Executive Briefings

How Companies Are Tackling the Challenge of Risk Management

A conversation with corporate thought leaders about the growing awareness of the need for a vigorous supply-chain risk-management effort, and how they're working to achieve that goal.

How Companies Are Tackling the Challenge of Risk Management

There's a strong sense among global companies that excellence in risk management is critical to their future success, as it relates to supply-chain continuity, customer satisfaction and bottom-line profitability. That hasn't always been the case, but a rash of recent incidents, from natural disasters to labor issues to peak-period congestion, has convinced top executives that they need to be conversant in the fundamentals of the discipline. In the following comments, excerpted from conversations between SupplyChainBrain and industry thought leaders at the annual meeting of the Global Supply Chain Resiliency Council in Palo Alto, CA, we learn of the steps that major companies are taking to achieve awareness and operational excellence in this crucial area.

Q: What were the big supply-chain risk-management challenges or pain points that you faced, before undertaking a renewed commitment to the issue?

Louis Ferretti, Project Executive – Global Procurement, IBM: What really changed the game was 2009, when [Russian President Vladimir] Putin cut off gas through Ukraine. We had suppliers and a plant in Eastern Europe, and were also purchasing from another supplier in the Middle East, where there was bombing going on. Our CPO was asked, "What are we going to do about it?" The answer was: "Nothing." We hadn't looked at the supply chain – we had just barely looked at the suppliers. At that time, our CPO said we were going to create an entire process and program to manage, assess and be able to mitigate the risk. He listed about 20 different things to be looked at, then asked me to put this program in place.

Michael Landberg, Strategic Global Sourcing Manager, Boston Scientific: In a highly regulated industry, as we are with medical devices, we were affected by the Japan tsunami. We could not figure out who our suppliers were in Japan. You'd think we’d know, but it took us a while. In the end, we weren't really affected, but it was a wakeup call for us to realize that we needed a better way to do this.

Lee Wolfe, Director, Supplier Quality, ThermoFisher Scientific: When I came over to NetApp three or four years ago, the first thing I did was look around and ask, What were we measuring? What were we looking for, in thinking about risk in the supply chain? It wasn't a common term then, at least with the culture internally. We were looking at minimal elements with regard to risk – for example, the end of life of a component, or whether something was sole-sourced or multi-sourced. That caught my eye. The first thought I had was, What if a supplier goes bankrupt? People are measuring risk in a different way, only looking at one or two elements. We decided that we needed to invest more in that, to look at other areas, especially the geographic locations of our suppliers and their financial health.

Matt Mills, Senior Program Manager, Global Supply Chain, EMC2: I guess I was pretty lucky, in that I didn’t really have a hard sell to do, around changing what we did in supply-chain risk management. We had recently undergone a management change at the executive level, and shortly after that experienced the Thailand floods and the Japan tsunami. We had a lot of issues around getting information on how we were impacted in the supply chain. We sought a solution in the market to collect more information and gain more visibility, to be able to react to things more quickly in the future. That drove the whole redesign.

Mills: We had a program that was assessment-based –supplier questionnaires and on-site audits. But we didn't have a lot of visibility around our Tier 1s.

Q: What processes and technical capabilities did you bring to bear on the problem?

Ferretti: We looked at the supplier, the supplier's site, the hub, the commodity and the region of the country. Then we had additional questions and indices for each of those unique areas. We built a tool to examine and bring to bear information that would help us evaluate the risk. Supporting that, we developed an impact-likelihood algorithm to give us a response for each category. The emphasis was on real-time alerts. We set up a process to collect this information, with a market intelligence team around the world that pulls the data. They know where our suppliers are; they funnel this information to the risk team, and we make a decision on what to do or not to do.

Landberg: We started off without any separate systems. Fortunately, we had some internal software and other tools that we were able to leverage, which pulls data out of our ERP [enterprise resource planning] system.

Q: Did you engage in any kind of supplier mapping?

Landberg: Yes. We knew that a world-class system goes way beyond your Tier 1s and Tier 2s. At the end of the day, with the Japan tsunami, it wasn’t about the Tier 1s – it was the Tier 2s and 3s that we found along the way. We were able to pull financial data that we already had. Even more importantly, we did it on an impact-to-revenue model. We had the bills of material, revenue and parts. We just had to build it and put it together. Once we did, it gave us great direction on where to look for critical suppliers.

Wolfe: We had to go through the long process of an internal audit, combined with external auditors, to see where we were most at risk. The first layer was our Tier 1s – contract manufacturers or EMS [electronics manufacturing services] partners. Then we took the next layer down – the hard-drive manufacturers, chip vendors and such. After that, it was a matter of deciding what we wanted to invest in.

Mills: We wanted to be able to take our parts, map them to supplier sites and then, when an event happened, easily assess the impact. The tool we found was key to that. Events only happen once in a while, but the rest of the time we can be assessing risk profiles, understanding where the weaknesses are, driving corrective actions and capability building, training our suppliers and coaching them to be better risk managers themselves. Which helps the whole system to become more resilient.

Q: Sum up the benefits of your efforts, from the time you began to today.

Landberg: We can quickly figure out if we're impacted. We're still on our journey – we've got our arms around it, yet there’s more work to do. We’re on the right path toward getting a more mature risk program.

Lee Young, Director, Supplier Quality, ThermoFisher Scientific: We're starting to see more collaboration with suppliers. We're talking more about supply-chain risk management with data. We’re able to tie in systems and tools, and look the impact of SKU rationalization on revenue.

Mills: We have the ability to drive a lot of metrics around our supply chain, to target mitigation at our highest-risk areas. We don't use inventory all the time; it’s one of the tools in our toolset, and we apply it where we need it. We found a lot of benefits from having visibility, not only in the supply-chain risk area, but in addressing things like social and environmental responsibility and reputational risk.

Q: What are your goals now?

Ferretti: We want to simplify the process. We have a very good one in place, but it’s somewhat cumbersome. We want to be able to automate it, to use analytics and cognitive computing. We have some programs internally that will help to give us a better outlook, with greater ease and fewer resources.

Landberg: To sell the program, and be able to get secure resources, when you don’t have a burning platform. Which is a good thing and bad thing. If you have a supply-chain disruption, you get a lot of resources, but your program tends to be focused on that one issue. Whereas if you don’t have a disruption, you can step back and get a more global approach.

Young: It's just a matter of rolling it out. The cloud will have some impact. Going to a mobile application will help. But it will take three to five years to roll out. We’ll be on the leading edge, which always helps. We'll also have insight into what we want to change. We probably do better supplier management from a performance standpoint than most. We pride ourselves on a lot of involvement with suppliers.

Mills: Supplier engagement. Getting suppliers to provide accurate data in the way you want, working with people internally to help them understand the data and why it’s important. It's the classic program-management challenge: How do I convince people to do what I want them to do, in a way that's best for our enterprise?

Q: In addition to these individual efforts, do you see an opportunity for industries and companies to work together under the aegis of such an organization as the Supply Chain Resiliency Council?

Ferretti: I do. Before, I wouldn't have said that, because there was such a lack of maturity and interest. You almost had to go it alone before you could build a consensus. Five years later, I see a tremendous level of awareness at conferences and forums.

Young: The life sciences vertical is very incestuous. Amgen’s suppliers are also our suppliers, and we’re suppliers to all of theirs. Sigma-Aldrich, a very large customer, is also a supplier of ours. We're all speaking the same language.

Landberg: I see a huge value in collaboration with other industries. One advantage is to see what other people are doing in the form of best practices that I can take from them. Comparing notes is very valuable. Talking with friends inside and outside the industry about how people are measuring will continue to evolve our program.

Q: How would you assess the level of risk-management awareness among companies in general today?

Ferretti: I am pleased and amazed to see the level of interest in risk management in the last five years. In large and small corporations, it has really taken hold. The thing that helped us turn the corner, even though we had put this thing in place in 2010, was the tsunami of 2011. It made believers out of people who weren't believers. Because we had the risk tool and process in place, we were able to quickly identify the number of suppliers, the types of commodities they made, and areas where we were single-sourced.

Wolfe: I see the level of awareness as being a lot higher than in the past. I base that on the number of potential job openings – not just listings on job boards, but people pulling others from different areas with that expertise. The market now has a strong demand for supply-chain folks who have this understanding. You can speak the language with other groups, internally in our company or elsewhere, and people get it. It's not just looking at two elements. If the supplier goes down, what is the impact to the company? People have a lot more patience and appetite to talk about their risk exposure.

Mills: It's definitely growing. A lot of companies are on our level in the supply chain. A lot of our peers are seeing more value in it. Where I don't see a lot of adoption yet is among our suppliers, particularly some lower-level, Tier-2 types. It's just a matter of time before that filters down. Once you get a critical mass up the supply chain, it's going to happen. It's definitely coming, and has a lot of momentum right now.

