What Every Procurement Professional Should Know About Supplier Risk Management: The IBM Story
-
Upload
smarter-commerce -
Category
Business
-
view
449 -
download
0
description
Transcript of What Every Procurement Professional Should Know About Supplier Risk Management: The IBM Story
© 2014 IBM Corporation
What Every Procurement Professional Should Know About Supplier Risk Management: The IBM Story
Presented by : Lou Ferretti, Project Executive, Product Environmental Compliance & Supply Chain Social Responsibility Bill DeMartino, Practice Executive, Supplier Management
© 2014 IBM Corporation © 2014 IBM Corporation
Meet our speakers for today
2
Lou Ferretti is the project executive for developing and leading these global and strategic programs within IBM’s Integrated Supply Chain and across IBM’s global supplier network. He is also ISC’s representative to IBM’s Corporate Crisis Management Team. His work has received numerous external and internal awards. Prior to Lou’s current work, he was on assignment in Singapore as director of Production Procurement’s Outsourced Supply Chain Operations, overseeing IBM’s $6 bn “buy/sell” procurement spend. Before this Lou was named to IBM’s Executive Pandemic Steering Committee – developing policies and implementation plans. And just prior to that, Lou headed up Procurement’s end to end Y2K supplier global readiness program. Lou has held senior management/executive positions in Engineering, Procurement, Materials Management, Supply Demand and Operations.
Bill DeMartino, as a Practice Executive for IBM Emptoris, Bill leads the company's efforts to bring world-class Strategic Supply Management solutions including Supplier Lifecycle Management and Spend Analysis to the marketplace as well as working with its clients to ensure the success of their initiatives. While with IBM, Bill has been in charge of the delivery organization for the Spend Analysis solution, held a leadership role in Product Management as well as heading the efforts to bring Supplier Management solutions to market, giving him a unique insight to the solution space. Prior to Emptoris, Bill held leadership positions in Product Management and as a Technical architect for leading Product and Services organizations.
© 2014 IBM Corporation © 2014 IBM Corporation
Agenda
Introduction of supply risk management framework – Challenges – Solution
IBM Best Practices of Supplier Risk Management
Q&A
3
© 2014 IBM Corporation
Risk Management is an Imperative
4
• Global Sourcing • Deeper Outsourcing • Lean Operations • Emerging Markets • More Volatile World • Increasing Regulatory
Requirement • Surging Social Media
Business Environment
• Supplier Compliance • Supplier Financial • Contract/Legal Risk • Supply Chain Risk • Social Stability • Natural Disaster • Sub-tier Supplier Risk
Increased Risks
Weak Programs
Procurement failed as Gatekeeper
World Class Programs
Procurement protects shareholder value
Poor performing risk management programs can impact share value as
much as 8%
© 2014 IBM Corporation
Supplier Failure
Currency
Political
Fuel Costs Social Responsibility Intellectual Property
Attrition Rates
Labor Disputes
Environmental Regulatory Compliance
Product Safety
Taxes Responsiveness
Brand Impact
Labor Costs Geophysical
Varied & Growing Risk Exposure
5
© 2014 IBM Corporation
RISK MANAGEMENT
GLOBALIZATION INCREASING CUSTOMER DEMANDS
60% 56%
43%
Customers have increased demand
for more: right product, right
place, right time, right price, sooner.
Process, data, and technology are identified as the
roadblocks to good risk management, yet they are the key enablers.
Lead times, delivery, and quality are top challenges,
but overall globalization has been a positive
boon for the leaders.
SUPPLY CHAIN
VISIBILITY
70%
Supply chain visibility is inhibited by a lack of timely data and too much
data to digest.
COST CONTAINMENT
55%
Fighting integral costs might be futile, but being
flexible can identify cost
savings elsewhere.
