Category Archives: Risk Management

Procurement Trend #28: Supply Chain Risk

Twenty-five trends are left
Together they are quite heft
Depriving us of deft
So let’s make another cleft
… and shred them one-by-one!

We won’t give up. We won’t surrender. We will plow through to the end. We shall expose the half-truths and the lies. We shall tackle the issue head-on and with growing confidence and clarity, we shall spread the truth, whatever the toll may be.

The goal is that, at the end of this thirty part series, you will not only understand why so many historians are still talking about the false trends we debunked in our Future of Procurement series, what you need to do to prevent staying in the past with your organizational “peers”, but what you need to do to not only stay in the present but start marching towards the future, which is coming faster than you think.

So why do so many historians keep pegging this as a future trend? There are a number of reasons, but among the top three today are:

  • Natural & man-made disasters are on the rise and will increase five-fold in next 50 years
    In Combating Supply Chain Disruptions: Lessons Learned from Japan by The Logistics Institute (Asia Pacific) published in THINK Executive, Nov 2011, the authors state that is predicted that both natural and man-made disasters will increase five times in the next 50 years! (page 18)
  • Specialization means lengthening supply chains
    as more and more companies focus on components or pieces of a solution and not the whole product or solution
  • Trade and security agreements mean more trade and economic risk
    as these agreements multiply faster than Fibonacci’s rabbits around the world

So what does this mean?

Natural Disasters are on the rise

Even more supply chain interruptions are on their way, and if your organization designed its supply chain around the ring of fire*, expect to get burned! Many organizations have not yet realized that they need to move manufacturing and storage away from the hot zones to the greatest extent possible, that they need to make sure that their facilities have multiple access routes (as one road is easily blocked by a huge sinkhole, earthquake, landslide, etc.), and that they need to have backup facilities in other locations and plans to quickly bring those backup locations online in an emergency. If the organization designed its supply chain around JIT (Just In Time), it needs to make sure that it has enough buffer stock of critical inventory to account for the expected time delay between production and shipment from a primary location and production and shipment from a secondary backup location if the switch needs to be made.

Specialization

The longer the supply chain, the longer it takes for material and product to flow though the chain to the end consumer. The organization needs to focus on collaboration and technology to make sure the chain flows smoothly. (The longer the chain, the greater the chance the order will NOT be perfect.) All parties will need to work together closely and disclose issues as they arrive so all parties can provide options for resolution. Data will have to flow quickly as well, and hence the need for new technology platforms and networks.

Trade and Security Agreements

Your organization needs to keep a watchful eye on trade agreements being negotiated and on the lobby groups pushing for those agreements, since many negotiations are now, despite being led by free countries, going on behind closed doors. If something is going to drastically change the terms of trade, your organization needs to know what the potential impacts will be and have a plan in place to deal with them. If your organization doesn’t, chances are it will miss opportunities to increase market share in the best case and be locked out of the market entirely in the worst. Sad, but true.

* Not Johnny Cash’s Ring of Fire, which burned brightest with Dilana.

Risk Management and Suppliers: How Banks can Comply with the OCC’s Guidelines on Third-Party Relationships

Today’s guest post is from Rebecca Lorden, Business Development and Marketing Manager of Source One Management Services, LLC.

In October of 2013, the Office of the Comptroller of the Currency released specific guidelines to banks and federal savings associations that outline how their companies should assess and manage risks associated with third-party relationships. The OCC’s reason behind these guidelines was mainly due to the fact that “the quality of risk management over third-party relationships may not be keeping pace with the level of risk and complexity of these relationships“. (OCC Bulletin 2013-29, October 2013).

It is true that third-parties pose a threat if their own security protocols are not up to par with that of a major financial institution. In fact, in March of 2013, Bank of America became quite aware of this when they announced that a hack into TEKsystems, a third-party security firm they contracted, was the reason their internal emails were released to the public. These emails were no ordinary messages, but documented proof that Bank of America was monitoring hacktivist groups. Furthermore, the hacking group, known as Anonymous, later revealed that data was not retrieved from a traditional, time intensive and difficult hack, but “stored on a misconfigured server and basically open for grabs“. (“Bank Of America Says Data Breach Occurred At Third Party”, Computer World, February 2013). The scandal was not only damaging to Bank of America’s reputation, but also an obvious indication that banks needed to manage supplier risk more effectively.

The OCC’s guidelines outline eight key phases that should be considered when developing risk management processes. These phases include planning, third-party selection, contract negotiations, monitoring, termination, accountability, reporting and reviews. As clear as that might be, banks are still struggling on how to properly implement controls around these factors. That is where supplier relationship management can play a significant role.

Supplier relationship management, otherwise known as SRM, is the actual practice of strategic planning and managing all interactions with third-parties to maximize their value. Many think of SRM as a way to reduce spend. SRM processes can reduce quality issues and delays with suppliers that, in turn, can translate into cost savings. More importantly, however, SRM can function as a main component in reducing a bank’s risk with suppliers. Supply chain experts feel as though SRM offers a “solid framework” that can provide companies with a “formal risk and control process to follow“. (Building The Case For Supplier Relationship Management, May 2014).

For those that already have an SRM program in place, or believe SRM is just a sales tactic for supply chain consultants, now may be the time to reevaluate. First, suppliers can be neglected over the course of their contract. Even if the relationship started off on a good foot, the value from a supplier can diminish pretty quickly, especially if the supplier or the bank is faced with turnover or a redirection in initiatives. SRM dictates a process that continually communicates and supports the relationship, helping build supplier engagement no matter what changes are on the horizon. Secondly, for those non-believers, consider this: if managing suppliers is now a major priority set by the OCC, what better way to adhere to these guidelines than to build a solid foundation on which to base all third-party relationships on?

