Category Archives: Risk Management

Do You Know What’s At Risk? Resilinc Does!

Resilinc, a new player in Supply Management, has a unique approach to identifying and evaluating risk in your supply chain. Eschewing the transaction-and-finance focussed approach of other players in the risk management space, and building on the lessons learned from SIM (Supplier Information Management) vendors, Resilinc has built a unique approach to identifying and quantifying the relative risks in your supply chain.

Started by a Risk Management practitioner in the high-tech and electronics supply chain, who has a Masters in Engineering in Logistics (from the Massachusetts Institute of Technology), Resilinc not only builds on the lessons learned from SIM, but on the lessons learned from real risk management practitioners and specifically focusses on the electronics and high-tech, medical device, and automotive supply chain – realizing that, when it comes to risk, not all supply chains are created equal.

So what is Resilinc? It’s an affordable DSS (Decision Support System) for larger mid-size and large multi-nationals that need to

  1. identify the most significant risks in their supply chain,
  2. keep tabs on what facilities may be impacted by a significant external event, and
  3. be immediately informed when an event could cause a disruption that requires immediate action.

The solution, delivered using the SaaS (Software-as-a-Service) model, does this by tracking all of the relevant information on each supplier and facility in your organization’s multi-tier supply chain. Whereas a typical SIM solution (that powers a typical financial risk analysis product) will track each supplier, their official information, their insurance certifications, their corporate addresses, etc., Resilinc’s solution tracks each individual manufacturing facility, the products produced at those facilities, the inputs required, the lead times required, and the time taken to get the plant up and running again as a result of a serious disruption (such as a natural disaster, border blockade, strike, etc.). Based on this information, integrated financial and location risk metrics imported from other systems (for which you have a license for), and the relative revenue impact of each product on your total organization revenue, Resilinc is then able to

  1. provide an overall risk score, delivered in terms of the revenue impact of a disruption, for each location and product,
  2. give you the ability to determine the impact of an external event in a given location with respect to supplier locations and sourced products, and
  3. determine which locations and products are likely to be impacted by a significant event anywhere in the world, as soon as it happens (and e-mail you a notice that the event — which may be an earthquake, war, or labour strike — is potentially impacting one or more locations in your supply chain).

Risk Managers can use this to determine which locations and products have the biggest risks, which facilities will be impacted the most as a result of a supply disruption in an area, and which product (line)s are at risk as the result of an event that just happened. And then they can take action.

Resilinc is a powerful tool for the high-tech, medical device, and automotive supply chain, which, until now, were probably too reliant on financial metrics, which are not the only risks one needs to be concerned about in a multi-tier supply chain.

While We’re All Remembering September 11

Let’s not forget September 16. While the scope of the tragedy was much less severe, the Wall Street Bombing of 1920, which took place 82 years ago today, is an indication of what can happen at home if social unrest gets too high. It was the deadliest act of terrorism on U.S. soil up until the day it occurred.

Given the anti Wall-Street resentment, the state of unemployment, and the dire straits America could find itself in if the Federal Reserve does not keep it on track, this, unfortunately, is an event that could conceivably reoccur. In our haste to not forget, let us not forget.

Understanding & Completing the C-TPAT 5-Step Risk Assessment Process

Today’s guest post is from Karen Lobdell, Director of Global Solutions at Integration Point.

The US C-TPAT program continues to evolve since its inception in late 2001. As a requirement of the program, members must complete an international supply chain security risk assessment and are expected to have a documented process for determining and addressing security risks throughout their international supply chain to meet minimum criteria.

This risk assessment is not only required as part of the application process, but it should also be incorporated into the member’s Annual Security Profile Review. To assist program members with this process, CBP developed the “5-Step Risk Assessment Process”. Is your company wondering how best to implement this process? Are you concerned that implementing the process will be administratively burdensome?

The 5-Step Risk Assessment Process is comprised of the following steps:

  • Mapping Cargo and Business Partners
  • Conducting a Threat Assessment
  • Conducting a Security Vulnerability Assessment
  • Preparing an Action Plan to Address Vulnerabilities
  • Documenting How the Security Risk Assessment is Conducted

While this exact format is not mandatory, a risk assessment process must be in place and incorporate these components, but how you do this is flexible. Let’s break this down into a more manageable process.

Mapping cargo and business partners can seem like an impossible task for companies that have a vast number of suppliers. So before mapping hundreds of trade lanes, take a look at those areas of highest threat and map those to drill down deeper within the supply chain and identify further areas of risk.

When conducting a risk assessment, values used for scoring are up to the individual company. The point is to go through the exercise and identify where the threats are and how severe the risk is. After this is done, you can move to the next step of conducting a security vulnerability assessment.

