Category Archives: Risk Management

Food Costs are Still Spiking – Are You Ready for the Risks?

As per this recent FAO Food Price Index, food prices have surpassed the 2008 highs, and there is no end in sight.

Right now, the world is on the verge of riots around the globe, and this includes developed countries like Japan (where food riot fears [are] on the rise [wealthwire.com]). The riots in Tunisia and Algeria in January and Mogadishu from earlier this month are just a start. Over half of the world lives on US $2.50 a day or less. The lucky ones can barely afford to eat as it is. If food prices keep rising, they won’t be able to. Talk about political risk. We’ve even seen riots in England and Canada this year … imagine what will happen if a significant number of poor people in the developed world can no longer afford to keep a roof over their head and eat.

Risk Management Is Your Top Priority – But Are You Prepared for the Billion Dollar Threat?

As per this recent article over on Chief Executive that asks [if] your company is vulnerable to cyber-sabotage, if your company gets hacked, like Sony had its PlayStation Game Network hacked, then you too could be looking at about $1 Billion in tangible damages and an incalculable toll in lost customer goodwill, tarnished brand equity and sleepless nights for the corporate brain trust. Especially if you are in the Financial, Retail, Restaurant, or Hospitality sectors.

Cyber-Sabotage is on the rise. According to IBM, more than 8,000 new cyber-sabotage “vulnerabilities” were identified last year, up 27% from 2009.

But what can you do? The article recommends that you:

  • Become the Security Champion
    And put cyber-security at the top of corporate priority lists.
  • Beware of “Social-Engineering”
    Make upper managers aware of their own vulnerabilities to attacks that exploit the behaviour of strategically positioned individuals rather than involve a broad cyber-sabotage campaign.
  • Draw the Difficult Lines
    And set up an early warning system since it’s impossible to prevent every possible attack.
  • Dig to the Roots
    Be aware that unhappy contractors, customers or partners can become cyber-accomplices, and even cyber-criminals, if they are financially desperate enough.
  • Survey the Changing “Threat Landscape”
    The rapidly rising number of smart-phone “apps” is providing cyber-criminals with opportunities to exploit mobile-data networks.
  • Know the Four Common Categories of Cyber-Saboteurs
    • Foreign Government Intelligence Services
    • Transnational Criminal Enterprises
    • Corrupt Competitors
    • Corporate Insiders

It’s not bad advice, but it doesn’t really help. It’s great to fly a flag, but that’s not enough. And even if a manager knows he is vulnerable to social engineering, that doesn’t tell him how to tell when an individual might be trying to socially engineer information out of him. And just what should an early warning system look like? And how do you identify what individuals inside your four walls might turn on you? And how does knowing what types of cyber-saboteurs are out there help you stop them from penetrating your networks?

You need to know A LOT more than you do. And you’re not going to figure it out on your own. So you pretty much have two choices.

  1. Outsource to a “Cloud” Company that are masters of SaaS and Security or
  2. Hire a Security Consultancy with the Expertise to Not Only do a Security Analysis but to Train you on what needs to be done to Minimize Risk from a Technical and Social Perspective.

That, in a nutshell, is what you need to know, because unless IT Security is your business, you won’t master it.

The Control Provided by e-Sourcing is Only an Illusion – YOU HAVE NO CONTROL!

A recent post on one of the lesser known sourcing blogs indicated that, due to the lack of economic upturn in most of the developed world, maybe now is the time to finally try reverse auctions. The rationale, quotes from a CEO and his team that watched their first reverse auction that indicated that it was simple, powerful, easy to follow, effective, and, most importantly, if you read between the lines, gave them an illusion of control over the process and the results.

This, and some of the messaging coming from a few of the smaller e-Sourcing providers, is scaring me. I fear that adopters may believe that adopting this technology may give them some control. Well, as this recent article over on Chief Executive on why you should embrace tomorrow’s strategies clearly points out, you have NO control! You can manage the process, but you have no control over the outcomes. Why? For starters

  • Cartels, cabals, speculators, organized crime, and entire countries are constantly manipulating commodity prices.
    Case in point: China possesses over 90% of many of the rare earth metals used in many technologies (smart phones, batteries, etc.) and when they recently reduced exports, a steep price increase resulted that triggered a costly disruption of delivery of the precious commodities to global business.
  • Disasters are on the rise.
    Industrial, agricultural, and political disasters are increasing in frequency and wiping out production in entire regions. For example, the nuclear meltdown in Japan affected most businesses that rely on a Japanese supplier.
  • Global currency fluctuations, unforeseen credit crises, and economic stagnation are increasingly severe and unpredictably enduring.
    The extreme fluidity in the valuation of imported and exported goods, services, and components is as equally difficult to predict and manage.

