Tag Archives: Supply Chain Risk

Risk As a Competitive Weapon for Supply Chain

Posted on by
Reply

Many organizations look at Risk as an evil, a challenge and even a four letter word.  Dealing with risk is commonly left to the Risk Management department who may be ill equipped to identify, let alone manage the huge Supply Chain challenges that we have seen over the last few years.   Risk can actually become a competitive advantage for a Supply Chain organization that knows how to identify and effectively manage it.

Consider the musings of Michael Koploy in his blog post on July 15thhttp://www.softwareadvice.com/articles/scm/post-tsunami-supply-chain-all-stars-1071511/  which focused on the Supply Chain All-Stars that recovered fastest after the Japanese Tsunami.  Mr. Koploy credits fast thinking and cooperation between the Big 3 Japanese Auto Manufacturers as the key to their quick recovery.  These All-Stars were forced to share the “secret sauce” of their supply chains with one another in order to make this happen.  Great!!!   What this tells me is that not one of those companies had a viable risk management strategy in place otherwise they would not have been forced to collaborate with one another.  The collaboration was not a bad thing but was most likely not the first choice approach for any one of those companies.

 Another All-Star identified by Mr. Koploy was Canon, the Japanese producer of high quality printers and cameras.   Michael noted that Canon initially expected to take several months to recover and was “surprised” that they are already at pre-disaster production levels.  This is good news because it shows that Canon’s strategy of investing in Supply Chain redundancy has paid off.   BUT the surprise to me is that Canon’s quick recovery was a “surprise” to them.  If they have a strong risk management strategy (which they may) it is obviously not visible to those that were “surprised” at Canon’s quick response. Imagine the favorable public relations Canon could have had if they immediately announced that they had plans in place and mitigation strategies ready to execute as soon as the disaster struck.

The All-Star that may deserve the Superstar award is Apple.  Apple’s investment in its Supply Chain may very well be its secret to success – wouldn’t we all like to be that successful.  Apple has made its Supply Chain a competitive advantage and managing risk is a high priority.

Risk is scary but these days it is also somewhat predictable and inevitable.  It feels like we have been barraged by natural disasters, economic collapse, political unrest, safety debacles etc. over the last few years globally.  Any and all of these factors can have a significant impact on a company’s Supply Chain.  Risk Management must be a core competency for ANY Supply Chain organization and yet it is not.  It seems almost incomprehensible to me that the lack of a Risk Management strategy continues to be one of the key challenges for many companies.  Even those companies that do have one are not necessarily actively managing it.   It may be time to stop looking at Risk as a four letter word and start looking at it is as a real opportunity to gain a competitive advantage.

Please give us your perspective on this very important issue.  Please join the conversation . . . . . . . .

Did you like this? Share it:

The Inevitability of Crisis

Posted on by
2

As events continue to unfold in Egypt, I keep thinking about whether there are any lessons from a supply chain perspective that we should be taking away.  And the answer is, without discussing the religious or social aspects, of course there is.

There are certainly the obvious risk management / disaster recovery issues regarding interruptions in supply and demand for enterprises that either use Egyptian suppliers or distribute to (or through) Egyptian customers / channels. Have alternative supply arrangements been made? Where will firms replace the revenues lost from customers impacted by the situation?  Were alternative distribution channels in place?

From a forecasting perspective, could the recent events be anticipated? Could we have looked at Tunisia as a predictor? Should we be looking at Tunisia and now Egypt as a predictor for Jordan, Saudi Arabia, or other countries in a similar situation? Does an enterprise look at its peers as part of their disaster recovery / risk management planning program? Are there other entities that an enterprise should be looking?

At a higher level, looking at the challenges of supporting historically strategic partners, while they go through significant changes, how can/should an enterprise react? Can/should an enterprise impose its principles on those of their customers/suppliers? Currently several of the news articles are demanding a response from the US government, which puts them in a very awkward predicament. They want to support Egypt who has previously supported the US in the past, but don’t want to put the US in a worse situation in the future.

