Spendmatters scrm in an uncertain world 2015
- 1. © Spend Matters. All rights reserved. 1
As packaged and readily available solutions go, SCRM (Supply Chain Risk Management) is a
relatively new discipline, combining vast 3rd party datasets (over tens of thousands of originating
sources) with granular insights into a company's immediate supply base and the next tier or even
two. The combination of internal and external data mapped to a physical supply base footprint
that stretches across multiple tiers and logistical paths provides unprecedented visibility into
actual supply base risk. And it does so as risk events take place (natural disasters, etc.) and also
proactively, by uncovering bottlenecks and other critical paths before sourcing allocations are made.
Pre-packaged, easily configurable SCRM solutions have only recently entered the market at
price points that make them indispensible to not only large but also mid-size and even smaller
organizations. With supply chains stretching across regions, jurisdictions, with potentially fragile
logistics support, SCRM can make or break a company's success. Not only on the buy-side, but also
providing a significant differentiator when negotiating with risk-averse prospects.
By visually modeling a supply base (geographical maps with supply lanes and alerts) that various
stakeholders can see (e.g. internal, suppliers, customers) a company can create early awareness
about sourcing outcomes (allocation consequences), drive strategic alignment (openly sharing
risk assessments), and enable proactive mitigation (early warnings when something happens) and
avoidance by minimizing exposure to critical or overly risky paths.
The target audience for this paper is not only internal (brand management, C-level, finance, legal,
line of business owners, procurement) but also sales, where SCRM visibility provides an advantage
with risk-averse prospects and clients. As for takeaways, we’ll explore SCRM’s potential ROI,
including the main drivers to consider when building a business case. This doesn’t just include
supply base assurance and brand management - but also immediate hard savings through process
efficiency, avoidance and reduction of crisis costs, and insurance premium reductions. What’s not to
like about that?
Background and broader business case
Overabundance of data - effective risk management can no longer rely on a few manually entered
(primarily internally generated) data points and cross-referencing them with a sanitized number or
two from an external credit scoring organization. The traditional approach is not robust; it is over-
reliant on self-reported and even dated information, and notoriously unreliable with privately held
companies. As actual risk exposure changes by the hour, companies need more robust models
that can combine and analyze information from thousands of data sources, constantly update and
refresh alerts, do the heavy lifting without drowning business users in too much information and too
many alerts.
Proactive Supply Chain Risk Management
(SCRM) in an Uncertain World
By: Thomas Kase, VP of Research, Spend Matters
“Almost daily, we see
media reports on the
consequences for
companies whose
suppliers are struck by
political upheaval, natural
disasters, pandemics,
fires, corruption,
labor violations, code
of conduct issues,
sustainability, and other
factors that are more tied
to ethical behavior than
legal compliance - all
of which creates hard
and soft losses for the
companies in question.”
- 2. © Spend Matters. All rights reserved. 2
Limited visibility - still a major challenge in most organizations with data that’s not only low-quality
(duplicates, mis- or not classified, lacking links and enhancements to support advanced analytics)
and poorly organized, but also siloed off between business functions, units and regions - often not
even available in searchable databases, or even file cabinets. Additionally, there’s a lack of n-tier
visibility.
Limited time - Supply chain information typically has an expiration date far shorter than any
business analytics effort can conclude, leaving the analysis (if it gets done at all) to post mortems
and audits that are more focused on assigning blame than identifying opportunity and measures of
action. Corporations have coped with this challenge by blocking off or ignoring difficult-to-manage
external (where the real risk lies) data and instead focus "risk" management efforts on internal
data and similar score keeping. This has turned much of traditional risk management into a mere
compliance exercise.
Global uncertainty - even mid-size companies now operate on extended supply chains, with
long logistical paths and nexus points (ports, warehouses, logistical facilities) all over the globe.
Many rely on at least two tiers of outsourcing - primary contractors and immediate suppliers -
with substantial uncertainty over supply assurance in the event of man-made or natural disasters.
Suppliers are also often operating in emerging markets, where political, economic, and infrastructure
risk is difficult to monitor.
Unanticipated disasters/events - whether earthquakes, tsunamis, volcanoes, hurricanes or
other destructive forces, supply chains are brittle, and even something as trivial as a week-long
power outage can create problems for facilities operating at full capacity. Factory fires, train
car derailments, buildings collapsing (not only in Haiti or Bangladesh, even in NYC) can be as
destructive as forces of nature. Political unrest is another potential risk. We see this across the world,
with sudden switches to populist parties prone to trade barriers and other mercantilist tricks. Usually
less sudden than force majeure, it is still important to have a good picture of the political stability of
the locations where your suppliers actually do their manufacturing.
Analytical horsepower - to assess data in enough time to act before it goes stale. This is the
historical challenge, and by now an insurmountable mountain to scale for companies that attempt a
manual effort. Leveraging "big data" (in-memory processing) and advanced analytics/heuristics to
model risk as it changes without generating either false positives or missing real risks requires new
toolsets.
Automated oversight - by having the analytics to weed out false positives and minimize actual
events slipping through is part of the next wave in all areas of procurement-automated oversight.
Not having to pull reports and scrutinize them “in time” will raise the effectiveness of SCRM
programs and restore sanity to stakeholders, allowing them to step back and assess what is going
on without being buried in too many details.
Recent examples of negative outcomes
In this field, the stick is unfortunately far more motivating than the carrot. Below, we list examples
that come from riskmethods' global database of information from 300,000 sources. These are
updated near real-time and cross-referenced with clients' supplier lists, creating alerts based on risk
preferences etc. The following examples illustrate why modern SCRM adds value to a company's risk
management efforts.
