Category Archives: Risk Management

2030 is too late for Center-Led Procurement!

Especially since 2020 was too late! And organizations should have been there by then since center-led procurement was being discussed as the next generation model in the mid-2000s and, more importantly, as the futurists were predicting that the future of work, and companies, was remote and distributed last decade, every company should be “center-led” by now.

(Note that we mean “center-led” and not “centralized” where one central office handles all major procurement projects globally. We mean center-led where a centralized function determines the best procurement path for each category — which could be centralized, distributed, multi-level, or mixed — and provides guidance to all of the global teams and makes sure they build the right procurement — and supply chain — models up front.)

In fact, by now, all organizations should be working off of a virtual center-led model where the “center” is the Procurement A-Team, where the members could literally be spread out over the 6 continents to “locally” absorb the situations in each geography before making decisions and to always have someone available to answer questions on not just a follow-the-sun but follow-the-local-business hours model.

And while virtual / remote / distributed work still seems to be an entirely new thing that most companies didn’t think of before the pandemic and that most companies are trying to eliminate entirely now that the pandemic has been declared over (even though the next pandemic is just around the corner and, yet again, no one is prepared for it), those of us in IT and Supply Chain have been doing it for two decades (and the doctor has been primarily been working remote for the past 19 years — the tech has been there, and has worked, for two decades … and now that high speed is in just about every urban area globally, there’s no reason a hybrid/virtual model cannot work and work well).

The reality is that the pandemic not only brought global supply chains crashing down but brought to light the high risk embedded in them a few of us saw a decade ago, which went beyond the obvious risks of “all your eggs in one basket” (even though Don Quixote was published in 1605) and “The Bermuda Triangle*1, but also included the risks of relatively centralized procurement where one team in one part of the globe made the all-our-eggs-in-the-China-basket and managed the relationship with one team at one factory in another part of the globe; so if either team got completely locked down with little remote/virtual support (and we saw some countries limit people to 1KM from their homes and China lock down entire cities and not even let people leave their apartments), the entire chain was shut down even beyond the worst case that some of us were envisioning a decade ago (and made our definitions of bad — which was factory goes out of business, shipping lane closes, or ship sinks — look good by comparison because, at least then, you could still go to work and travel to find a new factory, organize a new lane, or spin up the factory 24/7 until you remade the order).

However, with virtual center-led, you not only have a team that knows how to work distributed and remote, and who knows how to use that setup to better mitigate operational risks, but who also has a risk-mitigation mindset that any supply base should also be distributed and different locations remote from each other (two factories in the same town is not risk-mitigation; an earthquake destroys the roads, the entire town gets quarantined, or political borders shut and its effectively one cut-off source of supply) and will help the different parts of the organization design more risk-adverse, or at least risk-aware, supply chains — tapping into local expertise in each part of the world to make the best decision and allowing the organization to move management of the chain around as needed and local teams (because you’re not sourcing your Canadian snow-plow and igloo building services from India, for example) to always have remote access to guidance and best practices in snow-removal services RFP construction (and know how from Norway and Japan).

In other words, center-led procurement (of which you can find a lot of guidance on in the archives here and over on Spend Matters, especially since, now retired, Peter Smith of Spend Matters UK was a guru on this as well as sustainability) of the virtual kind is what you need to be doing now if you want to last until 2030.

 

*1 which, while statistically no more dangerous than any other part of the oceans, exemplifies the fact that even the biggest ships, with an entire year of your inventory on board, can sink, especially when oceanographers have finally realized [even though mathematicians working with wave models understood this concept decades ago] that rogue waves are not a once a in decade occurrence, but a DAILY occurrence on this planet, it’s just that the ocean is so big that the fraction ever covered by ships is so microscopic that the chances of any ship encountering a rogue wave are infinitesimal on a ship-by-ship basis)

Visibility is Key to Managing Suppliers

For the first part of this week, we have been talking about the significant overlap between sourcing and supplier management and the necessary platform elements needed to support both. Key elements included performance, relationship, and risk management, because all are necessary for sourcing and supplier success.

