Integrate QM and Minimize Risks - Quality Assurance in Supplier Relationship Management

riskmethods welcomes a guest post from Georg Rösch, Head of Product Management at POOL4TOOL.

Supplier Relationship Management (SRM) is a classic purchasing issue, even though it is connected with other business processes. If, for example, one were to examine the classical procurement process, it in fact begins with the consumer in the form of a request, and ends with the bill in the finance department. The decision to universally integrate different stakeholders into the SRM process and to place value on a comprehensive information database is therefore logical and correct. All-in-one software tools can make this much easier to achieve because they cover all purchasing processes, include Supply Chain Risk Management, and can be implemented across departmental and geographical boundaries.

Integrate QM and Minimize Risk
The master data for the suppliers and materials of a company create the foundation for all following processes in SRM. A “clean” database is therefore not only necessary for efficient processes in Purchasing, but also serves as a significant source of information that spans all locations and systems. In addition to this, there must be a guarantee that all risk-related information about suppliers, locations, and supply chains are included so that detailed risk profiles can be put together. Appropriate strategic suppliers can only be selected successfully by looking at the big picture. In this way, award decisions can be made on the basis of risk profiles that include financial and quality key figures, compliance and sustainability factors, as well as possible risks related to the geopolitical climate.

An important step to minimize risk from the beginning is to integrate the QM department into the entire SRM process, and to focus on Supply Chain Risk Management early on.

The perspective offered by QM can provide valuable insight during each stage of a control loop in SRM—from supplier qualification to action management. It is critical not to lose sight of any risk-related information throughout the entire process.

1)     Supplier Qualification
The successful implementation of a purchasing strategy depends upon the quality of the supply base data. The better and more complete they are, the easier it becomes to assign suppliers according to their strategic significance. Supplier Qualification builds upon the data gathered during the supplier registration process. By using a software tool, all participating parties can be drawn in right away, and the registration and release process for each category can be directed more easily. Even at this stage, information about possible risks related to the suppliers, locations, and supply chains should be taken into account, ideally without leaving the system.

2)     Audit Management
A Software tool supports the planning, execution, and analysis of audits. All planned and past audits, such as initial assessments of serial suppliers, (first) visit reports, QM system audits, etc. can be entered into the online portal and systematically evaluated. The central management of all audit data is particularly advantageous, as are the complete documentation and archiving.

3)     Complaints
Complaints can be processed in a structured and standardized way by using a software tool. This results in a higher level of transparency and process security for all involved parties. With the help of proven quality management methods, such as 8D reports or PDCA, the causes of each complaint, as well as necessary measures that must be taken, can be systematically processed without any risk of repetition errors.

The Quality Manager can implement measures for specific suppliers together with Purchasing. Complaint data, meeting logs, sketches, action plans and much more, can be entered and saved for each supplier in order to make quality-related information readily available to the purchasing department and any other involved employees.

4)     Supplier Performance Rating
Supplier performance is an important factor in SRM and must be monitored constantly. A comprehensive supplier evaluation takes both hard facts (such as a supplier’s reliability), and soft facts (such as their level of innovation) into account. Supply Chain Risk Management is particularly important here because a comprehensive supplier evaluation must also include risk information in order to create a realistic supplier profile.  If the same software tool is being used for both Quality Management and Supplier Relationship Management, the information from each module can be incorporated into all processes that are being implemented. This produces valuable synergy. 

5)     Action Management
Action Management, which has been integrated into the supplier evaluation process, serves to facilitate supplier development. in order to continuously improve each supplier’s potential. By using predefined methods, a supplier’s potential can be improved and, if necessary, they can be re-qualified.

The implementation of an “All-in-One Supply Collaboration” solution makes it easier to include QM managers and to integrate Supply Chain Risks Management into the entire SRM process. The expansion of the 360° supplier cockpit to include risk-related information about the suppliers, locations, and supply chains allows the buyers as well as the QM Manager to recognize potential dangers early on, to react more effectively in the case of risk events, and to improve the quality of SRM as a whole.