- 3. © Spend Matters. All rights reserved. 3
Positive outcomes
SCRM isn't all about doom and gloom. There is a strong case to be made during the sales process -
when responding to RFPs or in commercial negotiations - that the SCRM solution provides a better
visibility into lower risk suppliers and thus lowers the risk for the client.
Insurance premium reduction is another beneficial outcome. Business risk insurance premiums can
be cut in half with an effective SCRM solution and program. If you can show better actuarial data
and due diligence, your premiums will go down. A caveat is that SCRM is just as good at uncovering
high-risk suppliers, so premiums could actually go up!
There is also a financial angle. Under international financial accounting standards, there must be an
allowance made for liabilities (including risk) and this can be reduced through an SCRM program.
In trade/supply chain finance, where early invoice payments are one approach, financial institutions
want to know the risk profile of their customers and their suppliers. With SCRM, the factoring rates
get more accurate, going back to improved actuarial assessments.
Regarding ISO9001 quality standard programs, effective risk management is a valuable component
and can aid the program’s goals of ensuring that customers get consistent, good quality products
and services.
As a softer takeaway, effective SCRM helps procurement be more appreciated and relevant to the
rest of the company, not an insignificant multiplier factor.
Building your business case for the investment in SCRM
Independent study by German firm eckseler-consult has shown that the ROI calculation comprises:
• First year ROI from automated SCRM
• Savings through process efficiency
• Savings from prevention and reduction of crises costs
• Prevention of damages up to 7.5% of the revenue are possible
Disaster Results
Taiwan Gas
Explosion
• Gas explosion that killed 24 people in the southern city of Kaohsiung
• Result: 12 suppliers within a radius of 5 kilometers were affected
• This example shows the importance of monitoring location risk
China Factory
Explosion
• Chinese authorities temporarily shut down factories involved in metal polishing
• Result: a 2nd-tier supplier of Foxconn (Hon Hai Precision Industry) was affected > leading to a
delay of the iPhone 6 release date > revenue loss
Fire in Kronach,
Germany
• A major fire in a supplier's production hall > location event warning in a SCRM solution >
indicated that 1st and 2nd tier suppliers of the customer were affected > Sunday alert quickly
assembled a crises team and on Monday morning a backup plan presented to management
• Without SCRM, the company would have been caught unaware Monday morning, losing
significant momentum
Chevron Phillips
Refinery Fire
• Shutdown identified and SCRM solution released messages about possible shortage
• Consequences: Plant shut down over 4 months, disrupting ethylene and polyethylene which
dramatically increased spot market price to an 18-month high
• It is estimated that the early responders (with awareness of the event such as that provided by
SCRM solutions) had the opportunity to react and save 16% in price increase
Typhoon Haiyan,
Philippines
• Typhoon was in the news on a Saturday
• On the previous Monday, customers (who had suppliers there) already got an alert with an early
warning on the typhoon
• Had the chance to prepare
- 4. © Spend Matters. All rights reserved. 4
Further information on this topic
and others can be found at www.
spendmatters.com. Reproduction of
this publication in any form without
prior written approval is forbidden.
The information in this report
has been obtained from sources
believed to be reliable. Spend
Matters disclaims all warranties as
to the accuracy, completeness, or
adequacy of such information and
shall have no liability for errors,
omissions, or inadequacies in the
information contained herein or
for interpretations thereof. The
reader assumes sole responsibility
for the selection of these materials
to achieve its intended result. The
opinions express herein are subject
to change without notice.
Specifically, the Eckseler-consult study breaks down savings as:
• Elimination of manual effort: 1 hour/week per person involved
• Bundling of data providers: 90% cost savings
• CBI insurance rate reductions by proving SCRM visibility : ~50% savings
• Supply Chain Identification Services saves 58% of internal costs
• Early risk warning reduces reaction time by 1.5 days
• Prevention of revenue shortfall of 3%
• Prevention of price increases of up to 16%
• Avoidance of reduction in company goodwill of 2.8%
How to prepare for SCRM
Develop your supplier shortlist and focus on criticality. We suggest starting with Kraljic segmentation
approach from his seminal 1983 Harvard Business Review article. The first item on the agenda is to
go through your supply base and segment your items into these categories: Leverage, Non-critical,
Bottleneck, and Strategic.
In addition to Kraljic’s segmentation, consider the revenue or market share impact that should
be assessed over mere annual spend amounts. A seemingly trivial item could be critical to your
organization - reference the effects of the Japanese earthquake/tsunami in 2011, which lead to
worldwide automotive output temporarily dropping around 15% (!) because of the loss of a few
critical suppliers.
Then, look at which suppliers touch on the items you can't do without. Clean supplier data will
support this effort, so this might be what you need to justify finally pulling off a proper SLM with
MDM initiative.
Conclusion/takeaways
• Take a comprehensive approach: determine current risk exposure, assess impact, develop an
action plan
• Above all, learn to look outside the organization for real risk
• Model your supply chain visually, share this among stakeholders - a picture says more than a
thousand spreadsheets
• Identify a provider that you can work with to filter out false positives while staying current with
the thousands of data sets that you need to include to enable automated oversights
• Minimize impact of unavoidable risk; mitigate risk through preventive actions
• Consider visibility along the entire supply chain: 1-n tier suppliers, locations, countries, logistical
hubs
• The ROI is heavily biased toward cost-avoidance, but includes tangible, and immediate cost
reductions in the form of reduced insurance premiums, increased efficiencies, enhanced sell-
side competitiveness
• Analyze your supply base - not just per Kraljic segmentation but also based on revenue,
profitability and market share impact
This paper was researched and produced for riskmethods.