You wouldn't protect just one of your children, and you wouldn't buy insurance coverage for only one of them either, would you? So, in business, would you settle for risk protection in just one area or would you want security across the board?
That's very much the situation that IBM executives found themselves in when they wanted a mechanism to assess supplier/supply chain risks associated with procurement of hardware. They needed to scrutinize potential risk everywhere - at a component, commodity and sub-assembly level. And they wanted a way to analyze supplier sites and overall business; a provider's country, shipping and distribution hubs; and its contingency plans for pandemics and other disasters. Knowing about just one or two sources of risk wasn't enough.
IBM conducted an extensive search of supplier/supply chain risk tools on the market. They found many tools primarily focused on supplier financials or logistic considerations or single/sole sourcing. They also found a willingness on the part of service providers to work with others in order to provide IBM all of the information it wanted. What IBM didn't find was a "total" tool to discover and manage risk for supplier/supply chains.
So it made one.
Deployed to all of IBM's 19 Global Production Procurement councils, the tool is designed to address risks associated with the 300 top critical suppliers and 800 supplier sites - not to mention IBM's $12bn annual spend. Items procured are used in the company's server, storage and retail store solutions hardware offerings.
A basic formula for properly implementing a risk management program includes defining risk tolerance, reporting risk information, assessing risks and developing risk mitigation plans.
IBM's so-called Total Risk Tool provides a risk assessment for a wide range of categories using an impact likelihood model and a weighted algorithm. The tool receives real-time alerts from anywhere in the world on anything that can disrupt continuity of supply and/or a supplier's business.
Deploying the Total Risk Tool along with a set of supporting processes and management system has enabled IBM's Production Procurement Sourcing organization to uncover risks that may have not been known otherwise, according to Michael O'Leary, senior procurement manager, Integrated Supply Chain, at IBM. Armed with this information, the sourcing team can take preemptive action to mitigate the consequences of risk.
The value of that goes without saying: a company could maintain continuity of supply, identify needed additional supplier or supplier site qualifications, improve execution of buy-aheads, decide when to increase buffer stock (and by how much), determine if another supplier is needed instead, and avoid diverting procurement time and resources. Real-time alerts are critical to enabling such determinations.
The IBM Total Risk Tool, rolled out first to Production Procurement, can be extended to indirect (general) procurement with some modification to the question set and weighting algorithm.
Given the range, scope and propensity of risks, companies need to know what risks they face as a result of their global sourcing strategies. Beyond knowing that a risk exists, one needs to know the level of risk, e.g., high, medium, low; and then be able to understand the drivers of a given risk rating.
With that in mind, IBM sourcing teams set out to acquire the kind of analysis and reporting tool they felt would secure their operations. A cross-functional, cross-business unit team was formed to address the development of a risk assessment methodology. Representatives came from Production Procurement, Chief Information Officer and Global Business Services, says Lou Ferretti, project executive, Integrated Supply Chain, at IBM, who headed up the initiative. Later, representatives from other functions joined the team.
IBM already had a supplier financial risk assessment tool and process known as Supplier Financial Risk Assessment (SFRA). But it was limited in scope. And requests for information revealed that most commercially available tools also focused solely or mostly on the financial side.
That just wasn't good enough. "Anything tangible can be recovered," Ferretti says, "but that lost time can't be."
In setting out to design the tool itself, IBM realized that each of its procurement councils assessed risk differently. "We needed a more systematic and comprehensive approach," says O'Leary. "We looked to Lou's team for that." Moreover, it became clear that there was little expertise in analyzing the social, economic, financial, environmental, transportation, and energy factors that have an impact on a supplier's ability to procure raw materials, assemble and test products and ship to the final destination.
The process tool would have to have two sections of questions in relationship to risk, one to be filled out by the councils for specific supplier-related characteristics and the other section to be addressed by an external data source provider (EDSP). This EDSP would be able to provide information on a wide range of country level financials, economic indicators and so on. The team also wanted to use the data from SFRA. And it wanted a tool that ultimately could be offered for sale by the company's Global Business Services unit.
Since this was to be a permanent tool for use around the world, "how to use" education modules had to be developed and a formal help desk set up.
The tool and process was deployed to the Production Procurement Sourcing team whose councils loaded supplier names and locations and answered supplier- and commodity-related questions. The EDSP loaded the latest data collected worldwide. Once loaded, the tool yielded risk ratings of high, medium and low for each country, hub, commodity, supplier location, supplier (at a corporate level) and a supplier's pandemic readiness.
The management system calls for a risk mitigation plan for suppliers who are rated as high-risk. That plan could be as severe as the business has to be transferred to another supplier immediately, or that a supplier needs to increase buffer stock for either incoming materials or finished goods.
Real-time alerts are critical. An example of such an instantaneous alert would be breaking the news of the Russian government threatening to shut down the flow of gas through the Ukraine pipeline into Eastern Europe. Reduced gas supply or the total shutdown would have a far-reaching impact on suppliers in this region.
The recent Japanese earthquake-tsunami catastrophe is a real-life example. With the tool, IBM knew almost immediately which suppliers were likely affected, O'Leary says, so procurement councils worldwide could be alerted to make alternative plans, including building ahead.
Fine-tuning the alert process will come about through trial and error. It took almost two years from the time of the executive commission to the deployment of the tool and process. IBM has applied for a patent and Global Business Services is interested in piloting it with a client.
At IBM, risk assessment is no longer siloed nor piecemeal. Going forward, it's total and comprehensive in scope.
Timely, incisive articles delivered directly to your inbox.