Monthly Archives: June 2018

Why You Need a Master Data Strategy for Proper Supplier Management (Repost)

This post originally ran on June 24, 2013, but seeing as it’s still a relevant message five years later, it is being re-posted to educate newcomers on the importance of Master Data Management strategies in this data-centric era.

Supplier Information Management is more than just buying a Supplier Information Management (SIM) solution and plopping it into your data centre. Much more. But yet, it seems that some people — anxious to deal with the visibility, risk management, and supplier performance issues facing them — believe that merely obtaining a SIM solution will solve their problems. A proper solution properly acquired, properly implemented, and properly used will go a long way to increasing supply chain visibility, enabling risk management and mitigation, and providing a solid foundation for supplier performance management, but the mere presence of such a solution in your supply management application suite is about as useful as a drill in the hands of a carpenter holding a nail.

You see, Supplier Information will never be restricted to the SIM system. Supplier information will always be present in the ERP system used for resource planning and manufacturing, the accounts payable system, the transactional procurement / procure-to-pay system, the sourcing suite, the contract management system, the risk management solution, the performance tracking and scorecard system, the sustainability / CSR solution, and other systems employed in your organizational back-office to manage the different supply management AND business functions. Supplier data is everywhere, and without a strategy, just shoving it into the SIM system won’t help.

In order to get a proper grip on supplier information, the organization needs a master data strategy that dictates the sub-records that define a supplier record and which system holds the master data for each sub-record. What do we mean by this? For example, the ERP may hold the core supplier identifier sub-record that defines the unique supplier number in your system, the supplier name, the supplier’s tax number, and your customer number in the eyes of the supplier and be the system of record for this information. The accounts payable system, referencing the supplier by it’s supplier number, may be the system of record for the headquarters address and payment address. The contract management system may be the system of record for the list of employees authorized to sign contracts on behalf of the supplier. The CSR system may be the system of record for the suppliers’ carbon rating, third party CSR rating, and your internal sustainability rating. And so on.

If this is the case, the SIM system, to truly be a SIM solution for your organization, needs to integrate with all of these systems and encode the proper rules to resolve data conflicts as required. Specifically, three things need to happen. First of all, whenever a system of record updates data, that data must be pulled into the system and overwrite the existing data. Secondly, anytime data is updated in the SIM system for which it is the system of record, that data must be pushed out to all systems that use it. Thirdly, and this part is sometimes overlooked, whenever data is updated in a system of record, the data not only needs to be pulled into the SIM system, but it then needs to be pushed out to any system that also uses that data. The SIM solution is the centre of a hub-and-spoke data architecture — all updates flow in, and all updates flow out.

This can only be properly accomplished with an appropriate Master Data Strategy. Don’t overlook it. Otherwise your SIM solution will turn out to be a Stuck In Muck solution. An SI is not kidding about this.

Make Sure Your Perishables Don’t Perish!

With natural disasters on the rise, and late frosts already minimizing or eliminating the crops that will be available in the fall, it’s more important than ever to minimize food waste throughout the supply chain.

Thus, SI would like to remind you of some important tips that can have a big impact on keeping your perishables from perishing!

  • Do not load produce at night.
    When it’s easy for insects and other pests to get in unnoticed. Not only can a family of spiders ruin the grapes, but they might be banned in the country you’re importing into, which would result in your truck getting stopped at the border and turned around.
  • Always home-source during harvest season.
    Unit prices might be higher, but shipping will be lower, and loss will be lower still as you won’t risk losing product in long shipments, which happens regularly when trucks break down and/or get held up at the border. Plus, many people will pay a slight premium for local produce.
  • Know the seasonality for key staples in every region, not just the ones you generally source from.
    This will make sure you’re always sourcing from the region with the most supply, which will help you to get you the lowest costs as you will be able to negotiate better unit prices and secure transportation in advance when prices are low.
  • If the perishables will be processed, re-optimize the processing network.
    If you’re going to can, freeze, or otherwise process the perishables into a less perishable product, do it as close to the source as possible, even if it means using new suppliers or investing in new manufacturing plants. These refined products, which are typically denser, and which may not even require refrigeration, will be much cheaper to ship and suffer a lesser risk of loss.
  • Have a plan to sell excess perishables once they reach their prime before they perish.
    50% off at the store is not always good enough, especially if they are marked down an hour before closing on a Tuesday night and will not be saleable tomorrow. For example, even overripe, tomatoes are still great for pastes and soups. You could have each store strike a deal with local restaurants that allow them to buy perishables at prime at a discount before they are unuseable, or, if you are socially responsible, setup a donation program with a local shelter or soup kitchen where the shelter can pick up perishing items each day before close before they perish (and take your cash with them). Done right, you could probably even get a charity tax write off (as long as the items were donated while still edible). You may consider these ideas beyond the scope of sourcing, but you shouldn’t when you consider that 1 in 7 people in the world are undernourished and almost 40% of food is wasted in North America. Fix this. You have the power.