Source: IBM Institute for Business Value
IBM Chief Supply Chain Officer Study: Identified Five Top Challenges
6
© 2014 IBM Corporation
Risk Management Paralysis
7
© 2014 IBM Corporation
Risk Management Approach
8
#1 Supplier Compliance Focused on the first tier supplier Ethics Sustainability
#2 Supply Risk Measurement Score suppliers, category and regions
#3 Supply Chain Risk Focused on parts, logistics, n-tier
Comprehensive Risk Indexing Risk Measurement
Contingency Quality Finance Regulatory
Sub-tier Critical parts Logistic hubs
© 2014 IBM Corporation
Supplier Compliance
9
Policy & Regulations
BU/Category specific assessments
Approval based on business requriements
Performance Management
Cross-functional evaluation
Determines strength and weaknesses for comparison
Supplier assessed on: Supplier evaluated on: CSR & Code of Conduct Environmental & Conflict
Minerals Financial Contingency
Quality Logistics Technology Ability to Ramp Output
© 2014 IBM Corporation
Control: Ensure only approved suppliers are utilized
Supplier on-boarding and SIM
Registrations and assessments
Supplier master and control center
3rd party data provider
Master
Registered Suppliers
Contracted suppliers
Approved suppliers
Supplier Compliance
10
Sourcing
Execution systems
Contracts
© 2014 IBM Corporation
Supply Risk Measurement
11
Supplier Risk
Real-time flexible risk models
Internal specialists or 3rd party feeds
Monitoring & alerting
Supplier assessed on: Labor & Health Physical Security Ethics Strategic Importance
Compliance
© 2014 IBM Corporation
Supply Risk Measurement
12
Category assessed on: Special handling /
packaging / dangerous goods
Pricing escalation, volatility Upstream / raw material availability Legal regulations (conflict minerals)
Category Risk
Region assessed on: Corruption perception
index ranking Social, civil, political unrest Currency Stability Country economic trends Country infrastructure
Region Risk
© 2014 IBM Corporation
Supply Risk Measurement
13
Compliance
Supplier Risk
Category Risk
Region Risk
Total Supplier Risk
Overall risk score for a supplier
© 2014 IBM Corporation
Supply Chain Risk
14
Multi-tier
Incident management
Logistics
Part / Ingredient
Tracking of risk on transportation hubs
Track disasters and risk events Manage scope and mitigation
Assessment & monitoring of sub-tier suppliers
Critical part management Part impact analysis
photo of the "Ital Florid by NASIM4248
© 2014 IBM Corporation 15
What Every Procurement Professional Should Know About Supplier Risk Management
Louis Ferretti IBM Iintegrated Supply Chain, Project Executive Product Environment Compliance & Supply Chain Social Responsibility July 24, 2014
• Business processes in the Cloud • Mobile/ubiquitous computing decreases
reliance on people creating information • Analytics gives rise to intelligent systems
that make decisions automatically • Unprecedented interaction/collaboration
• Mega cities, mega regions and mega corridors; where most business will occur
• Globalist employees replace less effective approaches
• Technology rules and understanding of intersection between physical and virtual worlds increases
• Managing market and political uncertainty is more complex than ever
• Accelerating global shifts pose new risks; resiliency/responsiveness differentiate
• Evolution to a holistic view of risk management
• Risks can be hedged through intelligence
Tech
nolo
gica
l Pr
ogre
ss
Ris
k C
ompl
exity
• Sustainability is an imperative • The future sustainable enterprise provides
significant and measurable benefits to operational efficiency, growth & the brand.
• Consumer demand & government regulations mandate product lifecycle GHG, energy, water, waste mngt Su
stai
nabi
lity
Impe
rativ
e
• Economic power shifts to Asia • The development of Growth Markets
lead the world’s growth • Real time business to business decisions
and collaboration in an open environment • Outsourcing will continue to accelerate as
businesses seek to optimize operations Glo
baliz
atio
n R
edef
ined
• Customers thrive on knowledge and wield unprecedented power
• Consumers are busier and are demanding – and receiving – more information before making their decisions
• Consumers have more power to reward or punish and want their consumption to match their values
Info
rmed
C
usto
mer
Informed Customer
Popu
latio
n M
igra
tion
Source: IBM Institute for Business Value
16
Major factors affecting the enterprise today Six mega-trends impacting enterprises around the world
External Environment
Senior Leadership
Approval and Ownership
Business Strategy
Operational Model
Financial Model
Emerging Risks
LowMedium
-LowMedium
- HighHigh
HighMedium-HighMedium-LowLow
Sample Sample
Sample Sample Sample Sample
Sample Sample
Sample Sample Sample Sample
Sample Sample
Sample Sample
Sample Sample
Sample
LowMedium
-LowMedium
-HighHigh
HighMedium-HighMedium-LowLow
Sample Sample
Sample Sample Sample Sample
Sample Sample
Sample Sample Sample Sample
Sample Sample
Sample Sample
Sample Sample
Sample
Impa
ct
Likelihood
Reputation
Board / Audit Committee
Review
Relationship with critical suppliers: Ability to manage the end-to-end supply chain, including the dependency on critical suppliers
Risk Management Competitive Advantage
Enablement
EffectivenessProgram
and Practices
LeadershipReport Communicate
Monitor Implement
External Research
Executive Interviews
A systematic approach to Identify, Assess and Address risk Enterprise-wide view Focus on both hazards and missed opportunities Improve business results and drive competitive advantage
17
IBM has developed a robust Risk Management program – and Supply Chain risk management is an important focus area
18
How “Risky” is the Supply Chain ?