Spend Matters recently ran a 3-part series on a sub-set of the issue, based on a recent interview with Ecovadis, that talked about how Visibility is Key to Managing CSR Risks in Indirect Spend (Part I, Part II, and Part III). But visibility is needed for more than just addressing risks in indirect spend. It’s also needed for addressing risks in direct spend.

Direct spend has all the same risks, they just aren’t one step removed through an intermediary. And you have to trace all of the products down to the raw materials to identify not only in your supply base, but your supplier’s supply base, their supplier’s supply base, and their supplier’s down to the mine, the farm, or the harvester.

But it’s not just the suppliers you need visibility into, it’s the environment that surrounds them. After all, a natural disaster can cut them off. An economic downturn can render them bankrupt if the currency they do business in (and keep the majority of their cash on hand in) crashes. A geo-political uprising can cut them off at the border. A port strike can cut off their primary shipping routes. And so on. You need a full 360-degree view around the supplier to ensure success.

But how do you get that? You can’t watch everything everywhere, and when you consider the extent of the global supply chain, you almost have to.

That’s why it’s key to have a platform that can integrate with 3rd party sources as you will need to integrate dozens, if not hundreds, of data sources to keep on top of all of the data you need to populate the models to evaluate and track the risks.

And that’s why two of the key elements we look for in a platform are integration and dynamic data model extensibility. You never have enough data. Without the right data, you don’t have the visibility, and that’s key to success. Or at least to preventing major unexpected disruptions.

Five Years Ago We Told You to Blame the Bankers …

… for the biggest risks in your supply chain, as per our classic post where we told you don’t blame the lawyers, blame the bankers because they were ultimately responsible for three of the top four most likely risks to disrupt your supply chain.

(Even though the doctor can sympathize with William Shakespeare when he said the first thing we do, let’s kill all the lawyers, the lawyers are not responsible for the current state of the global economy, the bankers are. And while it’s true that the lawyers are not innocent, happily taking the bankers money to do things that disrupt entire economies, it is the bankers that were the ringleaders here.)

But do we still blame all the bankers? Well, yes, we blame them for the economic risks that continue to persist to this day. But we no longer blame them for the top three risks in our global supply chains.

That honour goes to … The United States of America. Yes, that’s right. The root cause of the three biggest risks in your supply chain is the United States of America. (And not China, although there is a massive risk there as well. And if we wait a few more years, they might get their turn on top.)

How can it be? How can the United States be the single cause of the three biggest risks in your supply chain?

To explain that, we’ll start by repeating them for those of you that have not read The Global Risks Report 2019, 14th Edition, from the World Economic Forum.

According to this report, produced in partnership with Marsh & McLennan Companies and Zurich Insurance Group, the three biggest risks are:

  1. Extreme Weather Events
  2. Failure of Climate Change Mitigation and Adaptation
  3. Natural Disasters

and, as should be obvious, these are all interconnected.

Many (if not the majority of) natural disasters are the result of extreme weather events, and many (if not the majority of) extreme weather events are, whether your choose to believe facts or not, the result of the failure of climate change mitigation and adaptation.

And why has climate change mitigation and adaptation failed? Because it hasn’t happened. And why hasn’t it happened? Because countries aren’t aggressively working toward it. And why is that not the case? Because only 175 parties, of 197, have ratified The Paris Agreement (the UN Convention on Climate Change) … and one party that initially accepted has withdrawn (and done so in a very public manner). Guess what that country is? You guessed it!

The United States of America has withdrawn from the Paris Agreement. If the country that is responsible for approximately 25% of global GDP refuses to support the most important initiative in the world (which still falls short of where we need to be to truly mitigate climate change, but would make a substantial impact on slowing climate change down), especially when it comes to preventing the three biggest risks in your supply chain, then that country is unilaterally responsible for those risks.

So next time a typhoon sinks the freighter carrying all your goods, don’t blame God, Poseidon, or Mother Earth. Blame the United States of America. Or, if you really want to, blame Trump. But don’t blame God or nature because, with the current rate of increase in the number of natural disasters annually, there will soon be a 90% chance that it the natural disaster is 100% the result of climate change brought on by the United States inaction to do anything about it.

Single Multi-Tier Risk Mitigation Strategies Don’t Mitigate Risk

Last year we penned a post on how single tier risk mitigation strategies don’t mitigate risk and that they may, in fact, increase risk. As we indicated in our previous post, the following standard single-tier risk mitigation strategies have the potential to increase risk:

    • Dual Sourcing
      without careful planning, both suppliers could use the same Tier 2 source
    • Alternate Design
      can simply reduce / eliminate the need for one rare raw material in favour of another material that ends up being more rare
  • Financial Risk Monitoring
    for shakey suppliers isn’t enough to catch production shortcuts that a supplier might be taking to cut costs that increase your risk when the product is used or sold
  • Replacement Product Lines
    can share parts and suppliers that actually increase risk from a disruption

We indicated that if you wanted to truly mitigate risk, you have to go multi-tier and work with your supplier to identify the most likely risks in their, and your, supply chain and how to mitigate them.

And this is a great start, but simply using the least risky supplier at each tier doesn’t help you if a random natural or man-made disaster takes out a supplier for a few months (or permanently). There needs to be a dual sourcing strategy, and a well planned one. Using two suppliers in the same region or that use the same raw material source is not dual sourcing. Alternate design that is specific to a small supply base that could be wiped out with a single disaster or single market event is not sound alternate design. Financial risk monitoring using third parties that don’t have deep insight into certain markets, regions, or mining operations is not enough — by the time an issue is detected, it could be too late. And of course, trading one product line with known risks for another with unknown risks is pretty much the opposite of risk mitigation.

That’s why you not only need multi-tier risk mitigation in a single supply chain, but multiple supply chains with multi-tier risk for any critical products or product lines. As per our recent post on how the risk disconnect is still big, Sourcing and Procurement need to place a much bigger focus on risk to ensure negotiated scenarios are actual scenarios to realize the savings and value the organization expects.

The Risk Disconnect is Still Big But …

As pointed out in a post a year ago on how there are at least 12 risk disconnects … but one you should never overlook! we talked about how the disconnect between risk and cost is one of the most critical in our view because:


  1. not only can one identifiable supply chain disruption wipe out all of the savings of a single sourcing event, but also increase costs well beyond that point

  2. only an understanding of the true cost of risk will convince most stakeholders and executives to look beyond cost, reliability, marketing differentiation, or whatever else matters most to them — money talks and (imminent) (potential) loss is the one thing that gets noticed

But that’s pretty hard as most sourcing and procurement solutions not only have no concept of risk, but neither do most platforms. And many of those that do are pretty basic — you can import third party risk scores, define risks to track, and query them occasionally. And that’s about it — and that is clearly not enough given that an organization’s chance of experiencing a significant disruption is now about 90%.

But that might change soon. Not that long ago (in late 2017 to be precise), Spend Matters released the Solution Maps for Strategic Procurement Technologies (Sourcing, Contract Management, Analytics, and Supplier Management) were released — with the Sourcing, Analytics, and Supplier Management maps designed (in entirety) by the doctor and the Contract Management map co-designed by the doctor and the maverick.

Each of these maps had a few elements of risk, but not many. And they were application-based, not platform based. But with the newly revised Solution Maps coming out in June, Risk Management will now be a key component of the common sourcing – supplier management component of the strategic procurement technology maps that measures the assessment, mitigation planning, [risk] model definition, monitoring & risk identification, regulatory compliance monitoring, and supplier risk management capabilities of the platform. Going forward, both Spend Matters and Sourcing Innovation will be putting a greater focus on risk management capabilities to help your organization cope with the turbulent times ahead.