Procurement Needs a PUBLIC AI Incident Log

Not that long ago Garry published a great article on why Procurement Needs an “AI Incident Log”.

Simply put, because most failures will be quiet.

(And, even worse, to the extent possible, they will be covered up.)

For example, as Garry states a supplier gets mis-classified as low risk for months. A category recommendation nudges the organization towards convenience over resilience. A contract summary misses a clause that only matters when something goes wrong. A “temporary” exception becomes the new normal because the tool makes it easy to repeat. And as long as nothing explodes, standards and practices get to keep drifting from well designed and established norms that were designed to be best practice for the organization.

These are failures, even if they don’t result in disasters in the near-term, and in many ways, they are the worst kind of failures. That’s because, by the time something goes significantly wrong, it will not only be a disaster but it won’t be one that can be quickly recovered from as the data, process, monitoring, and mitigations will be so bad as to be unusable.

And, as Garry points out, this will all be due to AI influence as its permeation is literally causing organizational decay as a result of the cognitive atrophy, curiosity decay, false memories, and overall cognitive offloading and general acceptance of the enshittification it is bringing with it. The easier the tools make it to do nothing, the more likely that is what is done as we are wired to be lazy as a species and, sadly, most of white-collar humanity gives into that wiring.

So unless you want your performance to suffer from AI-induced enshittification, you need to prevent the enshittification from happening in the first place. To do that, you need to stop the process drift that is a result of humans shifting decisions to systems that should stay with them.

And, according to Garry, that means adopting an AI incident log to track signals that take them off course to make sure mistakes are not repeated. The system should tell you four things early:

  1. where humans are overriding the system and why — not because this is a bad thing, it’s typically a good thing as it means humans are dealing with exceptions, validating decision suggestions before they get accepted and executed, or cutting off AI where it shouldn’t be used; the lack of these overrides is the signal that’s scary where AI has been deployed
  2. where exceptions are repeating — good systems allow exception resolutions to be turned into rules and automatically processed going forward; if that’s not happening, the cast iron ball is being dropped repeatedly and at some point it’s going to break someone’s toes when it’s not caught in time
  3. where speed has increased but clarity decreased — hard to detect, unless you ask actions to be explained … when there is no instant explanation, there was no thought, just a system recommendation (which you hope wasn’t the result of a lazy employee asking clod or chat, j’ai pété and sharing your confidential data
  4. where accountability has blurred — when something goes wrong, you need to know who precisely was responsible for the decision, not a role shared between multiple people or a team, a person who made the decision and accepted the authority for it

Now, this incident log, as Garry states, doesn’t need to be heavy or overbearing. Just a short description of “system/AI used, by who, when, result generated, human response/override, consequence, suggestion/rule to prevent future occurrences”. Short and sweet so the incident log actually gets used.

You can’t improve as an organization if you can’t learn from near misses to prevent foreseeable mistakes. Otherwise, your successes will just be wiped out from inevitable failures. Because, as Garry states, in the beginning, it’s unlikely that AI will break Procurement with one big failure as most organizations will start small with the odds in their favour.

But of course, given time, without proper monitoring and intervention, that failure will happen. And when it does and the incident is significant, two things need to happen.

1. A very detailed end-to-end (root cause) analysis needs to be conducted, along with a detailed mitigation plan with executable data capture, process, and system changes to prevent it from ever happening again.

2. Full publication in a Public Procurement Incident log (perhaps maintained by one of the major associations) where an organization shares what happened, how it all went wrong, and what might be done to prevent future failures of that type. (Which will often be “don’t use this [Gen-]AI tool AT ALL for this type of problem or process”.)

Unless the failure was so bad that it reaches the public by its very nature, most businesses, especially in the B2B world, will try to sweep the AI failure under the rug, especially when the consultants claim it’s just a “growing pain” and will “not happen again” with more training data and model tweaks and finance claims it will sink the stock price.

But this will only lead to more failures and even worse ramifications if the story gets out that AI cost the company millions (or billions) and the company tried to hide it.

In the Age of BS AI Overpromises and Hype, the only solution is a public forum where companies come together and share their war stories to help each other cut through the hype and understand precisely what modern “AI” tools can and can do, to what degree, and how to use those that do work in some situations in a way that won’t result in disaster.

