Category Archives: Risk Management

What is Necessary to Get a Grip on Risk before You Select a Supplier for Outsourcing?

Outsourcing ain’t going away. The best we can hope for is near-sourcing, but that will depend on the ability to find the needed expertise and scale at competitive rates (at least until oil and transport across large distances becomes so expensive that labour rates don’t matter). So we need a way to select a supplier that won’t increase risk to ridiculous levels and almost guarantee that, at some point, our supply chain will come to a grinding halt when the supplier goes bankrupt, gets cutoff from its supplier, or gets cut off from us.

One way is to get an assessment of risk for the supplier, the city the supplier is located in, and the country the city is located in, build a composite picture, and determine if there is any serious risk of supplier failure, inbound supply chain failure or inaccessibility, or outbound supply chain failure or inaccessibility. But where do we get that risk assessment? And how do we know it’s the right one for us?

Where is external to the organization. We go to an organization like D&B, Resilinc, or Neo Group which has been collecting data on the supplier, city, and country and get their report. But how do we know we’re getting the right report? This is the toughie.

First of all, are they using the right risk model? If you refer back to the World Economic Forum’s annual Global Risks report, you see that, at the very least, you have to consider societal, environmental, geopolitical, economic, and technological factors at the region level, but since you will be conducting business with a supplier at a physical location, business, legal/regulatory, infrastructure, and local quality of life will also play a role. When you start talking about suppliers, you need to look at their financial stability, associations (clients/partners), governance, workforce, and (service) innovation (leadership) capabilities.

But how do you define each of these in a way that can be measured in a standard way? And will such definitions incorporate all that is relevant to your organization? For example, when we’re talking economic we’re talking inflation, currency, fiscal deficit, GDP growth, stock market performance, reserves, etc. However, when we’re talking supplier service capability, we’re talking workforce education level, tools, language proficiency, incentives, etc.

It’s a very tough question. And often what matters is category specific. I’ve reached out to a couple of the big providers of Risk Monitoring solutions. Let’s see if any take me up and provide their viewpoint.

I Hope You’re Not Paying a Wealth Investment Advisor!

Because if you are, the only person getting wealthy out of the deal is the investment advisor on your money! Especially when your LOLCat can do a better job, and will work for temptations and catnip!

As per this recent article in the The Observer, a ginger tabby named Orlando beat a team of professionals and a group of students in a year-long stock-picking experiment summarized in a recent article on how Orlando is the cat’s whiskers of stock picking. The cat, who selected stocks by throwing his favourite toy mouse on a grid of numbers allocated to different companies, beat Justin Urquhart Stewart of Seven Investment Management, Paul Kavanagh of Killick & Co, and Andy Brough of Schroders who had decdes of investment knowledge.

So if you really want to beat the market, replace your stock analysts with cats who are just as accurate (and don’t put much faith into predictive analytics no matter how much big data you have).

Is The Air Force’s Billion Dollar Flop the Biggest Supply Chain Failure in History?

Six years ago, Supply Chain Digest published a piece on “The 11 Greatest Supply Chain Disasters” in history, which was updated in a blog post on The Top Supply Chain Disasters of All Time by Editor-in-Chief Dan Gilmore back in 2009 which added five new ones to the list, bringing the total to 16.

The top three were:

  • the failure of Foxmeyer’s “Lights Out” Warehouse,
    which was the top disaster in the original report and wiped out the 5 Billion dollar company almost over night;
  • the Boeing outsourcing fiasco,
    which led to massive 2-year plus delays in the production and delivery of the long-awaited 787 Dreamliner and some 2 Billion in charges to fix supplier problems; and
  • GM’s Robot Mania,
    in the 1980s when CEO Robert Smith pent 40 Billion on robots that didn’t work for the most part

But SI thinks the Recent Air Force Modernization Effort should top the list. As per this great article over on the New York Times Site on the Billion-Dollar Flop, the six-year old effort that had already eaten up more than 1 Billion didn’t even achieve a quarter of the planned capabilities — with another Billion required to achieve that minimal target. This says that the effort, supposed to cost $628 Million, would require over 8 Billion to complete! This easily dwarfs the 2 Billion in charges plus losses due to delayed sales suffered by Boing and the 5 Million Foxmeyer failure.

Does it dwarf the GM failure? The failed gamble cost GM a lot, but they are still in business, and posted almost 1.5 Billion in profit last year. And they were able to fix their processes and technology and improve over time.

In comparison, the Air Force is stuck relying on legacy logistics systems, some of which have been in use since the 1970s. And it turns out that this failure is just the tip of the iceberg, with the Institute for Defense Analyses noting that modernization of the department’s software systems, which has been a priority for 15 years, has cost over 5.8 Billion as of 2009 and most large operational software system efforts are still behind schedule. So now we’re up to six billion.

