Tag Archives: risk management

Suppliers: Who And Where Are Your 1%?

You might think that your most strategic suppliers are the ones you spend the most with. But supply chain crises may shine a light on which suppliers are actually strategic.


Modern-day supply chains are truly global, highly complex and getting longer and longer. 20 years ago, most of a company’s suppliers were probably within a very short radius. Today they could be on the other side of the world.

The reality is that organisations have more difficulty than ever keeping track of their entire supply chain – from Tier 1 all the way down to the smallest supplier organisations. This poses enough challenges for organisations when it comes to issues like environmental performance or modern slavery, let alone with supply chain efficiency or continuity of supply.

With so many suppliers to keep track of, organisations have to make decisions about who their strategic suppliers really are. Traditionally, organisations (and their procurement departments) have fixated on the suppliers with the largest spend volumes. In reality, they should be most concerned about a supplier’s risk profile.

This risk profile is thrown into light at times of crisis in global supply chains. This may come from volcanic eruptions disrupting global flights and travel, or from a global pandemic, such as COVID-19.

What Does the 1% Look Like?

All suppliers are unique, bringing different things to an organisation beyond the goods and services they provide. When assessing which suppliers to manage as ‘strategic’, procurement departments have traditionally focused on their visible suppliers. This usually is defined by spend profile and determined using traditional methods such as the Pareto 80:20 principle.

However, it’s the less visible, hidden suppliers that are often the most strategic. These are the 1%.

This group is made up of the suppliers who are easiest to ignore as they supply something low-cost and apparently trivial to the organisation. In truth, this trivial component may be manufactured from an expensive or rare raw material, be a proprietary item, or come from a supplier who has a monopoly or dominance in the market. Despite this item costing very little, the likelihood is that it is difficult, if not impossible to replace. This makes the potential impact on the supply chain huge should the supplier fail to deliver.

Assessing these suppliers using another procurement favourite, the Kraljic Matrix, they would fall into the ‘non-critical’ or ‘bottleneck’ categories (see below).

Figure 1 – Kraljic Matrix via Forbes.com

However, in many cases, the risk aspect of supply is downplayed or removed entirely, leaving the focus solely on profitability. This is where the issues with your 1% lie.

The Role of Technology

In times of supply chain crises, every supplier – even your ‘transactional’ and ‘bottleneck’ suppliers – need the same attention in order to ensure you’re not missing something. What may have once seemed like an impossible and highly inefficient task has been aided considerably by the advancements in procurement solutions and technology.

Organisations have gone from a reliance on their transactional systems, such as their ERP, and the knowledge and experience of their procurement teams to manage their suppliers. This has left organisations exposed through a lack of data to define and manage strategic suppliers, as well as the loss of knowledge when people leave to join another organisation.

Procurement technology and solutions have developed to the extent that they can help provide the necessary foundation for tracking an entire supply base. This has moved the profession from a position of weakness, to a position of strategic responsibility. In the current climate, people are now actively talking about supply chains and procurement’s role now and in the future.

Therefore, the profession cannot undermine itself by failing to manage its 1% effectively. Even big organisations, with highly developed supply chains can be caught out, as we can see below.

Real World #1 – Keeping Supplies Zipped Up Tight

The fashion industry has taken some very public, very high-profile hits for its supply chain. Organisations have a uniquely complex situation to contend with – finding suppliers who are flexible, reactive and usually low cost on one hand, while on the other ensuring that the highest ethical standards are still achieved.

Suppliers can frequently be small, family-owned and geographically challenging too. However, you might consider an everyday item on many items of clothing a product of a 1% supplier – the zip.

You might overlook it, but a zip is a critical item for manufacturers and designers. The market is dominated by two major suppliers, YKK and SBS, but there are other players there too. However, the majority of these are geographically focused in Asia – specifically Japan and China. Switching supply is unlikely to be easy, so all it takes is a supply chain crisis in this region, say a lack of key raw materials or alloys for production, and supply could be disrupted, without viable alternatives.

Low value compared to other items in the fashion design process, but very high risk.

Real World #2 – Bearing the Risk

Manufacturing is another industry with highly complex and multi-layered supply chains to manage. In automotive manufacturing, supply chains have moved towards the ‘Just-in-Time’ method pioneered by Toyota, making continuity of supply and supplier reliability critical at all times. It’s no use having 99% of the parts available to use, when the 1% is stuck in its factory, two tiers down your supply chain.

As such, a greater focus on quality over price is required, but even this is not fool proof. Fiat Chrysler announced in February that it was halting production at one of its factories in Serbia as it couldn’t get parts from China. Manufacturers who would traditionally hold minimal stock to remain competitive and agile are faced with a situation where that very strategy could pose a huge risk to their organisation.

As the impact of COVID-19 related factories closures around the world continues to grow, even large manufacturers may actually stock out before there’s a chance to re-align. And these items could be as simple as ball bearings for wheels – very low value, but huge risk at this time.

De-risking the 1%

Is there a solution that overworked procurement professionals can take advantage of in the face of a supply chain crisis? When it comes to supplier risk, there are a number of actions that may be taken immediately in order to reduce this.

According to KPMG, these can include setting up a response team to manage the flow of information across key stakeholder groups, reviewing key contracts with customers and suppliers to understand liability in the event of shortages, and conducting a full risk assessment to provide a list of actions to take, which may include shortening supply chains and assessing alternative options.

In the long-term, however, the focus needs to be more on supplier management and the creation of truly ‘strategic’ relationships, built on risk profiles rather than value. This should be done across the entire supply chain and aim to go down through the various Tiers that exist in it. This is defined as ‘Holistic Supplier Management’, a concept explored in more detail by JAGGAER in their latest whitepaper.

JAGGAER’s research uses a similar model to the Kraljic Matrix for supplier positioning, but with the key difference that it focuses on risk and cost to the business (rather than cost of supply) in the event of supplier failure.

Figure 2 – JAGGAER Supplier Positioning Matrix

A concept is all very well but being able to deliver Holistic Supplier Management and manage suppliers on risk and cost requires being able to access data on current performance, the impact of an individual supplier on your organisation, as well as the value that they deliver. This is where technology comes to the aid of procurement and it’s what is offered within the JAGGAER Supplier Management solution.

The solution not only provides the data and analysis that is required by procurement for key decision-making, but also gives a deeper understanding of suppliers to help construct better contracts that deliver greater value to the organisation. By using technology like this, procurement can effectively and efficiently de-risk their supply chains, keeping them better prepared for managing crises when they inevitably hit.

Don’t Get Caught Out

The key message, as every procurement professional knows, is that good communication is key to maintaining a strong and stable supply chain. However, as supply chains grow more and more complex, geographically dispersed and multi-tiered, individual procurement professionals and departments need to make use of all the resources at their disposal.

Holistic Supplier Management can help procurement be better prepared, mitigate risks and start to understand what strategic procurement and strategic suppliers really are. You can find more information on the JAGGAER website, or by downloading their latest whitepaper, ‘How To Achieve Holistic Supplier Management: Orchestrating Supplier Management for Maximum Benefit’.

No matter how safe you think you are, how stable you believe your supply chain is and how strong your links are with your strategic suppliers, there is always an inherent risk within that 1%. By being better prepared and truly understanding your supply chain, you can avoid being caught out in time of crisis.

Storm Warning: Where Is Supply Chain Risk Management On Your Radar?

If there’s one thing this crisis has taught us, it’s how quickly things can change overnight. Don’t think we are out of the woods, just because supply chain risk has declined. Our community has never been more vulnerable.


After spending half of 2020 fighting off the virus in more ways than one, it seems as though we’re becoming immune to its detriments. Yet, as our Supply Chain Confidence and Recovery Index revealed, there’s still a great amount of looming uncertainty. Despite the recent universal decline in supply chain risk, our community has never been more vulnerable.

Publication of our Supply Chain Confidence Index, quickly followed by riskmethod’s Risk Report has created a “perfect storm” of data to show that now, more than ever, we need to be vigilant and proactively address supply chain risk.

Aside from the obvious pandemic outbreak risk increase, which riskmethods reports is 34.7 times that of 2019, changes are impacting virtually every aspect of business. Some of which include:

  • A major increase in cyber security risk-related warnings, stemming from the transition to working from home
  • Substantial growth in risk associated with labor practices and human rights, as well as employee stability
  • A 26% increase in natural hazard risk

And with lack of visibility into supplier and geographic risk topping the list of lessons learned from COVID-19, it’s clear our job here is not done.

Putting out the fire  

The lack of visibility, data and agility acted as an accelerant, enabling the disruption to spread like wildfire from supplier to supplier. Procurious found that:

  • The hardest-hit companies were more than 50% likely to have multiple key suppliers go out of business due to COVID-19  
  • 30% of CEOs had a supplier declare Force Majeure
  • 65% of organisations were forced to source alternative suppliers for affected categories

Consider all the ‘prepare for the second wave’ and ‘the worst is yet to come’ talk a storm warning. The weatherman may not be 100% accurate, but it’s almost always a matter of when and to what extent, then whether it will happen at all. We need to keep supply chain risk on our radar.

Not only did our research indicate supply chain and procurement leaders are still bracing for peak impact, the riskmethods 2020 Risk Report predicts more damage to come, as supplier financial distress risk was 105% higher in May than the beginning of the crisis.

Most economists expect a second wave of bankruptcies – with one recognised expert predicting the amount of large bankruptcies (at least $100 million) will challenge the record set after the 2008 financial crisis.

So, how do we avoid another disaster? This year, riskmethods reported a 34% increase in early supply chain disruption warnings compared to the same time period in 2019, including: 

  • A 151% increase in disasters at partner sites
  • A 100% increase in disasters at location
  • A 45% increase in instability in key employee positions

This urgency placed around supply chain risk management should not be viewed as negative. The newfound spotlight gives our profession the spotlight we need to expedite critical decision making and drive real change.

While the extent of the impact of COVID on our supply chains is no longer surprising, the disruption offers a clear and urgent call-to-action for global organisations to rethink and rebuild supply chain risk management strategies from the ground floor.

Our Index showed that failing to invest in SCRM was the No. 1 technology regret during COVID-19. The majority of respondents (73%) are planning significant procurement and supply chain strategy shifts. For many, this means increased investments in supply chain and procurement technology. The emerging and Industry 4.0 technologies that show the most promise for mitigating future supply disruptions include:

  • Predictive analytics
  • Machine learning
  • Robotic process automation
  •  Internet of Things
  • Additive manufacturing and 3D printing
  • Blockchain

We still have a long way to go before we even determine what ‘business-as-usual’ will look like—never mind reach it again. And when that happens, remember: the worst thing to do when it comes to supply chain risk management is nothing at all.

Join us and riskmethods on Tuesday, July 28 as we reflect on lessons learned and continue crowdsourcing confidence with fresh data from the frontlines. Register now.

How to Manage Supply Chain Risks From the Coronavirus Outbreak

Are you being proactive in managing risks to your business from the coronavirus?

supply chain risks


The death toll from the coronavirus has reached more than 2,800 and the number of confirmed cases has exceeded 80,000. 

Beyond the enormous human toll, the effects of the coronavirus and the efforts to control its spread are being felt throughout the world’s supply chains. 

Factories in China are facing staff shortages. Or they are electing to remain closed to protect their workforce. Airlines have suspended flights to China. 

However, there is an indirect result of the necessary steps being taken to contain the outbreak. Restrictions and regulations designed to control the spread of the virus could have an adverse impact on cargo leaving and entering ports all over the world. 

Delayed Effects

And while some of the impacts have been immediate, other latent effects will not be felt for months.

This will hit:

  • manufacturers and retailers who rely on affected products and labour
  • logistics haulers expecting to transport the material
  • and, ultimately, the end consumers.

This crisis demonstrates the increasing complexity – and global nature – of supply chains and the imperative need to manage risk within this complex supply chain. 

Compare the current outbreak with that of SARS in 2003. It is striking to see how quickly coronavirus has eclipsed SARS in the number of infections. It took the coronavirus only 2 months to infect 75 per cent of the total number infected by SARS over a 9-month period. 

The crisis also shows how much China has developed in terms of population and establishing itself as a key cog in the world’s economy.

There is a danger of coronavirus becoming a major global issue if not controlled closely. So, what can organisations do to prepare themselves for these impacts?

Many leading organisations have developed programmes to manage and deal with supply chain disruption. But this situation is a unique challenge for even those organisations with advanced risk management programmes. 

Regardless of the level of sophistication in an organisation’s risk programme, all organisations can take steps to monitor their supply chain. This will help them to for the impacts of the epidemic.

3 Key Steps to Manage Risk

1. Know where your supply chain is located

Identify those countries that are currently at high risk and map your supply chain against these affected areas. This mapping should include evaluating key tier 2 and tier 3 suppliers as well as key logistics hubs that could be impacted.

2. Continuously monitor changes

Understand that the crisis is still unfolding and the true impacts from a supply chain disruption perspective may not reveal themselves for months. Establish a process to monitor other regions outside the infected areas that could be impacted.

Are ports outside the infected areas being impacted through disruption or through new regulations to protect against transmission of the virus? Are suppliers struggling financially without access to the Chinese markets, jeopardizing their viability?

3. Diversify the supply base

Like a financial portfolio, look for opportunities to rebalance and diversify the supply base to minimize the risk and take actions to qualify these suppliers in the event they are needed.

Need for Proactive Risk Management

This crisis underscores the need for organizations to establish and maintain effective proactive risk management programmes for their supply chain. 

It is impossible for organisations to anticipate these types of outbreaks. But an effective risk management programme, complete with processes, tools and data can lessen the impact. And the time it takes an organisation to recover.

Learn more about the challenges and steps necessary to build an effective and proactive Supplier Risk Management programme in this research “Integrated Risk Management: A Playbook for Procurement” from The Hackett Group.

Procurement Will: My Takeaways from the Big Ideas Summit

The best insights in the world are no good if nobody acts on them. Time for procurement to follow through with some great, Big Ideas.

Photo by “My Life Through A Lens” on Unsplash

Last week, I had the pleasure of hosting a room full of some of the top procurement professionals in the country. This wasn’t just any old networking event though, it was the Chicago Big Ideas Summit. Not only were we inundated with interesting speakers and lively discussions that inspired us to keep pushing the boundaries of what procurement can do, but we were able to make new connections and let our hair down with our peers.

While we expected to be challenged and excited by the ideas shared, nothing could have prepared us for how much fun the day turned out to be.

As procurement professionals, we have an important role in driving change in the world around us – both locally and globally – and these changes are about so much more than saving money.

While I have enough notes from the day to fill a book, here are three of my biggest takeaways from the Chicago Big Ideas Summit:

Procurement must become the knowledge centre of an organisation

With the reach of procurement growing every year, defining where it sits within an organisation can be a challenge. Strong cases can be made for both operations and finance, but as risk management rises as a crucial pillar for the profession, procurement is increasingly becoming known as the knowledge centre of an organisation. As Justin Crump, CEO of Sibylline said, “The best insight in the world is no good, if nobody acts on it.”

With unique insight into potential and emerging threats including environmental, political and social issues, it’s the procurement professional’s responsibility to not only understand how to navigate these risks, but to share them with the rest of their organisation to ensure swift action can be taken.

Pat McCarthy, SVP & GM for SAP Ariba and SAP Fieldglass, agreed that harnessing this information network is crucial to the future of procurement. “Information and insights light the way for procurement to add value.”

With oversight of risk, slavery and cost to data and solutions, we need to be able to share and integrate this knowledge into our organisations to truly demonstrate the value of effective procurement.

How do we invest in the future of procurement?

The war for talent is underway and with many coming to the profession through alternative channels, we need to be constantly thinking about how we can attract and retain the right type of talent. As Professor Moran Cerf told us, “We might be the last versions of humans that will train the brain to think differently due to technology.”

That means that not only do we need to ensure we’re hiring people who understand and can develop alongside the evolving technologies, but we need to be conscious of emerging soft skills and emotional intelligence to help the next generation of procurement professionals succeed.

We have top talent in the United States, but we need to help unleash them from “inside the box” thinking to ensure we’re working together to innovate and solve emerging issues of the future.

Our panel discussion lead by Dawn Tiura, President and CEO, Sourcing Industry Group, discussed how the procurement professionals who prefer the ‘beat up and buy’ sourcing mentality have become irrelevant, and we’re now more interested in talent who can demonstrate their Adaptability Quotient (AQ). The ability to demonstrate agility, be naturally curious and respond to change will all be crucial going forward.

Supplier and Stakeholder Partnerships are Key

This might not be the most mind-blowing concept in procurement, given that maintaining relationships with stakeholders is at the core of what we do, but how we work with our suppliers in the future is going to be the key to success.

Diego de la Garza, Director of Source One, said, “We need to know the problem we are trying to solve, then facilitate the process between stakeholders and suppliers to create ideas that will solve that problem.” That means that we must let go of the idea that contract negotiations and supplier relationships are about beating down the price and embrace the partnership style of working.

“Reliable supply chains give you control over the unknown,” said Bradley Paster, VP North American Sales, riskmethods during his presentation. The most effective way you can ensure you have a reliable supply chain is by working with your suppliers and stakeholders to add value, solve problems and innovate to find a better way forward.

Value will always drive buying decisions, but the true value of procurement can be measured beyond cost and working with our stakeholders can ensure we’re adding value not just to our bottom line, but to the improvement of our global community.

As Jamila Gordon reminded us in her closing speech of the day, there is hope. The future is bright and procurement is the key for driving great changes in our world.

Feel like you’re late to the party? Or did you just get swamped and weren’t able to tune in on the day? Well, fear not, you can still access all the great content, videos, keynotes, presentations and all the discussion in the Big Ideas Summit Chicago 2019 Group! By clicking here, you can join the group and catch up when it suits you.

Ignore Supply Chain Risks… At Your Own Peril!

Despite the general consensus that risk management is important, recent studies have found that many companies still have a long way to go and a lot of work to do…

By Wallenrock/ Shutterstock

“The Supply Chain stuff is tricky!” – Elon Musk at Code Conference in 2016.

When someone like Elon Musk says that something is tricky, it means something! The examples that Musk mentions in the video show that modern supply chains are becoming more global and more complex. This complexity also leaves organisations exposed to more risks because the current business environment is characterised by VUCA (Volatility, Uncertainty, Complexity, and Ambiguity).

The uncertainty surrounding Brexit aside, other recent events, like growing tensions with China and Iran, are daily reminders that today’s global business ecosystems are precarious. And it’s not just the potential for international conflict and instability that is making business riskier. Many countries have also introduced new regulations on sustainability (modern slavery, conflict minerals), or diversity, which add new risk factors in terms of compliance.

Make Risk Management Part of DNA

Between business continuity aspects, legal or normative aspects, and protection against a public backlash whenever malpractice is discovered in an organisation’s supply chain, there are more than enough reasons to make risk-management part of a company’s DNA.

Despite the general consensus that risk management is important, recent studies have found that many companies still have a long way to go and a lot of work to do.

Some of this work should include building better relationships with suppliers and colleagues. As I mentioned in a previous article, these relationships can play an important role in helping companies identify and mitigate certain types of risk — but not all. In addition to being on good terms with suppliers, companies will need to cover many other aspects to manage risk effectively and protect themselves.

These days, procurement organisations cannot afford to ignore leave risk management off their list of top priorities. There are many reasons for this. Here are three of the most important ones.

Reason #1: Risk is everywhere

I don’t want to sound alarmist, but we live in a troubled and complex world. There is no shortage of events that could jeopardise and/or disrupt a business, potentially impacting their profitability, business continuity, image, and reputation.

Protecting your business from these disruptions is challenging, because they can originate from so many different sources. Natural disasters, accidents, social events, changes in regulations, intellectual property infringement, quality issues, and attacks on cybersecurity are just a few examples.

“Governments are also taking action by engaging in an escalating global competition to maintain and improve national competitiveness in the 21st-century digital economy. […]. While such cross-border competition is by no means new, the geopolitical undertones in this battle for dominance raise the risk that the digital economy will continue to fragment, complicating global supply chains and the operations of international companies, and acting as a drag on economic growth.”

A.T. Kearney in Competing in an Age of Digital Disorder

Another key factor is that our world is changing faster than ever. Just look at the political, technological, and societal changes that have taken place in the past few years; many of them fuelled directly or indirectly by the impact of digitalisation.

As a consequence, the lifespan of companies is shrinking, year over year, as illustrated by the evolution of lifespan of companies in the S&P 500 index. All organisations are in danger, not just the large ones, and that includes your company and the companies you buy from.

Survival Through Prevention

Despite this reality, risk management has been a relatively passive domain for a long time, and it has frequently (and problematically) been equated with crisis/incident management. People were looking into risk management after an event had already happened; i.e., too late!

This was because the world of yesteryear was more stable and pretty predictable. In today’s world and in the future, the accelerating pace of change and the expanding globalisation of the economy mean that anticipation is crucial.

The risk management of today and tomorrow is about survival and making the right procurement decisions, which requires procurement to think about what “comes after” and how certain choices can make a company more or less safe in the long run. Prevention is better than cure!

“[An] enterprise is facing increasing danger that key sourcing decisions will prove uneconomic sooner, and with more damaging consequences than would normally have been anticipated by risk equations that presumed the older supply chain model. Starkly put, the odds of supply chain disruption are growing and will grow even greater in the future.”

CSCMP’s Supply Chain Quarterly

Obviously, what represents a risk depends on many factors and varies from one company to another:

  • Companies in B2C may be more vulnerable to risk related to their image and their reputation. If something happens that jeopardizes either of these, their brand could suffer.
  • Companies or organizations from the public sector and/or selling to administrations may be more vulnerable to regulation changes.
  • Standards/regulations regarding fraud and ethics may also vary from one sector to another.

Reason #2: Black swans are not an excuse to ignore risks

“Everybody has plans until they get hit.” -Mike Tyson

Anything can happen, even a shootout at the Mexican border, as told by Musk in his interview. Such “black swans” exist, and planning for the seemingly impossible is another lesson learned from “Best in Class” organisations regarding risk management: being prepared for problems enables companies to react faster to unforeseen events. They become anti-fragile!

It’s true that, by definition, risks reflect potential future disruptions. The goal is to foresee them and define ways to reduce the probability that such events ever happen and/or to reduce their impact if they do happen. Unfortunately, there is no crystal ball for Procurement; no one knows for sure what the future holds.

The only solution is to imagine different scenarios for potential problems. These scenarios can either be based on experience (problems that already happened to other organisations) and based on brainstorming (a.k.a. risk identification).

This may sound like daunting work, but it’s worth it. Organisations that have invested time and energy into identifying risks, assessing them, and defining ways to mitigate them are better at managing incidents they did not anticipate.

Reason #3: Supply chain issues are costly

There is no universal “best practice” recipe per se; only best practices in a certain context. But, what is certain is that not taking care of risk can be costly.

A 2018 study by the Business Continuity Institute and Zurich Insurance Company examined the financial impact of supply chain disruptions. The findings revealed that not only disruptions have a cost when they occur, their effects can do lasting damage. It takes months to recover and, in many cases, there is no full recovery!

So, in the war against risk, being prepared, defining various scenarios and recovery plans/actions, having the right skills, and the proper technology makes an organisation more resilient and more agile when something unexpected happens because:

  • they can re-use a predefined recovery plan
  • they have the processes and governance in place to act and decide fast
  • the people in the organisation have risk management in their DNA

Want to get your wheels turning towards a supply chain career one could only dream of? Then don’t miss our upcoming Career Boot Camp with IBM – a free 5-part podcast series with some of the very best of the best. Check it out here: https://www.procurious.com/career-boot-camp-2019

Are you Effectively Mitigating your Automation Risk?

Procurement’s new direction comes complete with a number of new risks to consider. And automation accounts for a few of them.

Photo by Alex Knight on Unsplash

For several years now we’ve heard the same message – procurement is going to become more strategically focused in organisations. One of the key enablers cited in this change is technology and the increasing automation of transactional tasks to help free up time and resources.

But technology and automation bring their own challenges, not least the impact of dealing with the ever-increasing issue of cybercrime and third-party risk. And, as I’ve said before, despite knowing about it, few CPOs if any have a full grasp of the risk present throughout their supply chain.

It’s not just technological advancements that represent a key risk, but also the role of technology in the changing nature of work. Being educated and aware of these risk factors will help put mitigation strategies in place. But it will come down to how well risks are managed when it comes to understanding the impact of any future major risk events.

I’ve selected three areas linked to technology and automation that procurement must be mindful of as they take their new strategic direction.

Third Party Risk Management & Personnel

Technology has helped to drive and support the rise of the gig economy. A 2018 report estimated that over one-third of US workers (36 per cent; 57 million people) were part of it. It may have started smaller, but the gig economy has grown beyond the names traditionally associated with it, the like of Uber, Lyft, Deliveroo and Freelancer.com.

The attractiveness of the gig economy lies in greater flexibility on where, when and how people work. For organisations it means they don’t have pay all the costs associated with a full-time worker – potentially saving 50 per cent on rates by using a gig worker. This would even hold true in spite of recent legislation passed in the EU and in California regarding workers’ basic rights.

However, organisations may not realise that they are exponentially increasing their third-party, technology-associated risk. An estimated 90 per cent of hacks targeting organisations take place through an individual employee’s computer.

How can they be sure that the laptop or internet-capable device the worker is using is compliant with network security? Or free from viruses or malware? It’s not only the gig workers, but the employees too, with 87 per cent admitting that they use their own devices for work purposes.

How will organisations support the gig economy workers to carry out their tasks while managing their risk levels? It’s a question no-one has really answered yet.

Changing Skill Sets for Sourcing Professionals

An increasing level of automation in procurement will naturally change the skill set that sourcing professionals require to do their job. This will be seen in a move away from data and analytical skills, and an increasing focus on Emotional Intelligence (EQ) and soft skills like change management, negotiation, selling, presenting.

The question is what are organisations going to do with displaced employees? Do they have an ethical responsibility to retrain them, retain them or up-skill them to allow them to move on? Yes, EQ and soft skills can be trained and will come more naturally to some people. However, there will still be a number who have difficulty in moving into this new way of working.

In my opinion the key skill, even accounting for EQ, will be adaptability. With the speed of technological advancement we are now seeing, people have to be far more adaptable than they ever used to be.

It’s impossible to fight change – some people embrace change, others fight it, others are paralysed by it. People will struggle if they don’t have that adaptability as a natural barometer. It’s a much tougher skill set to train, but as technology continues to advance, it’s a risk that organisations need to be aware of.

Responsible Automation

Linked to this is the final risk factor I’ve chosen to highlight here – responsible automation.

Most automation is pretty obvious, for example, installing an ordering kiosk instead of a human for ordering fast food, or having self-service checkouts at the grocery store. What people don’t see is the impact on the low to mid-level managers, who lose much of their transactional and managerial work as a result.

They are at risk as much as the frontline employees, but this isn’t always considered. Organisations have the social responsibility to have intelligent automation, to consider this through the risk management lens and assess how their technology fits with the social agenda.

Being more socially responsible with automation will represent a dramatic change from the current situation. Organisations need to stop automating for the sake of it, only eliminating the transactional elements because there is good reason to do so.

By being too keen to automate, organisations lose site of the need to have humans in the process, which may in turn increase risk. Until such times as bots and AI have the EQ we discussed before, they will miss out on the human aspect of detecting fraud or seeing the human thought process behind decision-making.

This is a more responsible approach, but also, from a risk point of view, protecting organisations against the loss of the crucial human element in some tasks.

About the Author

Dawn Tiura is the CEO and President of SIG, SIG University and Future of Sourcing and has over 26 years’ leadership experience, with the past 22 years focused on the sourcing and outsourcing industry.

In 2007, Dawn joined SIG as CEO, but has been active in SIG as a speaker and trusted advisor since 1999, bringing the latest developments in sourcing and outsourcing to SIG members. Prior to joining SIG, Dawn held leadership positions as CEO of Denali Group and before that as a partner in a CPA firm. Dawn is actively involved on a number of boards promoting civic, health and children’s issues in the Jacksonville, Florida area. 

She is a licensed CPA and has a BA from the University of Michigan and an MS in taxation from Golden Gate University. Dawn brings to SIG a culture of brainstorming and internal innovation.

Dawn provided some great insight and thought-provoking ideas at the Big Ideas Summit Chicago 2019 this week. If you weren’t able to be there on the day and couldn’t get there as a Digital Delegate, don’t worry. You can still sign up to access all the great content by clicking here.

We are Living in Exponential Times

We are living in exponential times. While that fact makes it exceedingly exciting to be alive right now, it also comes with a lot of procurement related issues. Let’s examine a few facts, and see if you can realise where I am going with this:

  1. In 1984, there were 1,000 internet capable devices.
  2. By 1992, there were 1,000,000.
  3. In 2008, there were 1,000,000,000.
  4. Today it is estimated at 30,000,000,000.
  5. Last year, 4 exabytes (4.0 x 10^18) of unique information was generated, which is more than the previous 5,000 years in total!
  6. It is estimated that there will be 70 billion connected devices by 2025.
  7. NTT Japan has successfully tested a fiber optic cable that pushes 14 trillion bits per second down a single strand of fiber
  8. Technical obsolescence is accelerated with technologies becoming obsolesced in as little as 3 years!

The Exponential Risk in Your Tail Spend

Let’s talk about third-party risk management. In procurement we need to focus on getting the correct supplier/provider/adviser at the best total cost, delivering the right level of quality and service levels.

To most people, this means that we are living in exponential times. But to a procurement person it means “oh no, I need to look at all of my supplier relationships because of the possible threat of risk.” The issue with this logic is we don’t know what we don’t know. And that means we have probably done little to no research/cyber security/risk assessment on our tail spend, let alone on every supplier in our critical spend.

Most companies have entered into multi-year agreements with their critical spend suppliers. This is in an effort to secure the best total cost of ownership and allow ample time for their suppliers to retool, ramp up and to get to know them in order to meet their service and quality requirements.

Therefore, despite quarterly business reviews (QBRs), it can possibly be as long as one to 10 years since that contract and relationship has been assessed (if ever) for real third-party risks.

Getting to Grips with your Supply Chain

I speak with CPOs on a daily basis and every one of them admits that they do not have a perfect grasp of their third parties, let alone their fourth-, fifth- or sixth-level parties. When was the last time you asked a supplier (especially in the tail) if they ever subcontract? Or whether their third parties, or fourth, have been reviewed for cyber risk? Or any risk at all for that matter?

Do you know whether your fourth parties are using human slavery? If every device is updated for the latest virus check? Whether employees are charging their phones through their devices, or if they are permitted to insert USBs into their computers from an unknown source?

How do we know if our fourth-level parties have a proof of mining to avoid conflict minerals? When was the last time we even checked our own staff for complying with strong cybersecurity norms?

The Cyber Risks Within Your Organisation

Just recently at a convention for hackers, cables that looked like Lightning cables were modified with extra hardware that gave hackers remote access to devices. Here’s how they work:

“O.MG cables are indistinguishable from the real thing, and they even come with the iconic adhesive binding rings you’ll find wrapped around new Apple cables. The [modified] cables act normally, too, letting you charge your devices via USB or transfer files from your iOS devices.

Neither your PC nor your connected devices will ever notice that anything is amiss. Short of dissecting the cable to look for the extra hardware, the only way to detect that you’re using an O.MG cable is when you realize, after the fact, that your device was exploited.

And even if you happen to catch an attacker running a terminal window on your PC remotely, O.MG cables include a kill switch that disables the implanted hardware, thus destroying any possibility to track down the attack’s origins.”

‘These Dummy iOS Lightning Cables Let Hackers Remotely Access Your Devices’, Lifehacker, August 2019

Secure Apps?

Apple would have you believe that your iPhone is very secure, until you add your first app. For example, when traveling recently I downloaded an app to play Dominoes (the game, not the pizza). This is seemingly innocent, but since I was on a long flight, I actually read the privacy information.

Check out some of the following extracts from the Terms & Conditions and Privacy Information:

  • FM GAMES App is a gaming application that may utilise your personal data. You also consent to FM GAMES’s cookie policies, as described herein.
  • Types Of Data We Collect: We collect personal data and non-personal data about you.
  • Location and Distance Information: When you use the FM GAMES App, we will collect your location to determine your distance from other users (“Distance Information”) through the GPS, Wi-Fi, and/or cellular technology in your Device. Your last known location may be stored for the purpose of calculating Distance Information between you and other users.
  • Messages: When you send a message we may retain the message for archival purposes or as otherwise allowed by law.
  • Purchases: We collect information necessary to complete purchases. This may include, among other things, your name, credit card information, billing information, address, telephone number, and email address.
  • Third Party Tracking Companies: We may share your hashed Device ID, Profile Information, Distance Information, and demographic information with our advertising and analytics partners. These third parties may also collect information directly from you as described in this Privacy Policy.
  • Third Party Service Providers: We may share your Personal Data with third party service providers

When I tried to turn off location services, this was not allowed, so I discarded the app. If this is the case with a gaming app for my phone, can you imagine the angst my home screen caused our IT folks?

Would you know if you had been hacked?

If I charge my phone through my computer, imagine what I am opening up for hackers to get to? How many of you reading this are using public Wi-Fi? What about Starbucks, or at the airport? Many of us will pass through at least one on the way to the Procurious Big Ideas event.

Did you connect to the seemingly innocent Wi-Fi? Would you know if you were hacked? If you haven’t heard about the reporter whose email was hacked on an airplane while using the airline app while working on a story about the FBI and Apple, take the time to do so.

The hacker read nearly everyone’s email on the plane. They then pulled the reporter aside when they landed to discuss the security, or lack thereof, of his phone while using public Wi-Fi, even if was at 35,000 feet.

The Fallability of Passwords

If this isn’t enough, consider what anyone can do with your passwords. Take for example my login for Amazon. If you were able to see my screen while I was logging in, this is what you could do.

Then, if in Chrome, right click and click on Inspect.

By merely highlighting the password and writing the word “text,” you will see my password. It is that easy if someone is “looking at your email” as you are logged in.

So, there you go. This is my Amazon password and I have now changed it since I wrote this post (but don’t tell my kids). This is the most basic level of cyber protection you can get, but even at a personal level with my own “research,” we are so out of our league, especially when dealing with technology obsolescence.

In the era of BYOD (bring your own device) who knows what your staff is exposing your company to. If we take this one level further to our third parties, who out there is doing the exact same thing and exposing their company to the same risks I just showed you?

So, while we are going to discuss third-party risk management in my session at The Big Ideas Summit, this is just the icing on the cake. If I am just one of the hundreds of contractors, imagine what damage I could be doing to your risk profile.

The Art of Third-Party Risk Management

So, the long and short of it, we are living in exponential times and it is time we paid clear attention to all of our third-party relationships (and their third parties, etc.) along our supply chains or we are destined to be in for a large risk event. It isn’t a matter of if, but when it will happen. If technology obsolescence is happening faster all the time, then we need to stay educated and alert, not paranoid.

To overcome these obstacles, we need to have an effective third-party relationship management and framework. Successful third-party management programs should focus on the four cornerstones approach: contract and performance management, risk management, financial management and communication management. The risk aspect of the relationship framework needs to be addressed for both critical and non-vendor relationships, along with non-critical vendors.

I recently took SIG University’s Third Party Risk Management Certification Program and was amazed to learn how much risk we are exposed to within our contracts and the need for a strong third-party relationship framework with a focus on risk. For a framework to be successful, it must have strong governance and approved by senior management.

As a result of the 2008 financial crisis, there has been a renewed focus on the role of board of directors, the composition of the board, capabilities, accountabilities, and responsibilities for prudent acceptance and management of risk. This renewed focus has made it much easier to focus on third-party risk and to get strong governance in place to mitigate risks.

The most important lesson to leave you with is that third-party risk management is an art, not a perfect science. Having a framework in place to address and mitigate risk, escalate issues and seek resolution is the key to making strategic procurement decisions.

Learn more about procurement’s role in managing third-party risk by attending Dawn’s session at the Procurious Big Ideas Summit Chicago 2019 on Wednesday, September 18. If you can’t be in the room, there’s still time to register as a Digital Delegate. Find out more and sign up today!

About the Author

Dawn Tiura is the CEO and President of SIG, SIG University and Future of Sourcing and has over 26 years’ leadership experience, with the past 22 years focused on the sourcing and outsourcing industry.

In 2007, Dawn joined SIG as CEO, but has been active in SIG as a speaker and trusted advisor since 1999, bringing the latest developments in sourcing and outsourcing to SIG members. Prior to joining SIG, Dawn held leadership positions as CEO of Denali Group and before that as a partner in a CPA firm. Dawn is actively involved on a number of boards promoting civic, health and children’s issues in the Jacksonville, Florida area. 

She is a licensed CPA and has a BA from the University of Michigan and an MS in taxation from Golden Gate University. Dawn brings to SIG a culture of brainstorming and internal innovation.

Lessons In Risk Management: Unity Is Strength

In a digital future, relationships will continue to matter when it comes to risk management…

By View Apart/ Shutterstock

I recently attended a procurement event, and, over lunch, I had an interesting discussion with other procurement practitioners about supply chain risk management (SCRM). One of the people at the table stated that his organisation was not looking into increasing its SCRM capabilities because technology cannot help in preventing issues to happen. To reinforce his theory, he told us what had recently happened to his company. The factory of one of his key suppliers was reduced to ashes by a fire. That incident led to disruptions that, according to him, technology could not have helped preventing or mitigating the impact.

Even if it is true that SCRM technology cannot have a direct impact on the cause of incidents, it is not a reason to ignore potential threats and behave like an ostrich, sticking its head in the sand. The story above is one of the many examples demonstrating that organisations don’t learn and reproduce the same mistakes, again and again.

“Insanity Is Doing the Same Thing Over and Over Again and Expecting Different Results.”

Albert Einstein

SCRM technology together with SRM and Category Management can have an impact on reducing exposure by, for example, highlighting sensitive areas (single sourcing of critical components, suppliers in dangerous zones…). They also can help in reacting faster than the competition when problems occur. And there are many examples of that. However, there is more to it…

Being the customer of choice helps

During that same conversation, I mentioned another story I had read about as it was to some extent similar but with a very different outcome.

A buying organisation using a SCRM solution had received a notification that an incident had happened at one of their supplier’s factory. Therefore, the buyer in charge was able to

  • immediately contact the supplier to discuss with him
  • build a business continuity plan.

The immediate action was to have the supplier produce the component in one of his other factory that had some free capacity.

In addition to the speed advantage that technology provided, the buying organisation benefited from the good relationship he had built with the supplier. Because they were considered as a customer of choice, the supplier gave them access to possibilities that less preferential customers probably would never have had.

Get help from bigger than you

The story above reminded me of another one, with a different twist. I heard it a few months ago at a procurement conference in Czech Republic. A buyer (I will call him John) had in his portfolio a certain raw material. He was buying modest quantities of it but the material was nevertheless critical. Also, only a handful of suppliers were selling it. John knew that, in case of peak in demand, he would never be the one served first. In order to prevent shortages, he developed a clever alliance strategy.

John attended a fair where he knew that the major sellers and buyers of that raw material would be. Using the research he had done before the event and his observation skills, he connected with the big players on the buy-side of the market because he knew they would have better contracts and conditions that his. Conditions that would most probably integrate capacity agreements.

Months later, when demand peaked John did not contact his supplier to try to convince him to deliver to him; he knew it would be a vain effort. Instead, John reached out to a buyer (Bill) who he had met at the fair and with whom he had built a good relationship. He explained his situation to Bill. After listening, Bill explained that he could help because he had a contract that stipulates that the supplier must cover his needs as long as they vary within a certain range. As John’s needs were small in comparison to his, adding them to his would remain in the contract’s terms. After agreeing on the condition of this deal, Bill called his supplier to inform him that he would need larger deliveries. The supplier agreed and delivered the requested quantities to Bill who then forwarded what John needed.

In a digital future, relationships will continue to matter

John’s story has a particular resonance for me as I had lived a relatively similar situation when I was a buyer. But, I hadn’t done my homework like John, so I could not seek the help of a larger customer to help me. It took months and lots of efforts to recover.

These stories illustrate that Procurement professionals have to prepare for the worst and hope for the best. The fact that black swans exist is no excuse for not being ready! It also means that having the people, process, technology, and data to:

–                 identify weaknesses and risks

–                 build contingency and mitigation plans

–                 constantly monitor risk sources

These are the conditions for being proactive and not passive with regards to risks. Also, they should not forget the importance of nurturing relationships as business is human-to-human, H2H, (and no more B2B or B2C). At the end of the day, organisations having a competitive advantage are the ones that get the best out of their relationships with technology AND people; augmenting/enhancing each other.

Could You Afford To Lose $2 Billion In Sales?

What does digital transformation mean for the procurement and supply chain profession?  How will it help CPOs to mange risk in their supply chains?

By DimaPalich/ Shutterstock

The concept of digital transformation has been around for quite a while, ISM CEO Tom Derry argues. “In the late 90s we started doing reverse auctions and e-auctions. Not too long after that dynamic discounting began to enter the equation and FinTech platforms have also been around for a while. We’ve been embracing it but recently we’ve hit a pause in that innovation wave. And it seems like we’re on the brink of this next wave.”

How will digital transformation transform procurement and supply chain?

Digital transformation is the full impact or outcome of using data on elevated platforms to really reinvent what procurement and supply chain professionals are doing.

“In the source-to-settle process we typically identify 37 discreet steps” explains Tom. “And we think four technologies – procure-to-pay platforms, RPA, machine learning and IoT – will mean that all but eight or nine of those discreet tasks will be automated.” This, of course frees up time for humans carry out only the most important things like stakeholder management and supplier relationship management, the things that can only happen as a result of conversations between people.

Indeed, it is these soft skills that will galvanise the procurement and supply chain professions and make them step out into the future. When data is pointing you in different directions and the computers don’t know what to do, that’s when you step in.

Is supply management ready for change?

A recent survey revealed that only 6 per cent of CPOs possess the strategic leadership traits to lead digital and analytical transformations.

“I’d say there is a lot of discomfort. People don’t really understand the technologies we’re talking about and they don’t necessarily have the in-house skills,” says Tom.

“An interesting example is the technology that is currently being piloted in 30-40 per cent of large companies – RPA.” And yet most people don’t even understand what this technology is. “They think it means a robot from ‘lost in space’ when we’re actually talking about software code. The code fits into the gap between systems so imagine your ERP system, your spend analytics tool and any other systems you’re using. We’re typically trying to build reports by extracting data from these disparate sets of data, putting them in a data warehouse or a data lake, doing some analysis and running reports.

“RPA can automate most of that work so a human doesn’t have to go in and identify the data. RPA is good at doing routine, highly-defined processes.” This frees up the time of professionals so that, instead of spending half the day obtaining and cleansing the data, time can be spent on activities where there is real value-add. “The insights and the applications, for me, is the real opportunity.”

Selling the benefits of digital transformation

How does Tom advise managing those risk averse CPOs, who are reluctant to take the plunge with new technologies? Can you overcome that and sell the benefits to them?

“One of the biggest pay-offs for even the most risk averse CPOs is using digital tech to visualise the risk in your supply chain.

“I heard about a publicly traded pharmaceutical company in the states who did a risk analysis and claimed that anything less than $1M in spend is so small it’s immaterial. They wouldn’t even look at it. But it turned out they had $200,000 in spend on a coating for a consumer medication, which supported $2B in annual sales.

“[The plant in Japan that produced this coating] had a fire and they were at risk of losing all of these sales. If that doesn’t get the board’s attention, I don’t know what will. So when it comes to risk, that’s where the immediate benefits will be!”

When it comes to digital transformation, people know they need to be educated. “you have to get as smart as you can on what’s coming!” says Tom.

In our 10-part “Tuesdays With Tom” podcast series, Tom Derry discusses a broad range of critically important topics that every supply management professional should be across.

Listen to the full podcast here.

World’s Deadliest Supply Routes: Antarctica

Are you responsible for sending your people into danger? In a new Procurious blog series, The World’s Deadliest Supply Chains, we investigate the most high-risk supply chains out there…

By Thelma Amaro Vidales / Shutterstock 

The sight of 1900 rolls of toilet paper would not usually excite your typical urban dweller, but when the consignment supplies a remote Antarctica camp of 350 people for the whole winter it’s a case of unfettered joy and – of course – relief.

The most essential of household essentials was among the 3000 tonnes of provisions and equipment delivered by the chartered US vessel MV Ocean Giant to New Zealand’s Scott Base in January.

The supply drop – which can take up to nine days to unload – included 200 kilograms of coffee beans, 100 cans of peaches, a Toyota Landcruiser, two rowing machines and a triple-glazed window.

According to Antarctica New Zealand logistics manager Paul Woodgate, organisers need to think of everything the isolated community might need, including spare parts for water plants and heaters.

“We need supplies to keep the base clean, everyone fed and warm, and the water flowing,” he told Maori Television.

While routine, MV Ocean Giant’s delivery trip reflects the enormous task of supplying myriad human needs to the frozen wilderness.

While Antarctica might be known as the Lonely Continent, human activity abounds with no fewer than 36 permanent scientific and research bases operating there. In the summer months, many smaller facilities spring up too, all needing to be supplied by the mother camp.

Dangers lurks underneath every crevasse and ice flow, in an environment in which temperatures can fall to minus 90 degrees and winds can howl at more than 300 kilometres an hour.

As with Mt Everest, dozens of people have died on Antarctica’s icy expanses over the years – not just derring-do explorers but workers charged with ensuring the bases are supplied with thousands of items that city folk take for granted.

In 1976, 11 Argentinean airmen were killed when their plane crashed on a reconnaissance mission over Drakes Passage. In a tragic postscript, a helicopter dispatched to recover the bodies also crashed.

In 1971, a Hercules C-130 made a forced landing on a re-supply run to McMurdo Station (the US base on Ross Island that hosts Antarctica’s largest community).

No-one was injured. But the overseers of the US Antarctica program did their sums and realised that salvaging the aircraft would cost $US10m, compared with the $US38m replacement cost.

Seventeen years after it went down, the Hercules was fitted with skis, flown out and pressed into service once again. A testament, indeed, to the durability of the so-called ‘workhorse of the skies’.

As with the Argentinean incident a decade previously, the mission did not have a happy ending: in December 1987 two US sailors died when a different Hercules crashed, while conveying spare parts to the refurbished plane.

These days, the supply chain is made safer with technological advances such as GPS positioning, powerful ice breakers, carbon-fibre skis, freeze-proof laptops, satellite phones and sealed, all-weather runways.

But ‘safer’ is by no means ‘safe’, with many mishaps happening in more recent years.

In January 2016, helicopter pilot David Wood stepped from his aircraft and straight in a crevasse on the Western Ice Shelf, while on a routine mission to re-supply a fuel cache. He was rescued after four lonely hours, but subsequently died from hypothermia.

His death resulted in criminal charges being laid against Australia’s environment departments and a helicopter contractor.

To mitigate the ever-present dangers of Antarctica, governments are constantly stretching the envelope to make the complex logistics requirements that much safer.

In a breakthrough flight, a Royal Australian Air Force Flight C-17A in September 2017 supplied Davis Station from Hobart and then returned to the Tasmanian capital without landing at the base. The 10,000km round trip was made possible by a difficult mid-air refuelling exercise.

The plane air dropped nine tonnes of supplies – including fresh produce – to the base, which is inaccessible by sea from April to October.

Within the next decade, Antarctica’s logistics needs will only expand as more nations establish a presence there, if only to ‘fly the flag’ or with a view to claiming dibs on potential large oil and gas reserves in the future.

Most notably, China has established three bases and three airfields, reportedly spending more on its Antarctic program than any other country.

Six countries have territorial claims to Antarctica: Argentina, Australia, Chile, France, New Zealand, Norway and the UK.

But the Antarctic Treaty actually covers 53 countries, 29 having “consultative status”, which allows them to carry out research.

With 20 airports dotted around Antarctica, helicopters and fixed-wing aircraft are playing an increasingly prominent role – especially during winter months when sea access isn’t possible and roads on the continent are out of action.

“With more time and advancing technology, carrying goods to remote locations in Antarctica will only get easier,” says the Dubai-based Gulf Worldwide Logistics.

“The logistics industry is preparing for advancement in this continent over the next few years.” But again, ‘easier’ does not imply ‘safer’ and logistics operators perennially need to be alert to the dangers. Like the Emperor penguins, Antarctica is not the type of wild environment that can ever truly be tamed.

If you’d like to read additional related content or get involved with thought provoking discussions check out the Supply Chain Pros group – a one stop shop for all your supply chain need