From a governance and decision making perspective, who within an enterprise is responsible for managing through a catastrophic even?  Enterprises continuously face far less significant challenges. Where is the line below which certain stakeholders are empowered to address / resolve conflict? I believe most executive teams are “always the last to know”. Are there mechanisms in place so that impending issues are elevated to the appropriate decision makers early enough?

From a communications perspective, the reports of how Egypt attempted to control wireless and internet based communications are scary. In a free market economy, how can/should an enterprise control communications?

From a speed perspective, how quickly can an enterprise react to a catastrophic event? Are decisions being made quickly enough? Is a correct decision made too late worse than making a wrong decision made more quickly?

Throughout all this, I still wonder, what was the “triggering event” that caused the situation to escalate at this specific time – Why not earlier? Why not later?

As the events unfold, I believe that there will be several “lessons learned” that will be looked upon by enterprise leaders around the world. What if something like this happened to “us” (wherever you are)? Where will be the next break down of government structure?

Did you like this? Share it:

Troops in Afghanistan – a Dramatic Case Study for AEIOU

Posted on by
2

Today’s post is from Anne Kohler, COO & Executive Vice-President, of The Mpower Group (TMG) and a contributor to the News U Can Use TMG blog.

What do these historic events have in common?

  • U.S. Invasion on North Korea
  • The Bay of Pigs
  • Watergate
  • Escalation of the Viet Nam War
  • The Hostage Rescue in Iran
  • The Challenger Disaster
  • The Bush Administration’s Invasion of Iraq

This list represents some of the biggest decision-making disasters in history.

A few weeks ago, the famous Washington Post White House author, Bob Woodward wrote an article entitled “Military thwarted president seeking choice in Afghanistan” which was all about the critical nature of decision-making.  What greater decision can there be than deciding the fate of tens of thousands of young U.S. men and women as they are sent into war-torn Afghanistan?   The article chronicles the process that President Barrack Obama undertook in finally deciding to send 30,000 additional troops as opposed to the 40,000 (which came highly recommended by his military leaders) in December 2009.

Obama discovered after months of negotiating with national security officials and being in the middle of a war entering its ninth year that three simple questions could still NOT be answered:

  • What is the mission?
  • What are we trying to do?
  • What will work?

In other words, what is the intended consequence in Afghanistan? . . . . . . . . . . . . . . . .

As it turned out, Obama’s military leaders wanted to provide a solution (40,000 new troops) without defining a strategy – the answers to those three simple questions (obviously not so simple!).  Obama asked for a strategy (the answers to those questions) and asked for options, but the inability to answer those questions kept leading back to NO viable options except for an option that was UNacceptable to Obama.

Having been well versed in decision-making disasters from the past (see above), Obama chose to follow a more structured decision-making process.  He knew he had many intelligent key stakeholders at his disposal and wanted input, alignment, and buy-in from all of them.  He actually made a meta-decision – he decided how to decide by answering the following:

  • Who needed to be included in the decision-making process (stakeholders)?
  • What role would each stakeholder play in the decision-making process?
  • How would the decision be made – what criteria would they use to decide?
  • When did the decision need to be made?

Obama did a thorough stakeholder analysis to determine who needed to be included in the decision-making process.  He realized that it was critical to include both military and civilian leaders.  He also determined each stakeholder’s role in the process; keeping the final decision for himself.  He then determined the decision criteria and insisted on being provided options by his advisors, which was critical.  Finally, he did not allow himself to be rushed into making a quick decision (his military leaders tried to do just that) which allowed him the opportunity to consider many alternatives.

At the end, he “sold” his decision to all his stakeholders and insisted that they put their full support behind it.  Obama said, “I don’t want to have anybody going out the day after [the speech] and saying that they don’t agree with this.”