Supply chain failures continue to be the top concern for US and Canadian business leaders. … The CHUBB Multinational Risk Survey finds that
….. Businesses cite supply chain failure as the top concern. …
……[only] 56% of the companies report having a business continuity plan.. … The lack of continuity plans … is disturbing From Inside Supply Management – June/July 2014 Global Trends – news in a changing world
Risk Management Model - Optimize risk management with lowest TCO
19
Prevent Mitigate Plan
Understand Analyze Evaluate
Communicate
• Supplier Selection
• Supplier Evaluation
• Supplier Monitoring
Risk Possibility Risk Impact
• Supply Chain
Remediation Actions
Supplier Compliance Supplier Financial Risk Contract / Legal Risk Logistics Risk Commodity Risk Foreign Trade Risk Country Corruption Social Stability Labor Market Risk Natural Disaster Sub-tier Supplier Risk
Supplier Risk Common Supply Risk Supply Chain Risk
Risk Landscape Procurement Managed Risks
Unpreventable Risks
Total Cost of Ownership
Supply Chain Vulnerability
System Maturity
Supply Chain Resiliency
Desirable Risks
Continuously Manage and Monitor
20
Initial and On Going Risk Compliance – to legal and internal policies.
• Ethics, Bribery and Corruption • Import / Export & Embargoed Country Restrictions • Environmental, Product Safety, Electromagnetic Compatibility (EMC) • Chemical Management and clean up • Quality and defective products reporting, corrective action and recalls • Diverse business relationships • Data security • Sustainability and code of conduct • Financials • Supply chain risk / business continuity planning
21
- successfully uncover and manage supplier and supply chain risk • Well defined “on boarding” check list and tool • Risk profile assessment • Documented process, line ownership and management system • Data base / tool to house data and perform computations • Impact / likelihood weighing algorithm • Risk ranking methodology • Mitigation and business continuity plans • Real time alerts • Experienced cross functional, multi cultural core team
Key ingredients necessary to
IBM Procurement has always conducted some level of supplier risk assessment Financial, single source, logistics – no consistency of assessment one category to another Increased global sourcing drove need for a more comprehensive means of assessing risk especially in view of increased complexity of supply chain and cumulative nature of risk
Set off to buy tool and service RFIs to leaders in supplier risk management – primarily financial, logistics, single sourced No one else in industry, asking for a view of total risk (2009)
Engaged procurement council and several commodities Ran pilot with prototyped tool – lessons learned from user team incorporated in final design
5 Elements: Country, Hub, Supplier, Supplier Site, Commodity Use of External Data Source Provider as trusted data source for country, region, hub Sourcing provide input on suppliers, supplier site and commodities Incorporated iLog Alert feature and Lotus Notes data base for Mitigation Plans
Deployed to Production Procurement Dec 2010 Integral part of management system and executive reviews with associated metrics Runs 2x/year for existing suppliers All new suppliers evaluated at time of on boarding All high risk suppliers to have mitigation plans in place
22
Setting the Context – Getting Started and Beyond
Our objective is not to eliminate risk, because without risk there is no progress. Instead it is to ensure we can manage and mitigate risks.
