SlideShare a Scribd company logo

CPO Agenda Supply Chain Risk and Corporate Reputation

Dan Quinn
Dan Quinn

How Can Managing Supply Chains Mitigate Risks to Corporate Reputation?" Autumn 2012

1 of 6
Download to read offline
ROUNDTABLE: REPUTATION HOW CAN MANAGING SUPPLY CHAINS MITIGATE RISKS TO CORPORATE REPUTATION? In our latest roundtable debate, senior buyers discuss procurement and risk, and ask how their companies and organisations manage corporate reputation. The event was sponsored by Achilles 48 CPO AGENDA | AUTUMN 2012 www.cpoagenda.com Roundtable.48-53.1.cr.indd 48 12/09/2012 12:18
THE PANEL Participants: (clockwise from left) Ian Campbell, business development manager, Achilles Gary Hills, head of capital development, BBC Sue Ferm, supply management director, Atkins Jean Olivier Billes, regional procurement director, SunGard Rebecca Ellinor (chair), managing editor, Supply Management Dan Quinn, new sector development director, Achilles Kirsty Bower, head of procurement, Affinity Sutton Nick Brazier, CPO, BNP Paribas UK (centre) Tim Astley, regional practice leader, strategic risk and business resilience, Zurich Rebecca Ellinor (RE): Are organisations could impact on reputation is rarely under- is there an assessment of what process is in yet connecting risk and reputation? stood. Some sectors understand this better place and what audit trail you have. than others and unfortunately some won’t Jean Olivier Billes (JB): Not enough. They get it until they have their own public and Nick Brazier (NB): As an investment bank, might do it through a marketing department, expensive problems. we have a keen eye on reputation, certainly or other department, in order to improve over the past few years. We have started to try their reputation, but I don’t think they use Ian Campbell (IC): Everybody makes the and turn it into something that we can track procurement much on this. Most of the time, link between reputation and risk. However, and measure and we can take action against targets cost savings and they are more short- it is about early identification – knowing those warning signs. It is becoming more of term, whereas when your reputation is where risk is going to come from and for a process, more of a governance factor. affected, it can be a problem in the long term. each category of corporate policy. Tim Astley (TA): The key thing is to RE: Do you have to educate people? Gary Hills (GH): It is a constant thought – recognise reputation as one consequence of reputation risk – in the BBC. It is always risk. Procurement clearly has a central func- Kirsty Bower (KB): It is 50-50. They do get there for slightly different reasons. It doesn’t tion in supply chain and value chain it when it affects them directly. For example, affect our share price, but being publicly evaluation, but businesses should be taking they understand we need to attract the best accountable there are plenty of organisa- an holistic view to try and evaluate the companies to come and do our construction. tions out there ready to pick up anything that risk. It is there in different guises in They don’t get the other end of it, that if happens and publish it to the public. different organisations. you breach EU Regulations that can affect reputation. Sue Ferm (SF): There is an understanding RE: Are you saying that procurement that there is a reputational risk, but is the might well have its own process to try to Dan Quinn (DQ): The role procurement can connection to the procurement and supply protect itself against risk to reputation, have in identifying and managing risks that chain made? Only when something happens but the other parts of the organisation www.cpoagenda.com AUTUMN 2012 | CPO AGENDA 49 Roundtable.48-53.1.cr.indd 49 12/09/2012 12:18
then you can pull them in, but we can’t be the developed we then see three levels of risk: leading light for every area of the business. one is the broad environment – the generic exposures that a company might be exposed RE: Are others finding procurement is to, for example flood zones. Then it is opera- leading on this area? tional issues – what is the supplier’s performance? Then it is about looking at the NB: Yes, part of it is picked up by corporate supplier’s own environment – what are the communications to make sure. But they relationships like? don’t have an eye across the business as to what is going on every day. JB: It is even more complex now. You have to understand the supply chain of your sup- TA: The main custodians of reputation are plier, of other partners if they are in another the board of directors. Where we have seen part of the world, or another region. There traction on the importance of supply chain are different regulations, different situations risk, it has been driven from the board. to deal with. don’t have it and then there is only so much procurement can do on its own? DQ: I am sure if some of the automotive or GH: You can structure that as much as you tech companies impacted by the Japanese or like to specific areas of risk. That takes in TA: Yes. If you do take an isolated perspective, Thai disasters had predicted some of the finance, health and safety performance and you run the risk of running into operational risks of having a manufacturing cluster in an lots of other things there. You give them imperatives, like procurement – cost, qual- area that is likely to be flooded or have earth- weighted scores and have a panel to score ity, delivery – to the exclusion of some of the quakes, they would have been more responses and moderate answers. You allo- broader risks and issues that an enterprise motivated to invest in managing it. cate sections out to specific people or