Post on 21-Jan-2018
Louis R. Ferretti
Project Executive, Product Environmental Compliance& Supply Chain Social Responsibility
Sept 28 – Oct 1
photo of the "Ital Florid by NASIM4248
What Every Procurement Professional Should
Know About Supplier & Supply Chain Risk
… and How to
Uncover, Manage
and Mitigate
Supplier and Supply
Chain Risk
photo of the "Ital Florid by NASIM4248
Abstract
Businesses today are ever more depend on their supply chain partners for goods and services which make up a
significant portion of the solutions they provide to their clients. Correspondingly globalization has introduced the
opportunity to do business with suppliers the world over, allowing greater access to a host of untold products and
services - that can provide a competitive advantage to the OEM, which enables them delivering increased value to
their clients. Nevertheless, a global sourcing strategy has introduced a set of risks well beyond what was typical in
the traditional suppler chain. The question is how does a company engage in global sourcing and yet gain the
benefits while weighing and managing risks. Beyond assessing the risk of a supplier and their supply, there are
opportunities to collaborate and assess a supplier's level of resiliency, and where appropriate engage in actions of
remediation.
RISK is one of the SIX mega-trends impacting enterprises around the world
• Managing market and political uncertainty is more complex than ever
• Accelerating global shifts pose new risks; resiliency/responsiveness differentiate
• Evolution to a holistic view of risk management
• Risks can be hedged through intelligenceRis
k
Com
ple
xity
IBM Chief Supply Chain Officer Study Identified The Top Five Challenges
Risks, both operational and financial, is the #2 concern of supply chain executives worldwide
Supply chains have become increasingly more global and complex, bringing with them greater challenges and risks
• Japan earthquake / tsunami
• Thailand Flooding
• Hynix China Fire
• Philippines Typhoon
• Thailand State of Emergency/Martial Law
• Ukraine Political Unrest
• Russian Sanctions
• Gaza Bombings
• Manage risks within the extended supply chain based on continuous risk assessment
• Utilize a collaborative and structured approach • Reduce vulnerability, increase resiliency and ensure supply
continuity via mitigation planning
Risk Management System
Risk
Assessment
Risk
Mitigation
Planning
On-going
Risk
Monitoring
and Control
1. Globalization Redefined2. Technological Progress3. Population Migration
4. Risk Complexity5. Sustainability Imperative6. Informed Customer
Major factors affecting the enterprise today
Managing Risk is an imperative for Business Continuity Planning
3
Business Continuity Planning & Supply Chain Risk – An Overview
Supplier Failure
Currency
Political
Fuel Costs Social Responsibility
Intellectual Property
Attrition Rates
Labor Disputes
Labor Costs
EnvironmentalRegulatory Compliance
Product Safety
Taxes
ResponsivenessBrand Impact
Geophysical 4
Supply Chain Risks
Cyber Security
5
How “Risky” is the Supply Chain ?
Supply chain failures continue to be the top concern for US and Canadian business leaders. …
The CHUBB Multinational Risk Survey finds that
….. Businesses cite supply chain failure as the topconcern. …
……[only] 56% of the companies report having abusiness continuity plan..… The lack of continuity plans … is disturbing
From Inside Supply Management – June/July 2014 Global Trends – news in a changing world
External Environment
Business Strategy
Operational Model
Reputation
Financial Model
Senior
Leadership
Approval and
Ownership
Emerging
Risks
LowM
edium-Low
Medium
-High
High
HighMedium-HighMedium-LowLow
Sample
Sample
Sample
Sample
Sample
Sample
Sample Sample
Sample Sample Sample
Sample
Sample
Sample
Sample Sample
Sample
Sample
Sample
LowM
edium-Low
Medium
-High
High
HighMedium-HighMedium-LowLow
Sample
Sample
Sample
Sample
Sample
Sample
Sample Sample
Sample Sample Sample
Sample
Sample
Sample
Sample Sample
Sample
Sample
Sample
Impa
ct
Likelihood
Board / Audit
Committee
Review
Relationship with critical suppliers:
Ability to manage the end-to-end supply chain, including
the dependency on critical suppliers
Risk
Management
Competitive
Advantage
Enablement
EffectivenessProgram
and Practices
LeadershipReport Communicate
Monitor Implement
External
Research
Executive
Interviews
A systematic approach to Identify, Assess and Address risk
Enterprise-wide view
Focus on both hazards and missed opportunities
Improve business results and drive competitive advantage
IBM has developed a robust Risk Management program – and Supply Chain risk
management is an important focus area
6
IBM Enterprise Risk Management
Setting the Context
Executive Direction
c. 2009
….. will initiate a broad piece of work to evaluate the risks in our extended supply
chain….. will prioritize based upon known or anticipated issues.