This step was designed to assist in identifying gaps or weaknesses in the supply chain that deviate from the standards. Vulnerability assessments should be done on business partners as well as internal departments, and are typically conducted via a questionnaire or survey. Although the minimum standards will be based on the C-TPAT criteria for this particular example, assessment could go above and beyond the program criteria and the standards would vary if conducting a risk assessment on an area other than C-TPAT/security. Many companies still perform this step manually with the use of Excel spreadsheets and email. This can be very administratively burdensome –especially for large corporations that may be working with thousands of suppliers/partners. This is one area where automation can be a huge time-saver, as well as improve accuracy.

A solid vulnerability assessment will identify those gaps/weaknesses that need to be addressed — but that is only one step. A successful risk management program includes implementation of an action plan to close those gaps, or at a minimum, mitigate the exposure that exists. Combining this information with threat scores and potential consequences can help prioritize actions that need to be taken.

The final step is documenting how you are conducting risk assessments. CBP’s mantra has always been — show us, don’t tell us.

CBP has stated that the focus will continue to be on segmenting high risk vs. low risk. This is more effective than the prospect of 100% scanning. Not only does CBP prefer to deal with safety and security from a risk standpoint, they expect the trade to do so as well. In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss (or impact) and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order.

For more on the 5-step risk assessment process, best practices and how it can be used for other trusted trader programs, check out the on-demand webcast presented by Integration Point. You can access the on-demand version via webex.

Thanks, Karen!

The (Board) Gamer’s Guide to Supply Management Part VI: Zombie Dice, Tsuro, and Get Bit!

I’m enraptured to continue this one-of-a-kind summer series that will help you whether you are just interested in finding out about this new and exciting career opportunity, or ready to take your Supply Management career to the next level. Not only is it significantly more fun than counting grains of sand for an hourglass, but when you can grasp a lot of the basic concepts by playing the right mix of strategic (and sometimes tactical) board games with your friends, it’s three blasts squared.

I know we still have to tackle the economic games, like Puerto Rico and Dominion, but we’re gong to continue to make use of the fact that, thanks to the unequaled generosity of Wil Wheaton (@wilw) and Geek & Sundry, we have yet another marvelous TableTop episode where Wil introduces us to yet another great game — or, in this case, three great games. Until the tap runs dry, we are going to collect every precious drop of water that Wil is directing our way.

Wil gives us a very succinct introduction to each of the three games covered in TableTop Episode 3, starting with

Zombie Dice

is a press-your-luck dice game. We are all zombies trying to fill our undead bellies with delicious, delicious brains. On every turn, we will draw three dice from the cup. Each die represents a human survivor or, as we call them, lunch. We roll the dice. We then keep all of the brains and all of the shots to the face. Now we have a choice to make. We can stop, and score the brains, or we can press our luck. There’s one special die. It’s this guy, he’s the runner. If we choose to roll again, we have to include him in the three dice total because we haven’t caught him yet. You keep rolling until you are shot in the face three times or you choose to stop and score all of the brains in front of you. The first player to score thirteen or more brains wins.

Zombie Dice is a great game because it helps you understand the Wall Street mentality which, inevitably, leads to financial market meltdowns when left unchecked — just like the subprime mortgage crisis, the dot-com bubble, the speculative currency crises in Asia, Mexico, and Europe in the 1990s, the savings and loans crisis, the oil crisis, the crash of 1929, the shanghai rubber stock market crisis, the rail road panic of 1893, the gurney crisis, the danish state bankruptcy, the south sea bubble and the mississippi bubble, and the tulip mania. While financial market meltdowns are not a new phenomenon, thanks to the internet and the interconnectedness of the global financial markets, they are occurring more and more and will continue to do so as long as the unlimited risk mentality of Wall Street goes unchecked.

It’s critical that you understand this mentality, and the risks associated with it, because the more you try to limit your risk by playing the currency markets, the hedge funds, or even asset-based investments (like gold), the more types of risk you are actually opening yourself up to. If you don’t know what you’re doing, you’ll end up rolling red die after red die, which triples your chance of getting shot in the face.

In addition, what makes Zombie Dice truly great is that it also teaches us about the unpredictability of risk. You never know when you are going to get shot in the face with a supply disruption due to a natural disaster, a civil disturbance, or a quickly enacted political trade barrier, or how much damage it’s going to do. Supply Management is full of risk, and every time you place an overseas order, you could be rolling the dice.

Tsuro

is a path finding, tile laying game. We are flying dragons. On every turn, we will play a tile on the board. Every dragon touching that tile has to follow the path it makes to completion. … If you fly off the board, you are eliminated. If you crash into another dragon, you are eliminated.

This is a cool game because it forces you to think strategically, which is important in markets where demand exceeds supply and you have to outmaneuver your competition to insure that you always get what you need, and keep your organization on the board. It teaches you that you not only need to think about what you need, but if you are in a market where demand exceeds supply, what your competition needs so that you can lock up supply first.

