Category Archives: Risk Management

What Impact Will Power Politics Have on the Sustainable Acquisition of Raw Materials?

the doctor doesn’t know, but it’s a question we need to ask, and answer, before politicians run away with an agenda that maximizes their bank account while simultaneously maximizing economic and environmental damage.

In September, JPMorgan Chase CEO Jamie Dimon stated that geopolitics is the world’s biggest risk and, more specifically, that we have dealt with inflation before, we dealt with deficits before, we have dealt with recessions before, and we haven’t really seen something like this pretty much since World War II. And while he didn’t mention power politics in particular, we’ve seen a lot of first world countries elect leaders with protectionist/centrist viewpoints, a directorial demeanor, and anti- free-trade stances.

Due to a loss of jobs, a loss of manufacturing, and a lack of reliability of supply, we’ve seen a lot of pushback on China (which is a major global source of many raw materials, and rare-earths in particular) while India is gaining ground in the BRICS (thanks to the anti-Russian Sentiment among those Pro-Ukraine and the instability of the Brazilian economy along with the China pushback), the United States implementing Buy American policies, the EU taxing anything they are sanctioning or trying to enforce “Buy EU” policies on, and the UK making decisions since (and including) Brexit that no one understands.

Now, we should all be buying local to the extent possible (which might be the local farm, the state farm, or the farm one country south if ours is too cold to grow the produce we need; and, similarly, a factory in the country or a neighbouring one), when it comes to certain raw materials, especially rare earths and metals for which we do not have (more sustainable) alternatives, one doesn’t always have a choice. And the reality is that, for a given country, only one country will have the most sustainable source of rare earth and/or metal supply when you take into account the mining operation, the processing operation, and global shipping. And if protectionist/centrist/trade policies prevent purchasing from that country, and the next two or three most sustainable (and/or most economical if your company is in/selling primarily to a developing country and you can only afford so many sources), the alternatives are not good.

So while it’s hard to quantify what the current era or power politics will have on the sustainable acquisition of raw materials and (precious) metals, it’s a question your organization needs to answer if you rely on such, and take steps to inform your local lobbying organizations to make sure that critical, sustainable, sources of supply are not blocked until alternatives are developed (especially if your organization needs to hit carbon [reduction] targets).

And if you don’t think this is an important topic, then why did Dr. Naoise McDonagh, a Lecturer at Edith Cowan University and a former Board Member of the Australian Institute of International Affairs, recently publish an article in the interpreter (published by the Lowy Institute) on why Australia must play the geoeconomics game, or risk being side-lined.

Dr. McDonagh believes that acts such as the US’ IRA (Inflation Reduction Act) or the EU’s Critical Raw Materials Regulation, designed to drive growth in a particular industry (and, in particular, North American or EU-based EV supply chains) will act as a vast black hole sucking global capital from other destinations operating on purely comparative advantage terms which includes Australia.

Dr. McDonagh argues that these acts, and similar measures being implemented globally, are part of a geopolitical transition that is creating a two-level world economy: a standard economy with normal market access and a de-risked economy with restricted access for actors of concern. And since the types of restricted access we are seeing typically revolve around rare earths and metals, this means that we need to ask the question we asked in the title: What Impact Will Power Politics Have on the Sustainable Acquisition of Raw Materials?

the doctor doesn’t think the answer is obvious, and definitely doesn’t agree that Dr. McDonagh’s insistence that the answer for Austrailia is the 10-year Australian Renewable Industry Package because the doctor believes the question is more nuanced than anyone currently understands. However, the doctor does agree with Dr. McDonagh’s reading of the situation and that power politics is quickly becoming one of the most significant risks to your supply chain, which is even more unpredictable than strikes and natural disasters.

If you have a partial answer, comment on LinkedIn. We need them before bad decisions are made for us.

