Speech: Third party/inter-organisation & supply chain risk

Abstract

Traditional methods of managing risk make complex systems sick. Recent case studies suggest it is time to take new approaches to foster healthy systems.

Reach

The tools available to manage vulnerabilities and risk in a business environment are well known and are often described in terms of strategies or capabilities. Leadership skill is a key element in the mix. However, under these strategies and capabilities lie the legal reality – which determines the effective reach of any of the measures. Leadership of a board or employees only works because the underlying legal framework. Relationships with entities outside your own structure depends on contractual underpinnings or financial leverage. The ability to act in particular ways is constrained by corporate, anti-trust, and workplace rules.

Every market breaks into two simple parts. Those parts of the market you can directly control are called short-reach risk environments. Those outside your direct control are called long-reach risk environments. You cannot use short-reach risk/vulnerability mitigation/protection strategies in long-reach risk environments.

To operate in long-reach risk environments you must use a different tool set. Unfortunately, the tools available are not well understood nor developed. 

The purpose of this paper is to discuss existing tools, and explore their weaknesses. 

It will examine three alternative tools that may provide more effective solutions.

This is not relevant to me – I am not exposed to third party/inter-organisation & supply chain risks

Unless you a hermit living in a cave, and I know you are not, you are in scope of this paper.

A significant problem in this area is the failure of managers to understand that their core deliverables are partly or completely dependent on outcomes in long reach environments. A related problem is the unwillingness of managers to recognise that upstream elements (consumers) are as much a part of that environment as the downstream elements (suppliers). Instead, studies discussed below suggest that many managers focus on their own areas of the short reach risk environment, relying implicitly on:

• other organisational managers to act effectively; and 
• risk transfer safeguards.

Recently, in a conference of private sector businesses, regulators and government purchasers, I asked attendees to indicate whether they thought they were part of a supply line. Most failed to identify themselves as within that class. This outcome is consistent with the literature (Haywood & Peck, 2013).

Suppliers or purchasers are clearly within scope, however organisational perceptions often lead financial managers or leadership teams to distance themselves from the associated long-reach environment. Internal targets reinforce organisational objectives, recreating silo mentalities similar to those rightly criticised in remnant command economy enterprises in China or long-time local businesses in emerging economies like Brazil.

Regulators are less obviously part of the long-reach risk environments. Their role is partly hidden by statutory powers giving them exceptional but often narrow powers in this environment. Counter-intuitively, regulatory intervention and broader anti-trust schemes can provide random shocks to the market. This type of uncertainty can be a serious threat to market stability. The failure of regulators to adopt effective regulatory approaches can seriously damage desirable regulatory outcomes.

Specialist professions, such as auditors and lawyers, often see themselves as external and unrelated elements of the long-reach risk environments. Like regulators, their role is hidden by the nature of the service provided, and also by the need to maintain professional distance.

Service and financial organisations, such as insurers, brokers, agents and financiers operate almost entirely within the long-reach risk environments and the approaches taken by these organisations can have a chilling effect on markets.

The Short Reach Risk Environment

We are all familiar with this. Chances are you have one or more internal management tools designed to manage risks. These might be found in governance arrangements, board oversight of strategic issues or a risk management culture. 

Today these are underpinned by sophisticated contractual and financial arrangements and are supported by risk-cognizant programs. The area has access to a wide variety of tools designed to foster risk-aware behavior and culture. In some organizations, this culture is moving to the next step of directly protecting vulnerabilities and thereby addressing the negative and positive sides of risk.

The Long Reach Risk Environment

Research suggests that we tend to be aware of the tier of suppliers or customers immediately related to us by contract (first tier), but that second tier or greater fall outside of sight. We manage the first tier as part of, and with many of the same tools, within the short reach risk environment.  However, controlling risks beyond the first tier becomes problematic.

Traditional approaches to the Long Reach Risk Environment

ISO 31000:2009 provides a preferential list for managing risk:

·         Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk

·         Accepting or increasing the risk in order to pursue an opportunity

·         Removing the risk source

·         Changing the likelihood

·         Changing the consequences

·         Sharing the risk with another party or parties (including contracts and risk financing)

·         Retaining the risk by informed decision

A weakness of ISO 31000 is that it focusses on risks rather than vulnerabilities. While risk management is essential (it would be remiss not to explore traditional options/strong risk management culture), ignoring vulnerabilities is a serious oversight in the model.

In a long reach risk environment, vulnerabilities need to be identified and protected as an early step in implementing effective risk policy.

In recent times, leaders have come to rely on risk management and risk policy as aids to navigate growing complexity and uncertainty. While existing tools can provide some assistance, increasingly they are failing to deal with emerging challenges. Today’s world needs new strategic approaches.