subject might be exposed to. It is only when you take matter experts. Then they moderate those issues together and the perspective of JB: Or it could have already been coming together later on to give an overall score. different functions that you can get a full view. from procurement, by having a back-up There might be absolute criteria that people plan, or a dual sourcing strategy where you have to meet with regard to financials NB: Once we start understanding what the have one vendor in this part of the world and and things like that. It all feeds into the risks are and start having processes, we only another one somewhere else. reputation risk. have to make sure the people we work with and our stakeholders understand we need to go through these steps, by showing them “If some of the automotive firms what the impact would be. impacted by the Japanese disaster JB: It is more about educating at the top sometimes. For example, they will build a had predicted risks, they would reputation with the focus on quality of ser- vices, but they will not anticipate any risks have been motivated to manage it” to avoid any future issues. RE: What other processes or systems do SF: We have a supply chain knowledge centre SF: Organisations are so different in terms your organisations have in place? that we have developed in-house. It is part of of who the process owner of risk is – group our pre-qualification process; it identifies risk, director of a corporate risk, director or NB: We developed our own basic Excel- risk with that particular supplier or contrac- whoever. Theoretically someone should own based measurement assessment tool, which tor. It is a standard checklist and a very that because that is when you can get all the looks at criticality at risk on two axes. There similar panel, so we have three people who strands of the business together. are 16 questions – simple radio buttons that look through the different elements of that you pick from multiple selection answers pre-qual process. It would record any risks NB: We are starting to co-ordinate more with and it rates a vendor, plots them on a graph – red and amber risks are highlighted on the other teams that in their own way have also and tells you whether they are high, medium portal effectively. Evaluation will be done as had to start looking at this: BCM, or IT secu- or low risk. If it is high risk you might put an a subset of that. rity, for example. Because they have their action plan in place to mitigate the risk you A lot of our suppliers will have to do the own processes, we are starting to build them have identified and that is a very high level same approval process for everybody they into our central process as we are looking at view of what we have done. work for in a different guise, so we all create vendors. Where other areas of the business a different version. We have talked about a are already developed and are quite mature TA: Once the critical risks have been standard model [within the industry] that 50 CPO AGENDA | AUTUMN 2012 www.cpoagenda.com Roundtable.48-53.1.cr.indd 50 12/09/2012 12:19
ROUNDTABLE: REPUTATION we all aim for that would give us the perspec- cases – and their consequences – that never going to find out – it is about the tive on a plate, so we are all working on the happened in the same sector and industry. private companies and trying to get the same information. financial information. Is that a key part of TA: Our actuaries like to see real data in your risk management strategies? DQ: Achilles has an approach to looking order to price the risk. We found there wasn’t across the whole sector. Suppliers collabo- any coherent data out there, so we set up our NB: Yes. Some of our vendors might be stra- rate in non-competitive areas to make the own supply chain loss event database, which tegic by nature because they are the only whole process much more efficient for both goes back 10 years, and codifies loss events provider of some software or whatever. They buyers and suppliers. In effect, they are cre- by sector, loss type and region. It covers all are a partner, whether you want them to be ating sector-wide standards and consistency, issues that give rise to a supply disruption. or not and you need to be working very which facilitates the prequalification of closely with them to make sure you are suppliers across the entire sector. NB: The other driver can be legislation, of always aligned. You can’t be surprised by course, in terms of how vendors are treated anything with some of these vendors because RE: Do you make it part of the risk analysis by large organisations. it would immediately have a serious impact of your suppliers that the onus is on them on operation. to look at the risk of their suppliers? RE: Kirsty, as a small organisation do you find it easier to be connected to all of TA: The challenge is when you have a sup- NB: Historically that is how we have done it: these other parts of the business and to plier that is strategic to you, you look at how relied on the vendor and put things in the see where the risks might occur? important you are to them, and it may be contract and SLAs, but increasingly we are very different. That is another issue that not happy with that. The onus still needs to KB: In terms of the front-end of the procure- needs to be addressed. If you know you are be on the tier one vendor, but we need to be ment process, if we are leading a new number 20 in their list of priorities then that getting more information more regularly. contract it is easy for us to pull in all the right tells you something about how they will people, to make sure we have the risk. We respond in the event of a supply shortage. GH: We have changed our approach to some struggle with the back end as the contracts contracts, whereby we demand certain areas go to the operational departments. KB: We brand ourselves as one of the top 10 are self-delivered so you have that bit more We have our audit director and the audit housing associations, but if you take it out to control over risks there and are able to audit. team measures the risk register. We have a the wider world, we are tiny. The mentality risk board. Each year our internal auditors of the staff is that they expect suppliers to fall RE: Is it easier to get firms to make a will look at all the contracts they have, and at our feet. We have put a simply policy in change when something goes wrong? each time we hand the contract over, we place and said nobody in the business can make sure that we not just train the contract meet a supplier unless they have gone NB: Over the past few years in procurement manager, but anyone else who that contract through a commercial awareness training, we have been honing our skills and processes will have an impact on during its life. so at least they know what they can say and to at least start to take more of a governance- A lot of the risk management comes out what they can’t say. based approach to risk. When something about the day-to-day relationship you have happens, you get a sudden step change and with the guy on the other side of the table. GH: We have the strategic relations board you leap forward a couple of years’ worth of (STAR) for the major contracts. You have the organic development in a few months. RE: If you don’t have that relationship with main board, driven by procurement, but you those suppliers there are things you are have to produce an annual report on the GH: Sometimes you do have to wait for an incident. If we put proposals forward that are not accepted by the board, you have to highlight the risk and then it is a decision on the likelihood which may then be out of your hands as to whether the business accepts it. TA: A risk manager will try to get them to do things to stop things happening in the future, rather than waiting for them to happen. RE: Any tips on how you make that argu- ment to the board, to get them to invest? JB: One solution could be to present some www.cpoagenda.com AUTUMN 2012 | CPO AGENDA 51 Roundtable.48-53.1.cr.indd 51 12/09/2012 12:19
ROUNDTABLE: REPUTATION and it was a massive inconvenience, these customers remembered that this company had handed out mobiles and dealt with it. DQ: High impact, low probability, “black swan” events will occur. Catastrophes will occur. Do you think organisations can still get away with the excuse of “It is a low probability so we didn’t manage it”? GH: If you recognise it. As long as you have an audited trail of the decisions made and why. suppliers that are within the STAR contracts. GH: We are looking at the contracts now TA: It’s a good point about the planning There is also a six-month health check, so saying: “Shall we deliver this in-house issue and how far down the probability you have to report on the risks that you think because we are not transferring the risk, but curve you go; it is like trying to second guess exist and report up. we are paying a premium for it?” Just look- every event that is going to happen. We were ing at whether risk transfer is really asked after the Iceland volcano: “Does that NB: If we have a high risk we will put an achievable. I definitely don’t think it is mean I now have to study all of the action plan in place, but rather than just with reputation. Northwest European volcanoes to under- every two years, we might go through every stand where the next volcanic threat is?” quarter. Then we hand the contract over. SF: We do a tiering based on spend and con- Those disrupted were dependent on The person you are handing it to is not going tract so it is about opportunity more than Northwest European airspace to transport to have the time to do what you think they risk. It drives how we manage the money goods. It is trying to pull away from really are going to do, so you have to have terms and frequency reviews, and so on. specific triggers and think about generics. structure in the contract. Otherwise you would never get it done. RE: So how do you deal with problems RE: How do you work out who your when disaster strikes? Have you dealt IC: What about every day risks that are very critical suppliers are? with it swiftly or had a back-up plan? transactional, for instance, consultants coming onsite – they are handling your data. NB: We have done it two ways: by spend, but NB: That is where the value of your relation- also looked across main categories and ships comes in, how close you have managed NB: For consultants, we have a very strin- identified the vendors that are strategically to be with your vendor. gent on-boarding policy for coming into the critical to us. business, having IT access, have access to TA: It is not just about managing upstream, confidential information, IP related issues, TA: We try and look at it from a value view- the impact of whatever difficulty has been confidentiality issues. In a way, because that point – what is the impact on the output of had, but to the extent that it might impact is a tangible thing, we find it easier to con- an organisation, whether it is reputation, the customers and the sales and marketing trol. One thing I see a lot more of which has market share or profit – and try and work people in the organisation, having them a big reputational risk attached to it is data: backwards from there and map the various engaged and integrating them into the pro- everything we do now takes an extra