The gas supply
…. Israeli situation
…. ongoing issues in Thailand
…..effects of a lower economic growth rate on political and social stability
And many other risks including but not limited to transportation
costs/climatic/political/economic/social/environmental/health, etc...
…. globalizing our supply chains have introduced additional risks
8
- successfully uncover and manage supplier and supply chain risk
Well defined “on boarding” check list and tool
Risk profile assessment
Documented process, line ownership and management system
Data base / tool to house data and perform computations
Impact / likelihood weighing algorithm
Risk ranking methodology
Mitigation and business continuity plans
Real time alerts
Experienced cross functional, multi cultural core team
Key ingredients necessary to
9
Initial and On Going Risk Compliance – to legal and internal policies
Ethics, Bribery and Corruption
Import / Export & Embargoed Country Restrictions
Environmental, Product Safety, Electromagnetic Compatibility (EMC)
Chemical Management and clean up
Quality and defective products reporting, corrective action and recalls
Diverse business relationships
Data security
Sustainability and code of conduct
Financials
Supply chain risk / business continuity planning
Our objective is not to eliminate risk, because without risk there is no progress.Instead it is to ensure we can manage and mitigate risks.
SocialListening
MarketIntelligence
Socialand EnvironmentalLeadership
BusinessAnalytics
Supplier Total Risk Tool & Process
Risk
Assessment
Risk
Mitigation
Planning
On-going
Risk
Monitoring
and Control
• Comprehensive risk assessment
• Ongoing mitigation
Protections against loss of
revenue and profits by minimizing
likelihood and severity of supply
chain disruption
Solution
Supply Chain
Risk Management Tools
Managing market and political uncertainty ismore complex than ever
Risks can be hedged through intelligence and holistic view of risk management
1. Incorporating key information about global supply chain from market intelligence communications
2. Augmenting existing information not available via current market intelligence processes
3. Listening for sentiment and trends for critical items and events
Uncovering and Managing Supplier / Supply Chain Risk
• IBM Outstanding Innovation Award
• Patent for impact likelihood algorithm
• CSCMP finalist Award for Supply Chain Innovation
Key Benefits Recognition
• Uncovers multiple risks, assesses likelihood & impact of each• Addresses risks with formal mitigation plans• Provides consistent risk management approach across
brands/commodities• Trends and patterns are revealed by systematic risk analysis
2 x year complete Supply Base Assessment Country / Hub / Supplier / Supplier Site / Commodity
Based on External and Internal Market Intelligence
4 x year Finanical Assessment – top critical suppliers
Real Time Alerts Critical elements of the Supply Chain for Countries,
Hubs, Suppliers, Sites, Commodities External and Internal Market Intelligence
Additional Market Intelligence Feeds and Actions White Paper, Advisories, Weekly Reports Bi-Weekly Updates to the Management Team Quarterly Briefing to IBM‘s Chief Risk Officer Central Repository (aka community) for all Risk Related Topics Outputs from Social Listening tool
External Data Source focusing on selected growth market countriesand hubs Providing specialized alerts
External Data Source Provider searching upstream supply chain, e.g. Conflict minerals, rare earth metals
Highlights - Risk Process and Management System
Risk Mitigation Plans(via Lotus Notes database)
Plans formulated to address
identified risk
Plans reviewed and approved by
management
Supplier Financial Risk
Assessment (SFRA) Tool
Supplier-Site & Pandemic
Questionnaires
Commodity
Lead
Council Lead
Supplier &
Commodity
Questionnaires
Country & Hub
Questionnaires
Market Intelligence
External Data
Source Provider
Country & Hub
Questionnaires
Cognos Business
Intelligence Reporting• Risk ratings by …
Country
Hub
Supplier
Supplier Site
Commodity
Reports Generated …
- Global View
- Supply Chain Report
- Questionnaire Report
Risk
Identified
Total Risk
Assessment Tool(Determines Risk Rating for
combination of all entities and risks)
Output of from
Social Listening tool Business Continuity Planning
