Category Archives: Risk Management

Protiviti: Manage Risk, Reap Reward

Your supply chain will be disrupted. Bet on it. You’ll win. The only two things more absolute in this world are death and taxes. I’ve told you that there is Real Risk in your supply chain. I’ve reviewed the basics of Managing Business Risk. I’ve even went so far as to tell you that Your Supply Chain is NOT Secure. But I still feel that I have not even come close to drilling the point home as to how at risk you are every minute of every hour of every day or how likely it is that your supply chain is going to be disrupted in a big way – and how much this will cost you if you are not prepared.

But that’s a post for another day. Today, I’m going to start helping you identify where you can go to get help, and the first company I’m going to point out to you is Protiviti, specialists in Independent Risk Consulting with an in-house expert group on Supply Chain Risk. Rising from the ashes of the old Arthur Anderson back in 2002 (with a little help from Robert Half International), Protiviti has more than quadrupled in size without diverging from their core practices of internal auditing, technology risk management, and business risk management (where the supply chain group resides).

Recently, I was fortunate enough to be able to talk to one of the leaders of the Supply Chain Risk group at Protiviti and talk about how they help clients identify, mitigate, and manage supply chain risk and I was quite satisfied with what I heard. Rather than trying to sell you a big black binder with an industry standard system generated risk management plan (which is not as useful as you might think since every company is different and has different risks), they instead work with you using a well-defined methodology that they’ve refined over the years to build a complete picture of the risks you face (a risk assessment), the mitigations you have in place or available to you, and a plan for managing those risks going forward. Furthermore, they help you build appropriate cross-functional teams that they work with throughout the process to make sure that when they are done, you understand not only what your risks and mitigations are, but how they were derived and how you carry the process forward.

The first thing they do, and you must commit to this for the process to work, is a risk assessment that evaluates your overall operations, supporting supply chain, regulatory environment, and organizational goals to help them build a risk profile that helps you understand where your risks are, the probability of them happening, and the dampening effect of any mitigations you currently have in place. They then categorize the risk universe into meaningful groupings, such as operations, supply base, distribution chain, and regulatory environment, that can be addressed and evaluated from a similar functional perspective. Then, working with your cross-functional teams, they help you qualify the probabilities, potential impacts, and mitigations that you can use to address them, including controls and monitors that you already have in place today. They then help you refine any identified and approved mitigations into processes and procedures that you can use to detect and manage a risk. After all, risk management is not a one-time project, but a continual process. However, you have to start somewhere, and a project focussed on supply risk is a great place to start.

They also assist you in putting in place critical and sustainable/repeatable risk management capabilities including, but not limited to, strategies, policies, processes, organizational accountabilities, information for decision-making, continuous identification, monitoring and control, tools and methodologies, and base data integrity procedures.

However, what I really liked hearing was that Supplier Relationship Management (SRM), Contract Lifecycle Management (CLM), and Compliance Management (CM) best practices done right were really risk management processes. SRM is not about managing your supplier, it’s about managing the risk associated with a supplier not performing. CLM is not about keeping track of a contract over it’s lifetime, but about making sure the critical terms of the contract, designed to mitigate your risk, are adhered to. CM is not about making sure your purchasers don’t go rogue, it’s about managing maverick spend to non-approved suppliers that increases your risk. After all, the key to long-term sustained financial performance is not cost savings – you’re always going to have to spend money – it’s cost avoidance – making sure you don’t spend any more than you have to. I know a lot of executives, and CFO’s in particular, these days only care about cost savings, but they’re just a bunch of short-sighted nitwits who need a good smack up-side the head. After all, there’s a limit to how much you can save! Once you’re performing at the best-in-class level, sourcing every category at market value, and optimally allocating the award so as to minimize your Total Value Management (TVM) lifecycle cost (or Total Cost of Ownership on steroid cost) – there’s nothing left to save – the best you can do in such a situation, should you be enlightened enough to reach it, is to avoid unnecessary spending. You avoid unnecessary spending by making sure everything goes according to plan. You do that by managing risk.

Another tidbit worth repeating is that they are currently working with Michigan State University(and AMR) on a new certification program for C-level executives in value chain risk management to help them understand, and proactively manage, risk. After all, considering one supply chain disruption can wipe out all of your strategically sourced savings, it’s critical that not only you, but your financial decision makers, understand this and allow you to invest in the methodologies and tools you need to make sure that if something really bad happens (your primary contract manufacturer’s plant goes up in smoke, for example), you know about it in time to do something about it (such as immediately route all your orders to your secondary manufacturer) before your supply chain shuts down, and you lose millions of dollars in sales.

So when you embark on your next risk management planning effort, be sure to put Protiviti on your list of potential vendors. (The reality is that such an effort is something you should never embark upon entirely in house – you’ll never see all of your own weaknesses.)

Winning the Battle on Risk: Information and Technology

Today I’d like to welcome back Jim Lawton, VP and General Manager of Open Ratings, a D&B company, back for a follow-up on his “Five Types of Supply Risk” piece and the role of information and technology in risk mitigation.

