Category Archives: Risk Management

(Supply Chain) Risk is on the Rise … But You Can Do Something About It

A couple of months ago Marsh released a research report on “Stemming the Rising Tide of Supply Chain Risks: How Risk Managers’ Roles and Responsibilities are Changing”. Although it started off by telling us what we already know, that risk has risen substantially in global supply chains over the last three years, it served to quantify the extreme degree to which risk has risen, with 73% of companies experiencing an increased supply chain risk level and 71% of companies experiencing an increased financial impact from supply chain disruptions (based on a survey of 110 risk management professionals in January and February of 2008).

Furthermore, even though 35% reported that supply chain risk management was moderately effective at their company, not a single respondent said that their risk management practices were highly effective. And 24% said that they still have no formal process to address risk! Considering that a single supply chain disaster could force a company to file for bankruptcy (or at least bankruptcy protection) in today’s market, this is not a good situation!

In addition, the study did a good job of pointing out that natural disasters are not your biggest risk factors. According to the study, the four biggest risk factors were pricing risks, supplier (& supplier delay) risks, risks within your own plants, warehouses, and stores (which, I’d like to remind you, includes fraud risks), and logistics disruptions. Natural disasters are always a threat, but they’re relatively rare, whereas all of the other types of risk are constant.

But there are things you can do. You can:

  • take a strategic role in mobilizing the company against risks,
  • work with risk managers to ensure risk processes are designed cross-functionality and end-to-end (like good end-to-end e-Procurement), and
  • innovate.

And since innovators tend to be top performers, it’s always a great strategy. For more strategies for success, as well as steps you can take to become a top performer, I recommend checking out the full report (registration required). It’s definitely worth a read.

And for more information on risk management, be sure to check out the other posts on the topic here on the Sourcing Innovation blog, over on e-Sourcing Forum, and the wiki-paper on the e-Sourcing Wiki.

Stop Fraud Before It Stops You!

Hopefully after Tuesday’s post that asked does trouble-free mean fraud-free you realize that it doesn’t and that if you’re not watching, there’s a very good chance that fraud is occurring somewhere in your supply chain. It might not be in your four walls, but it still affects you – because every dollar lost by your supplier, or your supplier’s supplier, results in increased costs to you. However, knowing that, more often than not, a deep dive into a large corporation’s spend data by an expert will, at the very least, result in the identification of spend that violates policy, if not spend that is outright fraudulent, and knowing the statistics on just how many products have hit North America in recent years that violate safety requirements and pose serious health hazards, I’d be willing to bet that if you’re international, and you’re a mid-size business or larger, there’s fraud somewhere in your supply chain. Relatively speaking, it might not be on the scale where entire truckloads of product go missing or where fraudulent employees are siphoning millions of dollars out of your operations, but even minor frauds that result in a loss of only a few thousand dollars will add up.

So what can you do? How can you stop something you don’t know about – especially when you can’t monitor everyone in your supply chain every minute of every hour of every day? When you can’t afford to secure everything? When fraud is only one risk that you have to deal with on a daily basis?

The answer is simple – visibility and oversight. If you monitor your supply chain, it’s going to be a lot harder for fraud to occur without you knowing about it. And if you implement mechanisms that insure that the actions of each individual with authority are monitored and reviewed, they’ll know that if they commit fraud, they’ll likely be caught, the risk will outweigh the reward, and they’ll take their illicit schemes elsewhere. (Unless they’re really dumb, in which case you’ll catch them.)

So how do you get that visibility? The first step is to map out your supply chain. Steven Belli provided a good description of this process over on The Strategic Sourceror in his recent post that asked how much are you betting and what are the chances of losing. Once you have the map, the next step is to identify potential areas where fraud may be occurring. Start by identifying areas where:

  • there are pain points such as quality issues, frequent re-orders, serious delays, etc.
  • your proprietary technologies or expensive fixed assets are used
  • tasks that should probably be separate overlap
    such as the same individual or team being responsible for vendor selection and quality control

Then, and this is the key step, perform a supply chain audit. This starts by identifying what should be happening at each stage of the supply chain, how tasks should be separated, how much responsibility is required for each task, and who has ultimate responsibility for each task and hand-off. Then, audit your people, information, technology, and, most importantly, processes. Make sure that your people don’t have more authority or access to your systems or bank accounts than they need. Make sure your information is complete and accurate. Make sure your technology is doing what you need it to do. And make sure you have processes that are appropriate. They should insure visibility and accountability. If your processes don’t, then that’s fraud just waiting to happen.

