Category Archives: Risk Management

7 Secrets to Creating Supply Risk Management Leverage – and 3 More You Might Need

A recent pro-piece on “7 Secrets to Creating Supply Management Leverage” over on Spend Matters Pro [membership required] by the prophet and the maverick highlighted 7 strategies that an organization can be successful in risk management in the light of recent events that include, but are not limited to: the Hanjin Shipping bankruptcy, the Zika Virus, and the East Coast Oil disruptions.

The first three are a must.

1) You must aggregate your data.

No performance improvement, in or out of risk management, can happen without data and the process and performance visibility it brings. For more insight, and tips, into this, see the pro piece.

2) You must standardize your processes through collaborative means.

You can’t take a mish-mash random approach to risk identification and management — it must be coherent, cohesive, and collaborative. Otherwise, for every risk you prevent, two will slip past undetected.

3) Tuning — and minimizing — false positives and false negatives.

False positives are common, and the real risk is the false negatives, right? Wrong. False negatives pose a big risk, but for many companies, false negatives pose a bigger risk because, in order to minimize the possibility of false negatives, the organization will tune the system to let as many weak possibilities slip through in order to make sure no significant risks escape. However, in doing so, what will inevitably happen is that the number of false positives will increase significantly. You might be thinking, so what? Quick review eliminates them. Well, it does, but, over time, the risk reviewers become numb to, and tired of, the false positives and slowly, but surely, turn up the thresholds. Eventually they are raised so high that the false negatives increase and big risks slip in.

The next 4 are important, and most organizations will need to do at least 2 of them, and you can read the prophet and the maverick‘s piece on 7 Secrets to Creating Supply Management Leverage for more details, but here are a few you might also need.

8) Payment and Receipt Monitoring

Supply disruption in critical parts and goods is one of the worst supply chain disasters an organization can experience because an inability to sell the primary product line will result in a significant drop in revenue. Supply disruptions happen for a number of reasons, some of which are preventable (like not ordering from a supplier about to go bankrupt), some of which are not (like a natural disaster).

The best way to detect an issue is in delivery and invoicing monitoring. A supplier that is on hard financial times will submit invoices extremely promptly, follow-up quickly, re-submit on or before the deadline, and often take less than desireable early payment discounts. If they are at the point where they can’t even afford to get the credit to buy the goods and labour they need to make and ship your products, shipments will start to be late. Or maybe quality levels will drop and reject rates will rise. All of this can be detected early on with good internal data monitoring.

9) Impact Event Definition and Real-Time News Monitoring

Once your data is aggregated, and your supply chain mapped, you not only know your sole source suppliers (that need to be duplicated), but you also know your choke-points (where any number of events could impact your supply chain) and primary supply regions. (Just because you’re buying American doesn’t mean 80% of the raw materials aren’t coming from China!) You can easily define these regions, and the most likely supply chain impacts (port strikes, natural disasters, etc.) and then set up news and event monitoring to alert you to any event that could potentially impact your supply (including events that would impact two levels down the supply chain, which would cause a ripple event up). Now, its true that these are only so accurate and you might get a lot of false positives, but its better to quickly eliminate a few dozen false positives and get real time visibility into a critical component supply shortage in three months then find out there is no available supply left when a delivery date is missed.

X) Supplier Development

Let’s face it, the 7 steps in the prophet and the maverick‘s pro piece and the 2 steps above are good, but the best risk management you can do is instill the same commitment to risk monitoring, management, and prevention into your supply base (who will also do their best to push it down). A+ risk management can only do so much if your suppliers are C+ students at best.

One Key Question to Ask When Selecting a Multi-Criteria Supplier Sustainability Monitoring Solution

In our last post on Key Questions When Selecting a Multi-Criteria Supplier Sustainability Monitoring Solution, we noted that not only can supply risk management not be siloed, but in order for it to be successful, it must be centralized through a CoE that puts together policies and procedures that not only ensure that

  • every supplier is covered
  • on all relevant dimensions
  • but not on irrelevant dimensions
  • without any duplication of effort

but also ensure that

    • there are no false positives in the risk assessment and
    • there are no false negatives

In order to effectively implement this holistic approach, an organization will require a good multi-criteria supplier and sustainability risk monitoring solution that can proactively monitor, assess, and re-asses supplier sustainability and risk using data from dozens, if not hundreds, of disparate sources that paint a comprehensive picture of supplier sustainability.

But not every platform will make the cut. Definitely not all will meet the integration requirements, which is one key requirement of a good platform. More specifically, ethics, corporate social responsibility, and sustainability information is vital information that can and should be used in many different supply management platforms such as e-Sourcing, e-Procurement, CLM, SRM and other platforms that support a wide variety of supply management processes and workflows. As such, this integration should be trivial and for major supply management platforms, almost “out-of-the-box”. Moreover, in some organizations, this information also needs to be available to other departments that, and no surprise here, are reliant on different platforms and responsible for smaller or indirect spends not (fully) under the control of Procurement. As such, the platform needs a well defined, and easy to use, API that can allow the data to be pulled out for any platform that needs it, and that allows any proprietary or limited access data the organization has access to on the supplier’s sustainability and risk profile to be pushed into the system. Why?

For more complete details on this requirement, as well as key questions to ask when evaluating a multi-criteria supplier sustainability monitoring solution, check out Sourcing Innovation’s latest white paper on 5 Essential Criteria for Selecting a Supplier Sustainability & Risk Monitoring Solution, sponsored by Ecovadis, that will help you understand just what a good sustainability and risk monitoring solution needs to do.

Only an Optimization-Backed Sourcing Platform will Answer a Buyer’s SOS


We all know the importance of a good Sourcing Platform to power our Procurement Value Engine. But even after multiple posts (on Sourcing Innovation) and (white) papers on the topic, one still might not be convinced that an optimization-backed sourcing platform is truly necessary. If the organization is still getting reasonably good results from its (last-generation) sourcing suite, has a large number of templates, workflows, and processes configured for its key/strategic categories, and has a consultancy/service provider that handles its tougher events (and they use an optimization-powered platform for those few really complex or high-dollar categories), it might think that everything is fine. And the reality is that everything is fine … until it isn’t!
from How Optimization-Backed Sourcing Platforms Save Our Souls . . . Or At Least Our Backsides


One has to understand that disruptions don’t only occur in the supply chain after the contract is signed, they occur during the sourcing process, and a significant disruption can result in an evergreen contract renewing at above market prices (which is bad) or a contract expiring and the organization left with insufficient inventory and no source of supply in a tight market (which is worse). And even if the disruption doesn’t result in an evergreen renewal or a (costly) inventory stock-out (that shuts down a production line), it can still result in increased costs, increased risks, and missed opportunities.

Sourcing events need to go smoothly, but in a typical sourcing platform, as may of you know, that’s not always the case. Sometimes suppliers change the rules, and sometimes the rules just change, and everything, as they say, quickly goes to hell in a handbasket.

For example, all of a sudden at the 11th hour, a fire happens or a border closes, and a supplier offers you a backup location, or pulls out, and you need to bring in a supplier at a new location. Your transportation bids are useless, your risk profile is unuseably skewed, and maybe even your whole event setup is useless, and you have to start over. And this is just one of a dozen scenarios that can flip an average buyer’s world upside down with an average sourcing platform.

But if you had a flexible optimization-backed sourcing platform, instead of going back to square one, you’d just keep on truckin’ with an optimization-backed sourcing platform as they are designed, from the gorund up, to support dynamic, complex, cost models, dozens of what-if scenarios, and ever changing real-world requirements and made for change.

A factory and associated lanes disappears, no problem, it is just removed from the model with a single click. A new one is added? No problem, define the associated end points, the lanes are automatically populated, and a partial bid survey can be resent to all incumbent suppliers for revised bids. These are then loaded into the model, amalgamated with current bids, and the model is solved. No starting from scratch, creating new RFPs, creating a new model structure, etc. Just a few simple changes, a few new bids, and everything keeps on going like nothing ever happened.

And this is only one way optimization-backed sourcing platforms save a buyer’s behind. For more, check out the doctor‘s latest paper on How Optimization-Backed Sourcing Platforms Save Our Souls . . . Or At Least Our Backsides, sponsored by Trade Extensions, and realize that if you don’t have one, you need a proper sourcing platform today.