Business Continuity Management and Supply Chain Risk Management and its Interdependency in Praxis


by Eberhard Raue

It is reality that BCM (=disaster recovery) and SCRM are typically established as separate practices. The existence of either one doesn’t necessarily require the existence of the other one.

  • Nevertheless is either one missing, the Enterprise Risk Management is incomplete!

Statement of Interdependency between BCM and SCRM

Under the umbrella of ERM:

  • The SCRM deals with detection, analysis, scoring and mitigation of risks in the supply chain processes.
  • The BCM deals with the recovery of the risk affected supply chain processes.
  • In order to provide a profound solution for both components as parts of an integer ERM strategy an interdisciplinary cooperation between the responsible people in the parties of BCM, SCRM, SCM and ERM is a prerequisite.

Following the statement the ideal strategy and structure becomes obvious. The entire Risk Management activities in an organization should become a “Central Management Institution” (CMI), headed by a Manager who reports directly to the board or might be part of the board. Positions as Chief Risk Manager, Chief Risk- and Performance Manager, Chief Enterprise Risk Manager come to mind.

In consequence all Risk Management and Risk Management related activities, e.g. BCM, Quality Management etc. become part of the CMI.

Risk Management in its pure sense has become significant in any organization of any size and in any industry. Admittedly the importance of Risk Management might vary in the various industrial sectors and in its correlation to the size of an organization.

Risk Management in its pure sense has also become significant in all Business- or functional Units of an organization, e.g. in Procurement, HR, IT, Research and Development, Production, Marketing & Sales etc.. Regarding to its importance Risk Management became quite equally valid for any of those Units.

Since our focus is on Supply Chain Risk Management a look at a typical supply chain and the experience of risk potential along a supply chain explains quite simple that in case of occurring risk events Business Continuity Management could be executed immediately. It becomes obvious:

  • Risk events in the supply chain impact all processes of an organization.  
  • The interdependency between SCRM and BCM proves itself.  
  • BCM is the logical and pragmatic complement to SCRM.


Fig1: Supply Chain Scenario

In such a supply chain process an alert should be send from the SCRM-System to the BCM-System at the earliest time possible in order to get the responsible people at the BCM-Team alerted and getting ready to act. This earliest moment is whenever a relevant risk event occurs and is captured from the SCRM-System and becomes visible on the Risk Radar (Monitor). From this early moment on the BCM-Team can use further information from the SCRM-System.

The team members of a BCM-Team have mandatory to be users of the SCRM-System!

Components of BCM

A solid BCM solution is based on best practices, a state of the art methodology and supported by state of the art software. A BCM solution includes the following components:

  1. Development of strategy and determination of responsibilities.
  2. Establishment of a central repository for all relevant business processes.
  3. Performance of a holistic Business Impact Analysis (considering each single process).
  4. Development of a business continuity and disaster recovery plan.
  5. Documentation, reporting, reviewing and communication.
  6. Establishment of workshops for resolving and recovery activities.
  7. Integration with ERM and SCRM.


Fig2: BCM Process Cycle

Components of SCRM

A solid SCRM solution is based on best practices, a state of the art methodology and supported by state of the art software. A SCRM solution includes the following components:

  1. Development of strategy and determination of responsibilities.
  2. Capture of structured and unstructured data from different sources, e.g. Internet, News Media of all kinds, Info Services about financial-, compliance-, sanction-, social responsibility etc. data.
  3. Research and analysis of captured data.
  4. Scoring the data related to risk tolerance / risk appetite.
  5. Alert mechanism sending alerts to assigned users.
  6. Reporting, documentation of analyzed results, reviewing and communication.
  7. Action planning and –management
  8. Simulation of scenarios
  9. Predictive analytics
  10. Integration with ERM and BCM


Fig3: SCRM Cycle

SCRM and BCM integrated

SCRM and BCM as an integrated process finally provide a significant complex in Enterprise Risk Management. The integration of SCRM and BCM completes the Risk Management from:

  • Detection of risk to
  • Validation of Risk to
  • Mitigation of risk to
  • Recovery of processes in any organization


Fig4: Interaction BCM & SCRM Cycle

Read more about The interdependency of Supply Chain Risk Management and Business Continuity Management – Part 1

Learning from disasters - what if supply network interruptions happen?

riskmethods welcomes a guest post from Markus Groth, Head of Marsh Risk Consulting and Council Member of Marsh’s Business Interruption Center of Excellence.

