Executive Briefings

The Maturing of Risk Management at IBM

Louis Ferretti, project executive for global procurement with IBM, traces the history of the company's risk-management initiative, to its current use of sophisticated technology and business processes.

The Maturing of Risk Management at IBM

Back in 2009, IBM was managing supply-chain risk "to a very minimal degree," says Ferretti. It would focus mostly on financial risk and products that were single-sourced. That was sufficient at the time, but subsequent events, including Russian President Vladimir Putin’s cutting off gas supplies from Ukraine and bombings in the Middle East, raised the risk-management bar. IBM’s chief procurement officer called for a comprehensive program, listing approximately 20 areas to be scrutinized. In the process, the company embraced what it came to call a total risk assessment (TRA), incorporating multiple factors.

IBM didn’t realize that its efforts had put it ahead of most companies at the time, says Ferretti. There was no off-the-shelf tool for examining political, economic and labor risks, to name but a few major concerns.

The TRA looked at five major areas: product supply, suppliers’ sites, hubs, commodities and regions. The tool also included relevant questions for individual suppliers. The exercise gave the company valuable data that could be applied to a sophisticated algorithm, resulting in a risk profile for each category.

Initially, IBM focused on Tier 1 suppliers, taking a full year to develop the tool, create a prototype and ensure user acceptance. The tool was put into place in 2010.

More recently, the company has added a number of modules and twice-yearly supplier reviews, with real-time alerts. The largest threat to IBM’s global supply chain today, says Ferretti, is climatic events, primarily hurricanes and typhoons, which can have a severe impact on the company’s supplier base in Southeast Asia and Japan.

Ferretti describes a general increase in awareness of the need for good risk management. “I’m pleased and amazed to see the level of interest in large and small corporations that has taken hold,” he says.

To view the video in its entirety, click here

Back in 2009, IBM was managing supply-chain risk "to a very minimal degree," says Ferretti. It would focus mostly on financial risk and products that were single-sourced. That was sufficient at the time, but subsequent events, including Russian President Vladimir Putin’s cutting off gas supplies from Ukraine and bombings in the Middle East, raised the risk-management bar. IBM’s chief procurement officer called for a comprehensive program, listing approximately 20 areas to be scrutinized. In the process, the company embraced what it came to call a total risk assessment (TRA), incorporating multiple factors.

IBM didn’t realize that its efforts had put it ahead of most companies at the time, says Ferretti. There was no off-the-shelf tool for examining political, economic and labor risks, to name but a few major concerns.

The TRA looked at five major areas: product supply, suppliers’ sites, hubs, commodities and regions. The tool also included relevant questions for individual suppliers. The exercise gave the company valuable data that could be applied to a sophisticated algorithm, resulting in a risk profile for each category.

Initially, IBM focused on Tier 1 suppliers, taking a full year to develop the tool, create a prototype and ensure user acceptance. The tool was put into place in 2010.

More recently, the company has added a number of modules and twice-yearly supplier reviews, with real-time alerts. The largest threat to IBM’s global supply chain today, says Ferretti, is climatic events, primarily hurricanes and typhoons, which can have a severe impact on the company’s supplier base in Southeast Asia and Japan.

Ferretti describes a general increase in awareness of the need for good risk management. “I’m pleased and amazed to see the level of interest in large and small corporations that has taken hold,” he says.

To view the video in its entirety, click here

The Maturing of Risk Management at IBM