Social Listenin
g
Market Intelligence
Social and
Environmental Leadership
Business Analytics
Supplier Total Risk Tool & Process
Risk Assessme
nt
Risk Mitigation Planning
On-going Risk
Monitoring and
Control • Comprehensive risk assessment • Ongoing mitigation
Protections against loss of revenue and profits by minimizing likelihood and severity of supply chain disruption
Solution
ISC Risk Management Tools
Managing market and political uncertainty is more complex than ever
Risks can be hedged through intelligence and holistic view of risk management
1. Incorporating key information about global supply chain from market intelligence communications
2. Augmenting existing information not available via current market intelligence processes
3. Listening for sentiment and trends for critical items and events
Recognition
•IBM Outstanding Innovation Award
•Patent for impact likelihood algorithm
•CSCMP finalist for Supply Chain Innovation Award 23
Uncovering and Managing Supplier / Supply Chain Risk
2 x year complete Supply Base Assessment Country / Hub / Supplier / Supplier Site / Commodity
External and Internal Market Intelligence
4 x year Supplier Cluster Assessment Political, Environmental, Terrorism, Labor Risk
External Market Intelligence
Real Time Alerts Critical elements of the Supply Chain fot Countries,
Hubs, Supplier, Commodities External and Internal Market Intelligence
Additional Market Intelligence Feeds and Actions
White Paper, Advisories, Weekly Reports Bi-Weekly Updates to the Management Team Quarterly Briefing to IBM‘s Chief Risk Officer Central Repository (aka community) for all Risk Related Topics
External Data Source focusing on selected growth market countries and hubs
Providing specialized alerts
External Data Source Provider searching upstream supply chain re. Conflict minerals and rare earth metals
24
Highlights - Risk Process and Management System
Risk Mitigation Plans (via Lotus Notes database)
Plans formulated to address identified risk Plans reviewed and approved by management
Total Risk Assessment Tool
Supplier Financial Risk Assessment (SFRA) Tool
Supply Chain Risk Entities: • Commodity • Supplier • Supplier Site • Country • Hub
Risk Categories: • Disaster • Political, Legal & Social • Supplier Financial Stability • Security • Country Economic & Financial Stability • Infrastructure, Logistics & Energy • Environment & Natural Hazards • Labor & Health
Supplier-Site & Pandemic Questionnaires
Commodity Lead
Council Lead
Supplier & Commodity Questionnaires
Country & Hub Questionnaires
Market Intelligence
External Data Source Provider
Country & Hub Questionnaires
Cognos BI Reporting • Risk ratings by … Country Hub Supplier Supplier Site Commodity • Reports Generated … Global View Supply Chain Report Questionnaire Report Pandemic Questionnaire Report
Risk Identified
SFRA
Total Risk Assessment Tool (Determines Risk Rating for
combination of all entities and risks)
Automated email alerts via ILOG Business Rules Business Continuity
Planning Supplier Assessment Ratings
Real Time Alerts from External Data Source Provider – anytime, re. potential disruption threat
Supply Chain Social Responsibility Audit Compliance Reference
25
Total Risk Tool and Process Landscape
Categories Supplier Site Supplier Commodity Country Hub Pandemic
Disaster Production Stoppage, Pandemic related
Raw Material related
War and Civil Unrest related
Shut Down related
Communication & Cooperation
Environment & Natural Hazards
Economic / Financial
HR Infrastructure, Logistics & Energy
Labor & Health Includes Pandemic
Political, Legal & Social
Product & Market Requirements
Quality Security Strategic Importance
26
Categories and Types of Risk Evaluated
Supplier Risk Assessment
0.000%
10.000%
20.000%
30.000%
40.000%
50.000%
60.000%
70.000%
80.000%
90.000%
100.000%
0.00% 20.00% 40.00% 60.00% 80.00% 100.00%
L
I
y = 1 / (10 * (x + 0,05)) + 0,1 y = 1 / (10 * (x + 0,20)) - 0,1 Supplier
High Risk
Medium Risk
Low Risk
Impa
ct
Likelihood 27
Look into Risk - Impact & Likelihood
Real time alerts from External Data Source Provider of specific aspects as events unfolded provided an assessment damage and how quickly supply could be restored
Based on tool out put, immediately knew number of suppliers in Japan, which categories affected (e.g. commodities, logic, memory) and what tier supplier impacted
Able to immediately contact suppliers and understand - Extent of damage - Whether in exclusion zone or not - Ability to produce / maintain measure of supply continuity - Supplier contingency plans - Mitigation Actions (e.g. moving manufacturing to alternative locations)
Can look for supply continuity down through multiple levels of supply chain where IBM
has qualification / sourcing relationships with sub tier suppliers - Through use of related tool and process
12-24 hour head start in securing supply and implementation of mitigation actions
28