Let’s face it – the single best way to reduce your exposure to risk introduced by suppliers is to know them. And I mean really know them. For any of the five types of risk we identified last time, it means having insight well beyond what you track today. Not only how much they cost you, but also how much they cost your competitors – and how well they perform for your competitors. It means knowing about everything from EPA and OSHA violations and changes in their leadership to their growth plans and whom else they do business with.

Some great sources of information into just how well your suppliers are doing, include things like:

  • Real estate transactions
  • Legal actions
  • ITAR filings (esp. in the case of dealing with overseas suppliers)
  • SEC filings
  • Tax returns

At its worst, it means knowing things about them that they aren’t likely to tell you. So you need to go out and find it.

Sure. Given the likely state of your procurement operations – more suppliers, not less –

in spite of rationalization; suppliers 12 time zones away operating in countries with much more lax reporting regulations and fewer resources to actually manage all of this, odds are good that right now you are asking “how much time does this guy actually think I have to spend investigating every little bit of data and figuring out if it matters to me!?!”

The good news is that you don’t have to do. Technology makes it possible. Think about it: Intelligent systems are everywhere. Your car tells you when it needs service and books an appointment at the dealer; your GPS system gives you an up-to-the-minute way to navigate out of a traffic jam; your house knows when you are home and turns the lights on just as you move into each room.

So why shouldn’t it be possible to apply smart solutions to make your life easier – and shrink the risk factor.

Today, data aggregation solutions are able to do what you would do, if you had the time: scan thousands of sources – regulatory agency sites, financial and credit reports, news releases, tax and real estate filings, competitors’ internal systems and much, much more. With a million documents on your desk, you’d pick out what matters and analyze it within the context of your own business. Using your years of experience and deep knowledge about the supplier, you’d decide to act on it if needed. You might switch suppliers or intervene to shore up a critical supplier.

Information, technology and you. Risk on the run. Life is good.

Austin-Tetra … more than just Supplier Master Data

When I was in the Dallas area recently, I had the opportunity to sit down with Michael Zier of Austin Tetra and talk about what lies ahead for Austin-Tetra and how their recent acquisition by Equifax is going to help them to move forward.

Austin Tetra is a very interesting animal in the Supply Chain Space. Not only is it one of the few providers of Supplier Data Management Solutions that also comes with supplier data, one of fewer providers who understand that a credit-score is not a viability score, and maybe the only provider to focus on supply diversity solutions, but, unlike most companies in the space, it focuses on custom built vs. out-of-the-box solutions.

Austin Tetra recognizes that most companies that call on them already have data management, data analysis, and a host of supply chain and finance solutions in place and that their client’s goal is typically to understand how to identify the risk associated with a current or new potential supplier when the client is about to undertake a supply base rationalization or globalization effort, not necessarily to buy a new software solution. As such, they’ve spent a lot of time building integration solutions into many standard ERP, spend analysis, business intelligence, financial data stores, and sourcing platforms to allow you to get the data you need, where you need it, in the format you need it. After all, their primary value is in the data they provide and the proof is in the repeat business they get year after year.

I plan to write more about them and their solutions in the future, after I’ve had another chance to talk to Michael Zier and their Product Manager and drill more in depth into their capabilities, but the most interesting part of our conversation centered around credit risk scores. The reality is that although most credit bureau’s still tend to think that they are the greatest indicator of business sustainability, they totally miss the point in that a financial institution’s credit-worthiness and on-time payment scores have nothing to do with corporate sustainability. Just because a company has a low credit score, or is typically slow to pay, does not mean it is in any danger of ever going out of business. If you analyze these scores carefully, you’ll find that a lot of big, stable, household name companies have low scores. Why? Because they are so big, they can get away with paying on their schedule, when it’s good for them. If their suppliers want their business, they put up with it. The reason that this was the most interesting part of my conversation is that Austin Tetra is currently working with Equifax to do something about this. They are in the process of developing metrics much more appropriate to supplier stability and longevity. Their goal is to have a product offering later this year.

So keep an eye on them, and an eye on this blog, and besides more related posts in the future, maybe I’ll even manage to wrangle one of their internal writers to guest author a post on this blog as well. Who knows? …

Five Types of Supply Risk, and How to Mitigate Them

Today I’d like to welcome Jim Lawton, VP and General Manager of Open Ratings, a D&B company with a range of supply risk management solutions for automotive, aerospace and industrial manufacturers.

Risk is a painful reality in manufacturing today. Strategic initiatives like low-cost-country sourcing and supplier rationalization programs only increase manufacturers’ exposure and vulnerability to the risk of supply chain disruptions.

Working with Open Ratings’ Fortune 500 manufacturing customers, I’ve come to realize that even the most sophisticated companies need a reminder for the different types of risk, and how to mitigate each. As I see it, the best way to avoid the inevitable is to understand the many sources of potential risk – which can be defined in five broad categories – and put strategies in place to mitigate each one:

  1. Strategy Risk = Choosing the right supply management strategy.Know that what’s right for one business might not be right for yours. For example, a small family-run business may opt to source locally because they don’t have the resources needed to keep an eye on global suppliers.