It certainly seems that these OCC guidelines are a daunting task for banks to tackle. Managing supplier risks and enforcing compliance is not something that can be done overnight. Banks, however, have a secure solution in supplier relationship management. SRM can be the catalyst to successful third-party relationship management, ensuring that the risks are minimized to the best of a bank’s ability.

Thanks, Rebecca.

Could You Be Doing It Right? Part II: Risk Monitoring

In last Friday’s post, we asked if you were doing it wrong. In particular, we mentioned category management, supply chain risk monitoring, and big data, and asked if you were doing them wrong. We noted that even though a number of companies have jumped on these runaway bandwagons, most have yet to grasp the reigns and take control of the wagon and get it on the right track.

Why is that?

Fundamentally, it’s the same reason that there are no world class Procurement Organizations in Asia Pacific — the classic Triple-T problem.

  • Talent
    the organizations don’t have the right talent to properly manage the initiative
  • Technology
    the organizations don’t have the right platforms to capture the right data and support the right processes
  • Transition Management
    the organizations don’t have the right processes in place to handle the necessary organizational shift to properly manage the initiative

Once the talent, technology, and transition management is in place, the organization has what it needs to fully embrace the initiative and take it to the next level. And do it right.

Where should your Supply Management Organization start? By identifying the core capabilities that are required in each “T” category and finding the right talent, technology, and transition management for the initiative, the organization will be well on its way.

In the rest of this post, we’re going to talk about the requirements for an organization to get on the right supply chain risk monitoring track.

Talent for Supply Chain Risk Monitoring

Good risk managers need the following hard and soft skills:

  • Analysis
    On what services, products, components, and raw materials is the organization (most) dependent and which of these are sole-sourced and/or in scarce supply.
  • Mapping and Modelling
    What does the multi-tier supply chain look like and how can it be represented in software?
  • Mitigation Planning
    If a certain raw material, component, product, or service becomes temporarily, or even permanently, unavailable, what other options can be put into action?
  • Insight
    The greatest risk is always where you least expect it. You will need someone with great insight to not only determine what types of risk you may face, but how your organization can most effectively monitor for them.
  • Sportsmanship
    You will need a great team player to bring it all together.
  • Crisis Management
    When the proverbial sh!t hits the fan, and the organization goes into panic, you need a strong, level-headed crisis manager to get them back on track quickly, and without loss.

Technology for Supply Chain Risk Monitoring

Appropriate technology platforms for risk monitoring will have at least the following features:

  • Supply Chain Mapping
    the platform should map your supply chain multiple tiers down to the source raw materials for any raw materials you are dependent on
  • Event Monitoring
    the platform should identify any natural or man-made disasters that can disrupt your supply chain
  • Mitigation Planning
    the platform should allow the risk manager to put together plans of action should any required part or raw material become unavailable
  • Response Management
    the platform should allow the incident management team to manage the response to a disaster when it occurs
  • Mobile Interface
    as people need to be able to access the platform from anywhere, wherever they are, as the disaster could take out your primary offices

Transition to Supply Chain Risk Monitoring

In order to transition to a proper supply chain risk monitoring framework, the organization needs to hire someone with good change management skills and give that person the tools and C-suite support he or she needs to get it done. That person also needs to be a natural born leader and someone who can work with teams to get it done.

This isn’t a complete (laundry) list of what is required for proper supply chain risk monitoring, but it’s a good starting point. Get the right talent, technology, and transition management in place, and your organization will be well on its way to risk management success.

Procurement — Why We Matter Even More!

Last week, we re-ran a post by David Furth, former VP of Marketing at Hiperos and current President of Leap the Pond, on Procurement – Why We Really Matter. In this post, David explained that Procurement is on the verge of its next major transformation where it will continuously assess risk and introduce integrated processes and controls across the company to mitigate the risk by working closely with other functional areas, business lines, and geographies. In addition, Procurement will implement management control programs that actively monitor both performance and compliance to help ensure suppliers are meeting all their obligations.

David was, and is, right. Now that everything is outsourced, resourced, and optimized to razor-thin JIT models, risk management — and continuous monitoring — is key. But that is just the beginning.

It’s not just risk monitoring, but compliance monitoring and performance monitoring. (Safety) regulations (like RoHS, WEEE, and REACH) are coming into effect fast and furious around the globe, as are bans on toxic substances, materials and products that can be used to create dangerous weapons, and conflict minerals and diamonds. As a result, compliance monitoring is becoming more and more important.

But so is performance monitoring. You can’t ignore the importance of quality, reliability, and safety as it is your reputation — and bank account — on the line. If the products you deliver continually break under warranty, even if you have a policy that you can return for replacement, you’re still losing the profit, the customer’s trust, and the costs associated with processing the return. If the products hurt someone — you’re getting sued, not your supplier. And if the products don’t perform up to spec, even if they don’t break, the customer ain’t coming back.

And even though savings aren’t everything, because it all comes down to ROI — value delivered by your organization. However, if your organization is to remain competitive, it still has to keep costs in check and at least keep costs in line with your competition. Often the only way to do this is to identify when you need to help your suppliers decrease their costs and increase their productivity, and this requires constant performance monitoring.

And who else in the organization can properly monitor risk, compliance, and supplier performance? Not manufacturing. Not logistics. And definitely not finance. That’s why Procurement Matters — Now More Than Ever.

1950 Years Ago Today

The Great Fire of Rome, which burned for 6 days, broke out in the merchant district and caused widespread devastation. It was an early example of how a natural disaster could bring a supply chain to its knees (as it wiped up most of the goods in Rome, which were then stored in shops).

The moral of the story is clear — Natural and Man-Made Disasters have always been with us and always will.