Environmental Sustentation 22: Natural EMPs

In our post on environmental damnation 22, natural EMPs, we noted that EMPs, short for electromagnetic pulses, which are short, typically intense, bursts of electromagnetic energy that are generally disruptive, if not damaging, to electrical and electronic equipment, are a huge overlooked supply chain damnation because today’s information driven supply chains run on communication systems that control the chains, as well as the finances that pay for them. A single well-placed burst can take out an entire data centre, and if your organization is not setup in a distributed infrastructure with distributed off-site backups, your entire operation will come to a screeching halt — indefinitely!

No one thinks about this because people believe that the only real concern is EMP weapons, but these are only possessed by a few military operations that are unlikely to ever use them as they could destroy their equipment at the same time, but this is not true. Natural EMPs, which cannot be predicted and cannot be stopped, can do just as much damage and are much more likely to fry your equipment and bring down your supply chain than a rogue attack by a terrorist group that happened to get their hands on an EMP.

As per our damnation post, whether you realize it or not, there are a number of natural events that cause natural EMPs including, but not limited to:

  • lightning,
  • solar flares, and
  • earthquakes and volcanoes.

There is typically warning of the potential of each of these events, as well as the area and the likelihood, but the warning could be brief and the ability to prevent nonexistent, so any warning is likely to be too late.

So what can an organization do to protect against this damnation?

First of all, it can make sure that critical equipment is shielded, and located in shielded rooms. Low power EMPs will then not be much of a threat to that equipment.

Second of all, it can install equipment to divert as much of the pulse as possible. For example, a well placed lightening rod can divert lightening, and any EMP that might accompany it.

Thirdly, it can make sure it has a distributed infrastructure with real-time failover and distributed, real-time incremental back-up. Then, an EMP that takes out part of the IT operation in one locale will not take down the entire information (and financial) chain.

It’s not much, but it is enough. And at the same time, the organization also protects against fire, flood, and the FBI (raid) destroying a critical data centre.

Playing With Fire: Hidden Risks Lurking in Your Supply Chain

Modern supply chains are fraught with risk that can result in volatility and increased operational costs, large and sometimes devastating losses, and long term damage to the corporate reputation. These risks can be organized into four major categories, but non-compliance risks alone, the first category, should be more than enough to scare you.

Of the four major categories of risk, the costs of non-compliance risk is often the easiest to quantify, and the corresponding price tag of regulatory violations alone can be enough to halt a supply chain in its tracks as the bank account is bled dry.

Corresponding costs can range from the $3.0M, $3.19M, and $4.95M fines from the recent settlements by Washakie Renewable Energy, ExxonMobil, and Noble Energy for violations of the energy policy, clean water, and clean air acts, respectively through the 13.2M settlement by Lumber Liquidators for violating the Lacey Act to the $81.6M in fines that Wal-Mart had to pay in 2013 for the mishandling of products that became damaged or were returned and became hazardous waste, of which $60M was a result of violations to the Clean Water Act and $14M was a result of Federal Insecticide, Fungicide and Rodenticide (FIFRA) violations.

But environmental acts aren’t the only acts that can result in large fines. There are also worker’s rights acts, where even simple filing errors can cost over 1M, as Abercrombie & Fitch found out when they were fined $1,047,110 for numerous technology-related deficiencies in the company’s electronic I-9 system.

And while most violations of worker’s rights law or filing requirements are rather small, the violations could increase now that anti human-trafficking and modern slavery laws are popping up that can hold your organization responsible for any violation of these laws anywhere in your supply chain, even if the infraction is caused by the supplier to the supplier of your supplier.

But these fines will still likely dwarf the fines being levied by the US Department of Justice for violations of the FCPA – Foreign Corrupt Practices Act. In 2014, the average fine for a violation was $156.6 Million, and this included a $772 Million penalty to Alstom, the second largest penalty in history.

But this is just one set of risks with an associated cost that can bleed the bank account dry and effectively cripple a global supply chain. If you would like to know what the others are, watch for Sourcing Innovation’s latest paper on Playing With Fire — 4 Hidden Risks Lurking in Your Supply Chain (coming soon), sponsored by Ecovadis.