If you’re wondering how to start, or wondering where you can get outside help on a fraud audit (and you should bring in an expert, and possibly someone with a Certified Fraud Examiner or equivalent designation, because you’re not likely to catch what you’re already overlooking – and consultants are cheap), one company you can look to is Katzscan and their Supply Chain Fraud services. (And, at the very least, check out the supply chain fraud site. It’s a good resource.)

The Economist and The Fragility of Perfection

It’s nice to see a major publication like the Economist tackle supply chain, even if the picture painted isn’t all that rosy, as in The Fragility of Perfection. The article, which starts off “ONLY Connect”, the words of the novelist E.M. Forster that tidily sums up globalization today, notes that an international company may buy its software from California, send its data to India, purchase its electronic equipment from China and staff its canteen with workers from eastern Europe. And that this specialization is all fine and dandy, but it depends on one critical factor: the reliability of supply.

This dependence on supply reliability is a vulnerability of the global industrial system, but how bad is it? And more importantly, how bad does it have to be? The article quotes David Bowers of Absolute Strategy Research who draws an analogy between today’s supply chains and the recent boom in structure finance which saw banks distribute risk to specialist vehicles like conduits. These banks worried less about the creditworthiness of borrowers, but the risks ended up back on the banks’ balance sheets when the sub-prime crisis broke. Mr. Bowers believes that just as the banks mispriced credit risk, so companies have misjudged strategic risk. And I have to agree. Way too many companies are single sourcing or running their global supply chains too lean when there are dozens of things that can go wrong. (Why? Some companies don’t understand the risk, and some don’t know how to make good sourcing decisions when multiple companies are involved. But there’s no excuse for either, especially when there are good strategic sourcing decision optimization tools on the market to help a company, by way of constraints, mitigate risks AND save money.)

However, what I really liked about the article is Mr. Bowers’ belief that loose monetary policy in America is leading, via the currency markets, to inflation in developing countries. This, in turn, undermines the cost advantages of outsourcing, as the prices of raw materials and labor rise. I’m sure my fellow blogger over at Spend Matters would agree that poor monetary policies, like free trade restrictions, will only hurt the economy.

Furthermore, disruption to the supply chain is a huge strategic risk. Supply chain disasters have bankrupted companies in the past. Remember Aris Isotoner, Webvan, or Foxmeyer? No? Well, they were destroyed by supply chain fiascos. Although just-in-time inventory levels create savings opportunities, they also cause huge losses when suppliers do not deliver in time. The reality is that the more independence there is in the system, the wider the effects of disruption in any one part of it will be felt. A disruption anywhere in the world could prove catastrophic in dozens of countries simultaneously, as the recent earthquake in China might just do if certain factories stay offline for too long. And the resulting losses could be far greater than the fallout of the recent subprime-mortgage crisis.

CVM: Not Just About Supplier Diversity Anymore!

CVM Solutions (acquired by supplier.io), one of Spend Matters’ Nine Vendors to Watch in 2008, appears to be on a quest these days to conquer the sourcing space, with their intent to offer supplier data enrichment, supplier relationship management (SRM), spend analysis, and a soon-to-be-launched procure-to-pay process management solution. According to Jason, CVM is a “best-kept secret” because of their extensive data enrichment services, supplier portal, and their new uber-workflow and process management engine that creates a level of control and visibility that he’s not seen elsewhere.