Time will tell whether or not this was the right decision for the U.S.  BUT what we can glean from this article is the importance of having a disciplined approach to decision making.  Even if all of Obama’s stakeholders did not necessarily agree with the final decision, it appears that they did respect the process.  Right before the decision was announced Obama gave Robert Gates, his Defense Secretary, a final opportunity to dissuade him saying, “Can you support this?  Because if the answer is no, I understand it and I’ll be happy to authorize another 10,000 troops, and we can continue to go as we are and train the Afghan national force and just hope for the best.”  Gates did not take Obama up on his offer.

This is just one example of the importance of decision-making.  This is the one skill that most leaders are never trained in, even though it is the most critical part of their job.  It is one of the elements of our AEIOU model, which stresses that the best infrastructure (people, process, tools, and technology – the consonants) in the world is useless without the glue that holds it together (Adoption, Execution, Implementation, Optimization, and Utilization – the vowels that turn the consonants into a language).

Some of the most important events in history required effective decision making and yet we spend little to no time on developing the skills necessary to make good decisions.  The recent deaths in the California wildfires have been attributed to poor decision making by the firefighters.  The good news is that this has led to the addition of decision-making to firefighter training.  One of the most critical decisions that affects all of us is that of a jury.  Yet numerous articles have been written about the fact that our present system does nothing to provide jurors with the tools to decide the fate of a human life.

We need to think about this key skill beyond our politicians and public servants.  How about executives of any kind?  Supply chain leaders?  Sourcing teams?  This should be a critical leadership skill that is purposely taught to all professionals – let’s provide the vowels to complete the language!

Thanks Anne!

Did you like this? Share it:

Apple Kickback Scandal: A Lesson in Risk Management

Posted on by
Reply

Today’s post is from Dr. Lowell Yarusso, Senior Vice-President, Talent Management, of The Mpower Group (TMG) and a contributor to the News U Can Use TMG blog.

News reports that an Apple global supply manager is accused of receiving illegal kickbacks in return for providing access to inside information about Apple’s sourcing strategies reminded me of an old Baseball story.  A rookie was at the plate for his first at bat in “The Bigs”.  The umpire was one of those old timers who had seen it all.  The pitch came in on the borderline and the ump paused before making his call.  The impatient rookie quickly asked, “What was it?” The ump’s response, “Kid, it ain’t nothin’ ‘til I say it is.” The same can be said about risk.  It “ain’t nothin’ ‘til someone says it is”.

And that’s the rub.  While I’ve talked around this issue in several other blogs and articles, the Apple case focused me on it again.  The early efforts to determine where Apple went wrong seem to point out the frequent tendency to close the doors that have “Entrance” signs and to ignore the ones that say “Employee’s Only”.  Many of the comments I made in discussing employee theft (What’s in the Wheelbarrow: Theft and the Supply Chain) apply here as well.  But, more to the point, how does an employee get the opportunity to take hundreds of thousands of dollars in kickbacks without someone noticing?

Part of the problem lies in the way companies approach the issues of risk and security.  Before you can address a risk, you have to recognize that it exists.  Like the umpire said, until you put a name on it, it doesn’t exist, at least not in the sense that you can do something about it.  One of the key issues I raised re: the Barings Bank collapse (Risk Management Lessons from Barings Bank (RIP)) is the tendency to apply a “black box” mentality so long as results appear to be favorable.  In this case, I can only speculate that, if anyone asked about it at Apple, the response was something along the lines of “We made our goals; everything must be under control.”  The possibility seldom occurs to anyone that, sometimes, things are not just going better than expected; they’re going better than should be believed.

While there are lots of clues to such situations, in most cases, they seem to only become clear after the fact.  The natural assumption is that, because they were recognized after the risk was identified, no one could have seen them in time to do some risk mitigation.  That assumption is wrong.  The clues are always there and are always identifiable IF the organization takes risk management seriously and makes it a top priority, from both a leadership and a management perspective.

