The Prophet‘s 2024 Procurement Prediction Number 1

A Supply Chain Black Swan in 2024 A-

A major terrorist (or asymmetric military) threat incident in 2024.”

Very likely. As well as:

  • one or more elections of a populist dictator-want-to-be in one or more significant “democratic” countries/blocs with an election this year (including the four largest: India, the European Union, the United States, and Indonesia) and/or insurrections when they lose.
  • significantly more unrest and attacks in the Red Sea and more slowdowns/shutdowns in the Panama Canal due to lack of rain/water (thanks to the US deciding to “fight back” and bomb Yemen)
  • scarcity of capacity due to longer transit times as ships have to navigate the dangerous capes (Agulhas and Horn)
  • unavailability of raw materials as a result of military actions in the Congo, increased sanctions on Russia, and increased crime or political unrest in Brazil (which are 3 of the top 5 countries with the most rare earth metals / reserves)
  • etc.

In other words, this is not the year we’re not going to see another black swan. This is the year we’re going to see a full flight of black swans! (Which is a sight we never hoped to see!)

As The Prophet has noted, you’re going to have to split your business and geographically diversify your supply base (down to the source), but with respect to the recommendation of “at least one supplier with localized production / inventory“, it’s not enough if it’s the 20 in a 60/20/20 and definitely not enough if it’s the 10 in a 80 / 10 / 10. You can’t always produce enough locally, which is why, as SI has been saying for almost a decade and a half, you need to nearshore (not just friend-shore). If you can’t get the majority of the products you need on a truck crossing friendly, or at least not unfriendly, borders, you’re at risk of a significant supply chain disruption.

The other recommendations are right on the money:

  • overweight supply chain risk and visibility investments, and remember they are not the same — you need supply chain visibility down to the source of every raw material as well as transportation visibility of all of your orders, including materials you source on behalf of suppliers/assemblers/distributors, from the source to your warehouses to your customers; these capabilities are generally not always found in the same solutions
  • hedge with additional safety stock/inventory — JIT (just in time) is great until it breaks; and with every single disruption, you always lose more than you save with JIT; and if demand is spike and trough, you can’t always ramp up and ramp down fast enough, so inventory is being built up somewhere … and is that somewhere best in an insecure manufacturer’s warehouse half a world away, or a secure warehouse close to your customer base when release day rolls around? (moreover, you always save more with good demand planning than trying to optimize JIT)
  • conduct scenario planning and war gaming exercises especially for critical products or services that could destroy your business
  • cross-train for strategic roles not just to remove risk of personnel departure or insufficient staff for an emergency scenario, but so you can create better strategies that are not only more sounds but easier for all parties to understand and implement
  • automate everything that can be automated by removing UNNECESSARY human touch-points … as noted, a lot of AP, AR, transactional procurement, and tail spend can be automated … including POs, invoice processing, repeat purchasing, but so can contract drafting, regular analysis, sourcing planning, inventory and demand forecasting adjustments, etc. … the key is to make sure checks and balances are in place before something is automated and if a spend amount is too high, an invoice doesn’t match a PO, something is removed in a contract draft, etc. one or more humans are included in the loop to deal with the exceptions (which cannot be auto-resolved — for example, if an invoice doesn’t match a PO, the system can auto-notify the supplier of the discrepancy, auto-suggest a correction for automatic acceptance, etc. but should not automatically accept an uncorrected discrepancy, no matter how small)
  • insure every new hire you make is someone you would trust to save the business

And, even more importantly, with respect to the last recommendation, make sure these new hires get all the training they need and tools they need to actually save the business when one or more of the black swans break formation and barrel dive towards your business!

Technology for Supplier Onboarding is the NOW, not the Future!

In fact, for any company that hasn’t been in a cave for the last TWO (2) decades, it’s the past!

Needless to say, the doctor was shocked to see this recent headline in Supply Chain Digital that purported to answer why technology is the future for supplier onboarding because either you’re using technology for supplier onboarding today, or you’re not going to be around much longer as a company.

Without a good solution, the time it takes to collect and evaluate enough data to even determine if the supplier is legit, in your industry, appropriately certified, not on any banned lists, financially stable, with real customers, etc. is days, sometimes weeks. And then the time to evaluate the supplier to supply even a single product can be weeks, especially in direct, when you have to trace the product components down to the raw material source to make sure there are no conflict diamonds, no Congolese cobalt, and no indentured / kafala / slave labour in the mines your metals come from.

Even though the article headline is, well, wrong, there are some good points in the article.

Having a strategic approach to supplier onboarding is a key component of supply chain risk management. Most definitely. You don’t want to hook up with a supplier that’s just going to increase your risk, stop your production lines, bring regulatory and compliance investigations your way, and possibly get your CFO or CEO in hot water because you had them sign off on a supplier as being safe when, in fact, it was the business equivalent of a landmine.

With a properly configured supplier management solution, you can check that a supplier meets all of the basic regulatory requirements, financial requirements, and baseline operational requirements in a minute. Literally. You plug in the name and ONE governmental ID code and it pulls in every single piece of information in government systems, third party finance / ESG / Risk databases, insurance and compliance databases, and community intelligence gathered in its systems and indicates if the supplier:

  • failed any registration checks
  • failed any denied party checks
  • has any owners, directors, investors, or connected parties that failed a check
  • has filed its financial reports and is not rated as a going concern
  • has reasonable ESG ratings
  • has any reports of, or known connections to, forced/child/slave labour
  • has valid insurance
  • has valid regulatory compliance certificates
  • any other requirement that can be looked up from a public database

And you know if there are any alerts or failures within minutes, not hours, days, or weeks.

Which lets you dive into evaluating whether or not they can supply the product you need at the quality and quantity, and in a manner that is not quixotic to your business environment.

You can then define additional requirements for automatic lookup, ask for tier 2 suppliers, do the same automatic checks on those, specific to the component or raw material they are providing, and if all that passes, which you will know in minutes, then you can begin the real research in minutes, not hours, days, or weeks. And the real research can take days, or weeks (and sometimes more) in real time when you need to look deep into the production capabilities, the labour that is used, the materials that are used, and the quality of the finished good (which you may need to see a sample of). But the last thing you want to do is waste weeks trying to get to this point only to find out three weeks in that the supplier is on a banned list for one of your main marketplaces, the tier 3 uses cobalt from the Congo (and if you don’t know why that is bad, do ONE minute of web research [unless, of course, you are a psychopath or sociopath with no regard for human rights or even welfare]), or is facing multiple lawsuits for unsafe products in multiple countries.

It is imperative that C-suiters “act with urgency around risk”. Nothing could be truer. It seems that risk is doubling every day. You need to be ready, and while you can’t be ready for everything, you can minimize the chances of risk by ensuring that your suppliers are not adding risk and, in fact, as dedicated as you in minimizing their risk profile. Moreover, if you have a good supply base, they can work with you to mitigate the impact of disruptions when those disruptions rear their ugly head.

“This year we expect to see increased ESG regulation”. It’s coming, and the best way to be prepared for it is with systems that can run checks, collect the required data, flag potential issues, and make sure you keep on top of whatever you need to in order to comply with those regulations.

“Invest in your processes, to ensure you can do more with the same, or fewer, resources. This usually means automating your supply chain data, so you’re finding new suppliers or managing existing suppliers.” Definitely.

Technology has a vital role to play in supplier onboarding. Most definitely. Except you should have been using it for the past two decades, not looking for a solution today. Why do you think there are 100+ vendors offering supplier management solutions? Because they’ve worked wonders (relative to not having any solution) since they were first introduced two decades ago. And, most importantly, they’ve went from simple information management solutions to advanced data collection, validation, and risk assessment solutions where you can quickly validate, analyze, and decide if you want to even consider engaging with a supplier in minutes. You can also collaborate, develop, and implement supplier programs. And you can even orchestrate supply networks with modern solutions.

So if your solution doesn’t solve your CORNED QUIP mash of supplier management problems, maybe it’s time you found a new one. You can’t wait for the future to solve your supplier management problems, you need to solve them today!

Forget Consequence Free. I wanna be Gen-AI Free!

To the tune of Consequence Free by Great Big Sea.

Na na-na, na na na-na na na!
Na na-na, na na na-na na na!

Wouldn’t it be great,
if no one ever was redundant?
Wouldn’t it be great,
if we made all the decisions?

I’ve always said,
All the rules are made for bending.
And if I did the right thing,
What’s wrong with that vision?

I wanna be Gen-AI free!
I wanna be where humans always matter.
I wanna be Gen-AI free!
And say: Na na-na, na na na-na na na!
Oh! Na na-na, na na na-na na na!

I could really use,
To lose my ethical conscience.
Cause I’m getting sick,
Of feeling angry all the time.

I won’t abuse it,
Yeah I’ve got the best intentions.
For a little bit of anarchy,
But not the hurting kind.

I wanna be Gen-AI free!
I wanna be where humans always matter.
I wanna be Gen-AI free!
And say: Na na-na, na na na-na na na!
Oh! Na na-na, na na na-na na na!

Oh! I couldn’t sleep at all last night,
‘Cause I had AI on my mind.
Why can’t we leave it all behind,
You know it could be that easy.

It just takes one person
Wouldn’t it be great,
If the CEO made that call
We could do the work,
And we would never get the slip.

Wouldn’t need to worry about illogic or bad data.
We could slip off the edge,
And never worry about the fall.

I wanna be Gen-AI free!
I wanna be where humans always matter.
I wanna be Gen-AI free!
And say: Na na-na, na na na-na na na!
Oh! Na na-na, na na na-na na na!
Oh! Na na-na, na na na-na na na!

the doctor, while an early adopter of SSDO, rule-based RPA, Machine Learning, and other “AI” technologies, is serious here. Gen-AI is garbage at best, bull crap the majority of the time, and toxic waste when it fails. What other technology produces hallucinations, hate speech, and hot (as in stolen) data on a regular basis? What other technology has literally convinced people to commit suicide?

It’s not ready for prime-time, and may never be. Go back to carefully constructed NLP solutions on carefully designed data sets that actually work. We don’t need Artificial Idiocy where you need more training in prompting to have a chance at solving a problem than developers need training in coding to write a reliable deterministic algorithm that actually solves the problem. Sure it seems to work “okay” 90% of the time with normal usage, but what about that 9% of the time it doesn’t or the 1% it fails so drastically it could cost you millions of dollars in direct and indirect damages? Is it worth it? (The answer is NO!)

Some light reading. More can be found by Googling Gen-AI Fails and similar search terms.

It’s No Wonder SMEs Can’t Get Procurement Right!

… when everything that the vast majority of publications tell them is barely on topic at the best of times, and, as per our article on a recent USA Today article, give them horrendously bad advice that makes absolutely no sense whatsoever.

Needless to say, the doctor found yet another article that is just, well, bad. At least this article wasn’t on USA Today. It was a regional business site in the UK (but what should we expect considering all of the examples of Bad Buying that Peter Smith has been bringing to our attention in his articles for about a decade now).

This article, which purported to educate us on 5 tools to streamline your supply chain only managed to identify three (3), that’s right three, actual supply chain tools, of which one (1), that’s right, one, tool would actually streamline your supply chain.

So let’s start with the ONE good suggestion:

Digital Freight Forwarding

Global logistics is hard. Very hard. All of the different paperwork requirements for pre-clearance, clearance, post-clearance; all of the different taxes and rates to keep track of on import/export/sale; all of the parties that need to be involved in getting the goods off the ship to the cross dock to the warehouse where the last mile carrier picks up; etc. is very demanding. If you’re not a big company that can afford a logistics department staffed by a logistics team, not just a PO clerk who has it as his part time job, you shouldn’t be doing it. You should be using a partner — it will be faster, better, and cheaper for you to do so. It will streamline your supply chain.

But that’s the last good suggestion. The following are two supply chain tools that will help you, but they will not streamline your supply chain.

Data Analytics

While a good data analytics solution will help you identify issues and bottlenecks, it won’t actually help you streamline them. You will have to leave the system to examine the issue, come up with solutions, and then go into some other system to implement those solutions.

Inventory Management

A great inventory management system will streamline inventory management processes, making it quicker and easier to maintain visibility into your stock, become aware of low stock (automated alerts), maintain your catalog, find product (when you can record the location), determine actual space utilization, and even optimize your storage rooms and warehouse. But an inventory management solution doesn’t streamline your supply chain if you need 60 days lead time and get an alert that you’ll probably be out of product 30 days before the next order arrives. For that, you need a proper forecasting tool, optimized global logistics with expediting options when needed, integration with your PoS systems for daily updates (to detect unexpected changes in sales early), etc.

And then the last two options weren’t even supply chain! (And definitely wouldn’t streamline the supply chain.) Because:

  • accounting software is for finance
  • chatbots are for customer support

If you really want to streamline your supply chain, then, in addition to help with logistics, you need:

  • automated supplier onboarding (with the ability to integrate risk/compliance data)
    (get a supplier in the system in days, not weeks)
  • P2P for easy (re)ordering and quick-hit RFQs
    (buy quickly when you need to)
  • online contract negotiation, signing, and management solutions
    (get the the deal done quickly)
  • good forecasting
    (so you know how much you will need to order and when)

And there are plenty of affordable options in each of these areas for small and mid-size enterprises. Just check out the many vendor lists that the doctor included in his 39-part Source-to-Pay series.

An Introduction to TPCM: Third Party Compliance Management

TPRM: Third Party Risk Management is Big. Really Big. In fact, as evidenced by recent investments over the past year (Spectrum’s 200M investment in RapidRatings in 2022, Vista Partners acquisition of Resilinc, and now the 1.2B acquisition of Exiger by Carlyle and Insight), it’s HUGE. Actually HUGE! (Not Trump huge. In fact, the exact opposite. 😉 )

Why? The pandemic finally caused the space to wake up and realize not only how significant long-term disruptions are, but how much risk has been embedded in over-extended global supply chains over the last thirty-plus years (thanks to the global sourcing craze started by the Big X and Mid-Sized Consultancies that chimed in during the 90s as a method of “cost savings”, which really just resulted in “spend transference” to big consultancy pockets and the buildup of risk, and risk related debts, in the supply chain that, just like technical debt, always comes due someday). Big corporations have finally realized they need to manage that risk, or at least maintain constant visibility into it, if they want to get the supply they need to just stay in business. (At the end of the day, “cost savings” don’t matter if you don’t actually stay in business, which is what happens when you don’t receive any products to sell. So you need to assure supply first, and then avoid unnecessary cost second — especially since there is no real “savings”, just cost avoidance with improved processes, designs, networks, management, etc.)

As a result, these companies, who were mostly clueless about the risks (sometimes by choice), needed solutions now to at least get insight into the risks so they could plan mitigations, or at least take action when something happened. Since their traditional enterprise / manufacturing resource management, supply chain, source-to-pay, or back-office systems didn’t give them the insight they needed, they finally started to turn to TPRM (and in some case, broader SCRM – Supply Chain Risk Management) systems in a big way.

And that’s great. Until it isn’t. As a result of all of the supply chain failures and the impending disasters they created across supply chains, not just health and defense, governments have started taking action and introducing a lot more regulatory compliance into the mix. This is at the same time they are waking up to the wild west of technology and introducing a lot more regulation into the mix around personal data and use of AI. And with fraud and money laundering seemingly increasing without end, there’s a lot more regulation around partner due diligence. And then there is the reality that the world is heating up (whether you believe in climate change or not), that this heating up is contributing to an extremely substantial increase in natural disasters, that temperature is correlated with carbon and greenhouse gasses (GHG) in the atmosphere, that we are currently producing a lot of carbon and GHG as a species, and while we may not have been entirely responsible for getting here (as there are other factors that cause temperature to naturally rise and fall on a planetary scale — although the changes we’ve seen in the last few decades have historically taken centuries or millennia looking at the geological record), we need to do everything we can to not make it worse (or risk natural disasters on a scale that have not been seen for millennia, and that have sometimes even led to extinction level events in the past). In response to this, countries are making commitments to the Conference of the Parties of the UNFCCC and instituting legislation limiting the carbon you can create (without fines or fees to offset that, presumably fines or fees that will be invested in greener energy options, but we have to admit many governments haven’t thought that far ahead) and the amount of other pollutants you can pump out.

In other words, not only do companies have to worry about more risks than they are aware of, they also have to deal with more regulations than they can easily keep track of (and, when they’re not on the ball, they don’t find out about them until they get a fine) — as well as dedicate way more time than they should gathering the required information for, and filling out, the appropriate reports and filings.

Moreover, and this shouldn’t surprise you, the vast majority of TPRM (and even SCRM-TPRM) systems don’t help with this at all. While they can be configured to detect issues that may represent potential violations, they generally don’t collect the reporting data that is required and typically don’t provide the detailed trickle-down visibility that is needed to verify that key requirements — such as personal data protection, no forced labour, etc. — are truly adhered to throughout the chain.

That’s why many big multi-national organizations, especially those that collect and process personal data, do a lot of global importing or exporting, or deal with extended supply chains and have to comply with extensive privacy regulations AND data protection laws in the finance sector, have to comply with hundreds of sanctions and denied party lists globally (as well as ensure there are no connected beneficial entities on those lists), and/or need visibility down to the source on human rights needs a solution that understands the regulations they are subject to, encodes the data they need to collect and the violations (special types of risk) they need to monitor for, and helps them produce the reports and regulatory filings they need to make.

And the only system that can do this is a Third Party Compliance Management solution, which has some commonality with a Third Party Risk Management solution, but also a lot of differentiation as well. Most organizations won’t know they need such a solution, as they won’t even know that such a solution exists (as there’s not many solutions and not much buzz about them … yet). Hopefully this post will change all that. Even though the solutions are two sides of the same coin, the sides haven’t met yet, and until they do, which could be years (and years and years) away (because no one has really thought about the hard center yet), for many companies, what they really need is a TPCM solution.