Tag Archives: Theft

Apple Kickback Scandal: A Lesson in Risk Management

Posted on by
Reply

Today’s post is from Dr. Lowell Yarusso, Senior Vice-President, Talent Management, of The Mpower Group (TMG) and a contributor to the News U Can Use TMG blog.

News reports that an Apple global supply manager is accused of receiving illegal kickbacks in return for providing access to inside information about Apple’s sourcing strategies reminded me of an old Baseball story.  A rookie was at the plate for his first at bat in “The Bigs”.  The umpire was one of those old timers who had seen it all.  The pitch came in on the borderline and the ump paused before making his call.  The impatient rookie quickly asked, “What was it?” The ump’s response, “Kid, it ain’t nothin’ ‘til I say it is.” The same can be said about risk.  It “ain’t nothin’ ‘til someone says it is”.

And that’s the rub.  While I’ve talked around this issue in several other blogs and articles, the Apple case focused me on it again.  The early efforts to determine where Apple went wrong seem to point out the frequent tendency to close the doors that have “Entrance” signs and to ignore the ones that say “Employee’s Only”.  Many of the comments I made in discussing employee theft (What’s in the Wheelbarrow: Theft and the Supply Chain) apply here as well.  But, more to the point, how does an employee get the opportunity to take hundreds of thousands of dollars in kickbacks without someone noticing?

Part of the problem lies in the way companies approach the issues of risk and security.  Before you can address a risk, you have to recognize that it exists.  Like the umpire said, until you put a name on it, it doesn’t exist, at least not in the sense that you can do something about it.  One of the key issues I raised re: the Barings Bank collapse (Risk Management Lessons from Barings Bank (RIP)) is the tendency to apply a “black box” mentality so long as results appear to be favorable.  In this case, I can only speculate that, if anyone asked about it at Apple, the response was something along the lines of “We made our goals; everything must be under control.”  The possibility seldom occurs to anyone that, sometimes, things are not just going better than expected; they’re going better than should be believed.

While there are lots of clues to such situations, in most cases, they seem to only become clear after the fact.  The natural assumption is that, because they were recognized after the risk was identified, no one could have seen them in time to do some risk mitigation.  That assumption is wrong.  The clues are always there and are always identifiable IF the organization takes risk management seriously and makes it a top priority, from both a leadership and a management perspective.

Leadership has to make honesty and integrity the cornerstones of the business.  Everyone, from the top down, has to make it clear that there is zero tolerance for behaviors that cross the line.  Apple’s reaction to the scandal has been vigorous and shows the right attitude at the top.  The question that I have is whether or not that same attitude has been driven down through the entire organization.  How many individuals at lower levels were more concerned about what cost goals they achieved than about how those goals were met?  Organizations need to continually and consistently talk about the values and ethics that are expected and the behaviors that will not be tolerated.  A placard on the wall proclaiming that “We are an ethical organization” quickly becomes part of the background if it is neither strongly reinforced nor vigorously applied.  That’s a leadership issue and it requires that leaders make calls on a daily basis so that everyone knows the balls from the strikes.

From the management perspective, organizations have to craft their processes and procedures to reflect their commitment to ethical conduct.  In the sourcing arena, that means that there should be a periodic review of results that focuses not only on such issues as adherence to internal control procedures but also considers whether or not results are consistent with business expectations.  And, yes, every organization assumes its suppliers will bend over backwards to make them happy.  But, if one person has a significantly better track record, if one category area is always out in front in terms of hitting should-cost estimates, exceeding requirements, or in other ways outperforming the norm, red flags should go up.  Unfortunately, such a situation is frequently called “great work” rather than “potential risk”.  And, as in baseball, the pitch becomes what it is called.

Another management issue is that of the reward structure for the sourcing organization.  Bonuses based on cost savings are a two-edged sword.  They not only motivate good sourcing practices, they also provide powerful temptations to cut an ethical corner here or there so that bonus goals are met.  It should be obvious (and usually is in retrospect) that a sourcing group that consistently meets its price reduction goals year in and year out may not be working with the best interests of the organization as its primary motivation.  (I have seen situations where buyers asked suppliers to spread an offered price reduction over three years rather than granting it in the first year so they would be sure to make their numbers now and in the future!)  Here, again, what you call it becomes what it is.

The bottom line is that organizations need people, like the umpires, who look at the pitch dispassionately and call it as they see it.  A great tool in this regard is the application of scenario planning as part of the risk assessment effort.  One approach is to establish a process review system that includes the question, “What would we expect to see if someone broke faith with our ethical code?”  While there is no guarantee that such a review would have spotted the issue at Apple sooner, by naming surprising results a risk, the potential problem might have been identified and investigated more diligently.

What’s your take on this area of risk?  I’m interested in your thoughts, especially with regard to: 1.  Do you think that Apple’s experience is only remarkable because it was discovered, i.e., does this kind of thing go on far more than we realize?  2.  What have you seen that falls into the realm of risks that “…ain’t nothin’ ‘til someone says it is”?

Did you like this? Share it:

What's in the Wheelbarrow? Theft and the Supply Chain

Posted on by
1

What’s in the Wheelbarrow? : Employee Theft and the Supply Chain
A worker walked out of the construction site each day with a wheelbarrow full of dirt. Each day the guards at the entrance stopped him to sift through the dirt for stolen items belonging to the construction company. Finding nothing but dirt each time they sent him on his way.  Yet neither guard could shake the feeling that he was pulling a fast one on them. After several weeks, one of the guards said, “We give up. We don’t know what you’re getting away with. But, we’ll forget all about it if you’ll just tell us what you stealing.” How do you think he responded?

In some of my previous posts (Were You Ready For Eyjafjallajökull?, Do You Have a Uniform Problem In Your Supply Chain? Google, Coke, China and Katrina, etc.) I commented on risks in the supply base and larger business environment. Today, I want to look at a risk (employee theft) that is a) inherent in your internal supply chain, and b) rising at alarming rate.
First, consider some of the numbers:
• Total Reported Annual Theft by employees $40 billion+
• Average time to catch a fraud scheme 18 months
• % of corporate bankruptcies caused by 30%
Employee theft
• % of crimes that go undetected 75% (That make the total theft $150
Billion+)
• % of total revenues lost to internal fraud 7%
That should be sufficient to demonstrate that employee theft is a significant issue for your company. Given that most of these statistics are based on pre-crash data, it shouldn’t take a lot of effort to come to the realization that the last 12 months and the next 12 months (hopefully no longer) are likely to be even worse.
How does it apply to the supply chain? Well, a good deal of the theft occurs in two places, the receiving dock and the warehouse. Before going on, let me explain that I am thinking of both of those in a very general sense. A lot of theft occurs when goods (and sometimes services) are ordered but never actually received. More occurs when goods that are actually within your organization are pilfered. Here are a couple of examples that I have observed.
In one case, an individual was ordering substantial quantities of goods for which he had purchase authority. So far so good. Except that they were delivered to his home, not to the company. He had a thriving business out of his home office selling parts on the side. That was theft at the boundary. In another, similar case, an individual at a distribution center was double shipping to customers, taking the returns and diverting them to fill other orders and pocketing the payments. That was theft from within the boundaries.
Given that employee theft is likely to become more significant in the future and the startling statistic above about the relationship between financial performance and theft (30% of bankruptcies attributable to theft), this is not an insignificant issue for any company. And, it is an issue that, at least for the two examples cited above, must be addressed within the Supply Chain organization. So, what should Supply and Sourcing Professionals do?
First, take a critical look at your policies and procedures. There are two key issues:
• Does the organization have adequate controls
• Do the people understand and implement the controls
To the first issue, let me first say that I have frequently been amazed at the number of organizations in which I have found that the most rudimentary controls are lacking. Purchase orders are not reviewed. Invoices are not reconciled with purchase orders. Deliveries are not matched with invoices or orders. Usage is not tracked. Breakdowns are not verified. And so on. In many other organizations, some of these controls are rock solid but others are weak or non-existent. The amount of theft that goes on confirms the suspicion that in most organizations there are glaring weaknesses at some point in the Supply Chain.
What should be done? First, make establishment of controls a priority and think like the thief. The first is easy. For some of us, the latter is a challenge. As the software industry has discovered, determined people with larceny in their hearts can find a way around almost any security system. That should not stop you from trying. And, the more difficult the controls make it, the fewer who will bother to make the effort.
Second, don’t trust the computers to do the work for you. Many companies let their policies grow stale because they assumed no one could beat the purchasing module in their ERP system. I have never known a system that functioned to be that secure. Work arounds are always possible and, indeed, most systems have built them in to handle emergencies and unexpected demands. And, the message that is sent when there is no organizational effort to address the issues can be devastating.
Finally, periodically audit what is actually happening and do it randomly and without notice. Again, this seems to many to be overkill. It’s not. And, it does not have to send a message of distrust. It can, and should, be presented as an effort to test the system, not catch the employees.
The problem in most organizations is the accumulation of small losses. In one company with which I worked, their annual cost for MRO was cut by two-thirds when they put a lock on the tool room and required workers to fill out a form before drawing supplies. When we looked into it in detail, part of the savings came about because workers did not automatically toss anything with the slightest blemish. A much larger part came from an apparent reduction in the number of things that “walked out by themselves”.
With regard to the second issue, people must understand the controls system, why it is necessary, and their role in preserving the value in the business. That means that controls should be explained in detail. That means both what is required and why it is important. One major challenge is ensuring that employees see that the effort at controlling the supply chain applies to the entire organization. It is hard to convince someone on the shop floor that this is important when they see their boss mis-using the company’s resources. In one case, employees said they were encouraged to be less than fully watchful since their manager, whose spouse had a home business, routinely took packaging materials, boxes, and other goods from the company with the explanation, “Big order. Don’t have time to get to Office Depot.” That kind of example from the top fuels a total disregard for the whole concept of maintaining control over the company’s assets.

The guy’s response? “Wheelbarrows, of course!” My last caution is that, quite frequently, the issue is in such plain view that no one sees it.

Did you like this? Share it: