Category Archives: Risk Management

e-Leaders Speak: Kevin Cornish of Aravo on how “Managing Supplier Risk Helps You Thwart Zombies, Mavericks, and Other Threats in the Supply Chain”

Share This on Linked In

Today’s post is from Kevin Cornish of Aravo.

Once the economy begins to rebound, some companies may start to scale back their risk management efforts.

Don’t be one of them.

If we’ve learned anything from this recession it’s that in today’s volatile global economy, businesses need to pay more attention to risk, not less. And, while there have been signs that the world economy is beginning to heal (Bloomberg), Federal Reserve Chairman Ben S. Bernanke and others have cautioned that the recovery is likely to be both muted and prolonged.

In other words, now is not the time to ease up on scrutiny of the financial scorecards of your critical suppliers. Why? Because we’re not out of the woods yet, and because you don’t want to unexpectedly find yourself relying on a “zombie” supplier, a business that is so undercapitalized and overleveraged that it’s essentially dead. A zombie supplier won’t be able to raise the money required to get itself back online — and that means it won’t be able to deliver the parts you need to your door.

Of course, fine-tuning your supplier risk management strategies can have other benefits, as well. For instance, as we’re digging out from the worst recession since Word War II, it will continue to be critically important to keep an eye on costs, and getting your supplier house in order can go a long way to reducing another sourcing threat that’s too often ignored: maverick spend.

Maverick spending may be costing you more than you think — not only in terms of per unit price, but with regard to leverage lost in future negotiations, as well. What’s more, it’s probably happening more frequently than you realize. In one study, over half of the employees surveyed (57%) considered it acceptable to make off-contract arrangements if they can get a better deal.

Earlier this year, a procurement trends report co-sponsored by OfficeMax and Purchasing magazine revealed some intriguing statistics regarding office spend. Take a look:

Percent of office spend under management by procurement
0-20%   :   9%
31-60%   : 21%
61-90%   : 36%
91%+: 34%
Average contract compliance rates
0-20%   : 16%
31-60%   : 12%
61-90%   : 41%
91%+: 31%

That data tells me that most businesses have plenty of room for improvement when it comes to optimizing purchasing power, improving compliance, and achieving total cost management — all of which stems from knowing, and managing, supplier information with diligence, transparency, and risk awareness.

A year ago, businesses were pre-occupied with supply risk. Then, concern shifted to supplier solvency risk. Now we’re back to keeping one eye on commodity prices, even while we’re on the lookout for zombies, mavericks, and a variety of other supply chain threats (compliance, environmental regulations, sustainability concerns, etc.). Without a doubt, the lens of risk is constantly changing. However, successful companies don’t just throw out the eyepiece when it no longer works. Instead, they repeatedly readjust their focus so that they can better respond to both the threats and the opportunities in today’s business environment.

Thanks, Kevin!

Managing Military Supply Chain Risk

Share This on Linked In

Editor’s Note: This post is from regular contributor Norman Katz, Sourcing Innovation’s resident expert on supply chain fraud and supply chain risk. Catch up on his column in the archives.

To highlight the importance — and invasiveness — of the concept of the supply chain, take a look at Section 254 of the Duncan Hunter National Defense Authorization Act For Fiscal Year 2009.

As stated in this section: “The Secretary of Defense shall conduct an assessment of selected covered acquisition programs to identify vulnerabilities in the supply chain of each program’s electronics and information processing systems that potentially compromise the level of trust in the systems.”

The assessment includes identification and prioritization of vulnerabilities, recommending ways of managing supply chain risk, and identifying lead Department of Defense personnel for developing an integrated strategy for the management of risk throughout the supply chain.

Of critical importance in the military supply chain is the acquisition of electronic components. The goal is to ensure full operational readiness of US military forces. With the heavy reliance on technology to support the US military, the failure of an electronic component could be costly, not just in terms of tax dollars but also in terms of human life.

Repeated through this section is the word “trust“. In fact, it is repeated eight times not including the definitions of the terms “trust” and “trusted” in the last two paragraphs or the title of the section, Trusted Defense Systems.

I think Section 254 can be summarized as follows: Trust, and verify.

And it’s not just the electronic components that require verifiable trust, it’s also the verifiable trust in the “information processing systems” used in the supply chain. (It sounds to me like they’re talking about the computer systems and communication networks.) Verifiable trust needs to also exist in the design and fabrication processes, packaging, assembly, and quality assurance testing.

So, how should verifiable trust in supply chain relationships work? Perhaps true collaboration between trading partners who monitor each other and (immediately) report discrepancies, especially when the necessary goal is 100% accuracy.

This reminds me of a slide in my supply chain fraud presentation, which simply states: “You can outsource manufacturing, but you can’t outsource responsibility.” As opposed to verifiable trust, it would seem that for too long some supply chains have been operating under the concept of blind trust.

Retailers have been establishing their own quality assurance departments to verify that children’s toys are lead free. Verifiable trust could have helped avoid the deaths from tainted pet food. Tainted peanut-based foods may have never made it to the store shelves with just trust that no supplier would purposefully want to damage their reputation by harming the consumers who buy their products. Shouldn’t retailers and grocery stores be able to trust their suppliers to manufacture quality products that, when eaten or used accordingly, will not cause injury or death?

An argument is that this would come at a cost that consumers who must be willing to bear higher prices, or that companies must be willing to accept in terms of higher operating costs that will reduce profit margins, upsetting financial analysts and thus lowering stock prices which will then upset stockholders, especially if it results in lower dividends. But isn’t this a responsibility that a company manufacturing a product should be willing to — if not expected to — bear? Shouldn’t a company be valued more on the quality of its products then the quantity of its profit margin?

Maybe the government got this one right, folks. Maybe we need more verifiable trust in our supply chain relationships, especially the ones involving the products we purchase as consumers. It’s okay to trust, but verify too.

Norman Katz, Katzscan

Don’t Forget About the NPFTF …

Share This on Linked In

If you’re on the ball and a US public company, you’re probably worrying about the SEC (Securities and Exchange Commission) and the FCPA (Foreign Corrupt Practices Act) because the government has been cracking down — hard — on violations and handing out million, and billion, dollar fines to violators. But while you’re making sure your staff are adhering to the SEC guidelines and not bribing foreign officials, you better make sure they are not committing fraud at home because the National Procurement Fraud Task Force (NPFTF) is ramping up too. Established by the Federal government in 2006, the NPFTF members include the FBI, the DOJ Inspector General, inspector general, defense investigative agencies, federal prosecutors, and various divisions of the DOJ.

Focusing on civil and criminal enforcement, the NPFTF has pursued more than 400 fraud cases since its inception. While bribery is the most prevalent type of fraud, bid rigging, embezzlement, money laundering, false claims, product substitution, misuse of classified and sensitive information, and mischarges have also been pursued. To date, these cases have resulted in more than 300 criminal convictions and hundreds of millions of dollars in settlements and judgments.

It’s important to remember that your average organization has a greater risk to fraud than you realize, according to PwC research summarized in a recent S&DC Executive article that notes that the “risk of waste, abuse and fraud in procurement is seeing an increasing threat in a down economy”. That’s why you need to insure your processes and controls are strong and that they are regularly monitored and evaluated. After all, it’s not just the Feds that are on the ball … over 20 states and cities have followed their lead and started enacting their own civil false claims acts. If you’re a career procurement professional, chances are your ethics are second to none, but who knows what your internal customers, trying to circumvent your processes with their maverick spending habits, are up to.

So what can you do to minimize your risks? Look for, and eliminate, these red flags:

  • inconsistent data across procurement-related systems
  • data quality issues related to spend data and vendor data
  • lack of controls around preferred vendors & negotiated contracts
  • lack of compliance with preferred buying guidelines
  • multiple instances of the same vendor in master data
  • inconsistent payment terms across the organization
  • duplicate payments
  • inefficient invoice processing
  • lack of sanity checks

And take the following actions:

  • streamline procurement processes
  • strengthen IT systems
  • do not rely solely on a code of ethics & whistleblower hotline
  • perform periodic due diligence of vendors
  • analyze procurement trends, payment patterns, & product change mix

Assessing Risk

Share This on Linked In

Editor’s Note: This post is from regular contributor Norman Katz, Sourcing Innovation’s resident expert on supply chain fraud and supply chain risk. Catch up on his column in the archive.

