The risk disconnect: Risk management in purchasing
Analyzing the supply base is a critical part of risk management. But purchasing can do much more--like serve as a bridge to connect departments and question basic assumptions about company operations.
By Paul E. Teague -- Purchasing, 3/12/2009 2:00:00 AM EDT
|
Risks that buyers think have high damage potential Loss of intellectual property 55% Outsourcing 53% Supply risks 52% Compliance 44% Supplier risks 41% Raw material prices 39% Availability of qualified procurement employees 39% Energy price risks 32% Source: BrainNet Procurement risks that management focuses on Supplier risks 86% Supply risks 61% Compliance 60% Raw material price risks 49% Market risks 47% Loss of intellectual property 45% Energy price risks 42% Outsourcing 41% Source: BrainNet |
You’ve heard the expression “Do as I say, not as I do.” It seems that it applies in business as well as personal affairs. A good example is in the sidebar on this page. One part of the sidebar shows what buyers told international supply chain consulting firm BrainNet were the risks that had the highest damage potential for their companies. The other shows what those same buyers focus their risk management efforts on. Notice the disconnects?
Okay, a slight disclaimer: BrainNet did the study in 2007. Presumably, the answers would be different today. Also, it’s certainly reasonable that some risks, like loss of intellectual property, may be long term and therefore not warrant immediate attention. Still, the disconnects point out the need for procurement professionals and other risk managers in corporations to think about how they set their priorities.
The top priority for action, at least according to that BrainNet study, is supplier risk. It’s practically a timeless concern: procurement professionals have worried about supplier performance and stability since the beginning of the industrial revolution. But with the flood of bankruptcies resulting from the credit crunch and general economic weakness, those worries have taken on ulcer-inducing proportions.
Understandably. Other studies have shown that almost 20 percent of procurement respondents had suppliers who had not been able to meet their supply levels or needs. The lesson is that purchasing professionals have to more closely monitor the financial stability of their suppliers, including supplier liquidity and changes to suppliers’ customer-priority rankings.
But there is much more that procurement professionals should be doing beyond monitoring suppliers, says Steven Minsky, CEO of software provider LogicManager, Inc., and author of a new report on enterprise risk management (ERM). “Because purchasing professionals interact with so many other people within their organizations, they should lead the effort to broaden the thinking about risk management,” he says. In fact, they could be a bridge that connects other departments that analyze risks.
Supplier risks
Efforts to manage supplier risk follow a similar pattern at most companies. There is the due diligence of verifying a supplier’s product quality, reliability in on-time delivery, financial stability, technology planning and development and the supplier’s own risk-management strategies. And, there is the cost analysis to ensure that the supplier isn’t charging more than an industry norm so buyers don’t risk paying too much for the materials they need.
 “It’s critical to understand risks in all parts of the supply chain.” —John Paterson, IBM  “Find another supply source or site.” —Craig Brown, Intel  “Think through the tradeoffs when reducing suppliers.” —Steve Minsky, LogicManager |
IBM Chief Procurement Officer John Paterson spends a lot of time with his staff on risk management. “It’s critical to understand risks in all parts of the supply chain so you can build mitigation strategies,” he says. The strategies can be as simple, he says, as setting up second sources of supply. Craig Brown, who leads purchasing at Intel, advises procurement staffs to “find another supply source or site even it’s owned by the same supplier.”
Brown and his team realized the benefits of second-source planning when a fire destroyed a factory of a primary source. “Within 24 hours, we had re-mapped the product line to a different set of suppliers,” he says.
Analyzing primary suppliers is only part of effective risk management, says Eric Johnson, of Dartmouth College’s Amos Tuck School of Business. It’s critical to extend that analysis to tier two and tier three suppliers too, he says. “You have to build that analysis into the second tier supply base,” Johnson says. That’s because slip ups at that level can make it more difficult if not impossible for primary suppliers to perform up to expectations.
Taking the time to understand how your suppliers’ businesses work also helps to mitigate risks, says Matt Enderwick, assistant dean for finance and administration at North Carolina State University in Raleigh, N.C. “Look at the decisions they’ve made and what they’re doing to turn a profit,” he says. “A lot of companies facing pressures to grow branch out to things they’re not good at, and that brings profits down.”
LogicManager’s Minsky says purchasing has to ratchet up its supplier-risk thinking to a higher level. For example, he says, while concern with having only a single source of supply is legitimate, the bigger issue may be over reliance on custom-designed parts. “Purchasing should be asking engineering, ‘why did we design the product this way?’ he says.”
Minsky offers this case in point: “Apple once designed its own hard-drive bracket. There was no added value from the bracket. A standard off-the-shelf bracket would have done fine. The custom design caused a bottleneck in the supply chain.”
That kind of custom design in lieu of standard parts is common throughout many industries and has driven purchasing managers as well as manufacturing managers to distraction. There may be legitimate reasons for specifying special versus standard parts. But purchasing, Minsky says, is in the best position to question engineering on why they are boxing the company into custom designs, and by extension, potentially a single custom supplier.
 Competency drivers where companies have made the most progress in enterprise risk management. |
|
ERM: The next step
Asking questions like that elevates purchasing’s role and expands it into the realm of enterprise risk management. “Solving a risk problem in just one silo only sends the problem to another silo,” says Minsky. “Purchasing can help identify who in the corporation needs to be involved in the solution to truly lessen a risk.”
His study, for the Risk and Insurance Management Society, Inc. (RIMS), surveyed 564 corporate risk practitioners, many with purchasing titles. Respondents assessed their own risk-management strategies against 68 guidelines that are part of RIMS’ Risk Maturity Model for ERM. Among those guidelines: executive support for ERM, inclusion of risk-management competence as part of managers’ performance reviews, whether risk assessments are conducted in all business groups and whether front line managers identify risks for their business areas and develop risk-mitigation activities.
The study revealed that 93 percent of organizations with formalized ERM programs make better risk-informed decisions. But it also showed that only 4 percent of companies with an ERM program have achieved a better level of risk-management competency in all risk areas. “This shows that organizations may have a false sense about all that is required for an effective risk-management program,” Minsky says.
While the study shows a correlation between companies that score high on risk maturity and companies that have high credit ratings, it also validates many of the supply-chain risk-management strategies purchasing follows, such as aggregating all supplier information in one place. But it also shows that purchasing may have to give a higher priority to risk when it adopts a strategy of reducing its supply base. “Purchasing has to think through tradeoffs in reducing the quantity of suppliers to gain purchasing power vs the hidden increased risk in reduced quality, stability, flexibility and innovation,” Minsky says.
The study also shows that purchasing has an opportunity to broaden its influence in companies by using its interaction with engineering and manufacturing to heighten awareness of risk and bring those and other departments together to solve critical operational business problems with a risk-based approach.
The RIMS ERM study shows that mathematically companies are eventually going to get nailed by some of the risks they face. Purchasing can help lower the risk by bringing different functions within their companies together to discuss the risks.
|
How to monitor suppliers for risk The Procurement Strategy Council recently issued a white paper on what buyers should look for when assessing the risk potential of suppliers. Here are some of the factors:
|
Where companies fall short in risk management The Risk and Insurance Management Society’s ERM study showed that companies with formal ERM programs make better risk-informed decisions. But it also showed that even with ERM in place, companies can fall short of their risk-mitigation potential. Here are some of the initiatives that many companies practicing ERM still have not implemented:
|
What it means to the buyer
|
Now Playing:
Risk Management
02/24/2009Supplier risk management in three steps
03/25/2009Poor risk management threatens supply chain
06/03/2004Your growing role in risk management
03/11/2009