Now we know it will likely never happen, but this is why we have continual boom-and-bust cycles in the IT sector and more failures than we should 150 years after the Gilded Age began and the railroad barons built successful multi-national companies that could manage their entire supply chains from source to sink(ing of the tie in the railway). And do it with an efficiency that wasn’t seen again until Toyota started to implement lean in its Production System (TPS) development over 50 years later. (Look, they wrote the first purchasing manual. They knew their stuff!) If Engineers could manage global supply chains in the industrial age using only pen, paper, letter mail, and their intelligence and do so with more predictability than our most advanced systems today, that tells us something — that the answers don’t lie with AI but HI (Human Intelligence) and that we need systems in place to ensure HI is always used when decisions need to be made and learnings are publicly shared.

Or we can give in to the AI, let our IQs recess faster than we ever thought possible (and they are recessing — roughly 14 points over a 120 year period between the Victorian Age and the end of the first decade of the century), and becoming drooling idiots just waiting to be plugged into the Matrix. (Recent studies have shown that heavy AI users perform up to 17% worse in conceptual tasks compared to non-users. Given that an average IQ should be 100, that’s a 17 point decline in a year or so, meaning that AI is making us stupider 100 times faster than every technology that came before! [Source: Psychology Today.])

(Remember, while it is our right to dare to be stupid, it’s not the smart thing to do, and there will be consequences. So if you think it’s pretty fly that Gen-AI, we strongly suggest you think again.)

Buyers Are Not Process Operators!

In a LinkedIn post from a while back, Garry makes a very important point: many procurement operating models still treat buyers as process operators.

Run the event. Collect the bids. Populate the template. Push it through governance. Negotiate hard. Close the file. Move on.

Tech (which may include AI but doesn’t need to as you can do quite a lot with ARPA and do it better, faster, and cheaper than humans AND Gen-AI can do it) will make the traditional buyer role less central because all of this, except for the finer points of negotiation, can be done by the tech. (The brute force points, collecting all the data to defend your offer can be done by the tech.)

Once you adopt Busch-Lamoureux Exact Purchasing, it becomes easy to not only map your categories to the octants, but identify the processes you should use for sourcing and procuring those categories, as well as monitoring the procurement activities to determine if there is a situation where a human has to intervene.

It also becomes clear what you need to do at each step.

  • Sourcing: identify what needs to be sourced vs procured, what categories and items will be included in an event, what suppliers, what products, what requirements, etc. etc. etc. — all of the decisions you can’t risk automated (which can still only be automated from encoded knowledge from prior decisions)
  • CLM: key contract requirements and acceptance criteria; etc.
  • SXM: key (compliance) requirements, key risk mitigation clauses, need for no vs. internal vs. external review, etc.
  • Analysis: historical spend/volume/prices; current prices/volume requirements; predicted prices/volume requirements; opportunities for demand shaping/control; etc.
  • e-Pro: available channels and under what conditions; what gets in the catalogue; who can buy out-of-catalogue/non-preferred; processes for overrides (to budget limits; cost limits; etc.)
  • I2P: m-way match requirements and tolerances; ok-to-pay / auto-pay requirements; when early-payment discounts can be offered/applied; etc.

As Garry states, a buyer is not a buyer — a buyer is a decision architect and makes the decisions necessary for successful Procurement. A decision architect that designs how a decision should be made. An intelligent human who maps the organization’s categories to the pocket cube of Exact Purchasing, determines what can be automated, what systems will be used to automate, what qualifies as exceptions, how those exceptions will be monitored for, and how they will be alerted.

But a buyer is more than that — it’s a decision architect and relationship management. Procurement is about managing stakeholders and suppliers. Dumb systems cannot do that. Only HUMAN INTELLIGENCE can.

In an AI-Hype world, Procurement will be measured on its success, and that success will require Human Intelligence leading Procurement to glory. So acquire real pros if you want to not only survive, but thrive in, the Age of Retardation the AI-Hype is ushering in!

Are they 2026? Or 2016? Or 2006? Procurement Trends? Part II

Tom Mills recently posted a Top 10 Procurement Trends in 2026 post on LinkedIn that made me ask Really? Basically, I’ve been reading, and writing, about the majority of the “trends” for two decades. As per my recent 34-part series on you don’t need to read another state of procurement report for five years!, nothing has really changed in the last five years. In fact, not much has changed in the last ten, if not twenty, years. All that ever changes is the tech-du-jour, which particular risk is the most prominent, which particular process is the most recommended, and whether the trend is in-sourcing solutions, out-sourcing solutions, or hybrid models.