The aftershocks from the devastating natural catastrophes such as of 2011 are still rippling through global supply networks. Companies that had believed their supply networks were secure found out otherwise – the hard way. Many organisations that were not affected see a warning sign in unprecedented global string of floods, earthquakes, tornadoes and other events in 2011 which have been analysed with great care and precision during the last years. Many are beginning to fully understand the imperative to ensure resiliency in the critical areas of their supply networks.

Increased vulnerability

Such losses typically manifest in a company’s supply network, which is often an integral component of the value that a company can deliver to its customers and stakeholders. But supply networks have become increasingly complex, globally interconnected and largely managed by third parties. After years of focus at many organisations on cost, efficiency and speed to market, supply networks are more vulnerable to geographically remote, disruptive events than ever before.

Although some organisations recognise this vulnerability, the truth is that many still are not prepared for a supply network disruption. Too many organisations lack complete visibility into their supply networks and do not understand the risks they face, the tools that are available to them to mitigate their risk and improve resiliency and the competitive advantages and bottom line benefits that superior supply network risk management can yield.

Exemplary loss events in 2011

The two costliest events of 2011, the Japan earthquake, tsunami and nuclear event and flooding in Thailand, illustrate how an event in one part of the world can have a significant effect on supply networks globally. Among the industries affected were electronics, semiconductors, automotive, shipping, steel, medical devices, solar and energy. Unstable power lines made it impossible for many manufacturers in the high-tech and other sectors to operate for several weeks following the disaster.

Meanwhile, flooding across Thailand in the second half of the year severely disrupted that country’s manufacturing operations and forced the closure of various major industrial estates. More than ten thousands of businesses temporarily ceased operations, suspending the production of cars, electronics and other goods.

Broad diversity of risks

When organisations closely examine their supply network risks, many focus purely on the potential physical disruptions – damage or destruction to their operations or those of their suppliers from earthquakes, hurricanes and tropical storms and other catastrophes. But global supply networks can be disrupted by more than natural catastrophes. Disruptions to supply networks can come about due to political and social unrest; technology failures related to cyber attacks and other events; shortages of raw materials; or an economic downturn that puts one or more suppliers out of business.

Similarly, many organisations view the supply network itself as being purely physical – comprising only those mechanisms that create and transport physical products and goods. But physical assets are just one aspect of how any company delivers value through its supply network: Critical technologies, relationships, knowledge, skills and people all contribute heavily to the flow of cash and /or goods that create and deliver any product or service, from smart phones to financial advice.

Lessons learned from the loss events in 2011

The events of 2011 raised concerns in boardrooms, among shareholders and in risk management circles about the true resiliency of supply chains and related risk transfer mechanisms. For example, many companies are now taking a closer look at the physical placement of operational nodes that contribute to global supply networks. There is also a greater appreciation of how supply network resiliency can be used as an “offensive” weapon to take market share away from competitors and to boost shareholder value. Claiming success in supply network risk management is about more than simply having a plan in a binder. To truly achieve resiliency, traditional plans need to be re-engineered and more voices added to the supply network risk management discussion. Managing resiliency is not just about quickly recovering from catastrophic events; it is about avoiding or minimizing exposure to such risks in the first place.

Read more from Markus Groth:
“Spoilt for Choice - Finding the Right Risk Financing for Supply Network Interruptions”

Spoilt for Choice - Finding the Right Risk Financing for Supply Network Interruptions

riskmethods welcomes a guest post from Markus Groth, Head of Marsh Risk Consulting and Council Member of Marsh’s Business Interruption Center of Excellence.