Supplier Assessment Ratings
Complemented by
Real Time Alerts from External Data Source Provider
– anytime, re. potential disruption threats
Supply Chain Social
Responsibility Audit
Compliance Reference
Total Risk Tool and Process Landscape
UncoverAnalyze
MitigateManage
Risk
Categories Supplier Site Supplier Commodity Country Hub
Pandemic
Disaster Production Stoppage, Pandemic related
Raw Material related
War and Civil Unrest related
Shut Down related
Communication & Cooperation
Environment & Natural Hazards
Economic / Financial
HR
Infrastructure, Logistics & Energy
Labor & Health Includes
Pandemic
Political, Legal & Social
Product & Market Requirements
Quality
Security
Strategic Importance
Categories and Types of Risk Evaluated
Supplier Risk Assessment
0.000%
10.000%
20.000%
30.000%
40.000%
50.000%
60.000%
70.000%
80.000%
90.000%
100.000%
0.00% 20.00% 40.00% 60.00% 80.00% 100.00%
L
I
y = 1 / (10 * (x + 0,05)) + 0,1 y = 1 / (10 * (x + 0,20)) - 0,1 Supplier
High Risk
Medium Risk
Low Risk
Imp
ac
t
Likelihood
Impact / Likelihood Assessment
• Real time alerts from External Data Source Provider of specific aspects as events unfolded provided an assessment damage and how quickly supply could be restored
• Based on tool out put, immediately knew number of suppliers in Japan, which categories affected (e.g. commodities, logic, memory) and what tier supplier impacted
• Able to immediately contact suppliers and understand- Extent of damage- Whether in exclusion zone or not- Ability to produce / maintain measure of supply continuity- Supplier contingency plans- Mitigation Actions (e.g. moving manufacturing to alternative locations)
• Can look for supply continuity down through multiple levels of supply chain where IBM has qualification / sourcing relationships with sub tier suppliers - Through use of related tool and process
• 12-24 hour head start in securing supply and implementation of mitigation actions
15
2011 Japan Earthquake / Tsunami and Thailand Flooding
- Demonstrated value of tool and process
Case Study
Supplier Sourcing Consider Supplier Risk in Sourcing Process
Use as decision support tool to award business
Business Continuity Planning Consider BCP Readiness into Supplier Risk
Inadequate BCP Readiness require Mitigation Action to Improve Risk Score
Risk of Flooding Multiple input parameters like topography, historical weather pattern, soil type, ...
Selected Countries
GPS tagging of Supplier Location
Publicly Available Data Maps
Views provided to Sourcing teams
Use of Mobile Communication (under development)
Bi-directional Communication with Suppliers
Share Risk Events
16
Pro-Active Elements of Risk Management
Likelihood Impact Model Risk = Probability of Risk Event x Impact to Business
Heat Map with modified Thresholds
Thresholds set to capture 10 – 15% High Risk Supplier
~95%+ Spend Coverage ($5bn) ~450 High to Low Impact Suppliers
~2400 Supplier Site-Commodity Combinations Main driver Component and Memory
Subtier Supplier include certified Fab locations
Differentiation between Fab, Assembly and Test
Components, Logic, Microcomponents, test
~ 60 Commodities Tracked From finished Boxes to Assemblies to Chip Families
~50 Country and Regions Tracked All Growth Markets covered
~50 Key Transportation Hubs Tracked ~ Main Country Entry and Exit Transportation Points
~3000 Supply Chains captured
17
Factoids
Past (examples) Bangkok Political Unrest 2009 / 2010
Russia – Ukraine Gas Dispute 2009 / 2010
Japan Tsunami and Reactor Melt Down 2011
Thailand Flooding 2011 / 2014
Super Typhoon Haiyan – Philippines 2013
Hynix Wuxi, China DRAM plant fire 2013
Thailand State of Emergency 2014
Ukraine political unrest 2014
Madagascar hurricane 2014
Chilean earth quake and tsunami 2014
Mexico City earth quake 2014
WTO ruling and China Appeal re. Rare Earth Metal ruling
Export of ore restrictions 2014
Continued Focus on Youth Unemployment in Europe
Youth Unemployment trigger to Social Unrest 2013/5
Russian Sanctions 2014/5
Vietnam roits against Chinese businesses 2014
Thailand Martial Law/New Regime 2014
Ukraine 2014/5
Argentina Bond Repayment 2014
Greece and EU 2014/5
Source http://www.abc.net.au/news/2014-01-10/fresh-
protests-at-rio-expulsions2c-demolitions/5193272
Source http://en.wikipedia.org/wiki/Typhoon_Haiyan
18