Source-to-Pay+: An Introduction to Supply Chain Risk

If you missed the risk series, you might want to catch up. Risk doesn’t just stem from your immediate inbound tier 1 suppliers, it stems from your entire inbound supply chain. Your Supplier “Risk” Management solution only gives you a partial picture at best. Find out what you need to get the rest!

1: The Beginning
2: End-to-End
3: Corporate Risk
4a: Third Party Risk, Part 1
4b: Third Party Risk, Part 2
5: Supply Chain Risk, Generic
6: In-Transport Risk
7: Multi-Tier Supply Chain Risk
8: Analytics / Control Center
9: Cyber Risk

If You Need to Bring The Hammer Down, Make Sure You Have An Anvil (Analytical)!

On New Year’s Day, 2022, Anvil Analytical (Anvil) was spun out of 4C Associates to bring a stand-alone spend-analysis technology solution to the market, based on the solution that 4C had developed over the course of a decade or so. (4C was founded back in 2000 to help companies with their Supply Chain and Procurement operations, and that required a deep understanding of the supply base and spend, and that required the ability to dig deep into the organizational spend.)

However, while the solution revolves around their service-oriented spend analytics solution (which can include a contract-focussed spend analytics module), Anvil Analytical also offers a Scope-3 Carbon Tracking, a country-based Risk Intelligence, a Market & Inflation Intelligence solution, and a Project Management (Savings Tracking) module.

When we say service-oriented spend analytics solution, we mean it’s a hybrid service/DIY solution. Anvil handles the data loads and refreshes, the validations, the mappings to your chosen taxonomy (which also maps to their internal taxonomy, more on this later), the initial implementation of the system, new report (dashboard) creation and customization (a certain number of hours for this are included in the annual subscription), and monthly/quarterly check-ins and advisory. (Depending on the client’s typical refresh interval and assessment cadence.) The client does regular monitoring, analysis, project identification and creation, savings tracking, and what-if analysis on market/inflation/project trends to identify new projects that the client wants to undertake. It’s designed for a Procurement department that is sophisticated enough to understand the power of spend analytics and use a modern tool to extract the insights it needs, but doesn’t have the manpower to do a lot of deep analysis work and/or any real data analysts on staff and wants help with the heavy lifting.

Implementation

Depending on the organization size and maturity, the initial implementation and setup will take anywhere from 2 weeks to 4 months from the kick-off meeting. The first step is for the client to provide the Anvil team with data exports for the previous years [they need at least 2 years, or the year-on-year analysis won’t work, for example] from all relevant systems (ERP/AP/I2P). Anvil then manually processes subsets of these to create training sets and verification sets for its traditional AI-classification engine, trains the models, runs the verification sets, corrects the model, repeats until high accuracy, and then runs the full data set. At this point, the client is engaged, remaining errors corrected, the model retrained, and then the system is delivered. Simultaneous to the training process, they work with the client to identify any special reports or customizations the client wants to the primary reports and dashboards and build them simultaneously. Once the system is rolled out, they do an initial training session, review the primary analysis and identify initial areas for analysis, set up the support processes and methodology for the regular (incremental) data updates, and determine the goals of the monthly/quarterly cadence meetings and future training sessions. Every cadence meeting will review the results of the last update(s), identify new suppliers, and identify new analysis of interest.

With respect to validation and cleansing, they will establish data standards and formats and ensure all data adhere to them, normalize and identify suppliers against their database (or a third party database if you have a subscription to one where they have, or can develop, an API) which has almost a million suppliers, validate key pieces of supplier information (such as tax and registration ids), and fill in key missing data elements if they have it (or identify missing data that needs to be collected).