As the world economy changes with increasing velocity, global supply networks grow correspondingly more complex and vulnerable. While rapid advancements in automation, single sourcing, cloud computing, and off-shoring in emerging economies have provided competitive efficiencies for organisations, these advantages are threatened by a growing array of risks – from cyber-warfare campaigns, opportune terrorism, and global pandemics to traditional risks arising from natural disasters and economic disruptions. In this volatile business environment, a deep understanding of supply network ecosystems and the organisational resiliency to respond quickly to threats and their impact is critical to business success.

Many organisations are under enormous pressure to reduce costs in their supply network and improve efficiency, whilst also finding ways to improve customer service and responsiveness. Reducing costs can often result in the unintentional increased exposure to risks of disruption, and companies must understand and manage the complex web of risks that arise.

From a risk strategy standpoint the various risk financing options that are available and that may cover financial losses and extra costs resulting from supply network interruptions should always be taken into account – at least at the risk treatment selection stage which is about finding the right return on risk investments and implementing actions accordingly.

Risk managers have historically looked to contingent business interruption (CBI) and contingent extra expenses (CEE) insurance as a way to mitigate financial risks associated with loss events that affect their suppliers and customers. CBI reimburses insureds for loss of net profits and necessary continuing expenses resulting from an interruption of business due to insured physical loss or damage at a supplier or customer location(s). CEE reimburses insureds for the additional expenses over and above normal operating costs to avoid or diminish an interruption of business following insured physical loss or damage at a supplier or customer location(s). The cause of the interruption – a fire or an earthquake, for example – must be from a covered peril and must result in physical damage that inhibits the third-party supplier or customer from being able to supply or receive the insured’s goods.

CBI and CEE, however, do not cover the increasingly frequent disruptions that many organisations face that are not related to physical damage. For example, the eruptions of Iceland’s Eyjafjallajokull volcano caused little physical damage to insured property, yet air traffic was interrupted, leading to significant disruptions and delays in the transport of goods and services into and out of Europe. Following the events of 2011 in Japan, many buyers of CBI and CEE came to realise it often is restricted to first-tier suppliers, meaning that CBI or CEE resulting from damage to “indirect” second- or third tier suppliers will not be covered.

Emerging risk financing solutions for covering supply network interruptions are considerably broader than CBI and can offer additional protection. In addition to indemnifying for business interruption and extra expenses resulting from physical damage to a supplier or customer (i.e. typically excess of “all risk” programme CBI and CEE limits), supply chain insurance products also offer insureds protection against non-physical interruptions to their supply networks, such as strikes, riots, ingress / egress, service interruption, pandemics and more. Such coverage can be tailored to an insured’s unique supply network exposures.

Insureds should review all of their risk financing options carefully with their insurance advisors. Whichever product(s) or tailor-made alternative risk transfer solutions an insured decides to purchase, it is imperative to provide underwriters with complete, accurate and thorough data in order to differentiate its risk profile from other companies. The most successful organisations will be those that make insurance decisions as part of a broader approach to supply network risk management that optimizes risk investments against the value of the business, product, or service to the organisation.

The Future of Procurement – Take 2

When Kelly Barner from BuyersMeetingPoint asked us to join in by making a prediction on “What does the Future of Procurement Hold?” we immediately had varying thoughts. Our first take was “THE END OF SUPPLIER RELATIONSHIP MANAGEMENT“. We now would like to share with you our 2nd prediction:


The goals for procurement are currently: 1. Savings, 2. Savings, 3. Savings – as well as KPIs such as performance, quality and logistics. Supply chain risk management (SCRM) has so far not made its mark in these performance metrics in most organizations.

We recently gave a talk at a SCRM event, together with our customer Belimo, who impressed upon purchasing agents the value of SCRM as a personal objective in terms of their suppliers. The question to the audience as to which companies this applies to yielded only one response.

And yet we hear almost daily from our customers that further globalization and worldwide goods procurement are crucial in order to remain competitive. To generally benefit from this, however, you should be prepared for potential risks – risks along the entire supply chain, which go far beyond financial key figures and which can cause disruptions that result in damage amounting to millions.

We understand very well that there is a conflict of goals when it comes to procuring the most cost-effective goods – which are highly likely not being produced in the most low-risk areas of the world, though.  Should these savings not, however, be seen in the light of damage worth millions, which is caused by a disruption in the supply chain?