Leadership has to make honesty and integrity the cornerstones of the business.  Everyone, from the top down, has to make it clear that there is zero tolerance for behaviors that cross the line.  Apple’s reaction to the scandal has been vigorous and shows the right attitude at the top.  The question that I have is whether or not that same attitude has been driven down through the entire organization.  How many individuals at lower levels were more concerned about what cost goals they achieved than about how those goals were met?  Organizations need to continually and consistently talk about the values and ethics that are expected and the behaviors that will not be tolerated.  A placard on the wall proclaiming that “We are an ethical organization” quickly becomes part of the background if it is neither strongly reinforced nor vigorously applied.  That’s a leadership issue and it requires that leaders make calls on a daily basis so that everyone knows the balls from the strikes.

From the management perspective, organizations have to craft their processes and procedures to reflect their commitment to ethical conduct.  In the sourcing arena, that means that there should be a periodic review of results that focuses not only on such issues as adherence to internal control procedures but also considers whether or not results are consistent with business expectations.  And, yes, every organization assumes its suppliers will bend over backwards to make them happy.  But, if one person has a significantly better track record, if one category area is always out in front in terms of hitting should-cost estimates, exceeding requirements, or in other ways outperforming the norm, red flags should go up.  Unfortunately, such a situation is frequently called “great work” rather than “potential risk”.  And, as in baseball, the pitch becomes what it is called.

Another management issue is that of the reward structure for the sourcing organization.  Bonuses based on cost savings are a two-edged sword.  They not only motivate good sourcing practices, they also provide powerful temptations to cut an ethical corner here or there so that bonus goals are met.  It should be obvious (and usually is in retrospect) that a sourcing group that consistently meets its price reduction goals year in and year out may not be working with the best interests of the organization as its primary motivation.  (I have seen situations where buyers asked suppliers to spread an offered price reduction over three years rather than granting it in the first year so they would be sure to make their numbers now and in the future!)  Here, again, what you call it becomes what it is.

The bottom line is that organizations need people, like the umpires, who look at the pitch dispassionately and call it as they see it.  A great tool in this regard is the application of scenario planning as part of the risk assessment effort.  One approach is to establish a process review system that includes the question, “What would we expect to see if someone broke faith with our ethical code?”  While there is no guarantee that such a review would have spotted the issue at Apple sooner, by naming surprising results a risk, the potential problem might have been identified and investigated more diligently.

What’s your take on this area of risk?  I’m interested in your thoughts, especially with regard to: 1.  Do you think that Apple’s experience is only remarkable because it was discovered, i.e., does this kind of thing go on far more than we realize?  2.  What have you seen that falls into the realm of risks that “…ain’t nothin’ ‘til someone says it is”?

Did you like this? Share it:

Risk Management Lessons From Barings Bank (RIP)

Posted on by
Reply

Today’s post is from Dr. Lowell Yarusso, Senior Vice-President, Talent Management, of The MPower Group (TMG) and a contributor to the News U Can Use TMG blog.

In February of 1995, the financial world was shocked to its core. Barings Bank, the 200 year-old flagship bank of the British Empire, the bank that financed the Louisiana Purchase and funded the Napoleonic Wars, among other historic accomplishments, declared bankruptcy. What had happened? There was a massive failure in risk assessment and risk management. As a result, Nick Leeson had run amok on the Singapore Exchange. By the time his superiors figured out what had happened, the bank faced a $1.4 billion shortfall and its directors had no alternative but to declare the bank insolvent.

It is instructive to speculate on whether or not Leeson would have been successful were he not half a world away from his bank’s headquarters in London. In a sense, Barings had outsourced a large share of their futures and derivative trading staff. If the five third-party risk categories cited by the Office of the Comptroller of the Currency (OCC) were faithfully and regularly assessed, Barings may have averted financial disaster. The five risk categories OCC looks to are:

  • Strategic Risk
  • Reputation Risk
  • Compliance Risk
  • Transaction Risk
  • Credit Risk

The OCC’s risk assessment guidance indicates that these five categories apply to any function or service the FSO might consider outsourcing. When services are taken off-shore, it is imperative that “Country Risk” be added to the list. The remainder of this article will focus on the unique aspects of these six risk categories for financial services firms.

Strategic Risk: The risk arising from adverse business decisions or improper implementation of those decisions.