GDPR: Record … Record … Record (Part XIII)

Today’s guest post is from Tony Bridger, an experienced provider of Procurement Consulting and Spend Analysis services across the Commonwealth (as well as a Lean Six Sigma Black Belt) who has been delivering value across continents for two decades. He is currently President of UK-based TrainingWorx Ltd, a provider of a wide range of Procurement and Analytic business training programs (inc. GDPR, spend analysis, project management, process improvement, etc.) and focussed short-term consulting solutions. Tony can be contacted at tony.bridger@data-trainingworx.co.uk.

On of the key failings of the EU legislation is the apparent lack of standard EU approved clauses. They will arrive – at some point. For now, many vendors both inside and external to the EU will need to manage as best they can. We have covered the main contractual relationships required between processors and controllers. However, in brief they are:

  • Controllers must only use processors which are able to guarantee that they will meet the requirements of the GDPR and protect the rights of data subjects.
  • Controllers must ensure that they put a contract in place which meets the requirements set out in the available guidance.
  • They must provide documented instructions for the processor to follow.
  • Controllers remain directly liable for compliance with all aspects of the GDPR, and for demonstrating that compliance. If this isn’t achieved, then they may be liable to pay damages in legal proceedings or be subject to fines or other penalties or corrective measures

One of the major contractual changes between Controller–Processor is going to be the need to keep processing records. Given the nature of the change, if the provider is outside of the European area, this would be an important contractual requirement. It is also an important record of activity if a breach or error occurs.

It seems logical that most companies in the data business would see keeping records of processing activity as a normal standard business practice. Not so it seems.

For analytics (or any procurement platform provider), it may well be worth keeping some form of record of processing activity — if this is not currently a part of operational management. This may cover elements like data refresh receipt, refresh activity, new report generation and any other activity that takes place on the data. Remember, it would make sense to have one processing record for every processing requirement made by a controller. What would this take? A simple spreadsheet entry in most cases.

This may seem onerous, but if suppliers are anonymising or removing data from the transactions records, the who, what, why, where and when of processing maintained in records will allow tracking and follow up of errors if a breach occurs. It is an overhead – but is the basis of managing data more carefully and being able to cope with an audit.
However, as we will explain in a later post, the bureaucracy of the EU knows no bounds. We will introduce the concept of the DPIA, (Data Protection Impact Assessment) shortly.

The DPIA is an interesting concept — quite what anyone would do with these assessments at Supervisory Bodies (given the likely volumes) has to be questionable.

However, prior to that, we have to cover the thorny subject of consents.

Thanks, Tony.

GDPR: STOP THE PRESSES! (PART XII)

Today’s guest post is from Tony Bridger, an experienced provider of Procurement Consulting and Spend Analysis services across the Commonwealth (as well as a Lean Six Sigma Black Belt) who has been delivering value across continents for two decades. He is currently President of UK-based TrainingWorx Ltd, a provider of a wide range of Procurement and Analytic business training programs (inc. GDPR, spend analysis, project management, process improvement, etc.) and focussed short-term consulting solutions. Tony can be contacted at tony.bridger@data-trainingworx.co.uk.

It had to happen. In fact, almost inevitable really.

Within a week of the GDPR being implemented, the news story broke.

‘Embarrassing’ leak shows EU falls short of own GDPR data law

Without access to the full article on the UK Daily Telegraph Premium, it is difficult to assess the details of the breaches.

However … the response from a Commission spokesperson suggested that:

The European Commission is not subject to the strict new data protection law that it has imposed across Europe”.

Well, no surprises there. Given no published EU Commission accounts and constantly changing legislation it does appear somewhat Orwellian.

Ironically, the approach that many EU member state governments have deployed specifically rules them out of breach fines. The Irish government being one. (Source)

There is some logic in this approach.

It makes little or no sense to fine public bodies –- after all, they will pay the fine, reach a point in the annual budgeting cycle where they have a significant deficit –- and be topped up by central government. Take funding from one hand, pass it back with the other.

The United Kingdom has chosen not to follow this option — yet. However, one could predict that it will not take long for prosecutions to occur given government departments track record of personal date and cyber security breaches (within the National Health Service for example).

Not much of a deterrent and a massive public cost to prosecute and collect a revolving door fine.

Like much legislation the EU creates, it is clumsy, lacks detail and confusing. But it’s the law.

Taking a far more cynical approach, the GDPR appears to be legislation that is a Tax Collectors dream ticket.

There is the pretence of “protecting the rights and freedoms of EU citizens” –- whereas the reality is that it is a foolproof way of collecting what is essentially a data-tax from businesses for breaches.

A classic case of a cast iron fist in a velvet glove.

Will post more if the story evolves.

Thanks, Tony!