We are of the opinion that there is a huge opportunity for procurement here: Combining the “old KPIs” price, quality, performance and delivery reliability with the goal of ensuring protection against risks along the supply chain by way of SCRM will provide procurement with a high leverage effect as regards participation in the company’s success.

And as has been proven by Accenture’s current study “Accenture Global Operations Megatrends Study – Focus on Risk Management”, SCRM also contributes to ROI: nearly all of the 1000 companies represented in the study receive a return on their investment (ROI) in risk management. Only 7% are, however, generating returns of over 100% on their SCRM investments. Why? Because precisely only these 7% have a continuous approach to SCRM: they make SCRM a priority, centralize their responsibility for risk management and invest aggressively in risk management with a specific focus on end-to-end supply chain visibility and analytics.

If you want to learn more how our customers measure the ROI of SCRM and what further studies and experts say see our blog post ROI of Supply Chain Risk Management – 12 Examples


ROI of Supply Chain Risk Management – 12 Examples

Everyone knows that mitigating risk in the supply chain is very important. Nevertheless supply chain risk management often is still not one of the top priorities in procurement compared to other activities related to increase savings. Even though experts fear that supply chain risk could already rise again over the next three months according to the latest CIPS Risk Index Report.

We collected some facts & figures on the impact and ROI of SCRM from our customers’ experience, from recent studies and some examples which might be useful to increase SCRM’s importance and relevance:

What our customers say

  • Hit rate increase of risk events 85%  (compared to google alerts)
  • Early risk warning means a reduction of reaction time of 1.5 days
  • Elimination of manual effort 1hour/day per purchaser/logistic responsible
  • One hour production standstill = $ 250,000

What studies say

  • 88% of companies have suffered significant disruption in the past at the cost of £200,000 over the last 12 month (1)
  • Supply  chain  disruptions  reduce  shareholder  value  by 7% (2)  
  • One-point decrease in reputation score associated with ~$5 billion lower average market value (3)
  • ~50% savings in contingent business interruption insurance rates by proving supply chain visibility (4)

What already happened

  • General Motors lost over $2bn due to labor strike that disrupted production in several US states
  • Canon had a negative impact of $607 million on net sales and a reduction in operating profit of $225 million due to Thailand floods in 2011
  • BMW had a production stop due to Iceland ash cloud  in 2010 – 7,000 vehicles were affected
  • The share prices of Toyota fell by 16% and Honda by 13% within five days of the Japan earthquake in 2011

If you want to increase the visibility in your supply chain and mitigate risk, learn more about how to monitor all kinds of risks, minimize the impact and proactively take actions. See also our SUMMER SPECIAL of >50%

(Sources: 1) Zurich 2012, “The Weakest Link”; 2) Word Economic Forum, “Building Resilience in Supply Chains”; 3) Cirano, “Corporate Reputation: Is your most strategic asset at risk”; 4) Source: Sourcing Innovation, “The ROI of Supply Chain Resiliency”)

Managing Supply Chain Risks Successfully – Part 3: Implementation of risk management


riskmethods welcomes a guest post from Kai Busse, expert for the procurement area and founder of Pexin Consult.

What do we do if an event that poses a threat to our organization does in fact occur? Being prepared means that half the battle is already won. If you are already using a standardized process in terms of initiatives and preventive action related to savings initiatives, supplier development or implementation of material group strategies in Procurement, everything else is easy. If not, it’s also no problem.

Not every risk necessarily requires an action plan. What is important is to filter out the really dangerous risks from the vast range of identified risk events. For this, determine thresholds for your risk figures. If a threshold is exceeded, the introduction of countermeasures must then however be immediately investigated.

If an (hopefully rare) event that requires countermeasures then does in fact occur, these measures must be initiated quickly and effectively and be impactful. Your employees who have been assigned responsibility must know precisely what to do. For this, develop a standardized procedure that deals with all relevant information and steps in support of the action plan.

