Five Techniques to Manage Supply Chain Risk

This is an excerpt of the original article. It was written for the November 2017 edition of Supply Chain Management Review. The full article is available to current subscribers.

November 2017

There are strands of sustainability and corporate responsibility through much of this month’s issue. James T. Prokopanko, the former CEO and president of The Mosaic Company, details how corporate responsibility became his compass for leader ship when he took over the reins of the company back in 2007. Similarly, Joseph Ludorf, the executive director of supply chain for Cipla Medpro, details how revamping the planning process enables the South African pharmaceutical company to prof- itably supply drugs to underserved populations on the continent as part of its corporate mission. We round out the issue with five tips for intelli- gent risk taking in…

Browse this issue archive.

Already a subscriber? Access full edition now.

Need Help?

Contact customer service

847-559-7581   More options

Not a subscriber? Start your magazine subscription.

Risk has always been part of the supply chain. It's a reality inside and outside the four walls of any organization. It's no surprise then that as Enterprise Risk Management (ERM) programs proliferate, they have naturally begun to address anticipated and unanticipated events occurring both upstream and downstream in the supply chain.

Upstream of an organization are the suppliers who create goods and services used in a company's own operations. These include raw components or materials that flow into direct manufacturing as raw materials. There are also indirect products and services that facilitate the company's actual operations.

The downstream supply chain efficiently distributes a company's products or services to its customers. All contracted suppliers, both upstream and downstream, must be proactively managed to minimize financial, confidentiality, operational, reputational and legal risks.

You don't have to look any further than recent headlines to see potential fallout here. Did Equifax have proper data liability insurance coverage in place before 143 million accounts were hacked? And even if they did have coverage, how much was their reputation and customer account credibility damaged? This is still playing out, so not even Equifax management yet knows the impact of the risks taken.

Ideally, if risk is properly managed, nothing occurs that has a negative impact on operations or profitability such as what happened to Equifax, Samsung, Chipotle or any of the other companies that have seen their share price fall and their value erode following an untoward event. But, after all, shouldn't the point of an ERM program be to eliminate all supply chain and legal risk for our employers? The answer is an emphatic “no.” The only way to truly eliminate risk would be to never conduct any procurement or contractual activities using third-party suppliers. What private or public sector organization could operate that way? Not a one.

Instead, a rational objective for procurement and supply chain leaders should be to create a secure but high-performing supply chain. This is one in which risk can be minimized while value-added business relationships can flourish. Think of it as “intelligent risk management.”

I learned this lesson in one of my early corporate positions directing sourcing and contracting management activities for one of the world's largest companies. My boss included an interesting objective in my job description. He insisted that I develop a willingness/ability to take “intelligent risks” and then included it in my annual evaluation. You see, he realized that an overly aggressive approach to contracting management for our enterprise with 195,000 employees and 110 subsidiary companies worldwide could shut down our ability to be fast and nimble.

Along with his mentoring, I learned ways to execute well-researched business plans while properly managing risk, which made a huge difference in my career. My success was measured by balancing well-researched supply management saving initiatives with carefully thought out fallback plans. I knew my performance evaluations would suffer if I did not consistently push the limit of what could succeed in the supply chain arena—if I didn't take intelligent risks.

My boss often reminded me of something that professional hockey star Wayne Gretzky once said: “You'll always miss 100% of the shots you don't take.” During my last two years in that corporate role, my team was very successful in deploying this balanced approach, saving shareholders a quarter of a billion dollars and reducing external legal support expenses by nearly a million dollars annually, while not experiencing a single supplier lawsuit with a portfolio of several thousand sourced supplier relationships.

Now, on the surface, this all sounds good. Unfortunately, ERM is too often used as a weapon against procurement executives. They can be beaten down by their firm's own siloed ERM or legal groups and forced to develop and use cumbersome processes. Such precautions may give the appearance of diligence but in reality they actually reduce the company's ability to truly manage supply chain performance in a risk-averse manner.

Worse yet, this can create a culture with an outsized fear of failure. As a result, people:

• delay or avoid making difficult decisions;
• push responsibility onto others;
• fail to acknowledge/confront problems; or
• try and eliminate every conceivable chance of failure.

From a procurement and supplier relationship management perspective, examples of overly risk-averse procurement behaviors include:

• cumbersome or overly-restrictive approval processes;
• unwillingness to identify or “try” new suppliers, no matter how well-qualified;
• unwillingness to source from low cost country sources;
• an inclination to select established and bloated supplier organizations rather than investigating and qualifying best practice supplier firms that lead their sectors (ignoring billionaire Warren Buffet's comment about industry evolution that, “first come the innovators, then come the imitators, and then come the idiots.”);
• failure to empower user departments with user-friendly methods of ordering products and services;
• insistence upon excessive procurement involvement in low-value transactions;
• acceptance of excessive inventory levels for safety reasons; and
• failure to secure best pricing due to unwillingness to make long-term volume commitments.

It is now many years later and I'm privileged to work in the consulting realm with many world-class procurement organizations. The senior supply chain leaders I find most impressive are those who demonstrate a willingness to move forward with key supply chain improvement opportunities. These are people who are willing to take intelligent risks in order to generate profits for the bottom line.

So, what are key ways that procurement professionals can contribute to their organization's overall enterprise risk management strategy?

I suggest five supplier risk management techniques that make a significant contribution to ERM security. These are:

• innovation and efficiency in contracting management;
• strategic requirements for supplier insurance, indemnification and limitations of liability;
• provider optimization and redundancy;
• supplier financial stability visibility; and
• proper diligence in operational supplier assessment reviews.

All five are of equal importance to making intelligent risk work. They are even effective at dealing with so-called “black swan” events that cannot be predicted using normal methods of statistical analysis.

For instance, did Apple know that an earthquake and tsunami would shut down critical component supplier manufacturing facilities in Japan during 2011? Probably not. But accounts of their prescient negotiation of protective Force Majeure language in key supplier contracts apparently guaranteed Apple first right of resumption, mitigating the effects of that black swan event.

Make these five techniques part of your process and your company can be in a similar risk management position across the supply chain.

Technique 1: Innovation and efficiency in contracting management

How a procurement group approaches contracting management sets the stage for managing risk intelligently.

As an example, the firm I work for often assists leading companies in revising or creating strategic portfolios of pro-forma contract templates. Contract streamlining is an emerging trend and is the outcome of better understanding the significant cost of creating and negotiating old-style “legalese” contracts. Many of these are unnecessarily onerous—written in legal prose, lengthy, difficult to understand, one-sided protections and the like. But newer styles of contract design and wording enable procurement teams to have a dramatically-higher success rate of executing well-drafted agreements. Procurement contract portfolios are a great example of how legal risk can outweigh business balance, extending the contracting cycle time and procurement efficiency. Instead, many legal and procurement groups find that it is better to rely on concise and well-balanced contract documents that result in easier acceptance by suppliers.

Optimized processes and technology tools used in Contracting Lifecycle Management (CLM) also fit here. My team frequently performs reviews of how large enterprises manage their contracting processes and portfolios. They also sometimes find stunning gaps in the approaches that have evolved over time within company cultures.

One corporate example involved master agreements put in place by one company group. Then, another company group executed separate Statements of Work (SOW). But as our research showed, many of the SOWs expanded the list of services beyond those ever addressed by the master agreement, and thus lacked proper protection from the governing terms.

In one of these findings, the original master agreement only covered traditional delivery by ground trucking services. But a new SOW called for the use of a helicopter for the delivery and installation of capital equipment. The lack of aircraft liability insurance in the master agreement exposed the company to very significant risk.

During another engagement with one of the globe's ten largest privately owned enterprises, with more than 50 subsidiary companies, our team found sizeable gaps in process that frequently exposed the firm to legal risk. Simple to fix, but only when the firm's management understood the gaps and methods of fixing.

Technique 2: Strategic requirements for supplier insurance and limitations of liability

Use of any external supplier of products or services, either upstream or downstream, requires an evaluation of potential liability exposure. Every contract must address the three-legged stool of protections: limitation of liability, indemnification and supplier insurance. The last requires special administrative attention, but is frequently under-managed.

Suppliers should carry insurance for two reasons. First, it protects them from legal and financial exposure that could limit their ability to support contractual commitments. Second, it provides a buffer of protection to the procurement organization against direct or indirect claims from suppliers or other third parties that may be affected by contracted suppliers' actions or inactions. If a contracted supplier is allowed to utilize key subcontractors in the performance of services, those firms must also be required to provide insurance coverage compliance.

All too frequently, procurement groups fail to demand a properly executed and endorsed certificate of insurance (COI) from each contracted supplier before contracted actions occur. I'll admit, it's a pain to collect and properly review COIs from every contracted supplier. But studies performed by leaders in risk management groups indicate that 80% or more of initial COI submissions do not conform to the language in the customer's contract.

An even more frequent failure point is one of timing. Quite simply, a supplier's multiple policies of insurance will never expire on the same date as the contract itself. Failure to proactively ensure that each policy is renewed and continues in effect through contract expiration means that buffer of protection can disappear without the procurement organization's knowledge. Special risk occurs if the supplier switches policy types or insurance carriers when a policy expires, and the properly-worded endorsement of an organization as an “additional insured” fails to be implemented in the new policy.

Any procurement team that is proactively managing the three-legged stool of risk protection must have resources in place to proactively collect and knowledgeably review COIs. Fortunately, there is at least one new no-cost supplier risk mitigation resource that can do this at your supplier's expense. This model effectively outsources these reviews to a highly skilled team of professionals without any budgetary impact. The use of that type of outsourced service is dramatically better than trusting internal staff groups to perform this type of task, and provides superior visibility to this important area of supply chain risk.

Technique 3: Provider optimization and redundancy

As part of initial strategic sourcing and supplier selection, ERM principles should be employed to ensure that excessive consolidation of the supplier community does not occur. Too often, aggressive sourcing groups will push to award a contract to a single-source award contractor. That works fine until a disaster occurs, such as financial failure of the supplier or a plant shutdown.

Proper strategic sourcing works much better with a balanced supplier portfolio with either of two requirements. One is multiple plant or data center redundancy by the provider. This enables the provider to manufacture or perform services in multiple locations. The other approach is to segment the provider relationship across multiple suppliers in a primary and secondary contractual manner. This ensures sustainable supply chain operations even in the event of a failure in one production location.

Technique 4: Supplier financial stability visibility

In 2016, Han Jin Shipping, one of the seven largest maritime shipping companies in the world, announced bankruptcy and stopped operations that same day. Thousands of containers were literally locked aboard ships anchored in harbors or tied up at docks around the world. The impact was substantial. Han Jin processed nearly 10% of Asia-American container shipments. Furthermore, countless other shipments with other trade locations between other national trade partners were affected. The mess took months to sort out.

Most companies fail to have adequate visibility into the financial stability of their entire supplier community much less their key suppliers. Some companies do acquire financial reports from a leading provider on a case-by-case basis. However, the largest provider of these reports relies on data voluntarily submitted by the supplier company themselves, calling into question the accuracy of the data. They also charge a fee for their services, which is often beyond the budgets of most procurement teams.

The good news is that a new model for managing supplier financial stability has now emerged. It relies on predictive financial stability reporting that is provided by a major credit rating agency on thousands of potential suppliers. Much like the insurance COI collection services mentioned earlier, the availability of predictive financial stability data for a firm's entire supplier community can be outsourced without cost. The information is available in a Cloud information tool that warns procurement leadership of potential supply chain failure, providing highly positive ERM visibility to a firm's management team for free.

Technique 5: Proper diligence in operational supplier assessment reviews

When you were in school, you received report cards. There were three reasons for them.

First, report cards provided students with feedback on their educational accomplishment. Second, they provided parents with visibility into their child's performance. And third, report cards provided a useful reference tool for conversations between the teacher, parents and student about areas of potential improvement. And it worked. I'll be the first to say I would not personally have tried nearly as hard in school (all the way through college) if those report cards didn't keep showing up.

Far too many companies fail to provide their suppliers with any report card feedback on how they are performing. For most companies, the exceptional few suppliers that do receive any scorecard are a small fraction of those that don't. That is a problem. Any supplier that does not receive frequent feedback will probably assume that their performance is just fine even if it's not. And why shouldn't they?

Top companies are now separating their supplier portfolio companies into categories based on financial spend or assigned risk using techniques like the Pareto Principle.

It breaks out like this:

• Class A suppliers, the 15% of suppliers representing 75% of total spend;
• Class B suppliers, the 25% of suppliers representing 15% of total spend; and
• Class C suppliers, the 60% of suppliers representing 5% of total spend.

Using this type of categorization, a strategy of scoring and providing feedback can be developed.

At a high level, one very useful strategy is to automate score-carding and reporting to Class B and C suppliers using systematized data capture and reporting. Class A suppliers can be given report cards that contain more subjective scoring feedback data.

Often Class A and some Class B providers meet with the procurement organization much like the old parent/teacher/student model. The objective, of course, is to identify improvement opportunities and corrective actions for deficient performance. Typically, Class C suppliers are rated and moved up or out based on their ability to meet objective performance objectives.

It's worth noting that performance reports are only noted for the company under evaluation. However, an overall scoring matrix for a segment of suppliers can be shared with all to provide a benchmark for expected performance among suppliers.

Using these five Supplier Risk Management Techniques is a solid starting point for building a supplier supply chain that can greatly contribute to your organization's overall ERM strategy. Obviously, this is only the tip of the entire supplier relationship management iceberg; however, it is a huge improvement over the typical methodologies used by far too many companies to manage supply chain exposure.

Taking intelligent risks doesn't mean we can fail to carefully research and structure our supply chain decisions. Writer John A. Shedd said: “A ship in harbor is safe—but that is not what ships are for.” The same is true in supply chain management. If we don't take some intelligent risks, we're not going to provide maximum value to our employers.

SC
MR