month’s connections from a value perspective rather cess so they can be communicating with negotiation on data protection. That is a real than an expense perspective. their customers if there are supply prob- developing area that no one has nice handy lems to be addressed or to be recognised. clause they can just throw at a contract; eve- RE: Are there certain things people don’t Then customers can view issues sympa- rything seems to need to be tailored around consider a risk – because they are too thetically which can go a long way to different services and different scenarios. often just looking at where the spend is? enhance a reputation. We were involved with a European tele- TA: Clearly, the data issues are similar across DQ: Undoubtedly, in many cases they are coms company that lost a network as a all sectors. Cyber risk is not a new issue, and focusing on the core of the business to result of a fire. The first thing it did was I doubt whether it is restricted to supply understand where things are likely to go communicate with key customers and chains. Cyber exposure – whether it is data, wrong. But inevitably when something does handed out mobile phones because this was virus attack or systems’ interconnectedness goes wrong it is because they are blindsided part of its plan. This was what it anticipated. – there is so much dependence upon that by something unexpected. Even though the network was out for a week whole area of technology and connections. 52 CPO AGENDA | AUTUMN 2012 www.cpoagenda.com Roundtable.48-53.1.cr.indd 52 12/09/2012 12:20
GH: It can be restrictive as well – our infor- SF: We did have a debate as to whether we GH: If we deliver projects on time and mation security restricts possible changes should extend our process. We decided we in budget and without any disruption, that would improve processes. There are would just test they have a process in place then the business looks to you much areas that I have highlighted where the and go with that. It was a decision point that quicker than it would to do somebody business has responded negatively – they said our resource is better used over here. else and it tries and carries out its own won’t take that risk. You are preventing procurement. Make it easy and efficient business improvement in some cases. RE: What about putting opportunity for your internal customers for them to and risk together? Does anybody have follow your own preferred procurement TA: This issue of inter-connectedness is examples of that, where you can attract route. Avoiding any of those risks you now at the top of a lot of people’s agendas. better suppliers, or more customers? can then advance your own standing in Different entities have information on sup- an organisation. pliers at different levels of a particular JB: If you are compliant in terms of soft- value chain, if you like, and it is just joining ware and you sell software solutions NB: If you have a good reputation as an these dots together that, in time, will start packages, then it is good for your image, organisation, you can probably get to give more visibility. You do come across confidentiality issues and the ability to share data. “If you have a good reputation as RE: How do you go about identifying your suppliers’ suppliers? an organisation you can probably SF: We ask them who they are and what get your hands on innovative was their process for managing their sup- ply chain. Again, as we get further down products before others” the supply chain, that becomes less and less in terms of documented processes. your customers and your reputation. It is your hands on innovative products You just have to assess the risk based indirect – I am not sure you can measure before others. on the limited knowledge, or limited this – but in the long term you build a information you are given. ‘brandable’ company. TA: Apple recently has gone out and listed its key suppliers so they are public informa- NB: For us, if it is a sensitive process being KB: When we do the business case for any tion. I am sure one reason it has done that outsourced, then we will want to validate. new contract we are going to procure, we is now there is a whole list of people who Beyond that, certainly at the start of the try to understand who might be interested can freely talk about how good Apple is contract we would validate the proposed in it, why and what type of customer we as a customer, which will enhance – lower down the chain, the subcontrac- might be to them. Then you can start to Apple’s reputation. tors. On some that aren’t very sensitive we understand the best way to put the con- would put the onus on them and it would tract out there to attract the right people SF: Clients are very interested in how our be down to them to manage and deliver and discourage the people it is not going supply chain views us. In the bid process the service as they see fit, within the to fit with. It is almost like a reverse that we go through it is a key question that parameters we set. contract; what are we to them? says: “How do you measure this? How do you get feedback? What are they saying about you?” NB: You can’t always mitigate risk when it is there anyway – sometimes you just have to live with it and you have to appreciate that sometimes. If you need something and your business has one source of supply and they happen to not be very solvent, you have to live with it. You can’t have a black and white tick box: “if you can’t tick that box you are not coming on to the RFP” approach. GH: Sometimes things that are that rigid will be losing out in certain areas. www.cpoagenda.com AUTUMN 2012 | CPO AGENDA 53 Roundtable.48-53.1.cr.indd 53 12/09/2012 12:20