To meet this need, some agencies (specifically the Australian Risk Policy Institute) have commenced developing broader approaches to risk - embodied in Strategic Risk Policy. A Strategic Risk Policy approach provides a more intuitive approach to risk, allowing fast uptake by executives and providing tools enabling effective executive oversight.

Attempts to control all long reach risks can be costly, pointless and futile. If attempts based on the suggestions are unlikely to produce no tangible benefit, they should not be attempted simply for form’s sake.

Traditionally, we attempt to manage downstream risks by risk transfer techniques. In contracts with first tier suppliers and customer, we will attempt to push all our risk (whether self-generated or external to us) to the other party by contract. Sometimes this mechanism is hidden within qualitative requirements rather than standard risk transfer language. In addition, we attempt to maintain maximum separation of purchase, selling and cost price to maximize profit.

Traditional techniques constantly fail and are problematic

Risk transfer techniques are widely used, but simply push risk to the entity in the chain with the least capacity to meet the risk, resulting in the creation of long-term systemic weakness across the health of system. In an uncoordinated environment the burden of risk within the industry is passed onto smaller weaker suppliers. (Cook 2001) The benefits are debatable - illusory at best and counterproductive at worse.

Attempts to push the risk to insurers or other financial institutions inevitably result in the creation of gaps in coverage outside a company’s risk control and risk transfer program.

Attempts to organize the chain to maximize profit by contract, and sometimes by intervention in the market elsewhere, can expose the organization to anti-trust regulatory intervention.

Within long reach risk environments is implicit trust in second+ tier elements coupled with agility – the ability to move to alternative suppliers or customers in the event of a failure.

Market agility is an important element, but can be expensive. Worse, it may not deal with the root problem. In 2014 Adidas dealt with a major Chinese worker strike by threatening to move orders to another factory arguing that “we have a highly flexible supply chain in place” - reigniting consumer based concerns about fair work conditions in the market. At about the same time, a sudden reduction in beef quota imports from Australia to Indonesia elicited Australian assurances that new markets would be brought on line quickly. In both cases, reliance on agility appears to have come at a significant cost.

Alternative approaches to the Long Reach Risk Environment

Various alternatives are available to traditional approaches.

1: Structural vertical Integration

First, the long reach risk environment may be converted into short reach risk environment through a process of vertical integration of the market. An example might be of a retailer selling milk expanding into the dairy and rural feed industry, controlling all aspects of milk production. Examples of such approaches are common in start-up industries (SpaceX, Google) or have become features of a number of markets (Australian retail petroleum market).

The benefits and difficulties with this approach are widely known and discussed in modern literature. These include exposure to multiple layers of expertise loss, threat of regulatory intervention, and the inability to defray internal risk. However, short reach risk environments are amenable to a raft of direct risk management techniques. Better still, you can directly protect vulnerabilities in this environment and prevent/mitigate emergent risk.

This type of approach is outside the reach of most business enterprises. In recent decades we have seen a trend towards divesting functions from entities rather than incorporating them.

2. Organic vertical integration

Within some markets, a similar result may be obtained by engaging “risk brokers” who understand all aspects of a long reach environment and can act as facilitators within the market. Brokers tend to be most effective in emergent markets (Brazil/China) where they have emerged as a necessary element within a particular market. These types of brokers disappear when markets stabilize, and are sometimes vulnerable to regulatory scrutiny in their role as price setters and sometimes a point source of corruption and graft. In chaotic markets, typified by poor infrastructure and volatile labor relations, brokers can provide greater assurance to all elements of the market that fair returns are being received by all, but the risk of a broker adopting unlawful means of achieving ends can provide significant additional costs and long downstream risks and reputational threats.

Would it be desirable to reintroduce risk brokers into some mature markets – someone able to scan complex chains for emerging problems? Could such a role be both enlivened and yet protected from unlawful behavior rife in emerging markets? Can such a role be foreshadowed in prime contractor contractual arrangements? What skill set should such a person possess and what statutory support might be necessary?

Alternatively, can transparent cooperative arrangements be adopted to deal with market uncertainty?

3. Protect long reach risk environment vulnerabilities through collaboration and visibility

The single greatest vulnerability in long reach risk environments is lack of information. Attempts to create collaboration by cross appointments in joint ventures are a legal nightmare and have proven largely ineffective.

A market-by-market approach along the lines of the Canadian pharmaceutical industry may be more effective. This may addressed informational vulnerabilities within the system effectively, with downstream risks eliminated or significantly minimized.

