Category Archives: Risk Management

The Risks of Globalization Are Not What You Thought They Were

Given the recent supply chain failure of Imperial Oil, as laid out by David Rotor over on the Procurement Investor [WayBackMachine] blog (which is still being felt by many Canadians who saw gas prices spike 35% in some places), I think it is worth pointing out an AMR Research article from January that noted that we are in times of unique economic and environmental changes and that the current political and economic environment is a dynamic that we have not seen since 1880, echoing Newsweek International editor Fareed Zakaria, which has created a paradox that, according to the article, most economists are not getting right.

Global growth is fueling capitalism which is fueling demand. But these demand shocks are dampening political changes and their effects. Thus changes in government structures, civil unrest, and natural disasters are not having the normal impact and are creating unusual market behavior.

Countries and companies have greater interdependencies economically and environmentally than we have ever seen before. And some 1.5 billion people have been added recently as consumers in global markets, which is creating rampant capitalism along with the formation of anti-capitalist islands with strong nationalism. The result: an economic climate that includes a new type of risk and impending uncertainty.

According to Mr. Zakaria, the paradox will only widen. Largely due to China, with its 1.3 billion people and its current growth rate of 9.5% over the last 30 years. Furthermore, supply chain professionals can no longer depend solely on political infrastructure as the primary framework for global trade. Business must shoulder more burden for economic and environmental issues as they enter global markets.

But there is a fix. Invest in two-way processes in supply chain relationships, build collaborative relationships with a foundation of strong win-win value propositions, and recognize cultural differences. This is backed up with examples that include McDonalds, Dow, IBM, PepsiCo, and Toyota.

And finally, don’t overlook risk. Look for it, analyze it, come up with ways to prevent against it, and have backup plans in case it happens anyway.

Disaster Management Lessons from the Private Sector

I’ve been harping about Risk Management a lot lately, but that’s because I know that your supply chain will be disrupted (and in the case of Imperial Oil, as pointed out by David Rotor in his recent “Yet Another Supply Risk Post” on Procurement Investor [WayBackMachine], it already has). It’s a statistical certainty outranked only by death and taxes. The only things I don’t know is when, how bad, or how much it will cost you. Hopefully it won’t be the result of a natural disaster that shuts you down temporarily, but it could be, and that’s why I’ve talked about Disaster Recovery Planning in the past and taken efforts to make sure you understand that Your Supply Chain is NOT Secure in my efforts to drive home the importance of good planning.

Recently, the Supply Chain Management Review published a great article titled “Disaster Management: Private Lessons for the Public Sector” that reviewed best practices used by private industry to weather the storm and included a great Disaster Management Checklist that is worth repeating.

According to the article, successful organizations weather the storm by working closely with suppliers, customers, and even competitors. Moreover, effective supply chain management is critical to disaster planning and response. Organizations need to understand the resiliency of their suppliers, identify their downstream points of vulnerability, and collaborate across internal and external organizational barriers in order to protect assets and deploy supplies in the face of a disaster.

Furthermore, disaster-management supply chain processes can be segmented into three primary foci: (1) sourcing, (2) warehousing and asset protection, and (3) staging and distribution. You need to determine what items you need to stockpile and where they should be stored. You need to set up standing agreements for emergency services with a resilient base of contractors. And you need to identify alternate sources of supply and supply networks for flexibility, especially for items that cannot be stockpiled. You also have to prepare for power loss and the resultant cash economy.

You need to find the balance between stockpiling in anticipation of the surge in demand for critical supplies against the cost of maintaining inventory and storing it in a potentially vulnerable location. You also have to consider how you will protect assets in potentially exposed area, balancing the cost of added protection against the value of the goods. You have to figure out how you are going to get stockpiled supplies to an affected region quickly. You need to have processes in place for operating in an offsite location if necessary, often shifting your entire operation out of a potential disaster zone before the disaster hits. You need to be prepared.

The disaster management checklist provided is very handy. In short:

  • strengthen supplier relationships
  • collaborate with suppliers
  • diversify suppliers
  • plan for power loss
  • plan for a cash economy
  • build backup plans
  • find inventory equilibrium points
  • distribute resources
  • batten down the hatches
  • locate disaster-recovery staging areas

Protiviti: Manage Risk, Reap Reward

Your supply chain will be disrupted. Bet on it. You’ll win. The only two things more absolute in this world are death and taxes. I’ve told you that there is Real Risk in your supply chain. I’ve reviewed the basics of Managing Business Risk. I’ve even went so far as to tell you that Your Supply Chain is NOT Secure. But I still feel that I have not even come close to drilling the point home as to how at risk you are every minute of every hour of every day or how likely it is that your supply chain is going to be disrupted in a big way – and how much this will cost you if you are not prepared.