Now, I don’t know if they’re the “best-kept” secret, but when it comes to their data management capabilities and their new process management engine, they’re certainly a well-kept secret. Their extensive data management solution allows you to track extensible & customizable information on each supplier of a generic, location-based, contact-based, business registration, financial, capability, diversity, contract, sourcing, SRM, administration, and documentary nature – including scanned attachments which can be easily uploaded by specifying meta-data, printing off a cover-page with a system-generated bar-code, and faxing the document (with a cover-page) to a CVM provided fax number. (Reducing the number of steps in the traditional scan, convert, upload, tag, index.) In other words, their data management capabilities are in the same class as Aravo, a vendor I’ve written about before. However, due to their extensive supplier information databases (as the largest provider of diversity information in the US with enrichment data being culled from over 330 external databases and over half of the Fortune 500 as customers), they can also quickly and easily enrich your data, eliminating the need to integrate a third party’s data stream into your supplier data management / supplier information management solution (SIM), which might reduce the Total Cost of Ownership for a company that needs extensive amounts of third party data (as long as their pricing for enrichment services remains competitive with Austin Tetra and D&B.

For an initial release, I was also quite impressed by their new procure-to-pay process management engine. Although it’s not competitive with either your best-of-breed e-Procurement suites or your best-of-breed e-Sourcing suites when it comes to procurement and sourcing capabilities, with proper use, its flexible design allows you to accurately track all of your ongoing projects, and their current status, with respect to each supplier and each category and manage the process which, for most companies, probably involves at least three or four different systems (spend analysis, e-Negotiation, contract management, e-Procurement, e-Payment, order management, etc.). For example, their default assessment / supplier selection / contract draft / contract approval / transition workflow allows a category manager to document where each sourcing project is, and, when a supplier is selected, track where the project is with respect to contract drafting, approvals, and issuance. This information is then integrated with the data repository, where you can define alerts to notify you when certain quotas are reached / not reached in a time period and when a contract is about to expire. Steps can be added to, or removed from, the workflow, as required by your organization, and it allows you to continue using a collection of best-of-breed products from multiple vendors but still track your project status in one-location (which I believe is critical because there isn’t a single suite vendor with more than 3 solutions that is Best of Breed in everything – and when a best-of-breed solution can squeak out even 2% to 3% more on 100M+ spends, in today’s economy, I don’t think you can justify not going with a BoB solution).

I was also impressed by the usability of the application from a buyer’s perspective and a supplier’s perspective – which is important when you want to capture tier 2 diversity information from your suppliers in addition to asking them to use the tool to enter and maintain their basic information. The only thing I didn’t like was the response time – many screens took an average of 3 to 4 seconds to load in the demo (and I’m not willing to blame the internet as I have high speed cable on a 15MB rated network and can sustain 1MB/sec download times on my machine with ease). If you’re going to be maintaining large databases, you’ll need to ask about their SLAs and insure that you have enough processing power and bandwidth dedicated to the application. (Fortunately, with today’s hardware prices, you can do that at very affordable prices!)

I was, as regular readers might guess, not impressed with their “spend analysis”, or, more appropriately, with their classification of their spend reporting program as “spend analysis”. It’s a good reporting package with over 30 pre-configured reports that has all of the day to day reports that managers and accounting and tactical purchasers are going to need … but when it comes to the true analysis capability required by your power buyers, it’s just not there. In other words, like many of the spend analysis applications on the market, it will satisfy all of the requirements of management and your tactical purchasing team, but none of the requirements of your power buyers. However, it is seamlessly integrated with their platform, so if you were willing to augment it with a stand-alone power tool for your power buyers (like BIQ [acquired by Opera Solutions, rebranded ElectrifAI]), it would allow them to focus on true analysis and not have to worry about meeting the reporting requirements of management or the tactical buyers AND allow those individuals to quickly and easily access spending reports augmented with supplier information, diversity data, and standard classification systems such as NAICS and SIC. Plus, if you maintain complete contract pricing information (which is quite easy to do in their solution for commodities), it can automatically generate “offender” reports for accounts payable when you’re over-billed or accounts receivable when you reach the discount volume. So, if you can get a good deal on it, the “spend reporting” solution could be worth the price when you calculate the opportunity cost of a power user of a companion BoB application generating standard reports for management and accounting vs. digging for new opportunities. Plus, and this could be a key selling point for them, they have an add-on Federal Reporting Module that can be configured to automate Federal and State Agency reporting down to the contract level – and anyone who has had to prepare these reports knows how time-consuming they can be.