Spend Analytics

Spend analytics revolves around Materiality, Growth, Fragmentation, and Churn. Materiality, defined as a measure of both the scale of your spend and how easy it may be to access, is all about understanding the category spend breakdown, where the most spend, and possibly the most opportunity, is. Growth identifies which categories are the fastest growing (or fastest shrinking) in terms of your spend, and helps you identify where you may need more contracts, monitoring, control, or even (key) supplier development to reduce spend. Fragmentation, which measures how fragmented your spend is in each category compared to the average fragmentation that has been identified through thousand of engagements undertaken by 4C and Anvil Analytical, helps you identify [with color coding that show 50%, 75%, and 90% thresholds] where there is likely significant opportunity through consolidation (or significant opportunity to reduce risk if fragmentation is too low). Churn measures how much spend is being gobbled up by new suppliers in a category and helps you identify where you may need to introduce competition or innovation to keep costs down. This is summarized on one of the primary dashboards included in spend analysis – Deep Dives. Each of these area can be drilled into. For example, drilling into a materiality category from the main deep dive dashboard will give you your overall category spend, supplier count, high materiality supplier count, medium materiality supplier count, spend per business unit, spend per country, supplier spend per business unit, and so on. (And from here you can dive into just the higher materiality suppliers, or just one, and get the relevant insight.)

Like every other spend analysis tool, the entry point is the Summary Dashboard that summarizes your spend, on contract (if you have the contract [sub] module), supplier count, on PO, invoice count, average payment time, consolidation percentage, on-time payment, spend by L1 (top level of the) category (hierarchy), by business unit, by country, overall spend growth summary, and top X suppliers. Each of these can be drilled into for more detail. There’s also an insights dashboard that will give you, for a category, the materiality rating, growth rating, fragmentation rating, churn rating, and opportunity rating. Key insights and observations across each area (based on insights from Anvil’s market-intelligence modules, anonymized recent 4C project results or recent 4C insights, or market partners) are also included, as well as a breakdown by country, the likely chance of success against the main procurement levers (compete, consolidate, demand, or collaborate), and a Pareto analysis. It also highlights the top 5 opportunities based on spend and likely savings potential (based on market intelligence and/or a variance analysis), supplier growth by threshold, inflation impact, and index sensitivity. Finally, you can drill down to line level transactions if needed, or search for, and bring up, summary reports on any supplier in the system.

Contract Analytics

We’ll cover contract analytics next as it builds on spend analytics. In the Anvil platform, contract analytics is another set of dashboards that works off of contract metadata, which would be loaded during implementation and then updated in the regular refreshes. (Note that if you happen to be using one of their partner contract management solutions, they already have pre-built APIs and the loading of this data will take minutes. If your CLM has an API for metadata, they can build an extraction facility to extract that data as a service, and if not, they can work with flat-files as they do with spend.)

Contract Analytics is essentially another (set of) dashboard(s) and reports but focussed on breaking down spend by contract. The main dashboard will breakdown spend by on-contract vs. off contract, % category spend > XK (default 250K) on contract, suppliers on contract, expiring in the short term (3 to 9 months, for e.g.), contracts by business unit, and suppliers with > xK (default 250K) spend with no contract. Other relevant measures can be easily defined on implementation and, of course, all summaries can be drilled down to the line level. Since it’s essentially just another dimension of spend, we’ll conclude our high-level summary of it here.

Carbon Management

The Anvil Carbon Management platform was designed to help a company assess the scope 3 emissions of the goods and services they buy, segment the supply base as needed to support the different engagement approaches needed to maximize reach and results, support decisions when scores for tenders are carbon-adjusted, and determine B-corp accreditation based on carbon-based market ability.

