Category Archives: Risk Management

Procurement Contract Risk Management

As pointed out by JP Massin in his Strategic Sourcing Europe [WayBackMachine] blog, APICS and Protiviti recently released a study on “Procurement Contract Risk Management”.

As noted by JP Massin, the conclusion is that a large proportion of organizations need to improve the management of their procurement contract risks and opportunities. And this seems to hold true across the board, for direct and indirect procurement alike.

The study does a great job of pointing out many types of procurement contracts management risks you should be aware of:

  • End-customer satisfaction risk
  • Authority limit risk
  • Regulatory non-compliance risk
  • Information security, access, and privacy risk
  • Terms and Conditions risk
  • Reputation risk
  • Environment, health, and safety risk
  • Inventory and obsolescence risk
  • Off-balance sheet inventory liability risk
  • Automatic renewals risk
  • Contractual and legal risk
  • Employee/third-party fraud risk
  • Outsourcing risk
  • Efficiency risk

It also does a great job of pointing out some key capabilities a company will need to tackle these risks:

  • Strategy and Policy
  • Processes, Practices, and Procedures
  • Organization and People
  • Contracts Management Process
  • Information Methodologies / Tools
  • Systems and Data

And provides some great recommendations, including:

  • Never underestimate the importance of having a clear process vision, and well-designed and defined objectives, strategies, and plans for the process.
  • No matter how well the process is designed, it cannot be effective without the right people and structure.
  • It is essential that technology be leveraged.

I would highly recommend downloading a copy of the “Procurement Contract Risk Management” study and reviewing it at your leisure to make sure you understand what the contract risks are, what the key capabilities you will need to mitigate the risks are, and where the major problem areas are in most companies so that you can insure they are not in yours.

Trade Compliance

Last fall I introduced you to global trade data management (posts I and II), as well as Global Data Mining (acquired by CUSTOMS Info which was acquired by Descartes) and the International Trade Bureau.

A few months ago, even though it only hit the on-line edition recently, the Supply Chain Management Review published “Building a Strong Framework for Trade Compliance”. In the article, they defined five components of trade compliance that can help companies operate efficiently in an international marketplace.

  • A Culture of Compliance
    The culture starts with management who must define internal controls, starting with a corporate policy issued by the chief executive. The policy must communicate management support, an insistence on the ethical and lawful transaction of business, and intolerance for willful disregard of regulatory requirements.
  • Risk Assessment
    Know where you could fall afoul of government regulations and develop methods for managing those risks. Start by conducting an internal assessment of your current compliance program. Evaluate each area of compliance to determine if its effective, documented, consistent, and, most important, current. No regulatory or business environment is static, so your compliance program will continually need to evolve.
  • Establishment of Control Activities
    Create policies, procedures, and organizational structures that will minimize risk to your company. The procedures must be effective, but should not be more burdensome then necessary. The goal is to achieve compliance, not bring operations to a halt. Document what you do, and do what you document, but keep it efficient.
  • Constant Communication
    Train, train, and train again. Higher awareness allows for effective maintenance of a compliant environment. Keep materials up to date and send communications to affected departments whenever regulations are amended.
  • Implementation of a Monitoring Program
    Institute an internal audit program and check your internal controls regularly for effectiveness. Develop a corrective-action program that you can implement when discrepancies are found.

Non-compliance can impact supply chain performance, bottom line profits, and, thanks to Sarbanes-Oxley, executive liability. Thus, its important to do everything you can to insure compliance.

51% of Companies Don’t Understand (Supply Chain) Risk

Yesterday, Aberdeen released their latest supplier performance and risk management benchmark report, “Supply Risk Increasing While the Market Stands Still”, which found that although two thirds of the organizations surveyed expect supply risk too increase, only 49% of organizations have bothered to implement a supplier performance measurement and risk management program. That tells me that at least 51% of companies do not understand risk, for if they did, they would be doing something about it.

The study found that there is direct correlation between the length of time a supplier performance and risk management program has been in place, the percentage of the supply base measured, and the positive results enjoyed by the organization. Moreover, best-in-class companies, which (i) have had programs in place for at least three years, (ii) measure 51% or more of their supplier base, and (iii) engage in supplier performance management and risk management in the supply base 70% of the time achieve:

  • 92% effectiveness in product and service quality
  • 91% on-time-delivery
  • 87% price competitiveness
  • 85% service and performance capability

Best-In-Class companies surpass their peers in pretty much every way.

