Category Archives: Risk Management

Supplier Risk Management Doesn’t Have to Be Hard

Michael Levin of Integrity Interactive is right … risk assessment doesn’t have to be complicated. Many companies put off risk assessment, management, and mitigation because they think it is too time intensive, hard, expensive, etc. … when in reality it usually isn’t. The vast majority of what you buy doesn’t have to be single sourced from a single factory or be made of a single raw material only found in one place in the world. As a result, it’s usually not too hard to define risks (we’re single sourcing oranges from the coast of Florida or RAM chips from a factory on the Shanxi Border in China) or come up with mitigations (buy Oranges from Florida and California and RAM from the Shanxi border factory as well as a factory in Korea).

Furthermore, the six-point approach to risk minimization he outlines in “when the CPO gets a request for quote” is a great way to kick-start a risk management program:

  1. Ensure the initial supplier selection process is comprehensive, repeatable, and documented.This must include inquiries into ethical standards and history.
  2. Establish ethical standards and expectations for suppliers.Include labour, environmental and anti-corruption standards. SI’s series on the John Lewis Partnership Responsible Sourcing Supplier Workbook has a lot of good standards you can start with.
  3. Publish and actively communicate those standards to suppliers on a persistent basis.Not simply at the initiation of the supplier relationship. Regular newsletters and reminders when they log into your system as well as educational pieces about how to be more socially responsible. (You don’t just want to nag them, you want to inform and better them.)
  4. Perform routine audits of suppliers.This is to ensure they continue to meet your ethical standards. Make sure that your contract states that you can do at least one surprise audit annually. (While you shouldn’t do it unless you expect your supplier is not being ethical or socially responsible, as it’s a big drain on you and your supplier, if you get wind of shenanigans, you want to be able to check them out.)
  5. Perform risk assessments of your supply chain.Identify suppliers as high risk, low risk, minimal risk and no risk. (Yes, you do have no risk suppliers. For example, if your office suppliers vendor goes out of business, you just go down the street to the next one.)
  6. Establish in advance a remedial action plan in the event trouble is discovered.Make sure it’s one you can act on quickly. Otherwise, your brand and reputation will be on the line. After all, by institutionalizing an approach, a company at the centre of an ethics scandal in its supply chain will fare much better with the public and potentially avoid the media storm that is inevitable. It’s a matter of enduring six weeks of pain rather than six months or more of media pain.

Share This on Linked In

The Best Argument for Supply Chain Risk Management

Forget Eyjafjallajokull, and the ash cloud that didn’t exist. The biggest risk to your supply chain is not an unexpected natural disaster. It’s the people in, and around, your supply chain … and the nutjobs that will overreact when there is no plan in place to follow.

 

 

The best argument for supply chain risk management, as outlined in recent research from Manchester Business School, is the simple fact that 88% of supply chain interruptions are the consequence of human action. This includes accidents, production problems and labour unavailability due to poor planning, strikes, thefts, and cyberattacks. This means that a good supply chain risk management strategy can mititage 9 out of 10 potential disruptions.

Moreover, if your risk management plan focusses on generic, and not specific interruptions, such as “our primary air carrier and/or mode of transport becomes unavailable for more than 3 days”, you can even mitigate the effects of some natural disasters! So get planning!

 

Do We Really Need Supply Risk Programs Anyway?

Today’s guest post is from Pierre Mitchell, Director, Procurement Research and Advisory for The Hackett Group.

OK, now that I have your attention. Am I being provocative? Yes … and no. If the purpose of supply risk management is to ensure supply that is: available, reliable, high quality, well priced, supporting lowest TCO, ethically sourced, etc. (per the enterprise mission and brand), then we really “just” need to clarify what constitutes the performance of supply and the causal factors which impact it. But, this is a big “just”. It means first translating the performance of supply from the business (i.e., the true ‘risk owners’ who ultimately own the performance of supply) to the inbound supply chain to a commodity to the supplier and even down to the part/spec/site level — and then ensuring that your processes for extended network design, sourcing, and supplier management are addressing the risk factors that can impact that supply performance. That’s a tall order to expect as a bottoms-up outcome.

For example, if you look at a company’s sourcing and supplier management processes, you might find risk-oriented knockout criteria in an RFI. Or you might find a regulatory compliance driven process in supplier measurement. But for the latter example, do you have an explicit risk score in your supplier scorecard? Most organizations don’t. There is a direct analog to the quality area here in terms of placing emphasis on process capability and managing upstream causal factors. A TCO model that includes quality costs (i.e., a ‘cost of quality’ model) is not only similar, but actually overlapping with the ‘cost of risk’. In other words, you can pay for risk prevention now or pay for external failure later.