Get Bit

is a bluffing game, designed by my friend Dave Chalker. We are all robots out for a leisurely swim in shark-infested waters. Each turn, to figure out which one of us is swimming the fastest, we will play a card from our hand, numbered one through five. The fastest number goes to the front of the line, and the slowest number will go to the back of the line. The robot who is closer to the shark gets bit. We each have four limbs. So if you are bitten four times, you become Anchor Bot 9000 and spend the rest of your days on the bottom of the sea.

This is a good companion game to Tsuro because, like Tsuro, it forces you to think strategically, but has the added advantage that it demonstrates what happens if your competition mirrors your movements — you both stand still while the other competitors in the market swim past you. You not only have to outmaneuver your competition in this space, you have to prevent them from blocking you.

It used to be that Doctors made Life and Death Decisions. Now Supply Managers do too!

This recent CSR briefing over on the CPO Agenda on when good procurement can be a life and death factor is great food for thought as it points that not Supply Management is more then just sourcing and procuring, it’s also also sustaining and securing — in more ways than one!

Focussing on how the early 2000s saw several incidents where hospital patients inadvertently received excess doses of their drugs that resulted in fatalities, the article pointed out how a poor selection of IMDs (Interactive Medical Devices) that didn’t do anything to prevent common human errors was the reason that a premature baby died after receiving 10 times the required dose of diamorphine and a person lost their life after receiving a dose 24 times too high after a daily dose was miscalculated as hourly when it would have been trivial to code in a dosage check that asked a nurse or doctor are you sure before administering a dose outside of the range. After all, it’s easy to mistype a decimal point and then 13.5 ml becomes 135 ml, or click the hourly instead of daily button if you’re in a rush (and what health-care professional isn’t overworked these days)?

Now, you could say that the real problem was lack of training, as better training could have minimized the possibility of human error, but in each case sourcing was involved. In each case, a wide range of IMD devices were in service in each of the hospitals. And in each case, each time a procurement exercise took place, a different machine was chosen as the most cost effective. The factor that should have been last on the list was placed first and people died. Remembering that Supply Management’s ultimate goal is value (creation), not cost (reduction), and in this case, the value was procuring the best IMD for the hospital, not the cheapest one today, where the best IMD was one that was easy to use, programmed with easy range checks, reliable, fault tolerant, long lasting, and safe and reasonably priced with respect to these requirements. Considering the inherent value in human life (and the cost of the lawsuit or settlement that the hospital is going to have to pay as a result of a preventable death), if that means spending 20% more, so be it.

If instead of sourcing IMDs as one-off sourcing events when a need arose, Supply Management put security and sustainability first and foremost and redefined IMF sourcing as a multi-year master contract agreement, negotiated against projected demand over the next 3-5 years, lives might have been saved as there would likely not be more than two types of IMDs at any one time (the ones sourced during the last contract, and the ones being sourced during the current contract, where the contract length is defined to insure all of the old machines are replaced before a new contract is negotiated with the possibility of switching vendors) and the amount of training the health care staff would need would be minimal.

And the reality is that medical device sourcing is not the only area of Supply Management where lives are at stake. Supply Managers also source food and beverage categories, and melamine in the milk, diethylene glycol in the toothpaste, salmonella in the spinach, bovine spongiform encephalopathy in the beef (which can cause Creutzfeldt-Jakob disease), and botulism in the chili sauce can all result in death, and if not caught in time, can be as deadly as a plague or coronavirus (SARS).

And Food & Beverage is just one example. The chemical sector is another. What if the chemicals are hazardous and the storage units are poorly made and leak? Cyanogen chloride is colourless, and deadly, and used in the production of Chlorosulfonyl isocyanate which is used in medicine in the production of Beta-lactams, which form the foundation of antibiotics (including penicillin).

Another is heavy machinery. Carbon monoxide (CO) is regularly produced by internal combustion engines in enclosed spaces. If the exhaust system is not airtight and properly insulated, CO could leak into the factory and poison (or kill) your workers before they even know it’s there as it is an odourless colourless gas.

The point is, where physical products are concerned, almost anything you source could be a hazard to human health, and even life. (We still have problems with led in the paint and asbestos in the insulation when sourcing from overseas.) This doesn’t mean that you don’t have to worry about services — it just depends on what you’re sourcing and what products and materials the service providers have to use in the performance of their jobs. For example, Janitorial Services could be a problem if the company is contracted to provide the cleaning products and they consistently use cleaners with too high a borax concentration which is not properly cleaned up.

So, next time you source, get out that corporate social responsibility scorecard; make sure safety, security, and sustainability play a prominent role, and remember that, indirectly, you could be responsible for someone’s life.

Your job just changed, didn’t it?