The main entry point to the Carbon Management module is the Carbon Baseline Dashboard that allows you to drill into the spend carbon baseline, quantity carbon baseline, carbon insights, and carbon project tracker. The spend carbon baseline will give you your spend-based carbon footprint, your supplier count, and invoice count. It will break it down by Level 1 Category, Level 2 Category, and Level 3 Category. It will give it to you by supplier, by country, by business unit, and display the monthly totals relative to the supplier count. The supplier spend vs. carbon footprint breakdown can be particularly insightful when you find out that your top supplier with 5% of your spend only contributes 1% of your carbon footprint while your 11th place supplier (not included in the Top 10 report) that only accounts for 1% of your spend contributes 15% of your carbon footprint. It can happen, since carbon production is directly tied to the product/service — certain extraction and manufacturing activities are way more carbon intensive than others, and, even worse, depending on the technology being used, there can often be a 5X to 10X difference between traditional approaches and new techniques that only a few extractors/manufactures use. For example, in the EV industry, the production of a battery can produce anywhere between 2,000 and 16,000 kg of CO2. That means a poor process using materials from dirty raw material extractors can produce 8X the amount of carbon that needs to be produced. Now, it’s likely that in the automotive industry a battery supplier would be a top 10 supplier, but it might not be as obvious just how much carbon is in that Scope 3 battery supply chain vs. the steel supply chain or the electronics supply chain for the control system.

The quantity carbon baseline allows an organization to focus in on new carbon emissions between two points in time, scope 1 vs scope 2 vs scope 3, the measured % (vs estimated from third party sources), and the breakdown by business unit, country, supplier, and combination thereof.

The carbon insight dashboard allows you to drill into a summary of your carbon (project) pipeline and expected carbon savings, vs. carbon savings realized in categories in which you have undertaken improvement activities and marked such in the system (with a start date). You can drill into the forecast, the projects by status, and (potential) by business unit. The corresponding carbon savings dashboard allows you to see the carbon savings you’ve realized over time as a results of projects that have already started delivering results.

For the Carbon Management module to be a success, the organization needs to have data for each level 3 / level 4 product or service purchased. Most organizations won’t have this, and nor will their suppliers, but Anvil will work with you to produce the figures using average carbon production for the industry, category, and region using the appropriate carbon data source which may include, but is not limited to, the ONS (UK), Carnegie Mellon (USA), Project Carbon (France), and other sources they, or you, have access to that may be more accurate. This data will be updated on regular intervals when more accurate estimates and/or actual emissions tracking becomes available for a supplier, methods change as a result of development projects, or suppliers make extraction or production improvements on their own.

Note that use of this module could require significantly more services than the other modules as spend and contract analytics are more-or-less cookie-cutter, risk management is based on standard measures, and the market inflation & analytics offering is also based on market data, 4C & Anvil Analytical project results, and anonymized data from their e-Sourcing partners (which include Market Dojo and Unit4 Scan Market).

Risk Management

Once you have a grip on your carbon/GHG, you can get a grip on your risk. The risk management module tracks location based risks by country and allows you to determine the location-based risks of a supplier based on the country they are in and the risks associated with transport based on the route(s) available between an origin, intermediate, and destination country and the transport method chosen (as the risks are different for truck, rail, air, and water). When you select a country, or a set of countries that would represent a transport route, it will give you, for a slew of major risk factors, a risk score, origin rank, and total rank. These risk factors include factors such as:

  • carbon factor
  • economic quality
  • education
  • electric grid emissions
  • enterprise conditions
  • global slavery
  • governance

The idea is to provide you with a foundation on which to identify which Environmental, Social Responsibility, and Governance factors may be the most relevant to consider for a supplier, based on their location and the trade routes available to you from their location to your consumer market. This could allow you to short circuit an analysis (as you can quickly identify the most likely high risk factors that might eliminate the supplier from consideration). The data comes from 1500+ different open/publicly available sources that include the corruption perception index and transparency.org.

In addition, with the risk management module you will also get a set of risk-based spend management dashboards which profile an organization’s spend and show the likely types of risk associated with these areas.

Market Inflation & Analytics

The market inflation & analytics module provides category specific inflation projections with geographic variances to allow an organization to identify the categories where their costs are likely to rise, determine the projected spend uplift, dive into the sensitivity of each category (against a single inflation point), and, most importantly, counter supplier price increases when there is no data to support the increase.

The platform tracks over 1,000 commodity prices using indices from markets, banks, national bodies, and commodity markets and contains detailed forecasts for almost 100 commodities. The buyer can also drill into CPI Data, PPI data, SPPI power, ONS data, FRED data, Bureau of Labor Statistics data, IMF data, and Worldbank data.

The most interesting parts of the offering are the Market Insights and Buyer Power. The Market Insights integrate category risk weightings, weightings by subject matter (such as human & labour rights, business conflicts, health & safety, service performance, diversity, environment, etc.), and deep dices into constraints, drivers, opportunities and challenges from a demand/risk perspective and trends from a low, medium, high perspective which provide interesting insight into growth, models, inflation, or other factors. You can drill into a regional market and see its size, portion of global market, regional growth rate, global growth rate, average supplier maturity, average buyer maturity, and a Porter’s Five Forces analysis.

Buyer Power allows you to drill into the relevant data around buyer power vs. supplier power, which supports the Procurement levers widget in the summary dashboard (if you have the market inflation module). This insight is unique as it is based on the results of recent, anonymized, sourcing events from the client base of Anvil and its Sourcing Partners and allows you to see the expected results vs. (forecasted) inflation in the category.

Project Management

Project Management is one of the newest modules and accompanies the suite-wide UX update that is being released in December, 2023. It is standard GANTT-based project management for savings and carbon project management that integrates with the analytics and carbon modules so that an organization can also track savings/reductions over time. When we say standard capabilities, we mean that you can allocate resources, manage approvals, define tasks and milestones, track progress, get real-time updates and reports, drill into the project data, and customize it to your organizational processes. There’s nothing unusual, unexpected, or uncharacteristic, but that’s typically what you want for a project management tool.

Services

While Sourcing Innovation is focussed on products, we will note that Anvil also provides sourcing & savings project management on demand, and will manage its partner companies who execute the event for you as well as extract all of the relevant event data and push it into your systems as appropriate.

So if the hammer must fall, consider bringing it down with the Anvil’s support. It’s a solid service-oriented spend-analytics solution that can start you off with the carbon, risk, and market insights you need as well as provide a baseline of services to help your Procurement team mature in their analytics skills and get going quickly.

Source-to-Pay+ Part 9: Cyber

In Part 1 we noted that Risk Management went much beyond Supplier Risk, and the primitive Supplier “Risk” Management application that is bundled in many S2P suites. Then, in Part 2, we noted that there are risks in every supply chain entity; with the people and materials used; and with the locales they operate in. In Part 3 we moved onto an overview of Corporate Risk, in Part 4 we took on Third Party Risk (in Part 4A and Part 4B), in Part 5 we laid the foundation for Supply Chain Risk (Generic), in Part 6 we addressed the first major supply chain risk: in-transport, followed by the second major supply chain risk: lack of multi-tier visibility in Part 7. In our last article, Part 8, we discussed the baseline Analytics that should be part of all of the different risk systems we covered in Parts 3 through 7, as well as a control centre.

Today, in Part 9, we move onto Cyber Risks. In today’s hyperconnected SaaS world, nearly half of an organization’s data breaches originate in the cloud (see this recent article by Illumio on Cyber Magazine, for example). So cyber security is important, but not just for your organization — for your entire supply chain.

Note that we are not going to dive deep, there are plenty of security firms that will do that for you. We’re just going to highlight key points of risk that must be covered in your cyber security plan.

Internal Cyber Risk Monitoring and Prevention System
Risks that must be addressed.

Risk Description
E-mail Plenty of risks come in through e-mail. The biggest one you are likely aware of is fraudlent requests for payment from fraudsters posing as fake suppliers / service providers / consultants or new employees in a remote office asking you to approve an emergency payment. However, since fraudsters blast these far and wide (as it takes less work to create them), the most common fraudulent emails are usually phishing/ransom attempts where you have to click an email and enter your system login information to retain access to your email account (or another system you use). (Then they use those credentials you freely gave them to login to your systems, lock you out of them, and demand payment to unlock your account.)