This is why, although you should theoretically be able to bake your supply risk management processes systematically into your existing supply management processes (sourcing, SPM/SRM, etc.), the fragmented and reward-biased performance measures don’t encourage this end-state approach. This is why a bottoms-up process usually does not work and it requires that Procurement/SCM not only work with the natural risk owners to build the cost/risk models, but also use that to have the top-down discussion with senior management on how the firm wants to deal with it and what is the cost of doing nothing. To quote the rock band Rush: “If you choose not to decide, you still have made a choice“. (Freewill) And for some organizations, they might be able to tie into an existing enterprise risk management and corporate sustainability governance structure.

Another important strategy is to have a good diagnostic, and some external benchmarking intelligence, as part of this process — especially when trying to justify the effort beyond ‘it is the right thing to do’. Showing where you are vs. other firms and how well you/they are performing in supply risk (and comparing that performance to capabilities) is a good way to support the discussion. And so is having a good ‘cost of risk’ model. But quantification is tricky, and that’s why we launched a supply risk study about a month ago that we’re closing down this weekend, that uses this type of model (and other existing benchmark data that we have) to help firms arm themselves with some good insight on elevating the conversation. Why? To get more attention, resources, and proper measures/alignment that cascade back down to get baked into the processes. Once they’re baked in, you won’t need a ‘program’ anymore — you’ll have a proper risk-adjusted process. The corporate practitioner study takes 30-40 minutes or so, but like other Hackett performance studies, it is: complimentary, confidential, credible, and hopefully invaluable.

Thanks, Pierre!

Share This on Linked In

Global Sourcing: Addressing Myths with Capabilities Part III: Risks & Opportunities

Today’s post is from David Henshall, Founder of Purchasing Practice. Dave can be reached at dhenshall <at> purchasingpractice <dot> com.

In this four part series, we examine eight dimensional capabilities that will help you overcome the myths surrounding global sourcing. In today’s post, we will focus on the dimensions of risk and opportunity. (Yesterday’s post addressed corporate social responsibility.)

The decision to pursue a global sourcing strategy will ultimately depend upon the amount of value that it creates. Value in this context, however, should include not only the available savings opportunities, but also the inherent risk after considering the organisational capabilities in managing the increased vulnerability from sourcing in higher risk countries or region.

Dimension #4: Risk

Increased risk comes in the form of damage to brand and reputation, unplanned cost, supply chain failure, delay, currency fluctuations and IP theft, for starters. Professor Richard Wilding & Professor Alan Braithwaite, from the Cranfield School of Management in the UK, have identified six capabilities for the effective management of global sourcing risk:

  1. ‘Total Acquisition Cost Management’ – the ability to analyse and predict the total cost of a good from the source of supply to its final point of sale. They advise it is important to analyse and build into the costing the inherent lost sales risk of the product by developing and applying a market-risk and cost risk profile. The inventory holding cost through the chain must also be factored in.
  2. ‘One touch information flow’ – to avoid double entry, duplication, mistakes and inconsistency as the same transaction moves through the many points of contact in the chain. Accuracy of information is a precondition of pro-active management and the ability to exercise risk mitigation measures. This capability is systems enabled; it is critical to have the widest view of the total chain on one information platform with the ability to recognise inconsistencies.
  3. ‘Total product identification and compliance’ – to ensure fast accurate product and handling unit identification that feeds the “one touch information” requirement without delay. The use of bar codes and RFID (Radio Frequency Identification) to the correct standards is the enabling technology; this needs to be quality assured and enforced on the ground across many sites with failures being fixed where they occur.
  4. ‘Real time routing through dynamic visibility’ – the capability to see through the chain, know what is coming, and test for events that have not happened as planned; to interpret the implications of failures in a pro-active way and make decisions to minimise their impact.
  5. ‘Vendor development’ – cycle time compression linked to real demand’ – the capability to understand and improve the long-term performance of vendors in terms of cycle times, timeliness, quality and accuracy is central to time compression and risk reduction. Based on historical performance of the end-to-end chain, it is possible to identify improvement programmes to develop supplier reliability. The ultimate goal is to issue orders and schedules on shorter lead times, reflecting real demand or more accurate forecasts. Understanding the underlying performance of the vendor, and his category of products in the marketplace, is the starting point for this; it is dependent on information across the chain.
  6. ‘Information platform’ to provide consistent and timely information – the capability to put in place, operate and maintain a full supply chain visibility solution. All of the above capabilities are anchored by the operational skill to secure and maintain the information backbone with the diverse data structures that are needed by each supply chain function.

All of these capabilities relate to management information and the skills to apply that information with greater precision; information on the extended chain in terms of accuracy and speed of availability is central to these capabilities.

Dimension #5: Opportunities

Global sourcing can facilitate both supply side and demand side opportunities. On the supply side, Ford Motor Company cites these as:

  • Annual cost reductions in LCC markets have consistently exceeded those in mature markets due to:
    • Expanding scale
    • Deepening relationships with suppliers
    • Competitive environment
  • Wage rate growth in China and India will be limited by the large number of under-employed:
    • China has 1.338 Billion people living in the country
    • India has 25 million English-speaking, educated workers, and this number is expected to increase every year (as there are 232 Million people who speak English as a second or third language)
  • Labor rate differential is so large, gap is expected to remain substantial for the foreseeable future

On the demand side, global sourcing can facilitate the pursuit of export opportunities. Organisations can leverage supplier relationships to open the global marketplace, allowing them to market and sell their products in new markets across the globe.

Part 4 will examine Politics, Local Context, and Enabling Infrastructures of global sourcing.

Thanks, Dave.

Share This on Linked In

Stay Hip with the Program with Hiperos

Last year, I told you how you could Get Hip with Hiperos, an “Extended Enterprise Management” platform that allows you to manage your risk, performance, compliance, sustainability, and supplier information through a single portal that they dubbed R3. Knowing that you can’t stay still in the quickly evolving supply chain space (and knowing that there were lots of point players with deeper solutions in each), they’ve been hard at work on R4 since that time. Last week, I had the chance to do a detailed review of R4, and am pleased to say that they did a great job and that a number of significant improvements in R4 greatly increases the value the solution offers.

In particular, five improvements in the Hiperos R4 platform commanded my attention:

  • In-Line Collaboration
    It’s a pretty simple idea, but the fact that you can associate a discussion thread with any element of the system is quite powerful. No longer do you have to search separate discussion forums or, even worse, try to track down out-of-system e-mails to find out what happened, or why part of a questionnaire is still blank, or why a template was modified.
  • New Workgroup Capability
    Hiperos recognized that true performance, compliance, and sustainability is collaborative, that single-directional Q&A is not collaboration, and built in a new discussion-based workgroup capability that lets buyers, suppliers, and other involved parties collaborate through a centralized, integrated environment.
  • The Program
    Since compliance, risk management, sustainability, and performance all revolve around programs designed to satisfy a regulatory initiative, emerging threat, or a green goal in the real world, in the Hiperos platform, it’s now abundantly clear that everything revolves around the program, which is very easy to define and manage. There are three ways to create a new program. Instantiate it from a template, load it from a properly structured Excel file, or define it from scratch in the tool — which will walk you through its creation step by step in a simple 7-step process. (Outline Detail, Organizational Units, Questions & Documenation Requirements, Dates, Individual Organizational Unit Reqirements, Measurements, and Reviewers.)
  • Out-of-the-Box Compliance Programs
    They have over 60 compliance templates built in, with heavy support for the finance (BITS, etc.) and health-care sectors (HIPAA, etc.).
  • Supplier Focus
    The supplier portal is almost as extensive as the buyer portal. Suppliers get their own set of dashboards, which they can do deep reporting dives into to find out where the measurements came from and how they were calculated, relationships, which they can manage, programs, which they can track, and communities. Truly enabling the supplier on your platform goes a long way towards supplier adoption. The only functionality suppliers don’t get is Supplier Information Management (SIM) and Application Administration (unless, of course, they buy the platform themselves).

The system also includes a number of other improvements, particular in the area of SIM (where you can capture a lot more information in out-of-the-box templates and define your own data elements to be tracked), reporting (where, in addition to dozens of reports in each area that you can use out of the box, you can also create your own reports using an improved wizard that walks you though a simple 6-step report definition process), and built-in KPI and SLA templates available for your use (there are over 6,000 that can be accessed system wide). Furthermore, the dashboards are more than just pretty gages, they also contain a quick summary of your action items (open evaluations, pending approvals, etc.); the relationships you are responsible for; and current risk assessments, in-process supplier profiles and compliance controls. And while other providers might still go deeper in specific areas (though none go deeper in all areas), the breath of integrated capabilities put them in a fairly exclusive club as I have only seen applications displaying a similar breadth and focus in enterprise management from Aravo, CVM Solutions, Rollstream, and, in the healthcare and agency management verticals, Vendormate and Decideware.

Share This on Linked In