2011 Japan Earthquake / Tsunami and Thailand Flooding - Demonstrated value of tool and process
Likelihood Impact Model
Risk = Probability of Risk Event x Impact to Business Heat Map with modified Thresholds Thresholds set to capture 10 – 15% High Risk Supplier
~95%+ Spend Coverage ($12bn)
~650 High to Low Impact Suppliers
~2400 Supplier Site-Commodity Combinations Main driver Component and Memory
Subtier Supplier include certified FAB locations Differentiation between Fab, Assembly and Test
Components, Logic, Microcomponents, test
~ 60 Commodities Tracked From finished Boxes to Assemblies to Chip Families
~50 Country and Regions Tracked
All Growth Markets covered
~50 Key Transportation Hubs Tracked ~ Main Country Entry and Exit Transportation Points
~3000 Supply Chains captured
29
Factoids
Past & Current (examples) Bangkok Political Unrest 2009 / 2010 Russia – Ukraine Gas Dispute 2009 / 2010 Japan Tsunami and Reactor Melt Down 2011 Thailand Flooding 2011 / 2014 Super Typhoon Haiyan – Philippines 2013 Hynix Wuxi, China DRAM plant fire 2013 Thailand State of Emergency 2014 Ukraine political unrest 2014 Madagascar hurricane 2014 Chilean earth quake and tsunami 2014 Mexico City earth quake 2014
Current and Following
WTO ruling and China Appeal re. Rare Earth Metal ruling Export of ore restrictions
Continued Focus on Youth Unemployment in Europe Youth Unemployment trigger to Social Unrest
Sanctions on Russia Vietnam roits against Chinese businesses Thailand Martial Law
Source http://www.abc.net.au/news/2014-01-10/fresh-protests-at-rio-expulsions2c-demolitions/5193272
Source http://en.wikipedia.org/wiki/Typhoon_Haiyan
30
Assessment of Major Risk Events
Supplier Sourcing Consider Supplier Risk in Sourcing Process Use as decision support tool to award
business
Business Continuity Planning Consider BCP Readiness into Supplier Risk Inadequate BCP Readiness require Mitigation
Action to Improve Risk Score
Risk of Flooding (under development) Multiple input parameters like topography,
historical weather pattern, soil type, ... Selected Countries GPS tagging of Supplier Location Publicly Available Data Maps Views provided to Sourcing teams
Use of Mobile Communication
(under development) Bi-directional Communication with Suppliers Share Risk Events
31
Pro-Active Elements of Risk Management
Executive Interest and Support
Vice President and Controller –
In response to the IBM Board of Directors Audit Committee Meeting, acknowledged our current work is the right strategy and vision. “The Data Analytics presentation was very well received by the Audit Committee. I walked them through our strategy, … and wrapped up by outlining the impact of Analytics on the Enterprise Risk Map. The Audit Committee was very engaged throughout the presentation and acknowledged that this was the right strategy and vision”
IBM Chief Risk Officer and Vice President Pensions Management –
“I personally reference the tool internally and externally as a prime example of IBM's use of Analytics to support risk management initiatives which clearly underscores our thought leadership in this area. ”
IBM Corporate Office, Director, Global Risk and Insurance Management –
“This tool has been a huge differentiator for IBM when we present our risk profile to the property insurance underwriting community. Business Interruption and Contingent Business Interruption are ever expanding exposures to an organization and not only can impact income to the organization but also our ability to meet our commitments to our customers.”
IBM VP & Chief Procurement Officer –
“Managing and reducing risk in the supply chain … will be key to IBM’s global growth in the future”
32
Corporate-wide Supply Chain Risk Assessment - viewed as the right strategy and vision, key to global growth and a differentiator
Risk management is a fundamental building block to a supply chain strategy
Supply Chain Leaders are integrating process controls in their logistics and operations, supplier compliance programs and planning process
Procurement can deliver true value using an intelligent and comprehensive risk assessment program with suppliers
A strong supplier / supply chain risk management program, can - demonstrate to clients that IBM can be a reliable supplier, and - be a key factor in preserving and growing revenue - be featured to insurance underwriters as rationale for reduced premiums
Objective of these processes is not to eliminate risk - without risk there is no progress - instead it is to ensure we can manage and mitigate risks
“Managing and reducing risk in the supply chain … will be key to IBM’s global growth in the future” - John Paterson, IBM VP & CPO
33
Supply Chain Risk Management – Key Takeaways
Q &
A Lou Ferretti Project Executive, Product Environmental Compliance & Supply Chain Social Responsibility
Bill DeMartino Practice Executive, Spend Analysis & Supplier Management
Thank You!
For more information, please visit: www.ibm.com/procurement-solutions