I live in South Florida, and for one half of each year we worry about hurricanes. Actually, we start worrying about one month before our six-month hurricane season begins on June 1st; hurricane season officially ends just after Thanksgiving on November 30th.

(At least with hurricanes we’ve got some warning which we’re very grateful for; earthquakes and twisters provide little advance notice, if at all.)

I use life in a hurricane zone when discussing risk analysis.

Let’s take a look at a risk analysis for hurricane season in South Florida based on some risk characteristics:

  • Occurrence: Hurricane season is guaranteed to happen once per year (frequency), though the likelihood of a hurricane strike is unknown.
  • Control: We can’t control the weather, but we can control other things that create risk.
  • Severity: We cannot mitigate the strength of a hurricane but we may be able to reduce the impact it has to our lives and businesses through various preparations.
  • Interruption: Can we continue through a hurricane strike or will we be forced to recover after a period of downtime?

Once the characteristics of a risk are determined, risks can be plotted on a chart or given a numerical ranking, allowing us to determine which risks should be addressed in an order of priority. This analysis can also be used to determine the cost of the risk versus the value of addressing it.

The exercise of performing a risk analysis has the benefit of uncovering risks to your organization that you may have previously not considered. The Risk Assessment is part of the COSO framework used for Sarbanes-Oxley compliance, so for public companies this is a requirement.

The failure to identify risks is a risk in-and-of itself. I would submit that knowing about a risk and knowing that something could be done about it is pretty much just as bad as not bothering to identify risks in the first place.

Norman Katz, Katzscan

Are Your Customer Support Services Creating Risk?

Share This on Linked In

Editor’s Note: This post is from regular contributor Norman Katz, Sourcing Innovation’s resident expert on supply chain fraud and supply chain risk. Catch up on his column in the archives.

Outsourced supply chain services are very common these days. Freight forwarders, logistics providers, warehouse services, data integrators (especially those involved in Electronic Data Interchange), and the like all provide valuable skills in their respective specialty areas.

And they’ve all got to handle customer support communications (calls and e-mails) from their clients.

Whether or not it’s the nature of customer support personnel to be friendly and helpful, it’s certainly a (big) part of their job function. But when the desire to provide assistance crosses the line of expertise, the customer support person — and the company they represent or work for — can place the client at risk.

Often the role of the customer support person is one of objective knowledge, such as how to use a software application from a functional standpoint or to provide information about how their company’s products and services are utilized.

But when customer support advice crosses the line to be subjective, this is where trouble can occur.

Interpretation of a trading partner’s vendor compliance guidelines, knowledge of import/export laws, etc. are not typically areas of expertise that a customer support person is qualified to address. The passing along of bad advice can cause vendor compliance chargebacks or regulatory fines (if not worse) for their customers.

It’s very important that service-related companies educate and train their customer support personnel on exactly what questions they can and cannot field, and what answers they can and cannot provide. Front-line customer support personnel must also be informed that the kind refusal to answer questions not directly related to their company’s core products and services might evoke a harsh attitude from the calling customer, and in these cases the call should be transferred to a supervisor or manager.

Service providers would also do well to educate their customers as to realm of areas of information their customer service support staff are qualified to answer. Proactively informing customers in the sales contract and on the company web site what information the service provider is (and even is not) responsible for should help to mitigate calls in the first place.

It’s important to try and remove the burden of being forced to provide an answer from the shoulders of the front-line customer support personnel; these people should not feel pressured by an irate customer to provide unqualified answers, nor should they be made to feel or believe that they are not providing quality professional services by kindly refusing to answer questions outside their realm of expertise.

By educating their customers, the service provider is able to lower operating costs of customer support by reducing incidences of customer support calls outside of the knowledge area. This reduces the time customer support people spend on non-value-added phone calls and e-mails, and, if the service provider has a toll-free help line, reduces the phone bill by decreasing the number and length of calls they are paying for. The same level of customer support staff is now able to provide a higher-level of qualified service to customers in both faster response time and being able to stay with the customer longer to ensure their questions have been answered.

The desire to be helpful should not come at the price of increased risk for the service provider or the customer. Knowing where certain lines are drawn, and ensuring those lines are not crossed, helps mitigate risk for all parties involved.

Norman Katz, Katzscan