No e-RFX or Auction is going to help you regain control over these economic nightmares that you have to deal with on a daily basis. And any provider that’s trying to sell you 1999 e-Sourcing technology to deal with the current economic stagnation doesn’t have a clue. There’s only one way you can even hope to adapt to the constantly changing reality, and that is through the adoption of a supply management platform with advanced data analytics capability. You have to constantly monitor, react, adapt, predict, plan for what-if, monitor, react, and adapt again. This requires extensive data acquisition, mapping, transformation, and analysis that only a real analytics solution, with advanced (spend) analysis, optimization, simulation, and reporting is going to provide. Don’t get fooled. All auction platforms give you in this day in age is a false sense of security. Sometimes an auction is the right way to go, but, most of the time, an auction (on its own), is not the answer.

For Good Outsourcing Contracts, Keep Litigation in Mind

A recent article in the Sourcing Interests Group newsletter that described “a litigation perspective on outsourcing relationships” is right when it states that a litigation perspective will improve your results with outsourcing agreements. Given that outsourcing agreements are typically long in duration, it is important to craft the best agreement possible. A litigation perspective will help. Why?

Without a litigation perspective, a typical outsourcing agreement is:

  • general
    Since it is impossible to predict every circumstance that may arise, most drafters of outsourcing agreements stick to general terms, broad service descriptions, and generic service level improvement requirements. This is bad because generality results in uncertainty, uncertainty breeds disagreement, and disagreements threaten the stability of outsourcing relationships.
  • full of vague terms
    Such as material breach; gross negligence; willful misconduct; direct, indirect, consequential damages; best efforts; generally accepted standards; and commercially reasonable efforts which sound very legal but which are typically unclear in case law.
  • sparse (or devoid) of communication protocol
    While most outsourcing agreements will contain clauses for dispute resolution, they will be sparse, or devoid, of clauses describing proper communication protocols for communicating, addressing, and responding to issues as they arise. Disputes only arise when issues are not adequately addressed as they arise.

However, with a litigation perspective, a typical outsourcing agreement is:

  • specific
    While the agreement will still contain general clauses for modifying procedures to deal with unexpected situations, it will contain provisions for dealing with situations that can be anticipated in advance, such as a spike in data processing, the inability for the service provider to handle increased order processing, or a change in regulations that restrict a service provider from performing one or more functions. For example, in the first case, if data processing requirements increase beyond a certain threshold in a given month, the organization will pay overtime rates to get it done. If the service provider can’t handle a rapid spike in customer orders, the organization will have the right to bring on a second service provider to assist. And if an unforeseen change in regulations preclude part, or all, of the functions from being performed by the service provider, the organization may cancel the affected parts, or all, of the agreements, without notice and penalty.
  • built on clearly defined terminology
    Instead of just saying that the service provider is liable for “direct damages”, the agreement will say that the service provider is liable for “direct damages, which include but are not limited to the additional cost of securing an alternative service provider” or instead of just saying the service provider is responsible for damages that result “willful misconduct”, which may or may not include a deliberate breach of contract, the agreement will say the service provider is responsible for damages that result from “willful misconduct, which include but are not limited to intentional tortious acts”.
  • clear on communication protocols
    The agreement will contain a communication protocol where the organization can officially notify the service provider of issues that arise, and response protocols for the service provider to officially respond to the issues.

Communication protocols are important as they provide official communication trails and a way to “shape the record”. If an official dispute arises, and goes to arbitration or court, and the organization does not have a clear record of events, that includes correspondence officially notifying the service provider of a(n impending) breach, then its chances of winning its case (and receiving damages) are not good.

Moreover, if the organization maintains a good “real-time” written record of events, that includes official communications that follow the protocol, it has a better chance of resolving the disputes quickly, cost-effectively, and with minimal disruption as a provider is not going to want to risk an official dispute when the client organization has a strong case.

Considering that termination of the relationship likely will cause both parties serious economic disruption, its important to draft the best agreement possible. The best way to do this is to keep litigation in mind and consider how you would prove the elements of a claim if a dispute were to arise as this will lead to the creation of clear and unambiguous clauses.

There’s More To Risk Than Natural Disasters

As per this recent article in Industry Week on how “manufacturers must brace for global uncertainty and risk”, the following, entirely predictable, events can be just as devastating to an organization’s supply chain if not planned for.

  • Rapid Growth
    What if sales double overnight? Can the supply chain keep up?
  • Facility Expansion / Opening
    Can the organization ramp up supply, staff, and logistics fast enough to maintain productivity levels?
  • Massive Churn in Product Offerings
    If the organization has to continually offer new versions of products, or rapidly expand its product offerings, can the supply chain adapt quickly enough?
  • New Customers that Account for Double-Digit Percentage Volume
    Can the supply chain keep up? Can it provide any new services that will be required at the agreed upon service levels?
  • Substantial Changes in the Supplier Base
    If current suppliers go out of business, can new suppliers be incorporated into the supply chain fast enough? Will new suppliers be able to meet demand? If new suppliers enter the space, will the organization be able to identify them and take advantage of new technologies they offer?
  • New IT Systems
    A failed IT implementation can bring down a multi-billion dollar company. A poor IT implementation can cost millions and stop production in its tracks. It’s rare occurence when an IT system upgrade doesn’t result in at least some downtime. IT system implementations and upgrades need to be planned for carefully.

So, if your Supply Management organization is not yet thinking about risk on a daily basis, maybe it should be.