Recommended

Protecting your reputation in a crisis irm webinar
Protecting your reputation in a crisis irm webinarProtecting your reputation in a crisis irm webinar
Protecting your reputation in a crisis irm webinarAnn Wright
 
Copywriter secrets from Articulate Training
Copywriter secrets from Articulate Training Copywriter secrets from Articulate Training
Copywriter secrets from Articulate Training Articulate Marketing
 
Polecat connecting risk
Polecat connecting riskPolecat connecting risk
Polecat connecting riskArticulate Marketing
 
Shock tactics - a reputation minefield or a risk worth taking?
Shock tactics - a reputation minefield or a risk worth taking?Shock tactics - a reputation minefield or a risk worth taking?
Shock tactics - a reputation minefield or a risk worth taking?CharityComms
 
Enron - Corporate Governance - Scandal - Nesr
Enron - Corporate Governance - Scandal - NesrEnron - Corporate Governance - Scandal - Nesr
Enron - Corporate Governance - Scandal - NesrAnesr
 
The NEW Way to Win Friends & Influence People (social media in events)
The NEW Way to Win Friends & Influence People (social media in events)The NEW Way to Win Friends & Influence People (social media in events)
The NEW Way to Win Friends & Influence People (social media in events)Lara McCulloch-Carter
 
Dan's donations xmas 2013
Dan's donations xmas 2013Dan's donations xmas 2013
Dan's donations xmas 2013Dan Quinn
 
C
CC
CDan Quinn
 

Recommended

Protecting your reputation in a crisis irm webinar
Protecting your reputation in a crisis irm webinarProtecting your reputation in a crisis irm webinar
Protecting your reputation in a crisis irm webinarAnn Wright
 
Copywriter secrets from Articulate Training
Copywriter secrets from Articulate Training Copywriter secrets from Articulate Training
Copywriter secrets from Articulate Training Articulate Marketing
 
Polecat connecting risk
Polecat connecting riskPolecat connecting risk
Polecat connecting riskArticulate Marketing
 
Shock tactics - a reputation minefield or a risk worth taking?
Shock tactics - a reputation minefield or a risk worth taking?Shock tactics - a reputation minefield or a risk worth taking?
Shock tactics - a reputation minefield or a risk worth taking?CharityComms
 
Enron - Corporate Governance - Scandal - Nesr
Enron - Corporate Governance - Scandal - NesrEnron - Corporate Governance - Scandal - Nesr
Enron - Corporate Governance - Scandal - NesrAnesr
 
The NEW Way to Win Friends & Influence People (social media in events)
The NEW Way to Win Friends & Influence People (social media in events)The NEW Way to Win Friends & Influence People (social media in events)
The NEW Way to Win Friends & Influence People (social media in events)Lara McCulloch-Carter
 
Dan's donations xmas 2013
Dan's donations xmas 2013Dan's donations xmas 2013
Dan's donations xmas 2013Dan Quinn
 
C
CC
CDan Quinn
 
Key Concerns in the Pharmaceutical and Healthcare Supply Chain - D.Quinn Apri...
Key Concerns in the Pharmaceutical and Healthcare Supply Chain - D.Quinn Apri...Key Concerns in the Pharmaceutical and Healthcare Supply Chain - D.Quinn Apri...
Key Concerns in the Pharmaceutical and Healthcare Supply Chain - D.Quinn Apri...Dan Quinn
 
Institute of Operations Management article in Feb 2013 edition
Institute of Operations Management article in Feb 2013 editionInstitute of Operations Management article in Feb 2013 edition
Institute of Operations Management article in Feb 2013 editionDan Quinn
 
DQ Sept 12 logistic mgr and supply chain std article
DQ Sept 12 logistic mgr and supply chain std articleDQ Sept 12 logistic mgr and supply chain std article
DQ Sept 12 logistic mgr and supply chain std articleDan Quinn
 
SpendMatters Exec Breakfast Peter Smith Slides
SpendMatters Exec Breakfast Peter Smith SlidesSpendMatters Exec Breakfast Peter Smith Slides
SpendMatters Exec Breakfast Peter Smith SlidesDan Quinn
 
Spend matters exec breakfast achilles slides dan quinn july 11th 2012
Spend matters exec breakfast achilles slides dan quinn july 11th 2012Spend matters exec breakfast achilles slides dan quinn july 11th 2012
Spend matters exec breakfast achilles slides dan quinn july 11th 2012Dan Quinn
 
SpendMatters & Achilles Supplier Selection WhitePaper
SpendMatters & Achilles Supplier Selection WhitePaperSpendMatters & Achilles Supplier Selection WhitePaper
SpendMatters & Achilles Supplier Selection WhitePaperDan Quinn
 

