Monthly Archives: July 2009

Preventing Data Loss

Share This on Linked In

With the recent introduction of the new Massachusetts Data Privacy Law, known to lawyers as 201 CMR 17.00, which is the most far-reaching state-mandated privacy law to be enacted to date, you can expect a slew of states to follow suit. That means that, shortly after Jan 1, 2010 when the Massachusetts law comes into effect, you can expect that no matter where you operate in the US, you can expect to be subject to strict information security and privacy laws as you transfer data back and forth across your supply chain channels. But are you ready?

According to RSA, the Security Provision of EMC, you need to:

  • understand what data is sensitive,
  • know where the data resides,
  • understand your risk,
  • select the appropriate controls,
  • manage security centrally, and
  • audit security to constantly improve.

But will this be enough? According to the Aberdeen Group, who recently released a white paper on “6 Best Practices to Prevent Enterprise Data Loss”, more than 262 million records have been breached since January 2005. Considering that an average data loss will cost an average company $6.6 Million per breach, this, combined with upcoming laws that will let lawyers go to town, makes this a Billion dollar problem in your supply chain.

So next time you upgrade your supply chain technology, you might want to spend extra time examining the software security controls, whether or not it can implement your policies, and whether or not it has an API that will allow you to integrate security and policy management into your data loss prevention (DLP) software platform. Just like LDAP and single-sign on was important at the beginning of this decade, DLP is going to be key as we enter the next one.

Scorecards Have Value … But Only If They’re Constructed Right

Share This on Linked In

There’s been a lot of buzz around scorecards over the last few years, but, as noted in a recent article in the Supply Chain Management Review, only a handful of companies have effectively utilized them to drive value. Wal-Mart is one example … Canada Post is another.

To be effective, scorecards need to be simple in concept, with metrics that are clear and easy to assemble, yet measure the few, truly impactful supplier actions. The biggest mistake companies typically make is designing overly complex metrics that are confusing to suppliers. A good scorecard selects a handful of the most important metrics that will allow the supplier to focus on the most important factors. These operational metrics, that focus on cost compliance, service performance, quality and damages, and administrative efficiencies, allow the supplier to monitor is performance and improve over time.

And to be truly effective, the scorecard needs to be:

  • used frequently
    once or twice a year isn’t enough … they should be reviewed monthly
  • ranked in a weighted fashion
    as this allows a supplier to get an overall picture of its performance
  • monitored
    the article recommends a dashboard … but a report that calls out the most important issues will do just fine
  • improved collaboratively
    if the supplier is doing well on the scorecard, but not meeting your needs, then the scorecard needs to be refined
  • implemented in three phases
    for details, see the article on “unlocking value through the supplier scorecard”

What’s all this talk about risk?

Share This on Linked In

Editor’s Note: Today’s post is from Dick Locke, Sourcing Innovation’s resident expert on International Sourcing and Procurement. (His previous guest posts are still archived.)

The issue of global supply chain risk gets a lot of attention nowadays, and it certainly should. However, I’ve seen a few silly statements. One is that global sourcing is sooo over. Another is that nobody should buy in China. (OK, I exaggerate, but just slightly.)

Here’s my perspective:

First, we need to clarify what “sourcing” is. Wikipedia says “In business, the term word sourcing refers to a number of procurement practices, aimed at finding, evaluating and engaging suppliers of goods and services“. That’s the definition I’ve always used, too. It doesn’t mean actually buying, it means looking around. Global sourcing just means looking around globally.

With that definition, you can see what sourcing globally gets you. It gets you intelligence on the prices, costs, and viability of potential sources all over the world. In other words, it gets you a potential reward in the form of the lowest supply costs. Rewards in purchasing, as in investing, go hand in hand with risks. You can’t evaluate the risks without knowing the rewards. Fortunately, in purchasing higher rewards don’t always mean higher risks.

Let’s suppose a global sourcing program shows that the lowest landed cost suppliers are in some place various gurus find risky and you can save a tremendous amount by your company standards if you actually buy there. Would you walk away from a deal just because it’s risky? I hope not. That’s not the road to success. The computer industry ships about $30 billion dollars annually from China to the US. Quality and intellectual property problems are rare. What are some of the steps computer companies take? I can name four: Include quality experts in sourcing evaluations right from the start, buy only from foreign invested companies in China, have not just feet on the ground in China but trained brains too, and carefully reference-check for intellectual property issues before proceeding. It helps, too, that products such as laptop computers are “economically dense” in terms of cost per kilogram so that air freight makes sense.

Philosophically, when you evaluate risk during a sourcing process, you are not comparing the risk of one choice to a mythical risk-free world. You are comparing the risks of choosing one supplier to the risks of choosing (or staying with) another supplier.

Some risks are digital or binary. They are go no-go tests that should be applied before a potential source is even allowed to quote. A propensity to steal intellectual property is one such test. Lack of adequate quality standards and practices is another. But please don’t claim that no supplier in a country can meet those standards.