    Mitigation and Management Approach: Define the right up-front strategy, and identify and qualify the right suppliers, using reliable market intelligence to drive decisions.

  2. Market Risk = Brand, compliance, financial and market exposure.When outsourcing part production or even entire product lines, you’re putting your company at the mercy of your suppliers. If they deliver a sub-par product, or fail to deliver completely, your customer will be looking to you – not them – for an explanation.

    Mitigation and Management Approach: Pinpoint the product line’s quality standards tolerance, and determine the possible impact of a compromise. Monitor those lines closely to detect early-warnings before issues wreak havoc with your firm’s brand, ability to meet compliance regulations and the bottom line.

  3. Implementation Risk = Supplier implementation lead-times and production/performance ramp.Know who you’re working with and what their capacity issues are before signing on with them. Working with a supplier for whom your business only represents a fraction of their revenue means you may not get the level of attention that you want.

    Mitigation and Management Approach: Ramp new suppliers quickly to gain early visibility into any risk factors that might hinder production, lead-times, initial performance, etc.

  4. Performance Risk = Ongoing supplier quality and financial issues.Now that you’ve selected a supplier, there’s still a lot of work to be done. Businesses are acquired, go out of business or shift strategy every day, so constant vigilance is needed.

    Mitigation and Management Approach: Continuously monitor all of your suppliers to avoid disruptions caused by bankruptcies, performance issues, ownership changes, labor strikes, geopolitical changes, etc. You may need to tap technology to effectively achieve this level of monitoring.

  5. Demand Risk = Demand and inventory fluctuations and challenges.While some suppliers jump at the chance to take on new opportunities, enthusiasm doesn’t necessarily mean they’re in the best position to excel.

    Mitigation and Management Approach: Watch your suppliers carefully for signs that they are overwhelmed with new business. Don’t let their desire to grow their business affect your commitments.

Risk will always be inherent in the supply chain. By implementing a comprehensive, proactive approach and working with your suppliers to define a strategy based on shared business goals, you will reduce your exposure to risk – and the catastrophic impact it can have.

Not only will you gain new ability to mitigate issues before they wreak havoc on the supply chain, your brand, and the bottom line – a supply risk management framework also supports more informed supplier development, and total-cost decision making to further reduce inventory levels; improve supplier quality; and remove additional cost and waste out of your supply chain.

The best-laid strategies require your team to shift their mind-set, to divide their attention equally between cost-reduction efforts and risk mitigation considerations, but the rewards are well worth the effort.

OpenRatings … Not Just for Performance Anymore

Recently, I had the opportunity to sit down with Jim Lawton and talk about not what Open Ratings was, or is, but what it will be now that it has been acquired by D&B and has access to not only the cash reserves one needs to create the next big thing but also the data it needs to take its analytics capabilities to the next level.

As discussed many times by Jason Busch over on Spend Matters (including in “Open Ratings Alert: A New Business Model”* and “Sourcing Innovation Next Generation On Demand”*), and also by Jim Lawton in his guest post (“Don’t Let the Supply Risk Grinch Steal Christmas”*), Open Ratings had the unique capability, built on some great predictive analytics work by some brilliant MIT graduates (whom I hope to be talking to in the future), to analyze a supplier’s financial and performance data relative to other companies in your space and tell you how likely they are to perform for you with respect to a contract to provide a certain category of product or service.

Considering most companies don’t have the data or the models to even attempt this, this is a great offering. However, with access limited only to a subset of D&B data and customer data from the Open Ratings Network, the results were often coarse grained compared to the fine-grained event and product specific events a buyer would really like to have. Considering your only other hope for a coarse-grained result was Austin Tetra (acquired by Equifax) (whom I will also address this week), this was rather fantastic when the capability first came out – but one could see the next step and it only made sense to push for it – which they did, and now that they are part of D&B, I dare say that they can give you a performance-based picture of a potential supplier that, in some ways, is more detailed than any other picture any other provider can give you.

However, performance is not the only issue you need to be concerned about. In today’s ultra-fast marketplace with ultra-lean supply chains, Risk is King. It’s not how good the supplier will perform, but how regularly they will perform. The last thing you want is for a great performing supplier to go bankrupt without warning nine months into a new contract. The real question is, with their new access to D&B’s huge data store, updated daily, will they be able to tell you not only how well a supplier can be expected to perform, but how risky the relationship could be be. After all, the real key to managing risk in your supply chain, is, of course, to not introduce it in the first place!

So, on this note, I’m going to end this post and ask you to stay tuned for tomorrow’s post where Open Rating’s Jim Lawton guest authors a post on the five major types of risk and what you can do to hedge against them. Keep the RSS feed alive!

* All posts prior to 2012 were removed in the Spend Matters site refresh in June, 2023.