  • 43% have instituted cross-functional teams of key stakeholders
  • 68% have instituted a structured performance and risk management program
  • 55% more supplement basic tools with more complex financial risk mitigation strategies
  • 57% use supplier performance systems, 54% use supplier databases and rating systems, and 48% use supplier market research and intelligence

In addition to pointing out some key differentiators, the report also overviews a number of enablers that can help a company that wants to achieve best in class status. These include:

  • Supplier Scorecarding and Reporting
  • Automated Calculation of Key Supplier Performance Metrics
  • System Notification of Performance Issues & Disruption Events
  • Integration with Spend Analysis Tools
  • Reporting of Key Supplier Operational and/or Financial Risks
  • Web-Based Portal for Supplier Self-Registration & Information Maintenance
  • Hedging and Other Insurance Solutions

In addition, they point out the following strategies that can be leveraged for maximum advantage:

  • Re-organization of the supplier performance and risk management initiatives into cross-functional ownership mode among all key stakeholders
  • Re-alignment of focus on supplier performance risk management activities to address customer and regulatory pressures
  • Implementation of a supplier performance and risk management technology layer across all business processes
  • Supply base segmentation on key criteria such as spend concentration, number of available sources per commodity, etc.

This report is definitely worth a read – especially if only 49% of organizations are actively addressing risk.

The Risks of Globalization Are Not What You Thought They Were

Given the recent supply chain failure of Imperial Oil, as laid out by David Rotor over on the Procurement Investor [WayBackMachine] blog (which is still being felt by many Canadians who saw gas prices spike 35% in some places), I think it is worth pointing out an AMR Research article from January that noted that we are in times of unique economic and environmental changes and that the current political and economic environment is a dynamic that we have not seen since 1880, echoing Newsweek International editor Fareed Zakaria, which has created a paradox that, according to the article, most economists are not getting right.

Global growth is fueling capitalism which is fueling demand. But these demand shocks are dampening political changes and their effects. Thus changes in government structures, civil unrest, and natural disasters are not having the normal impact and are creating unusual market behavior.

Countries and companies have greater interdependencies economically and environmentally than we have ever seen before. And some 1.5 billion people have been added recently as consumers in global markets, which is creating rampant capitalism along with the formation of anti-capitalist islands with strong nationalism. The result: an economic climate that includes a new type of risk and impending uncertainty.

According to Mr. Zakaria, the paradox will only widen. Largely due to China, with its 1.3 billion people and its current growth rate of 9.5% over the last 30 years. Furthermore, supply chain professionals can no longer depend solely on political infrastructure as the primary framework for global trade. Business must shoulder more burden for economic and environmental issues as they enter global markets.

But there is a fix. Invest in two-way processes in supply chain relationships, build collaborative relationships with a foundation of strong win-win value propositions, and recognize cultural differences. This is backed up with examples that include McDonalds, Dow, IBM, PepsiCo, and Toyota.

And finally, don’t overlook risk. Look for it, analyze it, come up with ways to prevent against it, and have backup plans in case it happens anyway.

Disaster Management Lessons from the Private Sector

I’ve been harping about Risk Management a lot lately, but that’s because I know that your supply chain will be disrupted (and in the case of Imperial Oil, as pointed out by David Rotor in his recent “Yet Another Supply Risk Post” on Procurement Investor [WayBackMachine], it already has). It’s a statistical certainty outranked only by death and taxes. The only things I don’t know is when, how bad, or how much it will cost you. Hopefully it won’t be the result of a natural disaster that shuts you down temporarily, but it could be, and that’s why I’ve talked about Disaster Recovery Planning in the past and taken efforts to make sure you understand that Your Supply Chain is NOT Secure in my efforts to drive home the importance of good planning.

Recently, the Supply Chain Management Review published a great article titled “Disaster Management: Private Lessons for the Public Sector” that reviewed best practices used by private industry to weather the storm and included a great Disaster Management Checklist that is worth repeating.

According to the article, successful organizations weather the storm by working closely with suppliers, customers, and even competitors. Moreover, effective supply chain management is critical to disaster planning and response. Organizations need to understand the resiliency of their suppliers, identify their downstream points of vulnerability, and collaborate across internal and external organizational barriers in order to protect assets and deploy supplies in the face of a disaster.

Furthermore, disaster-management supply chain processes can be segmented into three primary foci: (1) sourcing, (2) warehousing and asset protection, and (3) staging and distribution. You need to determine what items you need to stockpile and where they should be stored. You need to set up standing agreements for emergency services with a resilient base of contractors. And you need to identify alternate sources of supply and supply networks for flexibility, especially for items that cannot be stockpiled. You also have to prepare for power loss and the resultant cash economy.

You need to find the balance between stockpiling in anticipation of the surge in demand for critical supplies against the cost of maintaining inventory and storing it in a potentially vulnerable location. You also have to consider how you will protect assets in potentially exposed area, balancing the cost of added protection against the value of the goods. You have to figure out how you are going to get stockpiled supplies to an affected region quickly. You need to have processes in place for operating in an offsite location if necessary, often shifting your entire operation out of a potential disaster zone before the disaster hits. You need to be prepared.

The disaster management checklist provided is very handy. In short:

  • strengthen supplier relationships
  • collaborate with suppliers
  • diversify suppliers
  • plan for power loss
  • plan for a cash economy
  • build backup plans
  • find inventory equilibrium points
  • distribute resources
  • batten down the hatches
  • locate disaster-recovery staging areas