Other risks are more like analog. You can measure their severity. The best way is to see how often or how much or how often a situation would have to happen before what looks to be the lowest cost supplier is no longer lowest. Exactly how much would a supplier’s currency have to appreciate before it becomes (in hindsight) the wrong choice? Exactly how often would you have to ship by a premium method at your expense before your lowest cost supplier is no longer lowest? While you’re doing this remember that the second and third lowest cost suppliers have their own risks too. If volatile fuel prices (or cap and trade programs) cause one supplier’s cost to go up, they will also affect other suppliers’ costs.

I have a concern is that every company has strong momentum to stay with their existing supply base. If consideration of risk is not done well, it becomes just another excuse to keep on doing what the company has been doing all along. I saw it at HP when I was developing its global sourcing program. It took a few years to overcome.

Dick Locke, Global Procurement Group and Global Supply Training.

If You Really Want To Fix Executive Pay, Decide Who NOT To Pay

Share This on Linked In

A recent blog post over on the Harvard Business Review site on the issue of executive pay, which stated that “whom to pay is more important than how much or how”, made a good point — that the fundamental issue is to ensure that CEOs and other leaders make the greatest potential contribution towards building lasting greatness. In the author’s viewpoint, that means you need to be paying the right people.

Furthermore, while a star blue collar worker on a traditional assembly line would be 40% more productive than a typical worker, that performance advantage can be 240% for a star insurance salesman, and more than 1,000% for star workers in more complex jobs such as a computer programmer or an account manager of a professional service firm. This indicates that CEO performance, given the complexity of the job, can have a huge spread.

So it’s definitely important to be paying the right people. But, in my experience, it’s even more important NOT to be paying the wrong people. You can have a star CEO and still have her fail if she’s surrounded by useless blow-hard suck-up yes-men who can do nothing but produce hot air eight to twelve hours a day. Nothing ensures a bad quarter, and ultimate failure, faster than an over-paid, under-performing nincompoop who constantly interjects nonsense, demoralizes the team, blames everyone else for his failure, over-promises and under-delivers to your most important customers, stumbles into meetings late, leaves early, and constantly acts as if the entire company would fall apart without him when, in fact, it would reach entirely new heights. So if you really want success, the first thing you need to do is weed out and fire these bad apples because, then, it will only take one or two star performers to turn a slightly above average team into a superstar organization. Then it won’t matter how much you pay since your superstar team will always be delivering value relative to how much you incentivize them.

How to Govern Well

Share This on Linked In

Editor’s Note: This post is from regular contributor Norman Katz, Sourcing Innovation’s resident expert on supply chain fraud and supply chain risk. Catch up on his column in the archives.

For eight of the ten years I’ve lived in my little community, I’ve been an officer and/or board member of our homeowners association. It’s a thankless job which I cannot be paid for, and has, on the average, cost me somewhere between one-half to one full day of weekly productivity across all these years. Now before you label me as a “condo commando”, I can assure you that this board of directors are not “commandos”: we have seen our middle-class community slip to a lower-middle class one due to homeowners who would rather see this place turn into an industrial park than perform the minimum maintenance necessary to maintain some semblance of aesthetic beauty to their homes. It’s quite pathetic, really, at how much we have to fight uncaring, discourteous people who only seem to have contempt for their homes and community.

At one time we needed to hire a private investigator, so I recommended a friend of mine with whom the Association did contract with. Was this business relationship legal? Was it ethical to enter in to?

Legally, there was nothing to stop the Association from contracting with my PI friend; everything was okay per Florida law. But what is legal is not necessarily ethical, so was this relationship ethical? The answer is “yes”, but it’s because how the relationship was entered in to.

I – as a board member and officer (Vice President) – made full disclosure to the rest of the board of directors that the PI I was recommending is a friend of mine. During the interview process with the full board of directors, the first thing the PI brought up – before even being asked – was that he and I were friends. Again, full disclosure was made.

When it came time to vote on whether to use my PI friend’s services, I did not vote, thus establishing (relative) distance from the decision-making process. I was not able to sway any of the board members in their vote, and that would have been both illegal and unethical too. After some discussion, the rest of the board voted to use my friend’s PI services.

What helped to further create distance between me and the final decision is that, as Vice President, I cannot legally bind the Association to a business contract – only the President can do that. Thus, with this distanced being “forced” upon me by Florida law, the process was further safe-guarded against favoritism.

To me it seems pretty easy to be ethical if you apply two simple tests to any situation: full disclosure and relative distance. Yet time and time again, especially with elected leaders, there seems to be a breakdown of ethics as favoritism guarantees spouses, clients, friends, and relatives are handed sweetheart deals and contracts for services and supplies.

It’s easy to know what is legal: laws are written down for us. Granted, the terminology can be difficult to understand, and contradictions & gaps confusing to comprehend, but all in all we see seem to know what’s legal and what’s not.

It seems that ethics are not very well understood unless they are written down. I continually see ethical failures in elected officials and corporate leaders who – given their experience and education – should simply know better.

Any time you stand to benefit from a decision in which you have some input, either direct or indirect, you need to ask yourself if you’ve provided full disclosure of all relationships and are at a relative distance such that you are not swaying the decision one way or another.

Integrity requires a lot of fortitude, and standing on terra firma sometimes means you’re standing alone, but at least you’ll know you’re in good company.

Norman Katz, Katzscan