„
Aerospace Research: If you are the prime contractor, it is in your interests to coordinate an approach amongst supply chain members to reduce supply chain vulnerability. All members must access a common tool kit reference.

Canadian Pharmaceutical Study: Adopted an effective and transparent solution – a common database identifying market opportunities and risks ahead of time.

Brazil: A chaotic market with an emerging economy may be best dealt with by specialist brokers.

How can complex markets introduce collaboration and visibility effectively? What role should regulators play in precipitating these outcomes? Do anti-trust laws need to be relaxed to permit collaboration of this nature – and to what extent is this desirable or necessary? Can such a system be promulgated through a system by prime contractor contractual arrangements? Can this system operate independently of regulators and can it operate with risk brokers (foreshadowed above)?

Conclusion

Traditional approaches (risk transfer, agility) no longer offer best practice for long reach risk environments. In fact, they may adversely impact on the health of the system creating uncertainty and greater risks of system failure.

There is a need to develop better means of benchmarking and making decisions in these environments.

“Supply chain collaboration is complex and interconnected, but it is possible for companies within a supply chain to gauge the degree of collaboration along the chain and create an expectation of which collaborative regime will be more productive and sustainable over the long term.”  Dr Carel Bezuidenhout Phd (Science Leader in Value Chain Optimisation at the SCION Research institute)

CASE STUDIES

UK aerospace

AN INVESTIGATION INTO THE MANAGEMENT OF SUPPLY CHAIN VULNERABILITY IN UK AEROSPACE MANUFACTURING - Study by Maj. Marc Haywood and Dr Helen Peck 2013

This is a multiple-organizational research perspective – focused on the prime contractor environment in a high risk, high stakes environment.„

• Risks on the increase – JIT delivery, supplier rationalization and widespread outsourcing (others add complex components multi-tier suppliers, natural disasters/geopolitical events, transport infrastructure) risks 
• Managers do not do a good job of visualizing supply lines let alone manage risk across the system. Managers focussed instead on the risks to their own areas of responsibility.
• Evidence that suppliers were being selected on the basis of price only increasing the risks to delivery. Real cost being overlooked.
• No effective competition or alternatives.
• Designs for the future with long time frames anticipate the development of technologies
• Offset risks –incorporating customer directed (and sometimes sub-optimal) sources into the supply chain

Canadian Pharmaceuticals

THE MULTI-STAKEHOLDER STEERING COMMITTEE ON DRUG SHORTAGES IN CANADA - 2013

A crisis across the entire Canadian drug supply chain led to the creation of a multiparty team in 2012 - identified flaws at every tier of the supply system - issued a Multi-Stakeholder Toolkit. Core reform had already been sponsored by manufacturers with the release of www.drugshortages.ca and subsequently adopted by the team – a key drug shortage notification for all stakeholders across the drug supply chain.

• The timely, reliable and comprehensive posting of all anticipated and actual drug shortages by manufacturers, and posting of information on the return to market date, drug specifics, shortage cause, etc., is essential in ensuring coordinated and appropriate responses to drug shortages.
• Manufacturers have not developed effective alternative sources of supply.
• No strategies for failures in quality, product recall, raw material supply interruption (through compliance, political unrest, natural disaster), importation restrictions
• Crisis highlighted two key weaknesses in the procurement and distribution stage of the supply chain:
• Sole sourcing of products from one manufacturer on behalf of many buyers introduces vulnerability to the overall supply chain when the sole supplier halts or delays production. Sole sourcing also limits new market entrants and may price alternate manufacturers out of the market completely; further reducing supply source options in the future.
• Inventory management practices (e.g. “just-in-time” schemes) may diminish stability when unexpected increases in demand cannot be met with current stock; resulting in disproportionate pressure on remaining manufacturers to alter production in order to fulfil sudden market needs. External factors – such as the cost of money can also impact on inventory practices

Brazil

• 180+ million population, young dynamic cadre, large untapped markets. Infrastructure is poor – Santos Port is moribund. As logistics improve in the system – productivity has improved. Buying, logistics, warehousing silos (similar to older style Chinese command economy manufacturing units). Poorly defined trading rules, different taxation rules, high interest rates, large inventories, high cost of money, high exchange rates, need for a specialist broker to deal with government, volatile employment relations. Imbalance of export and import.
• „  Buying, logistics, warehousing silos (similar to legacy Chinese command economy elements)
• „  Volatile employment relations and idiosyncratic market features – most sales in the last three days of the month (local incentives – 70% value in 3 days)
• „  Poorly defined trading rules, different taxation rules, high interest rates, large inventories, high cost of money, high exchange rates
• „  Emergence of specialist brokers to manage supply chain risks and deal with government.