Finally, they’re also getting into Risk Assessment Reporting, which, after some of the recent supply chain disasters we’ve seen in recent years, is likely soon to be a must for larger corporations. When it comes to talking-the-talk, they’re certainly ahead of much of their competition in understanding “risk” and the importance of measuring it, planning for it, and proactively dealing with it. When it comes to walking-the-walk, their reports appear to be more-or-less comparable to their competition, especially since they can pull in D&B risk scores and supporting data. However, these days, I don’t think a financially based risk-assessment tells the whole story. I think they need to integrate more sources of information, especially for small businesses (like Austin Tetra is doing), to arrive at a more complete risk picture. It’s good for a first offering, but I’d like to see how it improves over the next year before locking in any long-term agreements. This is an emerging market in the sourcing services sector, and I’m not sure if anyone really has a good lock on what the right solution is.

In summary, I think they are a well-kept secret when it comes to supplier data management and, now, sourcing and procurement workflow management, I definitely think they have a lot of potential on the SRM/SPM side and the risk side as well, and even though they don’t have true “spend analysis” (just like the vast majority of vendors who make the claim), I think that their “spend reporting”, and their federal reporting module in particular, is quite good from a usability perspective, especially for non-technical management, accounting, and tactical buyers. They’re definitely a company to look at and keep an eye on, but like other extensive suite providers, they’re not best-of-breed in everything (no matter how good the “eye-candy” UI looks).

Supply Risk – Seize the Initiative!

Today’s guest post is by Brian Daniels (brian <dot> daniels <at> cvmsolutions <dot> com), VP of Strategic Marketing at CVM Solutions (acquired by supplier.io), a sourcing and procurement content and application solution provider to mid-market and large enterprise companies, including half of the Fortune 500.

In 2007, North American companies began to wake up to the dangers of supply risk. From the bankruptcies of a number of “big name” tier one automotive companies to the scandals of lead painted toys and tainted eels – just to name a few items – hitting the North American shores from China, supply risk changed from theory to reality for many companies. But twelve months later, are they any better prepared to manage supply risk? In many cases, the answer is no. Many companies are just beginning to think about what putting a supply risk management program into action means. In my view, this requires stepping back from some of the news headlines to better understand the specific types of risk which could have the greatest impact on your particular organization.

For example, while quality and labor issues dominate the news when it comes to China-sourced products, in many cases, it is total cost risk and supplier performance risk which should be of greater concern for companies doing business in the region. Consider how the chance of a change in currency value or tax/tariff/import regulations could create significant risk in the savings models that led to a global sourcing decision in the first place. Perhaps the most common risk we see in global – and even local – sourcing initiatives comes down to on-time performance. To this end, on-time performance is not just when an item leaves a factory, but when it arrives at your loading dock. On a global basis, there’s a lot that could go wrong in the weeks this process takes. But in my view, building visibility into past supplier performance – including on-time delivery – is critical to predict and model future supply chain performance – both locally and globally.

Another risk many companies fail to fully consider is their suppliers’ overall financial and corporate stability. Checking a Paydex score or third party credit rating alone is insufficient to develop a complete perspective into whether or not a supplier will be able to stay in business to meet your organization’s continuing needs. Taken alone, these analyses represent a point-in-time snapshot based on information which may or may not be accurate (and timely). These approaches should never replace expert-driven analysis and the direct verification of financial and other information with your suppliers. In my view, it’s essential to conduct customized and expert financial risk assessments based on metrics which matter most to your organization prior to contracting with a supplier. Furthermore, risk assessments should be part of ongoing monitoring and risk forecasting.

In addition, if supply risk information is managed and analyzed within silos inside a procurement organization, it’s critical to insure that this information is available to the rest of the company – or at least to those individuals who need it the most – whether it is via a portal-based system that provides proactive alerts and insights to front-line managers, who can develop mitigation strategies and approaches, or some other mechanism. Some companies and providers might call this supply risk “dashboarding”, but the name is not important. The key is to make sure that these information sources provide the right level of information to the specific individuals who can make a difference if they’re brought into the supply risk loop in time to intervene before a preventable risk rears its ugly head.