Strategic risk is an issue anytime a third-party conducts banking functions or offers products and services in lieu of the bank doing so. Going off shore adds to those risks in three key ways:

  • Distance
  • Experience
  • Cost

Distance between the FSO’s home office and the off-shore provider’s location can significantly increase strategic risk. Oversight of an off-shore provider typically requires on-site review of processes, management, personnel, and so on.

Compounding the distance issue is the FSO’s potential lack of experience in overseeing off-shore operations. Lack of experience in assessing third-party risk can make managers too willing to accept “black box” explanations (“You don’t need to know how we do it; focus on the outputs”.) Finally, the decision to move the function off-shore is often driven by cost factors.  There can be a reluctance to make expensive trips that were not part of the economic analysis supporting the off-shoring decision.

Reputation Risk: The risk arising from negative public opinion.

For Barings, this one is obvious. Your reputation takes a big hit when you declare bankruptcy. Similar (though less spectacularly destructive) “image problems” abound in the current economy. The image of many financial institutions in the U.S. will long be tarnished by the image of “millions of dollars in bonuses on the taxpayers’ dime”.  For FSOs, this risk gains significance given the importance of good faith and trust to successful financial dealings.

Compliance Risk: The risk arising from violations of laws, rules, or regulations and / or from nonconformance with internal policies, procedures, or ethical standards.

The OCC guidance on this risk area is clear. The FSO is responsible for compliance, regardlessPrivacy of who actually does the work. It is critical that the off-shore provider and its management be brought into the FSO’s cultural and ethical milieu. The evaluation of potential suppliers must include a detailed and comprehensive assessment of organizational alignment, especially around cultures, values, and ethics.

Transaction Risk: The risk arising from problems with service or product delivery.

This risk relates most directly to the off-shore supplier’s inability to actually deliver the products and services promised.  It not only “Acts of God”, it also includes situations where the third party’s internal systems, processes, etc. are not compatible with the FSOs. Ability to deliver goes beyond the technical issues of competence with a system or process. It is important to also evaluate the way in which the process is implemented by the people who are involved.

Credit Risk: The risk arising from an obligor’s failure to meet the terms of their contract or otherwise to perform as agreed.

Credit risk is a measure of the FSO’s financial vulnerability based on obligations that are passed through from the third-party’s action to the FSO. This risk has two dimensions. First, what are the financial implications if the provider breaches their contract? Second, what are the financial implications of customers, underwritings, programs, etc. that are established by the provider acting as the agent of the FSO? One of the dangers of outsourcing in general and off-shoring in particular is the temptation to erroneously assume that, because the FSO was not directly involved, there is a wall of separation between the FSO and any financial impact that results from obligations of the third-party provider.

Country Risk: The risk that economic, social, and political conditions and events will have an adverse impact on the third-party relationship.

One impact of an ever shrinking world is a significant increase in the risk that country differences in, for example, the technical and / or legal definition of fraud will affect results. It is critical that part of the selection process include gaining upfront knowledge of such issues as:

  • How stable is the country’s political system?
  • Which country will have jurisdiction should legal issues arise?
  • How will differences in accounting practices impact both operations and reporting of results?
  • Are there restrictions / limitations on the flow of capital into and, more importantly, out of a given country?
  • What is the ethical climate in the provider’s local business community?
  • And so on

A key point is that this risk does not go away. There must be an ongoing process to remain current on the political, social, economic, etc. evolution of third party nations over time.

Conclusion:

Going off-shore is a viable option if outsourcing is a viable option. Taking the third-party provider off- shore does increase the risks, however. As we have discussed here, FSOs must actively manage those risks to ensure financial integrity and stability over time and to comply with the OCC’s third-party risk guidelines. To manage these six risk factors successfully, two key questions need to be asked throughout process: “Can They?” and “Will They?”  It is highly likely that the next Barings Bank will fall victim to third-party and not to internal providers. Risk assessment and risk management are the only way to reduce the likelihood of occurrence and the impact of adverse events in an off shore environment.

[polldaddy poll=3645227]

Did you like this? Share it: