Category: BLOG – Risk For Competitive Advantage

Categories
BLOG - Risk For Competitive Advantage

Time to move beyond supplier risk?

Time to move beyond supplier risk?

Why are so many organizations “surprised” when they find out that their supply chain had become a victim of the latest disruptive event?   I’m not referring to just those who manufacture the product but rather to all those that depend on it; customers or patients, suppliers & distributors, producers, and yes, even competitors.   Recently, hospitals experienced an IV saline bags shortage and Newell’s  Rubbermaid brand experienced a shortage of resin.

Why the surprised?  After all, haven’t most organizations invested in supplier (3rd party, vendor) risk management programs and technologies.   In my last blog, we even discussed the maturing process of the supplier risk product market.  So why are organizations and customers/patients still experiencing major shortages and supply chain disruptions?

They say a picture is worth many words, so I’ll try to set the stage for the following illustration.

SCM SCOPE

As you can see, the scope of what risk in the supply chain is actually being managed is part of the issue.  The scope narrows further when you consider that only a portion of the suppliers, the ones considered the highest risk to the organization, are actually being actively monitored and managed.  If you rely on property-based supply chain risk assessments than the scope is typically limited to just your property, plant, equipment, and maybe inventory (it may include suppliers and your loss of revenue if you have contingent business or time element coverage – consult your broker).   The business interruption insurance may be limited as well, to a narrow set of events such as fire, rising water, and other similar hazards.

What’s needed?

The scope of what should be considered begins with an understanding of industry economics and your organization’s role in creating value.  It’s important to first understand the broader industry value chain for your “franchise” products.  When a disruptive event occurs this understanding will simplify your understanding of market dynamics amongst buyers (customers, patients, wholesalers), producers, suppliers, and competitors.   How will demand change?  Will you be subject to displacement exposure such as when IV saline bags moved from Puerto Rico to Mexico?  Once you understand the industry value chain and forces you will then need to look to your business units/divisions to uncover the “franchise” products or services and the associated activities that create and deliver value to the market.   I suggest a little bit of research and discussions with executives to identify the “franchise” products or services and the measure to use.   The goal is to reveal whether the economic priorities such as revenue, margin, liquidity/cash, innovation/growth, etc.  At the end of the day, it’s all about profitability but the reality is the organization’s incentives will drive the behaviors.

Now you have the target, i.e. what matters most.  You can then move on to the critical activities that support the “franchise” products or services.  The supply chain encompasses many of these activities but the important element here is to highlight the activities that create your distinguishable or unique value.   By doing so, you establish the operational priority and associated financials.  Eventually this will get you to the allocation but more importantly, this framework provides a holistic view of the most critical supply chains.  Remember – if you’ve seen one supply chain, you’ve seen one supply chain.

You are now ready to map the extended supply chain for what matters most (from an economic perspective).  The mapping should not only look far beyond the 1st tier up and downstream but also should like at critical resources such as labor and skills; technology, processing and data; physical assets; and relationships.    This might sound like a bit of work but remember, this is your franchise and the leaders pay attention to what matters most.  Also, it’s important to do your homework and talk with others in the financial planning, process improvement, risk & insurance management and other areas.  Much of the data and profile most likely exist.

Once you have the map you can then analyze the importance and contribution of the individual node in that particular supply chain, assess and measure the risk, identify mitigation and financing options, model a risk-return on investment, gain support for the investment, deploy the solution, monitor and report on it, drive towards continuous improvement.   That’s a mouth or a mindful so I plan to break down some of these elements in future blogs.  However, you can get a jumpstart by picking up a copy or image of the book, “Single Point of Failure:  The Ten Essential Laws of Supply Chain Risk” or references on my website.

Categories
BLOG - Risk For Competitive Advantage

Vendor (3rd party) Risk: Who will win the platform wars?

Over the past seven years we’ve witnessed extensive growth in the vendor risk management cloud-based solutions market (also commonly referred to supplier and third-party risk).   Two major events in 2011 accelerated market expansion; the Tohoku earthquake and tsunami and Thailand floods.  The market for vendor risk assessment and management solutions shifted from a concept (stuck in the chasm between early adoption and the early majority) to reality as many automotive, electronics and other manufacturers realized the need for greater transparency and monitoring of their upstream supplier network.  Vendor risk management regulation (e.g. HIPAA, OCC 2013-29, MMOG/LE, ISO 9001:2015, IATF 16949:2016) and pressure to comply with more stringent vendor risk assessment requirements by the large hi-tech, automotive, energy, chemical companies requirements led to further market expansion.

The law of physics applies here as well; what goes up must come down or in this case, markets consolidate as solutions become more widely accepted and less unique.  The commoditization phenomenon leads to acquisitions, roll-ups and yes, even the demise of the weak.

What are the implications to your current vendor risk management program?

The big question, which general platform will thrive and which will just survive.   Let’s take a quick look at the market for solutions.  Here’s one way to view the market of direct and indirect solution providers.

  • ERP (Enterprise Resource Planning) and operations platforms that include vendor risk management capabilities as well as APIs to integrate data feeds (e.g vendors such as SAP, Oracle, IBM, QAD).
  • Procurement, Sourcing and Vendor Management platforms that are managed by the CPO and sourcing functions and dedicate entire modules to vendor risk  (e.g. vendors such as Ariba, ProcureWare, Gatekeeper, Ivalua, HICX).
  • Risk Driven GRC, Supply Chain Risk and Data-Risk platforms that are typically managed by sourcing, procurement, enterprise risk management, and/or supply chain risk management functions.  (e.g. vendors such as Resilinc, RiskMethods, Lexis Nexis, D&B, Rapid Ratings, iTrust, Hiperos, Logicgate, Navix, 360 Total Solution, SupplierSelect, Virima)

All provide valuable intelligence to decision makers on how to anticipate and react to vendor risk in the upstream supply chain.  However, the risk driven platforms (GRC, Supply Chain Risk and Data-Risk) platform) market will be the first to see consolidation, acquisition and exiting.  History has demonstrated that risk-based solutions in the technology space ultimately succumb to the OEM providers of performance (firewalls, anti-viral software, desktop and network security hardware/software).   The ability for the risk-based platforms to operate as a stand-alone market for an extended period of time is highly unlikely; market penetration and working capital (or investment) is minuscule in comparison to the activities of the ERP an Procurement platform providers.  All ships rise with tide and eventually, many of the advanced risk monitoring and assessment features will be standard to the broader operational platform offering.

Now is the time to begin assessing how the shift will impact your vendor risk management program.  Questions such as: where is the vendor data maintained and how easily can it be ported or exported to another platform?  Will the same level of risk rigor and associated features be maintained if the risk platform is integrated into and ERP or Procurement platform?  Organizationally, who will be responsible for the conversion, integrity and sustainability of the new/modified solution?  These are just a handful of the many questions that you will need to begin thinking about as the market transforms.

What do you think?  Please comment or send me a note to discuss further.

 

Categories
BLOG - Risk For Competitive Advantage

SPoF – Infrastructure change accelerates the demise of the combustion engine. Supplier risk|opportunity increases

Combustion engine suppliers buckle up!  The auto industry value chain continues to morph.   Here’s an example where Norway’s policy and infrastructure change results in a further shift of the automotive supplier’s supply chains.  For providers servicing the industry, it presents both a liquidity and operational challenge and they may be forced to carry parallel inventories of potentially obsolete supply for an extended period of time.

Factors, such as  EU emissions regulation,  will further accelerate this risk and opportunity.

#spof #disruption #resilience #supplierrisk #automotive #insurance #management #sourcing

The country where a luxury Tesla has become the budget option

https://www.cnbc.com/2018/01/30/norway-where-the-electric-tesla-has-become-the-budget-option.html

Categories
BLOG - Risk For Competitive Advantage

My first blog about the business of risk, sort of…

Thank you for stopping by!  With everyone competing for a slice of your precious time I’d just like to say, “thanks”.

This being my first official blog I thought I’d briefly explain the goal of the blog.

First, a background in risk.  The “business of risk” is a term I used to describe the field of uncertainty, risk, and opportunity.   It’s big, broad and vague.  It encompasses everything from technology to risk programs to business strategy and critical decision making.  The discipline relies on data, analytics, methods, software, process, special skills, policy, and technology platforms.  Here’s one definition:  The goal of risk management is to efficiently and comprehensively minimize exposure while maximizing the opportunity provided by understanding uncertainty.

Uncertainty is the unknown, whether it leads to positive or negative outcomes.   Risk measurement is the process of assigning possibilities to probabilities in an attempt at clarifying uncertainty.  This is only possible when the data is available and the methods we used to measure are proven and repeatable.   Risk management on the other hand typically refers to the endless stream of functional or topic based programs (ERM, BCM, EHS, ER, CC, CM, QM, QC, Cyber-security, physical security, K&R, compliance, and on and on) used to implement the policy in the most efficient and effective way.

Next, a discussion about purpose.   Although many consider risk management a discipline on to its own the reality is that its purpose is to support the business strategy and critical decision making.  Taking risk is a necessary, foundational principle of business – you take a risk and expect a reward.   Take bigger risks and yes, expect bigger rewards or positive outcomes.   However, what if the person taking the risk does not possess the insight into the potential consequences and opportunities of that risk if it materializes?  What if the decision maker has the insight but ignores it and proceeds recklessly; i.e. they put the pedal to the metal and proceed without considering the potholes, weather and road closures?

Risk versus reward, a saying that you’ve probably heard hundreds of times.  Maybe it would be better stated as reward versus risk.  The fact is that for risk to be present there must a need and a way to fill that need that is both profitable to the customer and the business creating it.  A risk is inherent in every decision, there is no way to know every outcome.  However, an opportunity exists if we know more about the potential outcomes than our competitors, suppliers, producers, and customers.

Finally, why blog and the goal.  My goal and passion are to bring greater value and purpose to the concept of uncertainty navigation and risk management.  But the value I intend to bring is not defined just in terms of the risk management professional or business leader.  It also includes how the market defines value; i.e. customers, investors, communities, suppliers, producers, competitors, regulators, and those thinking about entering the market.  The goal is to address the practical reality of the topic, i.e. what happens not just in words but in actions.  It includes connecting risk, in a more measurable way, to the business goals; creating value and growth, gaining competitive advantage, achieving profitability through sustainable performance.  A mouthful but certainly the only way that true “value” can be derived from your risk investments.  With your help and feedback, we will get there.

“We cannot direct the wind but we can adjust the sails”  – Dolly Parton