Your email system needs to do more than identify an external sender. It, or the security plug in, needs

  1. to verify the originating domain of the email (since most fraudsters can’t mask the domain they send from),
  2. to identify the domain and location of the first intermediate server the message hits (since that can’t be masked unless they’ve hacked that) as well as if it matches the locale of the domain the email purports to come from, and
  3. to identify the domain of each embedded link and the company it belongs to (as fraudsters are great at registering domains just ONE letter of an actual domain and cloning the contents of the faked domain; e.g. chaEse.com vs chase.com … one is your bank, one will soon be scooped up by a fraudster who will skim account logins for a day during a “maintenance window”, then drain all the accounts dry (or at least to the transfer limits) the next day and wire the money to a foreign account in a jurisdiction with no extradition or banking treaties with the US, then empty the account the day after that, and then disappear never to be seen again …
Hacking Hackers will constantly be trying to penetrate your firewalls, the web servers and underlying operating systems of machines in the DMZ, the applications you are running, and the underlying security systems you use for monitoring and detection (but these are likely the most secure, especially if you are having them maintained and monitored by a professional, big name, IT security firm); You need to be monitoring for unusual activity, (D)DoS attacks, repeated login failures or access abandonments at particular ports or in particular application logs, and so on; You also need a few attractive honeypots that emulate the systems the hackers would want to access most, and if you don’t understand this, or why, talk to your security guru.
Ransomeware Hackers want to access your systems for two reasons, to steal money and IP or lock you out of them (if they can’t access any IP worth stealing or you don’t use any finance systems capable of [authorizing] payments) so you will pay them to get back into your systems. You need to be very careful to not only detect hacking attempts, but the installation of new software that is unrecognized / not authorized by security. This is because you could be totally screwed and have no choice but to pay the ransomware even if you do complete, incremental, daily backups across all systems because smart hackers will install the ransomware, let it sit for a few weeks or so, and then activate when you can’t roll back to a backup because you’d lose weeks or months of data (as you’d have to roll back to just before the ransomware was installed because the majority of backup systems would not be able to identify the actual file changes and there’s no way you could do a restore and not restore the ransomeware after the ransomware was discretely installed).
Infected Websites Your users love to surf, surf, surf the web and go where the hidden links take them. You can’t expect they will all keep their browsers up to date, keep the underlying OS up to date, and, simply put, not be careless. You need to enforce security software on their machine, and check for it, before that machine accesses your network and that the security software is up to date because if they visit the right infected website (from a fraudster’s point of view), it can be an instant hack and/or backdoor for the automatic installation of ransomware on their machine and/or your network.

External Cyber Risk Monitoring and Prevention System
Risks that must be addressed.

Risk Description
Compromised Supplier Site If a supplier site or system is compromised, and you engage with that system in any way, then your system could be compromised. You need a system that monitors for supplier system/site/cloud risks as well as (known) supplier breaches.
Compromised Data All of your systems run off of data. Compromised data is the easiest way to compromise a system. If an email gets intercepted and altered in-transit with a man in the middle account and the hacker changes bank account information, you’re paying a fraudster and not the supplier. If the third party risk metrics are adjusted, your system can be tricked to diverting all business to a single, new, supplier which, while a legal entity, was setup by the founder to take your money and run. And so on.
Compromised Identities Identity theft is on the rise, and it’s often the easiest way for a fraudster to get funds from a business. You need to track all known cases of identify theft associated with all individuals associated with all businesses associated with your business as you will need to do extra verifications on requests from those individuals.
Web-Based Vulnerabilities You need to be aware of where the biggest web-based vulnerabilities are in your suppliers and partners, make sure your suppliers and partners monitor and address those, and make sure you lock down your security to the max when you have to interact with their systems that are classified as high risk for vulnerability.

And more. There’s a lot of risk in cyberspace thanks to the fact that the information and financial worlds have merged, and your organization needs to be on top of it. Identify appropriate providers, or you will need very good luck to not fall victim to a significant cyber-based threat.

Source-to-Pay+ Part 8: Analytics / Control Center

In Part 1 we noted that Risk Management went much beyond Supplier Risk, and the primitive Supplier “Risk” Management application that is bundled in many S2P suites. Then, in Part 2, we noted that there are risks in every supply chain entity; with the people and materials used; and with the locales they operate in. In Part 3 we moved onto an overview of Corporate Risk, in Part 4 we took on Third Party Risk (in Part 4A and Part 4B), in Part 5 we laid the foundation for Supply Chain Risk (Generic), in Part 6 we addressed the first major supply chain risk: in-transport, followed by the second major supply chain risk: lack of multi-tier visibility in Part 7.

In almost every article to date, we’ve highlighted that a key aspect of every risk management system is good analytics, and, in particular, a good control centre to manage the data, the analytics, and the insights gained from the analytics (as well as the plans created around those insights).

Capability Description
Graph (Analytics) Support Standard analytics based on numeric data is not enough. As we have illustrated through this series, risk is more than numbers, roll ups of numbers, and trends on numbers. Risk is relationships, risk is connections, risk is propagation, risk is feedback. You have to be able to track the impacts across chains that span entities, geography, and time.

The risk application must natively support graphs, graph algorithms, and graph analytics. It must be able to count the number of impacted nodes up and down a BoM, multiple BoMs, a chain, and multiple chains. From this, it must be able to calculate an impact of a delay, a shortage, and a catastrophic failure based on BoM requirements, production times, costs, and margins.

Multi-level Metrics and Trend Analysis Even though graph analytics is key for supply chain risk analysis, good old fashioned metrics and KPIs are still key for analyzing risk potential at a point in time, and over time based on changes (and comparison to past trends that have led to risk and failure). For example, an increase in delivery times in every shipment, decreasing raw material supplies going into a source supplier that provides a refined version of that raw material, increasing failure in key components, etc. all indicate increased risk.

The application must support the definition of metrics based on arbitrary formulas, roll ups, and drill downs. It should also support basic trend analysis, allowing for comparison between time periods, similar trends, and historical trends of interest. it should also be capable of projecting the trend for an arbitrary time period in the future based upon the current trend progression and the most likely continuation based upon correlation with similar and historical trends.

Real-time Data Monitoring & Automation The application needs to integrate with third party data feeds, get (near) real-time updates, update all of the metrics the data relates to, monitor the changes against alerts, update the trends, and determine if any updates indicate trends of interest, significance, or concern. This all needs to happen automatically.

The application must support an open API, support standard data formats, be aware of standard data records used in direct supply chain, integrate with third party data feeds for all types of supply chain (risk) data out of the box, and be able to normalize all of this data into a standard data store (warehouse, lake, lakehouse, etc.). It must support rules-based alerts, integrations, monitors, and workflows to allow for appropriate automation support.

Mitigation Plans The platform must support the definition of mitigation plans, with individual actions, objectives, and impacts. Mitigation plans should support multiple stages, actions should support detailed definitions and expected outcomes, objectives should support a metric-based definition, and impacts should support detailed cost definitions.

It should be easy to instantiate an instance of a plan when a risk event is detected or defined by a user, track updates in real time as new data comes in or users define new data, track the impact of a recovery action (if it decreases the time to recovery, etc.), and auto-generate progress reports on a regular basis, as well as roll up all of the impacts, and recoveries, for users who need it. It should also support the creation of what-if scenarios to calculate the potential impacts of a potential action (in a given timeframe), and allow for cost vs impact vs margin/profit improvement calculations to help an organization determine if the action could be worth it, especially if the associated chance of success is limited.

Surveys The platform also needs to support the creation of surveys that can be distributed to multiple parties up and down the chain to collect data for analysis purposes.

The surveys must be capable of collecting numeric, type-valued, and open-valued data, as required.