The document includes the following items:

Basic information:

  • What risk event are we dealing with
  • When did the event occur
  • Allocation of the risk event to a risk class. The risk class describes the danger potential  
  • Which product groups and categories and which supply chain(s) are affected
  • Which suppliers are affected
  • Which business units are threatened as a result of the event, and have the units been informed about the serious threat
  • Who has overall responsibility for the risk action plan(s)

Action plans (in many cases several individual preventive actions):

  • Initiated individual preventive actions
  • Designation of short-term and long-term action plans
  • Expected result from individual preventive actions
  • By when must the action plan be completed
  • Severity (progress) of individual preventive actions
  • Who is responsible for the individual preventive actions (where applicable, part of RAPID® model)

Results documentation:

  • Time of completion of individual preventive actions
  • Did the result live up to expectations? If not, what was the actual result?
  • Were follow-up actions or additional action steps necessary?

Check whether you can define standard preventive actions for certain scenarios.

If your organization has complex supply chains that necessitate the inclusion of a large number of persons, you should structure the decision-making process using the RAPID® model or a similar model. Specified decision-making channels result in gaining valuable time and completion of documentation of the overall action plan.image

RAPID® is a registered trademark of Bain & Company, Inc.

If you have implemented all three steps, you are well prepared for future risks. Each process requires practice, however. So, start with the areas that already show an increased risk potential, even if no serious threats are present.  This training will be of great benefit to you at a later stage and counteract latent risks on a preventive basis.

Be a supply chain risk management champion! Your internal customers and management will thank you for it.

Read more "Managing Supply Chain Risks Successfully":
Part 1: Risk Prevention
Part 2: Establishing a Risk Monitoring

How to REACH transparency within your Supply Chain Network (1/2)


by Karsten Wunsch

If you believe in GARTNER – like a lot of people do – you might confirm that Supply Chain Visibility is the topic #1 for Executive Supply Chain Managers. Or at least should be…

A recent study provided by Supply Chain Insights discovered that around 80% of the questioned companies had on average 3 material disruptions in 2013. When I talk to Procurement Managers I usually ask the following question: “How can you know that your suppliers are still able to produce and deliver tomorrow?” In many cases the answer is that they have contractual obligations with their suppliers to be informed if anything could affect the production.

How shall that work? Let’s imagine that you would be “preferred customer” for your suppliers and that you would be the first they would call in case of emergency – a lot of “would’s” and there are more to come… The probability is very high that the supplier would wait as long as possible and would have several internal legal discussions before he contacts you. Especially if the term that he has to inform you regarding disruptions is close to the term that he has to pay penalties for non-delivery…

42% of disruptions happen beyond Tier 1 (Business Continuity Institute, 2013) which is a growth of 3% compared to 2011. Keeping that in mind everybody can estimate on its own how effective and reliable the information flow described above could be.   

 So why is Supply Chain Transparency not a standard for each and every company yet? Due to missing tools, support and especially the lack of understanding, it was nearly impossible in the past to handle the topic without massive budget and capacities.

But the market has changed: REACH, Dodd Frank Act, public sanctions such as the ones against Russia – there are a couple of regulations which have been recently announced or became effective.  They helped to evangelize the market to get more sensitive regarding Supply Chain Visibility:


REACH is a regulation which is obligatory for all member states of the European Union. On a high and rough level, REACH covers all chemicals which are produced or imported into the EU with an amount of over 10 tons per year (1 ton from 2018 on). Each and every chemical has to be Registered using an specific dossier. This dossier will be Evaluated and might be Approved. In case of critical CHemicals the approval might be limited to specific applications.  

This approval and especially the limitation is a very important point as it forces the whole supply chain to communicate over multiple tiers.

First of all companies need transparency from whom they buy. If they source outside the EU where REACH is currently not obligatory they might be responsible to register the substance on their own. And even if the substance and the supplier are registered but the usage does not fit to the approved limitations you might be in charge to adjust the registration.

To avoid unnecessary costs and possible delays it makes sense to discuss applications through the whole value creation chain.

REACH is not only obligatory for chemical companies but also affects a broad range of industrial sectors and companies. Being compliant to REACH is a continuous task.

Dodd Frank Act – 1502 (see also our May blog post)

Section 1502 of the Dodd Frank Act covers the usage of conflict minerals and has been a challenge for many companies in the last months and especially for the tin processing electronic sector.  The idea of the regulation is to ensure that in conflict regions mining is done in compliance with CSR and no illegal operations are funded with the money.

Each company which is SEC-listed has to ensure that itself as well as their suppliers are compliant. The problem is that most suppliers don’t have the processes and tools in place to drive compliance into their own supply chain. The deeper you dive the lower leverage you have.

Without a satisfying answer from your supplier you might be forced to look for an additional source. This might cause extra costs and delays which are not foreseeable and certainly not budgeted. Therefore the easiest way might be to support your suppliers and receive value able information regarding your 2nd Tiers in return.

The good news is that every mineral has to be smelted. Smelters are a perfect choke point to check where minerals are coming from. You might want to check out following web-page: which shows a list of more than 150 smelters which are audited to be free of conflict mineral.

First reports had to be finished until June 2014. I recently joined a webinar discussing the results of the first reporting wave. One interesting take away for me was a question for the audience regarding their compelling event. More than 50% of the participants stated that they are not SEC-listed but currently feel a high pressure from their customers.

It seems that section 1502 has reached the 2nd Tier and the next reporting wave is about to come!

Sanction list screening

The Krim crisis is getting worse day by day. Europe is very uneven to sharpen sanctions. USA is not – they have added a couple of additional persons and companies on the black list. Keeping in mind that the biggest French bank was fined of nearly 9 billion US$ for the violation of US-Sanctions just 3 weeks ago – each and every company which is making business with the USA and Russia should be alarmed – especially as sanction checking is often an initial process and not done on a daily base. I don’t know how the Supreme Court would judge sanction validations in lower tiers of a supply chain but I bet you don’t want to be the first to find it out.    

So as the evangelism is done and the market is aware of the necessity of Supply Chain Visibility the next step is to implement tools and processes as well as to leverage existing information and the network to gain transparency. I will cover this topic in my next blog…

The Future of Procurement – Take 1

Kelly Barner from BuyersMeetingPoint started an “Open Call for Predictions: What does the Future of Procurement Hold?”. What a great idea – thanks Kelly for this initiative! We immediately started collecting our thoughts about what the future might bring for procurement. This is our first take, which we would like to share with you:


Over the last decade, the topic of Supplier Relationship Management (SRM) has dominated strategic procurement. The benefits and objectives are clear to see: increased supplier performance, reduced costs, development of relationships with suppliers, defined optimization potential. To a certain degree, risks in the supplier base can also be identified as part of SRM. In most cases, however, this applies to creditworthiness checks of direct suppliers.

But what happens with subcontractors along the supply chain?

According to the current Supply Chain Insights LLC study “Can you afford the risk?”, only 18% of companies interviewed have transparency over their 2nd and 3rd tier suppliers. A recent example of a large German sports item manufacturer, who appeared in the media at the end of June, is proof of this: Following a media report about disastrous conditions at a plant in El Salvador, PUMA stopped orders as one of the business partners was not using authorized subcontractors. According to the media report, PUMA had no knowledge about this supplier, but instead, a damaged image.

And what happens with locations and hubs along the supply chain?

Increasing internationalization, global networking and shifting of value added processes are a real development. Disruptions in the supply chain – be they of an economic, structural, political or ecological nature – can have fatal consequences for security of supply in terms of organizations and their corporate success.  A research study of PwC (Global Supply Chain and Risk Management Survey, 2013) revealed that more than 60% of respondents saw their performance indicators drop by 3% or more in 2012 as a result of a disruption in their global supply chain. This means that besides suppliers, supply-related risks along all transfer points, interim storage sites and logistics hubs must be monitored in order to secure supply.

We are convinced that the trend in future is going to be towards transparency over the entire supplier network, including location and country risks of 1-n tier supply routes. Previous supplier-centric approaches in terms of quality, stability and price of partners must be supplemented by supply security aspects along all supply routes as well as compliance aspects as regards 1-n tier relationships.

Companies in all sectors must continue to focus on their suppliers and supplier relationships – they will however have to take this a step further, namely to include the entire supply chain into their management.

So, we are not predicting that supplier management will no longer be relevant – but a holistic
1-n tier supply chain management approach will enter a new era: The conversion of SRM and SCM has started.

Managing Supply Chain Risks Successfully – Part 2: Establishing a risk monitoring


riskmethods welcomes a guest post from Kai Busse, expert for the procurement area and founder of Pexin Consult.

Using the risk groups defined in your risk prevention strategy as the basis, determine risk indicators that will form the basis of risk monitoring in future. The suitability of a risk indicator can easily be checked by posing the following question:

-          Can a risk that is listed in our risk prevention strategy be identified based on the occurrence of an event (in terms of this indicator)?

An example: The frequently used indicator for supplier creditworthiness is suitable for identifying supply risks. If, however, image risks are the focus of monitoring, this indicator can safely be dispensed with.


Once all risk indicators have been determined, they must be correlated in terms of level of priority. This results in a risk matrix. The following rule of thumb applies: The highest weighting is assigned to the highest loss potential. Do you assign this rating in Procurement only? No! Other departments are in a much better position to assess and quantify the impact of certain events. Consequently, as is the case with strategy development, a collaborative, cross-departmental approach also applies here. Apply a modified form of utility value analysis as part of a workshop. Rate all risk indicators with points from 1 – 100. Perhaps, for purposes of easier orientation, assign value ranges to the impact (“very low impact 0 – 20” to “jeopardizes continued existence 90 – 100”). Then correlate the scores – and you have your risk matrix. Once your monitoring is up and running, use the same pattern to allocate criticality ratings ranging from low to high to events that occur or general incidents (e.g. country risks). This means that you will have a current risk figure for every indicator, and this figure will be updated with all new information received and assigned the weighting of the risk indicator, resulting in an overall risk figure. But the risk matrix must now first be populated.

As already mentioned, current and valid information is the key to successful risk monitoring and management. Suitable data sources must then be identified for your risk indicators. Besides internal sources, countless data providers operating on a global/regional, commercial or non-commercial basis are available to you. When selecting your data providers, take note of the frequency of data updates. The data provider should have its own research capacities and make the data available to you in a workable format.

Unfortunately not all information required is readily available in a prepared format. Address data is core information for recognizing at an early stage whether your supply chains are threatened by natural disasters, strikes, unrest, weak infrastructure, political instability and a whole lot more. This mainly applies to production, development and service locations of your suppliers and their subcontractors, as well as to central logistics hubs that form part of your supply chain’s path. Internally available address data for suppliers can only be used to a limited extent in many organizations, as ERP systems often only provide commercial addresses, and not risk-relevant locations. Information on 2-n TIER suppliers is frequently not available at all. For this, there is unfortunately no way around cumbersome research among all suppliers affected. Ideally you should integrate the obligation to provide information on subcontractors’ location addresses in your standard contracts.

For each risk indicator, determine the data update cycle. Available real-time data should also be processed in the same way. Fortunately the addresses do not change that often, which means that an update every six months or every year suffices.

Which suppliers are then actually included in your monitoring necessarily follows from the product and/or material groups defined in your strategy. In this regard, organizations often choose to include the suppliers with the highest revenues in their monitoring. This is a decision for which they could pay dearly, as missing Cent items can also cause severe production disruptions. The wider the base of suppliers included, the higher the chance of recognizing all risks that occur. It is essential to assign one employee to each supplier as the person responsible for risk monitoring and management. Who is responsible for which supplier in most cases also follows from the responsibility linked to product or material groups.

Done! Once you have developed the matrix, assigned responsibilities and researched, assessed and included the initial data, you will for the first time have a comprehensive overview of the current risk situation of your supply chains.

I will deal with the implementation of risk management in the third part of my blog series.

Read more "Managing Supply Chain Risks Successfully":
Part 1: Risk Prevention
Part 3: Implementation of Risk Management