Re-thinking supply chain risk: Protection at any cost?
I have been having a number of fascinating interviews with Chief Procurement Officers this past week on the subject of procurement analytics and supply management risk. This is part of a study I am doing that will result in a white paper later this fall, and will likely be one of our key themes for the upcoming SCRC meeting this December.
Supply chain risk management brings up a whole host of issues – and as one executive pointed out, is rather a sophisticated concept. Many companies have Enterprise Risk models that they use in their organization that is typically a common format that can be used across different functions to refer to risk. But when such frameworks are translated into supply chain terms, several problems arise, as the typical concepts of risk probability versus impact are not always easily transferrable.
One of those risks involves “protecting production at any cost”. This is often stated in the context of manufacturing, large chemical or oil production facilities, or any major turnaround project. The problem with this concept is that operations people are often willing to go to ridiculous measures to protect production, conjuring up scenarios that are just plain silly! They range from over-engineering unique (vs. commercially standard) parts that create excessive quality and procurement costs, to squirreling away MRO parts and inventory in places that no one will ever find them, including the operators, all in the name of risk! But when companies do further analytics on excessive inventory, they eventually realize that about 80% of it is non-critical. In addition, most of that is readily available off the shelf from suppiers that are within 12 hour distance!
A really interesting supply chain scenario at a large oil and gas company involved the procurement of large haul trucks. This company has over a billion dollars of capital invested in these trucks, not to mention the maintenance contracts which are a lot more. The procurement group had convinced themselves that to manage risk we had to have two suppliers – Komatsu and Caterpillar. But leaders at the company began looking at what airlines such as Southwest Airlines were doing. Southwest uses a single model airplane, the reliable 737- with massive efficiencies that follow in terms of interchangeability and availability of parts, maintenance, etc. The argument was always that yes, there were opportunities, but wasn’t there a massive risk associated with using a single supplier?
The team then set about seeking to describe what the risk entailed in more detail. The outcome was that they discovered that there really existed a false sense of security, and that by having two suppliers in that case, any existing risk could be mitigated in a number of different ways. To begin with, neither Komatsu nor Caterpillar were likely to go bankrupt if the buyer stopped buying their product! Second, the ability of the supplier to raise prices was limited and in fact likely to decrease when a single source contract was established. Ergo – the perception of risk disappeared, and the strategy changed, and significant efficiencies and cost savings emerged as well!
One of the most overstated elements of risk is credit risk, or the probability that a supplier will default, go bankrupt, and shut down production. This is certainly the case in very specific industries governed by FDA or FAA where parts must go through an approval process and when there is only a single supplier available. However for the majority of spend in areas like indirect, the probability of default is not only low, but the real risks are completely different.
A lot of companies tell you that you need to be alerted to credit ratings of suppliers whenever they go south, or other issues regarding cash flow that might be coming up. However, many executives I spoke with made decisions NOT to purchase these systems – as the cost compared to the eventual benefit might only arise in isolated cases, often associated with direct manufacturing sources. For indirect spending areas, such systems are effectively useless. Risk management in services often simply involves making sure the buyer has certificates of insurance of when they do work on site, and making sure there are disclosure agreements when they transfer sensitive information. A simple set of actions, for the key strategic suppliers (often 40 or less) mitigates almost all of the real sources of risk.
At a recent IACCM conference, one of the speakers was the state attorney general for New York who was the head of auditing. She quoted an interesting statistic. New York was dealing with over 700 companies that had declared bankruptcy that they had commercial contracts with – in 54% of cases the auditing firms did not reveal a potential issue in their audit reports. Think about this astounding fact: you have outside independent auditors crunching the numbers on suppliers deemed to have a high credit risk and who have ALREADY declared bankruptcy – and in over half the cases didn’t identify a potential problem! If that is the case – then why invest in companies to even monitor credit risk? This corroborates some of the student research we did in a study of supply disruptions on major projects. The correlation between credit risk and the incidence of supplier disruptions was – you guessed it – a big goose egg.
Those type of examples come up often. And people are prone to want to always default to the lower risk option, whether it involves extra inventory, using a supplier you don’t need, or buying risk software that alerts you to risks that will likely never happen. Sometimes, people just need to use common sense and logic, and think about the return on such investments.