Category Archives: Risk Management

The Real Key to Spotting Disruption Before it Happens

A recent post over on the HBR blogs on “the key to spotting disruption before it happens” noted that executives have to look beyond revenue or basic market share data to determine whether or not a would be disruption [which would trigger rapid declines in their core business] is a legitimate threat. This is because, in the early days of a transformation — such as mail to e-mail and digital document delivery, or CD to digital (mp3) album downloads, or polaroid to digital cameras and home printers — market leaders tend not to feel deep pain. It’s only after the not-good-enough transformation, which starts away from the mainstream in a seemingly non-connected market, becomes more than a slowly rising-tide and reaches the tipping point where the big switch begins that a market leader starts to see the impact.

According to the article, the key is to spotting potential disruptions is to find the right metric(s) to measure your business against the seemingly disparate competitor. If your measure falls while the measure for the seemingly disparate business rises, then you may have a disruption. For example, the U.S. Postal Service could have foreseen the problems it faces today if it had measured it’s market share by way of “pieces of communication” and not revenue, as mail volume has sagged 17% since 2006; Digital Equipment Corp. could have seen the end of the mini-computer market had it measured units sold against the rising PC market; and Kodak could have seen the “big switch” coming much earlier had it measured number of pictures “developed” on its platform.

The article has a good point as good metrics can tell you when a big switch might be coming. However, I wouldn’t go so far as to say it’s the key to spotting a disruption.

First of all, the method can yield a false positive. Consider the example of the potential big switch in progress given by the author. Yes, television viewership might be declining while YouTube and other online channel viewership is rising, but this doesn’t mean that television viewership will drop significantly. It might, but not everyone has a computer yet. Not everyone has (sufficiently) high speed. And not all the content people want to watch is online. This last point is key. Furthermore, when you think about it, TV networks are in the content development and distribution business … and now that TV is digital, there’s really no difference between a TV and a computer monitor. As long as networks produce content people want to see, learn from their counterparts in the music industry, and adapt to deliver their content through the channels their viewers want to consume it, TV networks will do just fine.

Secondly, by the time the method identifies a disruption, it could be too late. Markets are evolving faster and faster and a new market can often emerge overnight. Take the “tablet PC” and “digital reader” markets. Over a dozen providers, including some big names like Sony and Toshiba, have been producing numerous offerings for these markets for years, but sales remained relatively flat overall until Apple launched the iPad, which broke both markets open by selling over a Million units in a little over a month. If you didn’t have a competitive product in development before its release, it’s too late.

Thirdly, and most importantly, it doesn’t tell you where to look. If you were producing e-Readers, you wouldn’t be watching the tablet PC market. If you were producing tablet PCs, you wouldn’t be watching the e-Reader market. Either way, if you misclassified the iPad, which crosses both markets, you wouldn’t see your market disappear to Apple literally overnight until it happened.

This brings us to the real key for spotting a disruption before it happens … and that is to define it in-house. Use scenario planning to identify what types of future technologies could shift the market out from under you and keep a watchful eye out for them. Then, if you can, partner to develop or take advantage of the new technologies as they emerge, so you can ride the wave upward as the wave you are currently riding crests, or start working on alternative product offerings to start a new wave. Every product has a life-span. The successful companies recognize this and are working on next generation products that will either replace their current products or complement the next generation products of their competition (that they do not have the in-house expertise to develop themselves). They are ready for the next wave and the “disruption” is just a natural transition from one market cycle to the next.

Share This on Linked In

Integration Point Takes Trade Compliance to a New Level

The last time we reviewed Integration Point, one of the twenty-one stops on the 2008 Sourcing Maniacs Vendor Tour, we discussed their global trade solutions and told you they provided another way to get your trade data in order. In that post, we told you about their extensible modularized web-based platform that has effectively solved the core customs, security, and classification challenge as well as the free trade / secure trade zone challenge with solutions that address import and export classification (HTS codes), import documentation requirements, export documentation requirements, C-TPAT, AEO, denied party screening, FTA qualification, duty deferral, customs warehousing, customs control processing, and advance security filing – they have most of what your average multinational based in the US or the EU needs. With regards to three main challenges of global trade — customs, security and classification; free trade / secure trade zones and agreements; and regulatory compliance — they had two nailed.

Since that post, and the Maniacs’ post that followed, they have tackled, and introduced a rather comprehensive, and flexible, solution for compliance and risk management that provides a secure communication channel between you and your supply chain to gather any information you require and apply a risk-based assessment to it. And while the feature set is not yet as rich or as deep as the vendors who tackle compliance and risk as their primary focii — like Aravo, CVM Solutions, Hiperos, Rollstream, SupplierSoft, and others — it is more than sufficient for the majority of global trade organizations that do not yet have an appropriate solution at their disposal.

Like many tools on the market, the solution is survey-based, and allows the user to construct their own surveys for C-TPAT, AEO, SSER, PIP, EMCP, Product Safety, Export End Use, Internal Compliance, Training, or any other compliance initiative, regulatory or otherwise, that they want to track. Each question can be yes/no, multiple choice, check-box list, or list, and lists can have attachments. Each question can be categorized, departmentalized, regionalized, assigned to an industry, given an importance, assigned to a port, assigned a vulnerability, as well as given a type. The questions can be combined into sections, which in turn can be combined into surveys, which can be sent to suppliers, who can then assign each section, or each individual question, to an authorized representative with access to the appropriate information. They can be set up as recurring (as some initiatives, such as C-TPAT have to be re-affirmed yearly), and previous answers can be provided, or hidden to insure a supplier doesn’t just “check the box” without reading the question. In addition, the questions can be formulated in German, Spanish, French, Italian, Japanese, Korean, Thai, or five flavours of Chinese as well as English to support your global supply base. And the system can be configured to send automated reminders to suppliers if they don’t answer in a timely manner, and buyers to let them know that a supplier may need to be contacted.

The solution is integrated with Integration Point’s Supplier Master which allows you to maintain a complete profile for each partner in your supply chain. Each partner, which can be assigned multiple types (such as distributor, freight forwarder, manufacturer, trucking carrier, etc.) can be associated with the compliance programs relevant to it. As a result, your survey can be distributed to all appropriate partners with a single click as well as to predefined partner lists. E-mail, and templating capability, is integrated, and a buyer can choose, and customize, the e-mails to send on survey launch, on reminder, and on completion.

The reporting, which consists of six types of built in reports, is basic, but gets the job done. It allows you to query the status of each survey, against each supplier, to determine which suppliers responded to questions in a manner that implied risk, which questions elicited the most responses of a risky nature, and the overall risk score (determined via user-defined weightings) by survey by supplier, by supplier, and by survey. And if you don’t like the built in reports, you can roll your own with their open query feature that will allow you (or a member of their services team) to define any report you want by way of custom select statements.

Finally, the configurable entry screen allows you to customize the dashboard to insure that you see the relevant data that you need to address, and not data that will lull you into a false sense of security. You can configure it to display the partners with highest risk, the partners who have not answered the most recent survey(s), the risk rating of the most recent surveys, etc. in addition to recent answer activity, sending activity, and a generic statistics summary.

Share This on Linked In

Supplier Risk Management Doesn’t Have to Be Hard

Michael Levin of Integrity Interactive is right … risk assessment doesn’t have to be complicated. Many companies put off risk assessment, management, and mitigation because they think it is too time intensive, hard, expensive, etc. … when in reality it usually isn’t. The vast majority of what you buy doesn’t have to be single sourced from a single factory or be made of a single raw material only found in one place in the world. As a result, it’s usually not too hard to define risks (we’re single sourcing oranges from the coast of Florida or RAM chips from a factory on the Shanxi Border in China) or come up with mitigations (buy Oranges from Florida and California and RAM from the Shanxi border factory as well as a factory in Korea).

Furthermore, the six-point approach to risk minimization he outlines in “when the CPO gets a request for quote” is a great way to kick-start a risk management program:

  1. Ensure the initial supplier selection process is comprehensive, repeatable, and documented.This must include inquiries into ethical standards and history.
  2. Establish ethical standards and expectations for suppliers.Include labour, environmental and anti-corruption standards. SI’s series on the John Lewis Partnership Responsible Sourcing Supplier Workbook has a lot of good standards you can start with.
  3. Publish and actively communicate those standards to suppliers on a persistent basis.Not simply at the initiation of the supplier relationship. Regular newsletters and reminders when they log into your system as well as educational pieces about how to be more socially responsible. (You don’t just want to nag them, you want to inform and better them.)
  4. Perform routine audits of suppliers.This is to ensure they continue to meet your ethical standards. Make sure that your contract states that you can do at least one surprise audit annually. (While you shouldn’t do it unless you expect your supplier is not being ethical or socially responsible, as it’s a big drain on you and your supplier, if you get wind of shenanigans, you want to be able to check them out.)
  5. Perform risk assessments of your supply chain.Identify suppliers as high risk, low risk, minimal risk and no risk. (Yes, you do have no risk suppliers. For example, if your office suppliers vendor goes out of business, you just go down the street to the next one.)
  6. Establish in advance a remedial action plan in the event trouble is discovered.Make sure it’s one you can act on quickly. Otherwise, your brand and reputation will be on the line. After all, by institutionalizing an approach, a company at the centre of an ethics scandal in its supply chain will fare much better with the public and potentially avoid the media storm that is inevitable. It’s a matter of enduring six weeks of pain rather than six months or more of media pain.

Share This on Linked In

The Best Argument for Supply Chain Risk Management

Forget Eyjafjallajokull, and the ash cloud that didn’t exist. The biggest risk to your supply chain is not an unexpected natural disaster. It’s the people in, and around, your supply chain … and the nutjobs that will overreact when there is no plan in place to follow.

 

 

The best argument for supply chain risk management, as outlined in recent research from Manchester Business School, is the simple fact that 88% of supply chain interruptions are the consequence of human action. This includes accidents, production problems and labour unavailability due to poor planning, strikes, thefts, and cyberattacks. This means that a good supply chain risk management strategy can mititage 9 out of 10 potential disruptions.

Moreover, if your risk management plan focusses on generic, and not specific interruptions, such as “our primary air carrier and/or mode of transport becomes unavailable for more than 3 days”, you can even mitigate the effects of some natural disasters! So get planning!

 

Do We Really Need Supply Risk Programs Anyway?

Today’s guest post is from Pierre Mitchell, Director, Procurement Research and Advisory for The Hackett Group.

OK, now that I have your attention. Am I being provocative? Yes … and no. If the purpose of supply risk management is to ensure supply that is: available, reliable, high quality, well priced, supporting lowest TCO, ethically sourced, etc. (per the enterprise mission and brand), then we really “just” need to clarify what constitutes the performance of supply and the causal factors which impact it. But, this is a big “just”. It means first translating the performance of supply from the business (i.e., the true ‘risk owners’ who ultimately own the performance of supply) to the inbound supply chain to a commodity to the supplier and even down to the part/spec/site level — and then ensuring that your processes for extended network design, sourcing, and supplier management are addressing the risk factors that can impact that supply performance. That’s a tall order to expect as a bottoms-up outcome.

For example, if you look at a company’s sourcing and supplier management processes, you might find risk-oriented knockout criteria in an RFI. Or you might find a regulatory compliance driven process in supplier measurement. But for the latter example, do you have an explicit risk score in your supplier scorecard? Most organizations don’t. There is a direct analog to the quality area here in terms of placing emphasis on process capability and managing upstream causal factors. A TCO model that includes quality costs (i.e., a ‘cost of quality’ model) is not only similar, but actually overlapping with the ‘cost of risk’. In other words, you can pay for risk prevention now or pay for external failure later.

This is why, although you should theoretically be able to bake your supply risk management processes systematically into your existing supply management processes (sourcing, SPM/SRM, etc.), the fragmented and reward-biased performance measures don’t encourage this end-state approach. This is why a bottoms-up process usually does not work and it requires that Procurement/SCM not only work with the natural risk owners to build the cost/risk models, but also use that to have the top-down discussion with senior management on how the firm wants to deal with it and what is the cost of doing nothing. To quote the rock band Rush: “If you choose not to decide, you still have made a choice“. (Freewill) And for some organizations, they might be able to tie into an existing enterprise risk management and corporate sustainability governance structure.

Another important strategy is to have a good diagnostic, and some external benchmarking intelligence, as part of this process — especially when trying to justify the effort beyond ‘it is the right thing to do’. Showing where you are vs. other firms and how well you/they are performing in supply risk (and comparing that performance to capabilities) is a good way to support the discussion. And so is having a good ‘cost of risk’ model. But quantification is tricky, and that’s why we launched a supply risk study about a month ago that we’re closing down this weekend, that uses this type of model (and other existing benchmark data that we have) to help firms arm themselves with some good insight on elevating the conversation. Why? To get more attention, resources, and proper measures/alignment that cascade back down to get baked into the processes. Once they’re baked in, you won’t need a ‘program’ anymore — you’ll have a proper risk-adjusted process. The corporate practitioner study takes 30-40 minutes or so, but like other Hackett performance studies, it is: complimentary, confidential, credible, and hopefully invaluable.

Thanks, Pierre!

Share This on Linked In