But that’s a post for another day. Today, I’m going to start helping you identify where you can go to get help, and the first company I’m going to point out to you is Protiviti, specialists in Independent Risk Consulting with an in-house expert group on Supply Chain Risk. Rising from the ashes of the old Arthur Anderson back in 2002 (with a little help from Robert Half International), Protiviti has more than quadrupled in size without diverging from their core practices of internal auditing, technology risk management, and business risk management (where the supply chain group resides).

Recently, I was fortunate enough to be able to talk to one of the leaders of the Supply Chain Risk group at Protiviti and talk about how they help clients identify, mitigate, and manage supply chain risk and I was quite satisfied with what I heard. Rather than trying to sell you a big black binder with an industry standard system generated risk management plan (which is not as useful as you might think since every company is different and has different risks), they instead work with you using a well-defined methodology that they’ve refined over the years to build a complete picture of the risks you face (a risk assessment), the mitigations you have in place or available to you, and a plan for managing those risks going forward. Furthermore, they help you build appropriate cross-functional teams that they work with throughout the process to make sure that when they are done, you understand not only what your risks and mitigations are, but how they were derived and how you carry the process forward.

The first thing they do, and you must commit to this for the process to work, is a risk assessment that evaluates your overall operations, supporting supply chain, regulatory environment, and organizational goals to help them build a risk profile that helps you understand where your risks are, the probability of them happening, and the dampening effect of any mitigations you currently have in place. They then categorize the risk universe into meaningful groupings, such as operations, supply base, distribution chain, and regulatory environment, that can be addressed and evaluated from a similar functional perspective. Then, working with your cross-functional teams, they help you qualify the probabilities, potential impacts, and mitigations that you can use to address them, including controls and monitors that you already have in place today. They then help you refine any identified and approved mitigations into processes and procedures that you can use to detect and manage a risk. After all, risk management is not a one-time project, but a continual process. However, you have to start somewhere, and a project focussed on supply risk is a great place to start.

They also assist you in putting in place critical and sustainable/repeatable risk management capabilities including, but not limited to, strategies, policies, processes, organizational accountabilities, information for decision-making, continuous identification, monitoring and control, tools and methodologies, and base data integrity procedures.

However, what I really liked hearing was that Supplier Relationship Management (SRM), Contract Lifecycle Management (CLM), and Compliance Management (CM) best practices done right were really risk management processes. SRM is not about managing your supplier, it’s about managing the risk associated with a supplier not performing. CLM is not about keeping track of a contract over it’s lifetime, but about making sure the critical terms of the contract, designed to mitigate your risk, are adhered to. CM is not about making sure your purchasers don’t go rogue, it’s about managing maverick spend to non-approved suppliers that increases your risk. After all, the key to long-term sustained financial performance is not cost savings – you’re always going to have to spend money – it’s cost avoidance – making sure you don’t spend any more than you have to. I know a lot of executives, and CFO’s in particular, these days only care about cost savings, but they’re just a bunch of short-sighted nitwits who need a good smack up-side the head. After all, there’s a limit to how much you can save! Once you’re performing at the best-in-class level, sourcing every category at market value, and optimally allocating the award so as to minimize your Total Value Management (TVM) lifecycle cost (or Total Cost of Ownership on steroid cost) – there’s nothing left to save – the best you can do in such a situation, should you be enlightened enough to reach it, is to avoid unnecessary spending. You avoid unnecessary spending by making sure everything goes according to plan. You do that by managing risk.

Another tidbit worth repeating is that they are currently working with Michigan State University(and AMR) on a new certification program for C-level executives in value chain risk management to help them understand, and proactively manage, risk. After all, considering one supply chain disruption can wipe out all of your strategically sourced savings, it’s critical that not only you, but your financial decision makers, understand this and allow you to invest in the methodologies and tools you need to make sure that if something really bad happens (your primary contract manufacturer’s plant goes up in smoke, for example), you know about it in time to do something about it (such as immediately route all your orders to your secondary manufacturer) before your supply chain shuts down, and you lose millions of dollars in sales.

So when you embark on your next risk management planning effort, be sure to put Protiviti on your list of potential vendors. (The reality is that such an effort is something you should never embark upon entirely in house – you’ll never see all of your own weaknesses.)