To make this oh-so-clear, we’re going to conclude Tom’s list and provide some colour commentary!

6️⃣ AI Becomes Core but our Readiness Lags

This is the only “sort of new” trend, except it has been the “sort of new” trend for three years now, but when you realize “AI” is the “tech-du-jour”, you realize that, again, nothing has changed for the past two-plus decades because the “tech-du-jour” is always the 10th trend. And for every
tech-du-jour that becomes core, our readiness lags. Over the past 25 years we’ve had these five tech-du-jours (that tend to last for around 5 years).

  • WWW
  • SaaS
  • The Fluffy Magic Cloud
  • Predictive Analytics
  • AI

7️⃣ Data Quality and Governance as a Prerequisite

For all advanced tech, data quality has ALWAYS been central and paramount. Ever since the introduction of optimization, and in our space, strategic sourcing decision optimization (SSDO), data quality was key. With traditional (MILP) optimization, one value in one million can tank an entire model (because if a decimal point error makes one product 50X cheaper, then the allocation will obviously go to the wrong supplier). Moreover, if there are capacity constraints, minimum allocations, maximum supplier counts, etc., this will result in cascading incorrect assignments and allotments across the entire model. Then came should cost modelling, and again, without good data quality and governance, it didn’t work. Then spend analysis, which needed proper market baselines. And now AI, which is garbage in, hazardous waste out. Even with perfect data you can still get hallucinations, so you definitely don’t want even the slightest error!

8️⃣ Orchestrated Procurement Ecosystems

In Procurement, which has NOT fundamentally changed since the first manual was written 139 years ago, the story remains the same — only the names have changed! AI may be the tech-du-jour, but orchestration is the term-du-jour. But it’s not new. The automated coordination, management, and sequencing of multiple distinct processes, systems, or components to achieve a unified, higher-level goal has been a goal of Procurement for decades — except back in the 2000s the term-du-jour was “metaprise”. (And Jon W. Hansen can also fill you in on the history here.)

9️⃣ Talent as the Transformation Multiplier

We’ve been talking about this for decades. I wrote a 7-part series 20 years ago when I first started SI. Talent is not only necessary, but it’s the way you truly succeed. Talent that designs better processes, selects better technologies, and, most importantly, makes better decisions that allows the organization to be more strategic and more effective is not only transformation, but a transformation multiplier.

🔟 Procurement as an Enterprise Value Driver

Ever since AMR first started covering the space in the early 2000s, we’ve been told that Procurement is the Enterprise Value Driver. That strategic sourcing, when utilizing the right technology (namely optimization and analytics) would consistently identify year-over-year savings of 12%. That m-way matching, which ensured the payment matched the invoice matched the PO matched the contract would prevent (often unrecoverable) overspend. That spend analysis can identify real value drivers. The whole space was defined as a value driver. Nothing has changed.

The GruntMaster 6000 was engineered for longevity and has a long memory. And his long memory tells him that the more things (are purported to) change, the more they stay the same!

Are they 2026? Or 2016? Or 2006? Procurement Trends? Part I

Tom Mills recently posted a Top 10 Procurement Trends in 2026 post on LinkedIn that made me ask Really? Basically, I’ve been reading, and writing, about the majority of the “trends” for two decades. As per my recent 34-part series on you don’t need to read another state of procurement report for five years!, nothing has really changed in the last five years. In fact, not much has changed in the last ten, if not twenty, years. All that ever changes is the tech-du-jour, which particular risk is the most prominent, which particular process is the most recommended, and whether the trend is in-sourcing solutions, out-sourcing solutions, or hybrid models.

To make this oh-so-clear, we’re going to review Tom’s list and provide some colour commentary!

1️⃣ The CPO as Enterprise Architect

Back in the first major age of responsible sourcing in the early 2000s, the message was that the CPO had to be an enterprise architect to be responsible. To make this abundantly clear, SI did a 12-part series on the “Responsible Sourcing Supplier Workbook” released by the John Lewis Partnership which was the best example of how Procurement could architect a responsible enterprise!