And the losses mount for every year a legacy system (way) past it’s prime has to remain in production. With today’s rapid pace of software, and hardware, refresh cycles, it’s often difficult to find a replacement part for a piece of hardware that is only 3-years old, and if you do find it, it’s costly. The Air Force has to find replacement parts for systems that are 13 and 30 years old! And lets not forget energy and support costs! Older systems often consume way more power and require more support hours than newer systems. Plus, over time, the expertise in supporting such systems goes from relatively common to extremely rare as more and more people retire or move to different systems and technologies and no new people learn the antiquated systems. As a result, the expertise that remains becomes very costly as the few people left demand a premium and expenses mount when they have to be flown in from halfway across the country.

Plus, the failure has instilled a fear of future technology fiascos, causing them to impose an across-the-board deadline of 18 to 24 months for future upgrade projects. While this sounds good in theory, and an upgrade project for most systems generally shouldn’t take longer, there are some systems where the requirements analysis is going to take 6-12 months and the migration plan, which will involve a lot of data mappings, development, and testing, will take just as long. Add a staged implementation plan, quality assurance, and user testing, as well as time for any customizations the COTS (Commercial Off The Shelf) Vendor has to make to the core system, and the project could take longer. So, this is going to prevent some upgrades from happening until COTS technology in certain area improves or a vendor is willing to bite the bullet and create the mapping middleware without a contract in the hopes it will get one. In the mean time, losses mount.

While SI does not have the data to calculate, it would bet that if you did a total loss analysis over all delayed and failed projects leading up to, revolving around, and including the modernization initiative, over the last decade, the number would be 5 times higher, just like the license cost of an on-premise software solution amortized over five years turns out to often be 1/10th of the total cost of ownership.

It might not add up to a 40 Billion loss yet, but by the time the Air Force recovers and modernizes all of the systems that need modernizing, it will likely get there.

Risk – The More Things Change, The More They Stay the Same V – Technology

In our last post, we indicated that the World Economic Forum had recently released its 7th annual Global Risks report, it’s 2011 edition. This report was filled with risk, dozens of risk divided into five categories to be precise. Today, we are going to discuss the top technology risks from a Supply Management perspective.

Two of the biggest Risks Haven’t Changes Since Last Year:

Online Data and Information Security, specifically the risk of a
Massive Incident of Data Fraud or Theft

Every week we hear about another data breach at another retailer. What we don’t often hear about, because consumers aren’t directly affected, is yet another network intrusion at a Global 3000 or Global Financial Institution. While the average hacker might want your credit card, the average hacker employed by organizations that resort to corporate espionage wants your data — and your Supply Management related data in particular — or all of your corporate customer’s data. What are you making? What are the specifications? Where? With who? When are you shipping? From Where? With what carrier? And who is buying? And where are their bank accounts located? If any of your confidential data finds its way to your competition before you’re ready to release a new product, the losses could be crippling. What if your competitor is able to use your plans to jump-start their development of a better version and beat you to market? What if thieves intercept your critical shipments and sell your product on the black market? And if your customers data is exposed, and their accounts are hacked, good luck staying in business if all you have is inventory no one else wants but the company’s that just went bankrupt thanks to your lack of security. While a consumer’s financial solvency depends on her credit card information being kept secure, your organization’s financial solvency often depends on your Supply Management data and your customers’ financial data being kept secure.

Critical Information Infrastructure Breakdown /
Critical Systems Failure

Face it. It’s impossible to manage a global supply chain without modern supply management systems and the information infrastructure that supports them. What happens if your primary data centre gets taken out? What happens if your headquarters loses power for 48 hours? What happens if the land lines fail and the one satellite that carries cellular signals for your (remote) location stops responding? The minute your internet goes down, your business stops. Literally. And since your information infrastructure could breakdown as the result of a (power) grid overload, a data centre failure, an environmental disaster, or a terrorist action, all of which can not be predicted (or prevented in many situations), this is a significant risk that requires risk mitigation plans be in place and ready to go at a moment’s notice.

These two risks have become an even greater threat to your organization and round out the top 4:

Cyberattacks
Cyberatttacks and Cyberwarfare is on the rise, and the chances of it significantly disrupting your business and your supply chain are on the rise. As early as 2009, reports appeared that indicated that China and Russia had infiltrated the U.S. electrical grid and left behind trojans that could be used to disrupt the system. If the entire power grid can be taken offline, there goes your data centre. And even if the grid is safe, a concentrated attack on top level internet domain name servers can take down the internet for days. The recent GoDaddy outage, which some blamed on the Anonymous Collective, but which GoDaddy stated was a DNS upgrade error, took down thousands of sites for almost a day. McAfee might be hoping that the Anonymous Collective will decline in 2013, but I wouldn’t bet on it. And given the state of the current economy, I would bet that incidents of cyber-ransom, where thieves hijack your internet domains and electronic data and demand money for their safe return, will be on the rise.

Mineral Resource Vulnerability

China dominates the rare earth metals marketplace, controlling 90%+ of the supply of some of the critical rare earth metals needed for modern electronics. What will happen if they decide to cut off supply from the rest of the world? What will happen if the Somali pirates and the organized crime cartels figure out that these mineral and metal shipments are even more valuable than drugs, guns, oil, and finished iPads and turn their attention to these shipments? Are you prepared for supply shortages that will shut down your electronic and information technology hardware production lines?