you need to know your supplier’s supplier status and sometimes even the status of the supplier of your supplier’s supplier — especially if raw materials acquisition is the weakest link in the chain. Leave no stone unturned that could be covering a ticking time-bomb.

Good Data

When we say good data, we mean good data. Not just data because not all data is good. If it has a lot of holes, is inaccurate, or is too old, it’s bad data, and all analysis on bad data leads to is bad information that results in bad decisions. But good data can lead to good information and then good decisions, and, in an appropriate model, it can lead to actionable intelligence that can power great decisions.

Procurement Trend #16. Stronger Supplier Relationships

Thirteen anti-trends from those crazy eighties (or earlier) still remain, and as much as we’d like to provide some entertainment that hasn’t been rebooted and re-rebooted to LOLCat who is bored with our continuing anti-trend coverage, we must continue to play Sam Sheepdog and make sure that no Ralph E. Wolfe in sheep’s clothing goes undetected or unrewarded for his effort.

So why do so many historians keep pegging stronger supplier relationships as a future trend? Besides the fact that they are likely still struggling to pronounce col-lab-o-ra-tion (which is a undoubtably a new word for them), it is probably because even the Businessman knows that:

  • delivery dates can make or break a product release and a company

    as a late launch can allow your competition to launch first and secure a substantial amount of marketshare that your company may never get back

  • knowledge work needs to be done with knowledge

    and you can’t fake it by throwing more warm bodies at it

  • supplier failures can often be prevented, but only with foresight

    once a supplier’s doors have been closed, it’s too late to reconsider that 180 day net-terms policy

So what does this mean?

Delivery Dates

Product Lifecycle Management (PLM) is key. In order to make sure everything stays on schedule, Supply Management has to monitor, or manage as the case may be, the design, the supplier selection, prototype production, full production, transportation, and the delivery schedule. Any delay anywhere in the process that goes uncaught and uncorrected in a timely fashion will result in a missed delivery date.

Knowledge Work

As per our many previous posts, including our posts on inter-departmental collaboration, more stakeholder collaboration, and talent, we’re in a knowledge economy and supply management is knowledge work. Implement a good Knowledge Lifecycle Management solution, get training, collect knowledge from your employees, partners, suppliers, and customers and put it to use.

Supplier Failure

Suppliers typically fail for financial reasons, and this is often something that can be foreseen. You can follow the financial risk ratings, or you can just pay close attention to what is happening. There are always cues when a supplier is in trouble. Multiple contacts disappear overnight. Late deliveries. Poor quality. And so on. Often it’s just a cash-flow problem that is easily fixed by simply paying the supplier a little earlier (which, for many companies, translates into simply paying the supplier on time) so it can cover its operating costs. When you consider that the supplier has to buy the raw materials, produce the goods, ship the goods, wait for you to get them, and then wait for the clock to start ticking on the invoice when you can often sell the goods as soon as you get them, it’s completely understandable that they can be struggling to make payroll when they have to float operations for six months or more when you, if you are selling a hot electronics item or piece of apparel, can get paid in six days or less.