To view the video in its entirety, click here

 

There's a strong sense among global companies that excellence in risk management is critical to their future success, as it relates to supply-chain continuity, customer satisfaction and bottom-line profitability. That hasn't always been the case, but a rash of recent incidents, from natural disasters to labor issues to peak-period congestion, has convinced top executives that they need to be conversant in the fundamentals of the discipline. In the following comments, excerpted from conversations between SupplyChainBrain and industry thought leaders at the annual meeting of the Global Supply Chain Resiliency Council in Palo Alto, CA, we learn of the steps that major companies are taking to achieve awareness and operational excellence in this crucial area.

Q: What were the big supply-chain risk-management challenges or pain points that you faced, before undertaking a renewed commitment to the issue?

Louis Ferretti, Project Executive – Global Procurement, IBM: What really changed the game was 2009, when [Russian President Vladimir] Putin cut off gas through Ukraine. We had suppliers and a plant in Eastern Europe, and were also purchasing from another supplier in the Middle East, where there was bombing going on. Our CPO was asked, "What are we going to do about it?" The answer was: "Nothing." We hadn't looked at the supply chain – we had just barely looked at the suppliers. At that time, our CPO said we were going to create an entire process and program to manage, assess and be able to mitigate the risk. He listed about 20 different things to be looked at, then asked me to put this program in place.

Michael Landberg, Strategic Global Sourcing Manager, Boston Scientific: In a highly regulated industry, as we are with medical devices, we were affected by the Japan tsunami. We could not figure out who our suppliers were in Japan. You'd think we’d know, but it took us a while. In the end, we weren't really affected, but it was a wakeup call for us to realize that we needed a better way to do this.

Lee Wolfe, Director, Supplier Quality, ThermoFisher Scientific: When I came over to NetApp three or four years ago, the first thing I did was look around and ask, What were we measuring? What were we looking for, in thinking about risk in the supply chain? It wasn't a common term then, at least with the culture internally. We were looking at minimal elements with regard to risk – for example, the end of life of a component, or whether something was sole-sourced or multi-sourced. That caught my eye. The first thought I had was, What if a supplier goes bankrupt? People are measuring risk in a different way, only looking at one or two elements. We decided that we needed to invest more in that, to look at other areas, especially the geographic locations of our suppliers and their financial health.

Matt Mills, Senior Program Manager, Global Supply Chain, EMC2: I guess I was pretty lucky, in that I didn’t really have a hard sell to do, around changing what we did in supply-chain risk management. We had recently undergone a management change at the executive level, and shortly after that experienced the Thailand floods and the Japan tsunami. We had a lot of issues around getting information on how we were impacted in the supply chain. We sought a solution in the market to collect more information and gain more visibility, to be able to react to things more quickly in the future. That drove the whole redesign.

Mills: We had a program that was assessment-based –supplier questionnaires and on-site audits. But we didn't have a lot of visibility around our Tier 1s.

Q: What processes and technical capabilities did you bring to bear on the problem?

Ferretti: We looked at the supplier, the supplier's site, the hub, the commodity and the region of the country. Then we had additional questions and indices for each of those unique areas. We built a tool to examine and bring to bear information that would help us evaluate the risk. Supporting that, we developed an impact-likelihood algorithm to give us a response for each category. The emphasis was on real-time alerts. We set up a process to collect this information, with a market intelligence team around the world that pulls the data. They know where our suppliers are; they funnel this information to the risk team, and we make a decision on what to do or not to do.

Landberg: We started off without any separate systems. Fortunately, we had some internal software and other tools that we were able to leverage, which pulls data out of our ERP [enterprise resource planning] system.

Q: Did you engage in any kind of supplier mapping?

Landberg: Yes. We knew that a world-class system goes way beyond your Tier 1s and Tier 2s. At the end of the day, with the Japan tsunami, it wasn’t about the Tier 1s – it was the Tier 2s and 3s that we found along the way. We were able to pull financial data that we already had. Even more importantly, we did it on an impact-to-revenue model. We had the bills of material, revenue and parts. We just had to build it and put it together. Once we did, it gave us great direction on where to look for critical suppliers.

Wolfe: We had to go through the long process of an internal audit, combined with external auditors, to see where we were most at risk. The first layer was our Tier 1s – contract manufacturers or EMS [electronics manufacturing services] partners. Then we took the next layer down – the hard-drive manufacturers, chip vendors and such. After that, it was a matter of deciding what we wanted to invest in.

Mills: We wanted to be able to take our parts, map them to supplier sites and then, when an event happened, easily assess the impact. The tool we found was key to that. Events only happen once in a while, but the rest of the time we can be assessing risk profiles, understanding where the weaknesses are, driving corrective actions and capability building, training our suppliers and coaching them to be better risk managers themselves. Which helps the whole system to become more resilient.

Q: Sum up the benefits of your efforts, from the time you began to today.

Landberg: We can quickly figure out if we're impacted. We're still on our journey – we've got our arms around it, yet there’s more work to do. We’re on the right path toward getting a more mature risk program.

Lee Young, Director, Supplier Quality, ThermoFisher Scientific: We're starting to see more collaboration with suppliers. We're talking more about supply-chain risk management with data. We’re able to tie in systems and tools, and look the impact of SKU rationalization on revenue.

Mills: We have the ability to drive a lot of metrics around our supply chain, to target mitigation at our highest-risk areas. We don't use inventory all the time; it’s one of the tools in our toolset, and we apply it where we need it. We found a lot of benefits from having visibility, not only in the supply-chain risk area, but in addressing things like social and environmental responsibility and reputational risk.

Q: What are your goals now?

Ferretti: We want to simplify the process. We have a very good one in place, but it’s somewhat cumbersome. We want to be able to automate it, to use analytics and cognitive computing. We have some programs internally that will help to give us a better outlook, with greater ease and fewer resources.

Landberg: To sell the program, and be able to get secure resources, when you don’t have a burning platform. Which is a good thing and bad thing. If you have a supply-chain disruption, you get a lot of resources, but your program tends to be focused on that one issue. Whereas if you don’t have a disruption, you can step back and get a more global approach.

Young: It's just a matter of rolling it out. The cloud will have some impact. Going to a mobile application will help. But it will take three to five years to roll out. We’ll be on the leading edge, which always helps. We'll also have insight into what we want to change. We probably do better supplier management from a performance standpoint than most. We pride ourselves on a lot of involvement with suppliers.

Mills: Supplier engagement. Getting suppliers to provide accurate data in the way you want, working with people internally to help them understand the data and why it’s important. It's the classic program-management challenge: How do I convince people to do what I want them to do, in a way that's best for our enterprise?

Q: In addition to these individual efforts, do you see an opportunity for industries and companies to work together under the aegis of such an organization as the Supply Chain Resiliency Council?

Ferretti: I do. Before, I wouldn't have said that, because there was such a lack of maturity and interest. You almost had to go it alone before you could build a consensus. Five years later, I see a tremendous level of awareness at conferences and forums.

Young: The life sciences vertical is very incestuous. Amgen’s suppliers are also our suppliers, and we’re suppliers to all of theirs. Sigma-Aldrich, a very large customer, is also a supplier of ours. We're all speaking the same language.

Landberg: I see a huge value in collaboration with other industries. One advantage is to see what other people are doing in the form of best practices that I can take from them. Comparing notes is very valuable. Talking with friends inside and outside the industry about how people are measuring will continue to evolve our program.

Q: How would you assess the level of risk-management awareness among companies in general today?

Ferretti: I am pleased and amazed to see the level of interest in risk management in the last five years. In large and small corporations, it has really taken hold. The thing that helped us turn the corner, even though we had put this thing in place in 2010, was the tsunami of 2011. It made believers out of people who weren't believers. Because we had the risk tool and process in place, we were able to quickly identify the number of suppliers, the types of commodities they made, and areas where we were single-sourced.

Wolfe: I see the level of awareness as being a lot higher than in the past. I base that on the number of potential job openings – not just listings on job boards, but people pulling others from different areas with that expertise. The market now has a strong demand for supply-chain folks who have this understanding. You can speak the language with other groups, internally in our company or elsewhere, and people get it. It's not just looking at two elements. If the supplier goes down, what is the impact to the company? People have a lot more patience and appetite to talk about their risk exposure.

Mills: It's definitely growing. A lot of companies are on our level in the supply chain. A lot of our peers are seeing more value in it. Where I don't see a lot of adoption yet is among our suppliers, particularly some lower-level, Tier-2 types. It's just a matter of time before that filters down. Once you get a critical mass up the supply chain, it's going to happen. It's definitely coming, and has a lot of momentum right now.

To view the video in its entirety, click here

 

How Companies Are Tackling the Challenge of Risk Management