2️⃣ Procurement as Business Storyteller

I remember going to Ariba Live a decade ago, and they opened with the SAP Storyteller. The reason – their solution (which never fully integrated Procuri that they had bought almost a decade prior) was going on 15 years old (while Coupa was still revolutionizing its platform and telling its own tall tales and BravoSolution was acquiring like mad [just before it became Jaggaer]) and there was less and less reason to buy Ariba’s outdated tech … until they told the whole story of what was possible when Ariba was fully integrated in the SAP ecosystem (and what could be possible — forget reality, just believe and buy).

3️⃣ Strategic Supplier Partnerships over Transactional Buying

State-of-Flux (SoF) was founded 24 years ago because strategic supplier partnerships were the key to success! Aravo (US) and SoF (UK) were the first to recognize this and this message has been consistent for decades, coming into the forefront whenever significant supply disruptions occur due to natural, or man-made, disasters. This goes back to the 80s when the recession, plant fires, and the lingering after-effects of the 70s steel crisis led to part shortages and cost hikes that could (only) be mitigated with strategic supplier partnerships. This situation reared its ugly head again as the web, and SaaS, exploded, we had new semiconductor (and RAM) shortages due to demand (and plant fires), multiple man-made and natural disasters had global consequences (9/11 attacks, Indian Ocean Tsunami, Hurricane Katrina, etc.), and market losses surged (dot com bust, 2008 financial crisis), leading to the rise of SXM software as a key category in Procurement in the early 2000s.

4️⃣ Outcome-Based Procurement

That’s the whole point of GPOs. Outcomes is only the price model du jour because the AI vendors couldn’t sell their solutions using a SaaS model with true cloud computing costs being passed on to them by their hosting (and AI) providers! So they have to convince you to buy into their “outcome”-based model. (And that’s why, now, outcomes is a dirty word.)

5️⃣ Strategic Supplier Risk and Resilience Orchestration

Aravo was founded in 2000 to do this. I remember writing about them back in 2007, and Google was one of their early adopters.

To be continued …

Fastest Freeway to Financial Failure? Gen-AI!

Not joking here.

First of all, AI is getting more expensive for coding.

Input-output token pairs, which used to cost pennies per M tokens, are approaching $100/M for high-end models.

An average enterprise app starts at 100,000 lines. It will require 2M output tokens for initial output. It will take at least 5 iterations to get code good enough for the devs to even begin to work with, or 10M tokens. Then you will have to test and debug, figure another 5 iterations, or 20M tokens. But this doesn’t include the context history or coding samples required to produce a baseline, integrate a security framework, or account for multiple service-based deployments. This will consume an additional 10X to 30X the token count, and you will require 40M to 80M tokens to produce the app along with an experienced team of senior developers who will have to shore, as only 20% of AI-generated code survives unscathed. And then comes the testing, debugging, and QA. This could double the token requirement again.

For coding, which requires about 20 tokens per line, it would, in theory, only require 10,000 tokens to produce 5,000 lines of code, which is the net-new production code you’d expect from a senior developer every year, but given that it will require at least 5 iterations to get something to start with, and then all the updates to get it to testing and then all the testing and debugging, that’s at least 50M tokens as per above — with prices expected to rise (and possibly double) by the time you’re done (at the current rapid rate of token cost increase), or $10,000 to $20,000. Not bad in theory, as a senior Dev costs you 10X to 20X that on the low end, but …

As we said before, only 20% of AI code ends up being usable, so you still need a team of devs to review it and fix the major bugs/issues. With 80K lines needing correction, and a top dev only producing 5,000 lines of net new production code a year, you would still need 16 devs. That’s still expensive. You might realize that you only need to fix the critical issues to get your MVP out the door, and cut the team in half because you can stagger the reviews and fixes to issues. And while you think you saved the cost of 12 devs …

As time goes on, you realize there are fundamental flaws in the code. The security framework it chose was an old framework off of an abandoned Github code branch that used a lot of methods and procedures that were already marked for deprecation in the next framework release, which hit as soon as you released your code. They all have to be redone. The “multilingual” support is clumsy and requires the manual production of very carefully crafted fixed format text files. The workflow is rigid and not malleable. You wanted it AI friendly, but it doesn’t properly support MCP. And so on.

Then, like so many enterprise app startups are finding, you can’t scale the MVP into enterprise quality, have to scrap it, and rewrite if from scratch. Which means the 10K to 20K in LLM cost and the 800K to 1600K + in minimal dev support cost to get the MVP up and running in a production environment was all wasted — most of your seed money went up in smoke, and you have to start from scratch.

Second, its performance is much worse for trying to correct/update existing code where it has to ensure all unit, functional, user journey, workflow, and integration tests still work. This is evidenced by the fact that many companies, like Uber are now blowing through their annual AI budgets in a quarter. Engineers trying to rely heavy on AI are already spending 2,000 a month! Backtracking the math, it’s easy to see that the amount of project code, documentation, and online (GitHub) samples it has to ingest and compute to create an output, that might not even be 20% acceptable on the first few passes, is astronomical!

Plus, as we’ve explained before, when a dev has to correct up to 80% of the code, you’re losing on the efficiency improvement if a dev is spending 20% of their salary to get you that 20% increase in code lines which, as we’ve also explained before, is still of a worse quality than if that senior dev had wrote it by hand, that’s not a savings. That’s, at best, net 0.

However, this isn’t taking into account that it will likely have to be refactored or written out in very short order. You won’t get the median 2.5 to 3 year lifespan for a small app or 5 to 7 years for an enterprise framework, you’ll get 0.5 to 1 year — which means you’ll write and re-write each line of code three times as often with the use of AI. Or, in other words, you’ll inadvertently spend three times as much on that code! And your customers won’t pay 3 times as much for an app just because you spent three times what you need to, so bankruptcy will be just around the corner!

Third, it is getting infinitely more expensive for any document processing with a legal ramification.

Judges are now fed up with AI hallucinations and slop. Include AI hallucinations, and you’re getting fined at a minimum, and probably sanctioned.

Even worse, if it takes out a risk mitigation clause or creates an unforeseen risk you didn’t catch, a failure could cost you (hundreds) of millions of dollars that you would have otherwise been protected against if an experienced lawyer had written the contract for you.

Fourth, it’s making us physically AND mentally sick.

The cognitive atrophy is becoming well documented. People aren’t remembering what they wrote even an hour later when they use Gen-AI. They are being lulled into a false sense of security and accepting its outputs, even when those outputs are false and dangerous to their health (and tells them to effectively commit suicide). (But go ahead, eat that poisonous mushroom. The one rock a day it told you to eat will protect you, right?) Average decline in mental acuity and performance after regular use is 17% (which effectively equates to a loss of 17 IQ points. In comparison, it took us almost 120 years since the Victorian age [before we had industrial revolution technology to make our lives easier or media to dumb us into submission] to lose 14 IQ points). It’s making our society mentally sick!

Moreover, given how much energy and water a modern data centre consumes annually (100MW for a hyperscalar site or an amount of energy that would power at least 10,000 greedy American homes for a year) as well as how much water it consumes for cooling (100M+ G, assuming it recycles efficiently, or easily 200M+ G if it doesn’t, which would meet all the water needs of at least 5,000 of those homes per year, if not all 10,000), when energy and fresh water is becoming in scarce supply in first world countries, we’re jeopardizing the well being of 10,000 people for every unneeded AI data centre that we build. Given that there are now about 11,500 data centers consuming about 2% of planetary energy and likely between 0.1% to 1% of available fresh/drinking water, that’s a lot of energy and water being wasted to produce cr@p code and poor documents that can often be produced better by interns*. Especially when, in energy or water stressed areas, these data centers take systems to the breaking point and risk our health due to lack of necessary heating, cooling, bathing, and/or drinking water.

But, even worse, since this energy often comes from grids powered by dirty coal and oil, and the water extracted from desalination plants also require energy from those same grids powered by dirty coal and oil, they are polluting the environment to a significantly measurable degree as they account for somewhere between 0.5% and 1.0% of global CO2 emissions. With the global slowdown in shipping thanks to all the conflicts in the Red Sea and the Strait of Hormuz as well as the lack of water (due to less rainfall) in the Panama Canal, and the rampant increase in Data Center construction, data centers will soon account for more CO2 production than global (unregulated) shipping, which is the dirtiest industry on the planet. That’s NOT good for our health!

* There’s a reason Builder.ai was successful in its efforts to pass off human-written code as AI for over 7 years. Human produced code actually works! Even hastily written shoddy code works better than AI generated code by orders of magnitude!