Category Archives: Procurement Damnation

Economic Damnation 04: Gen X, Gen Y, and Gen Z

Why are:

  • Generation X, the generation born between the early 1960s and the early 1980s,
  • Generation Y, the generation born between the early 1980s and the early 2000s, and the
  • Generation Z, the generation born between the early 2000s and the present day

An economic damnation? As will be discussed in detail in societal damnation 50 on talent, talent is required to keep your supply chains moving. People are required to enter the data to keep the information chain moving, to move the money to keep the financial chain moving, and to move the goods that keep the physical chain moving.

The majority of this talent is a workforce between the ages of 20 and 55, who will have been born between 1960 and 1995, and will thus be primarily composed of Generation X and the Generation Y Millennials, and as Generation X begins to retire en-masse, Generation Z will begin to enter the workforce in a few more years.

As a result, not only is talent a damnation, but it’s a damnation that comes in three different flavours.

Generation X

Generation X wants stability. They are at least half way through their career, if not nearing the end, and they are looking for their last (long-term) full-time gig that will give them fair pay, a great pension / 401 K / RRSP, flexible hours to help manage their children’s, or grandchildren’s, schedules, time-off to help good causes and volunteer in the community, good healthcare and wellness programs (as they aren’t getting any younger), and career development — as they have been out of school for (quite) a while and need help keeping up with new skills and work requirements.

Generation Y

They are looking for unique opportunities (such as overseas assignments, travel-intensive positions, or opportunities to work with cutting edge technology or developments, even if they might not succeed), work-life balance (as they are very active), social responsibility (as they care about working for an employer that cares about the environment and humanity beyond their local community more than previous generations), modern technology (as they grew up with technology), and mentoring (as they want to learn how to succeed and thrive in the real-world).

Generation Z

The beginnings of generation Z are just beginning high-school. And whereas Generation Y grew up in the information age, where technology was becoming more ubiquitous by the day, Generation Z grew up in the communication age where not only was technology becoming ubiquitous, but communication technology was becoming ubiquitous and just about every Gen Z is growing up with a smartphone where they can call, text, and e-mail 24/7. While we don’t know what they will want from a job perspective, we do know that they will want to be connected to their friends and colleagues 24/7 so any company that has not entered the communication age will not be able to recruit this coming generation.

In other words, every generation wants something different from the workplace and gone are the days when all it took to get an employee was job security, a fair pay check and some health benefits. Today, that’s the entrance fee to join the employer’s club. If you want talent, that costs more. Much more.

Provider Damnation 66: Tier 1 Suppliers

Suppliers. Some days you can’t deal with them but you cannot survive without them. You’re in business to serve customers, who want the products your organization sells, but which your organization can only provide if your tier 1 suppliers manufacture those products you need, to the customer’s specifications. And that’s the kicker.

No suppliers, no products.

You absolutely need suppliers, even if you are a pure services agency because you still need products (be it laptops, janitorial suppliers, or even paper for reports) to deliver services. There is no such thing as a fully integrated self-sustaining business that is self-contained all the way back to the mining or harvesting of the raw materials, the production of the energy required to process them, the pumping of the water required, and so on. So you need suppliers. Lots of them. Sometimes thousands of them. And trying to manage that many suppliers, even with a best of breed SRM system, is a nightmare on a daily basis, because, if things go wrong

Once you have a contract, barring catastrophic supplier failure, you’re locked in.

A contract locks you in until an exit clause is hit, which, in an average contract in an average organization, typically is only invokeable when a supplier fails to deliver a significant portion of the contracted goods after a significant amount of time has passed (and your organization has been stocked out for weeks and lost millions of dollars), the quality gets abysmal and the warranty return rate hits the double digits, they violate a federal safety or import regulation, or they commit a crime — assuming you have a well drafted contract.

This means that, if they’re always a few weeks late, running up costs with unnecessary expedited shipments, tacking on fuel surcharges, or slacking on quality and continually shipping orders with DOA rates just within limits, there’s nothing you can do about it. You can employ the best SRM techniques up your sleeve, but if they refuse to respond, until the contract is fulfilled and you can kick them to the curb, they’re your problem because your customers are yours to satisfy, not your supplier. Moreover, if you can’t break the contract, you can’t even shift demand to another supplier temporarily until a force majeure event occurs when they are allowed to claim inability to fulfill you orders until the event is over but

When force majeure hits, you may not be able to respond fast enough.

If it’s a custom product, it’s impossible to just go back to the runner-up in the sourcing event, award them a short-term contract (with the promise of an extension in the future when you kick your current supplier to the curb), and expect them to start production the next day. Even if, after being turned away, they say yes, and even if they say yes quickly, and even if they have capacity opening up, it takes time to retool a production line and get the engineers up to speed on a new product design. It’s going to be weeks, at the minimum, before you see the first unit.

But if you don’t find a temporary supplier, your solvency is in danger.

Cash-flow is the life-blood of the business, and without a product, it’s no sale, and no sale, no store. A company that does not sell does not survive long.

A poor supplier that locked you in to a three-year contract before you found out that they were a poor supplier (that just marginally met the minimums necessary to prevent you from cancelling the contract without a huge penalty that the organization is not likely able to afford) is a damnation of the worst kind. Fortunately there aren’t many suppliers like this because even one is way too many.

Technological Damnation 87: OLAP

OLAP, short for on-line analytical processing, is a great thing, right? It is at the foundation of reporting tools like Business Objects and Cognos, that, when they were released, gave users unparalleled insights into raw data compared to the rather static reports they were used to. It was revolutionary. And that’s the kicker. It WAS.

Now, it’s old technology and, to make matters worse, there is still the widespread misconception that it is the right tool for Spend Analysis. As SI has addressed many times, often with the help of the Spend Master (and there is only one), nothing could be further from the truth. This post will summarize just a few of the reasons this damnation continues to savage us, and will likely continue to do so for some time.


OLAP has no real-time capability

On-line analytical processing is just a fancy term for pre-computing a large number of intermediate and final totals against a roll-up models so that, when a user logs in to a system, not only can they see a report, but drill down into each line item to pre-defined subtotals according to a fixed hierarchy. For example, they can click on total sales and then drill down into sales by region and then sales by country and then sales by state/province. However, if the model is ordered by geography, but the user wants by department and then by geography, unless there is another report where those totals have been pre-calculated, the user is out of luck.


… and ROLAP doesn’t count!

In OLAP, the roll-ups are pre-computed off-line at regular, pre-scheduled intervals. In ROLAP, the system will rebuild the hierarchical roll-up on the fly — but if the roll-up takes an hour to generate, who cares whether the user initiates or a system script initiates. It still takes too damn long.


OLAP requires a rigid data model

Not only does OLAP require a rigid definition of the roll-ups being done against a rigid hierarchy, but that rigid hierarchy requires a rigid data model to work against. One model, with one hierarchy per OLAP report. Multiple reports, multiple hierarchies — but only to the extent supported by the underlying data model. If the data is missing or not fine-grained enough for the OLAP data processor, OLAP just will not work.


And that just doesn’t work for spend analysis.

As SI has indicated dozens upon dozens of times over the years, spend analysis requires flexibility — the ability to redefine roll ups, drill-downs, and underlying data models to support the analysis the analyst needs to do — not the analysis a vendor thinks that the analyst needs to do.


OLAP requires a lot more server memory than an average organization can afford

Today it’s all about big data and big data is huge. This means that summaries are huge compared to simple static reports, especially OLAP roll up summaries. One detailed multi-level roll-up summary with one drill down report on terabytes of data can take over a hundred gigabytes and max out memory on an average server — but an organization will need dozens of such drill downs to even come anywhere in the vicinity to meeting its analysts’ needs, and a server with terabytes of (D)RAM. We are beyond server territory into mini super computer territory, and mini super computers come with price tags that start (well) over half a million.

There are alternatives to (R)OLAP that can actually do real-time analysis and reporting on tens of millions of records on an average high-end multi-core laptop, but given that these systems are still the exception, and not the norm, this damnation is going to be with us for decades.

Technological Damnation 92: Data Loss

It is the information age and data is the life blood of the company and the supply chain. The financial chain is controlled by data. The physical flow of goods is dictated by data. People communicate electronically through data packets. It’s all data. And losing that data is a damnation. Not just because data is lost, but because:


Lost Intellectual Property data is a loss of competitive advantage

Sometimes the only edge a company has is it’s intellectual property that it can use to create a slightly better product, do better in a foreign market, or lower its costs enough to undersell the competition when its products are no better. If that gets stolen, and one or more competitors get their hands on it, the advantage is gone and all of a sudden the product is no better, the edge in the foreign market is lost, and there is no cost advantage to exploit in the end product.


Intrusions that result in lost or stolen data are hard to trace

If your systems or networks get hacked, and your data is stolen, good luck figuring out who got your data, because chances are that not only will you not be able to figure out who hacked you, but you will not even be able to figure out where the hack came from. Right now, there are free hacking toolkits for every major OS on the deep web that can bounce packets off of dozens of anonymous proxy servers, fake TCP/IP headers, and exploit dozens upon dozens of security holes that can be launched successfully against the average system by budding script kiddies — so imagine what real black-hats can do if this is what they give away for free. Do you know how many zero-day exploits are in your systems? They do!


Even if the intrusions are traced, loss is hard to recover

Let’s say you are able to afford, and hire, the best white-hat trackers from the top security firms on the planet and they trace the hack to, let’s say, a rogue hacker in China or Russia. Do you think you’re going to recover anything? Nope. And even if you can trace the hack to your country or a country that you operate in, do you think suing a hacker who got an untraceable payment to a Swiss or Cayman Islands account is going to net you anything? No way!


Data loss prevention requires very powerful, expensive, digital vaults

The only protection your organization has is to install the best systems with the best encryption configured by real security pros. This is not easy to do. Considering that most web sites are full of security holes that are easily uncovered by open source products like PortSwigger’s Burp Scanner, imagine how hard it is to properly secure a database, an ERP, an OS, and the communication lines between them. So not only do you have to buy a top of the line system with embedded security, but then you have to find a real security expert to properly configure and harden the system — who is extremely pricey if you manage to find that person.


And loads of security training, awareness, review, and enforcement.

The majority of data thefts are not the result of hacks, but the result of disgruntled employees with access or social engineering. That’s why you need good policies, training, and enforcement. An admin should not grant carte-blanche access to data in a system to an employee who does not need it just because it’s too hard to set up the roles based security, even if the employee is happy and trust-worthy. Chances are that security will never be reviewed and if, in two years, the employee gets disgruntled or falls on hard times, that’s an exploit waiting to happen.

But the biggest risk is the average employee who writes her password on a post it inside her drawer, a receptionist who does a system test when asked over the phone, or an office admin who grants a workman access to the server room because they look like they should be there. The most common way a hacker gets access to your system is by posing as the janitorial staff who gets to go into every cubicle to empty garbage (and check desks for password post-it notes), as the vendor rep who wants to test the server connection (and has the rep go to a site that looks like the vendor portal admin screen and login for a speed / reliability test when all it does is capture the authentication data before passing through to a real site), or by dressing up as an IT shop employee there to fix the server — because once you’re on the live system, you can suck all the admin codes you want for a remote access later. Poor security practices opens holes bigger than the Vredefort crater.

And the average person does not understand this, even after repeated instructions and explanations as to why writing the password down is dangerous. So this damnation will be with us for quite some time.

Technological Damnation 78: e-Privacy

Privacy is a good thing, and e-Privacy is a better thing, but that doesn’t mean it’s not an eternal damnation to Procurement. Why?

Customers are always demanding more privacy rights.

Including rights that they do not have in the off-line world. While you definitely should not post online that they shop at your location, they some consumers don’t even want you to keep records that they do. But in the real world, you can keep your security feeds, that show them, your physical credit card receipts for at least seven years, that show they shopped their, and the associated transaction receipts, that shows what they bought. But as soon as you store that data in a system, aggregate it, and use it to build a loyalty program and target appropriate rewards (even if you do so in a private way and don’t share the data with anyone), you’re trying to invade their privacy rights. So you have to be extra careful in Procurement that any systems you source have the highest safeguards and are only going to be used for legal, responsible uses.

Oversight requirements are increasing as regulatory acts are multiplying.

As more and more consumers demand their e-Privacy rights, and as more and more data breaches happen as a result of lax (or nonexistent) security, more and more regulations are being proposed and passed. There are so many provincial and federal acts addressing e-Privacy across finance, health-care, and technology that it’s dizzying. It’s impossible to keep up, and when something is missed, Procurement, who will be made responsible for Procuring the technological systems needed by the organization and the third party services providers to help with proper configuration, will be the organization given the blame.

The technological sophistication required to achieve an acceptable level of security and privacy safeguards is through the roof.

It’s not just buying a new database with built in 256-bit encryption, it’s getting all of the data into the database, making sure the data is encrypted on the way in, making sure it goes through a secure, encrypted channel from the port from the old database to the new database, and making sure the new database is appropriately configured and locked down to only authorized access through only authorized channels. This configuration is not easy, given the complexity of today’s encryption technology, the complexity of the tools that need to be encrypted, the arsenal of freely available hacking tools on the deep web, and the average security and third party systems knowledge of an average system administrator. Procurement has to first identify true security experts with experience security the systems and software that need to be secured, source a firm, vet the experts presented, and ensure that the person who shows up is the person who is actually the person whom they are expecting. A tall order for an organization typically tasked with sourcing products to keep production and operations going.

Consumer fear combined with the a lack of technological understanding of the underlying security requirements makes this a difficult damnation to tackle, but one that is only going to get more relevant and immediate as time goes on.