Assessment of Major Risk Events
Real time order
status visibility and
exception alerts Credibility and reliable
information
Increased customer
satisfaction levels
Effective supplier
collaboration Reduced inventory levels
and operations cost
Improved sharing of
demand information and
collaboration
Intelligent Operations & Resolution Center
Key Benefits
IBM
Client
Business
Partners
Suppliers
Improved visibility
into finished goods
inventory Better service level
commitments
Order status
notifications
Transparent operations
management Issues / risks identification
and correlation to assess
impact to supply chain
Next best action initiation
Alert / exception driven
(mobile & web) model
Single version of truth
Transparent Supply ChainCloud SocialAnalytics Mobile
TSC Functions
Mobile App for alerts
Global Level KPIs
with drill downs
Geo spatial & other
visualizations
Our vision is to create the most transparent supply chain in the world: predictive, social, real-time, and global
Transparent Supply Chain – Geospatial Map Alerts- Possible Supplier/Supply Chain Opportunities for Disruptions
Z
Predicting Risk with Certainty - The Genesis
March 11, 2011 – Japanese earth quake, tsunami and nuclear reactor melt down
Critical single sourced component sourced with supplier inside the “exclusion zone” – no access to parts/building
- Led to expedited qualification – development, engineering, procurement and suppliers
Sept 4, 2013 – SK Hynix Memory Factory Explosion and Fire
Sep 4, 2013 - A huge fire at an SK Hynix component factory in Wuxi, China, has highlighted supply chain vulnerability.
DON'T PANIC says Hynix, China fab explosion is no big deal
www.theregister.co.uk/.../ dont_panic_says_hynix_
Sep 4, 2013 - Fears that an explosive fire at SK Hynix's Chinese fabs in Wuxi will cause a spike in chip prices are unfounded, says the
company.
Update: Hynix plant fire leaves memory shipments on hold ...
www.computerworld.com/.../update--hynix-plant-fire-lea...
Sep 4, 2013 - The Korean press reports that a fire in Hynix's fabrication plants 1 and 2 in China may put DRAM shipments on hold for the
foreseeable future.
Hynix FABs on fire after chemical explosion | KitGuru
www.kitguru.net/.../faith/hynix-fabs-on-fire-after-chemical-explosion/
Sep 4, 2013 - World DRAM prices are set to rocket as news comes in that Hynix FABs ... in Hynix's wuxi fab in China was NOT the
chemical explosion but ...
Hynix DRAM plant erupts in flames, entire industry affected
www.tweaktown.com › News › BREAKING STORY
Sep 4, 2013 - Two Hynix DRAM production facilities in Wuxi, China destroyed in massive chemical explosion and resulting fires.
China fire rattles world chip supply chain | Fox News
www.foxnews.com/.../china-fire-rattles-world-chip-su...
- Led to an immediate approval to purchase and pull in inventory ~$1m
“Risk Rover” – Watson Project
21
Predicting Risk with Certainty
Domain:Risk team receives many reports and updates re. threats (man made and natural) that can impact supply continuity. In spite
of the threat of a supply chain disruption, most do not come to fruition. Taking preemptive actions such as qualifying another
source, pulling inventory and/or moving the business to another supplier, when threatened, and then if the threat does not
materialize, these actions produce a measure of distraction, lost time and wasted effort by the sourcing teams and others.
Concept:Search past/recent past social, political, economic unrest events, including climatic events to determine if they:
a) do come to fruition as forecasted, and if they do,
b) was there an impact to in country commerce, aka disruptions to transportation, roads, airports,
workforce etc.?
Evaluation of data can show what is the likelihood of an event a) coming to fruition (eg disruption) and b) if it does come about
as forecasted, what is the likelihood that supplier’s business will result in interruption of supply and/or services?
Data Sources:Collect and analyze vast array of news reports of social, political, economic unrest events as well as climatic events – over
last x years.
Benefits / Opportunity:Procurement, Engineering and Supplier resources conserved and only expended when situation indicates a high likelihood of
an event materially impacting the supply chain.
“Risk Rover” – Watson Project
22
.