Winning the Battle on Risk: Information and Technology

Today I’d like to welcome back Jim Lawton, VP and General Manager of Open Ratings, a D&B company, back for a follow-up on his “Five Types of Supply Risk” piece and the role of information and technology in risk mitigation.

Let’s face it – the single best way to reduce your exposure to risk introduced by suppliers is to know them. And I mean really know them. For any of the five types of risk we identified last time, it means having insight well beyond what you track today. Not only how much they cost you, but also how much they cost your competitors – and how well they perform for your competitors. It means knowing about everything from EPA and OSHA violations and changes in their leadership to their growth plans and whom else they do business with.

Some great sources of information into just how well your suppliers are doing, include things like:

  • Real estate transactions
  • Legal actions
  • ITAR filings (esp. in the case of dealing with overseas suppliers)
  • SEC filings
  • Tax returns

At its worst, it means knowing things about them that they aren’t likely to tell you. So you need to go out and find it.

Sure. Given the likely state of your procurement operations – more suppliers, not less –

in spite of rationalization; suppliers 12 time zones away operating in countries with much more lax reporting regulations and fewer resources to actually manage all of this, odds are good that right now you are asking “how much time does this guy actually think I have to spend investigating every little bit of data and figuring out if it matters to me!?!”

The good news is that you don’t have to do. Technology makes it possible. Think about it: Intelligent systems are everywhere. Your car tells you when it needs service and books an appointment at the dealer; your GPS system gives you an up-to-the-minute way to navigate out of a traffic jam; your house knows when you are home and turns the lights on just as you move into each room.

So why shouldn’t it be possible to apply smart solutions to make your life easier – and shrink the risk factor.

Today, data aggregation solutions are able to do what you would do, if you had the time: scan thousands of sources – regulatory agency sites, financial and credit reports, news releases, tax and real estate filings, competitors’ internal systems and much, much more. With a million documents on your desk, you’d pick out what matters and analyze it within the context of your own business. Using your years of experience and deep knowledge about the supplier, you’d decide to act on it if needed. You might switch suppliers or intervene to shore up a critical supplier.

Information, technology and you. Risk on the run. Life is good.

Austin-Tetra … more than just Supplier Master Data

When I was in the Dallas area recently, I had the opportunity to sit down with Michael Zier of Austin Tetra and talk about what lies ahead for Austin-Tetra and how their recent acquisition by Equifax is going to help them to move forward.

Austin Tetra is a very interesting animal in the Supply Chain Space. Not only is it one of the few providers of Supplier Data Management Solutions that also comes with supplier data, one of fewer providers who understand that a credit-score is not a viability score, and maybe the only provider to focus on supply diversity solutions, but, unlike most companies in the space, it focuses on custom built vs. out-of-the-box solutions.

Austin Tetra recognizes that most companies that call on them already have data management, data analysis, and a host of supply chain and finance solutions in place and that their client’s goal is typically to understand how to identify the risk associated with a current or new potential supplier when the client is about to undertake a supply base rationalization or globalization effort, not necessarily to buy a new software solution. As such, they’ve spent a lot of time building integration solutions into many standard ERP, spend analysis, business intelligence, financial data stores, and sourcing platforms to allow you to get the data you need, where you need it, in the format you need it. After all, their primary value is in the data they provide and the proof is in the repeat business they get year after year.

I plan to write more about them and their solutions in the future, after I’ve had another chance to talk to Michael Zier and their Product Manager and drill more in depth into their capabilities, but the most interesting part of our conversation centered around credit risk scores. The reality is that although most credit bureau’s still tend to think that they are the greatest indicator of business sustainability, they totally miss the point in that a financial institution’s credit-worthiness and on-time payment scores have nothing to do with corporate sustainability. Just because a company has a low credit score, or is typically slow to pay, does not mean it is in any danger of ever going out of business. If you analyze these scores carefully, you’ll find that a lot of big, stable, household name companies have low scores. Why? Because they are so big, they can get away with paying on their schedule, when it’s good for them. If their suppliers want their business, they put up with it. The reason that this was the most interesting part of my conversation is that Austin Tetra is currently working with Equifax to do something about this. They are in the process of developing metrics much more appropriate to supplier stability and longevity. Their goal is to have a product offering later this year.

So keep an eye on them, and an eye on this blog, and besides more related posts in the future, maybe I’ll even manage to wrangle one of their internal writers to guest author a post on this blog as well. Who knows? …