A New Way to Manage IBM and Supplier Supply Chain Risk
http://en.wikipedia.org/wiki/Typhoon_Haiyan
IBM Risk Rover Team
Thomas Ward – ES
Chester Karwatowski – CIO
Hans-J Eickelmann – Proc
Jason Horner – Proc
Patrick Gibney - ES
Rahul Nahar - ES
Ramesh Alagsen – ES
Ross Grady* - HR
Louis Ferretti - Proc
* IBM RTP Extreme Blue Lab Manager
Risk Rover (RR) uses: Watson Content Analytics, DB2
Cloud Managed Services (CMS)
Bluemix with Dev/Ops (Agile), Java, Cloudant
Social Media Analytics (SMA),
Twitter data on climatic events and
The Weather Company and US Navy: storm tracking
An Extreme Blue™ Project: May – Aug, 2015
covered by the Smarter Innovation fundRR API available at end of project
Extreme Blue Developers
• BS Computer Science from Texas A&M, architecture and maps.• BS Computer Eng. from Syracuse, strong Java specialist.• MS Carnegie Mellon, Machine Learning, BS CS from Oregon State.• BS USMA at West Point, MBA at Fuqua/Duke. Global Logistics.
Executive Sponsors
• Tim Humphrey• Josie Romualdi• Mike Meaden• Bob Murphy
Risk Rover
Risk Rover using Watson Content Analytics (WCA)
• Project funded via IBM internal Venture Captial
• Sole Supply Chain Project nominated in 2015 for Extreme Blue™
• Extreme Blue™ is IBM's incubator for new Talent and Technology
• Analyse Climatic Risk Events using WCA utilizing
– Social Listing
– Analytics & Big Data
– Mobile
– Cloud
• Top Talent Developers selected to support 12 week event
• IBM Risk Team consists of technical and business mentors
• Project’s 3 Objectives
– Minimum - Proof of Concept Validation
– Target - Expand to additional predictive analytics
– Stretch - Expanded into Watson Q&A type insights
Risk Rover
The Vision with Risk Rover on Watson
Social Listening Tool
US NavyWeather forecasts
Watson Content Analytics
Identify, Predict Assess Events that impact IBM
Event
Geo Spatial Mapping of eventto IBM Supply Chain
Social Media Analytics Text Analytics Visualization
Big Data
Supply Chain
Droughts
Strikes
Protests
Epidemics
Storms
Conflict
Floods
Today: How do we monitor threats to our global supply chain?
Manual Event Monitoring• Costly• Time Consuming• Lacks Precision• Not Standardized
APIAlerts
TSC
The Interface
22
Executive Interest and Support
Vice President and Controller –
In response to the IBM Board of Directors Audit Committee Meeting, acknowledged our current work is the
right strategy and vision. “The Data Analytics presentation was very well received by the Audit Committee. I walked
them through our strategy, … and wrapped up by outlining the impact of Analytics on the Enterprise Risk Map. The
Audit Committee was very engaged throughout the presentation and acknowledged that this was the right strategy
and vision”
IBM Vice President & Chief Risk Officer --
“I personally reference the tool internally and externally as a prime example of IBM's use of Analytics to support
risk management initiatives which clearly underscores our thought leadership in this area. ”
IBM Corporate Office, Director, Global Risk and Insurance Management –
“This tool has been a huge differentiator for IBM when we present our risk profile to the property insurance
underwriting community. Business Interruption and Contingent Business Interruption are ever expanding exposures
to an organization and not only can impact income to the organization but also our ability to meet our commitments
to our customers.”
IBM VP & Chief Procurement Officer –
“Managing and reducing risk in the supply chain … will be key to IBM’s global growth in the future”
Corporate-wide Supply Chain Risk Assessment - viewed as the right
strategy and vision, key to global growth and a differentiator
• Risk management is a fundamental building block to a supply chain strategy
• Supply Chain Leaders are integrating process controls in their logistics and operations, supplier compliance programs and planning process
• Procurement can deliver true value using an intelligent and comprehensive risk assessment program with suppliers
• A strong supplier / supply chain risk management program, can - demonstrate to clients that IBM can be a reliable supplier, and- be a key factor in preserving and growing revenue- be featured to insurance underwriters as rationale for reduced premiums
• Objective of these processes is not to eliminate risk- without risk there is no progress- instead it is to ensure we can manage and mitigate risks
• “Managing and reducing risk in the supply chain … will be key to IBM’s global growth in the future”
- John Paterson, (former) IBM VP & CPO
Supplier / Supply Chain Risk Management
– Key Takeaways
THANK YOU
Please check your itineraryand move on to your next session.
Slides will be available post event.