More Related Content

More from Dan Quinn

Key Concerns in the Pharmaceutical and Healthcare Supply Chain - D.Quinn Apri...
Key Concerns in the Pharmaceutical and Healthcare Supply Chain - D.Quinn Apri...Key Concerns in the Pharmaceutical and Healthcare Supply Chain - D.Quinn Apri...
Key Concerns in the Pharmaceutical and Healthcare Supply Chain - D.Quinn Apri...Dan Quinn
 
Institute of Operations Management article in Feb 2013 edition
Institute of Operations Management article in Feb 2013 editionInstitute of Operations Management article in Feb 2013 edition
Institute of Operations Management article in Feb 2013 editionDan Quinn
 
DQ Sept 12 logistic mgr and supply chain std article
DQ Sept 12 logistic mgr and supply chain std articleDQ Sept 12 logistic mgr and supply chain std article
DQ Sept 12 logistic mgr and supply chain std articleDan Quinn
 
SpendMatters Exec Breakfast Peter Smith Slides
SpendMatters Exec Breakfast Peter Smith SlidesSpendMatters Exec Breakfast Peter Smith Slides
SpendMatters Exec Breakfast Peter Smith SlidesDan Quinn
 
Spend matters exec breakfast achilles slides dan quinn july 11th 2012
Spend matters exec breakfast achilles slides dan quinn july 11th 2012Spend matters exec breakfast achilles slides dan quinn july 11th 2012
Spend matters exec breakfast achilles slides dan quinn july 11th 2012Dan Quinn
 
SpendMatters & Achilles Supplier Selection WhitePaper
SpendMatters & Achilles Supplier Selection WhitePaperSpendMatters & Achilles Supplier Selection WhitePaper
SpendMatters & Achilles Supplier Selection WhitePaperDan Quinn
 

More from Dan Quinn (6)

Key Concerns in the Pharmaceutical and Healthcare Supply Chain - D.Quinn Apri...
Key Concerns in the Pharmaceutical and Healthcare Supply Chain - D.Quinn Apri...Key Concerns in the Pharmaceutical and Healthcare Supply Chain - D.Quinn Apri...
Key Concerns in the Pharmaceutical and Healthcare Supply Chain - D.Quinn Apri...
 
Institute of Operations Management article in Feb 2013 edition
Institute of Operations Management article in Feb 2013 editionInstitute of Operations Management article in Feb 2013 edition
Institute of Operations Management article in Feb 2013 edition
 
DQ Sept 12 logistic mgr and supply chain std article
DQ Sept 12 logistic mgr and supply chain std articleDQ Sept 12 logistic mgr and supply chain std article
DQ Sept 12 logistic mgr and supply chain std article
 
SpendMatters Exec Breakfast Peter Smith Slides
SpendMatters Exec Breakfast Peter Smith SlidesSpendMatters Exec Breakfast Peter Smith Slides
SpendMatters Exec Breakfast Peter Smith Slides
 
Spend matters exec breakfast achilles slides dan quinn july 11th 2012
Spend matters exec breakfast achilles slides dan quinn july 11th 2012Spend matters exec breakfast achilles slides dan quinn july 11th 2012
Spend matters exec breakfast achilles slides dan quinn july 11th 2012
 
SpendMatters & Achilles Supplier Selection WhitePaper
SpendMatters & Achilles Supplier Selection WhitePaperSpendMatters & Achilles Supplier Selection WhitePaper
SpendMatters & Achilles Supplier Selection WhitePaper
 

CPO Agenda Supply Chain Risk and Corporate Reputation

  • 1. ROUNDTABLE: REPUTATION HOW CAN MANAGING SUPPLY CHAINS MITIGATE RISKS TO CORPORATE REPUTATION? In our latest roundtable debate, senior buyers discuss procurement and risk, and ask how their companies and organisations manage corporate reputation. The event was sponsored by Achilles 48 CPO AGENDA | AUTUMN 2012 www.cpoagenda.com Roundtable.48-53.1.cr.indd 48 12/09/2012 12:18
  • 2. THE PANEL Participants: (clockwise from left) Ian Campbell, business development manager, Achilles Gary Hills, head of capital development, BBC Sue Ferm, supply management director, Atkins Jean Olivier Billes, regional procurement director, SunGard Rebecca Ellinor (chair), managing editor, Supply Management Dan Quinn, new sector development director, Achilles Kirsty Bower, head of procurement, Affinity Sutton Nick Brazier, CPO, BNP Paribas UK (centre) Tim Astley, regional practice leader, strategic risk and business resilience, Zurich Rebecca Ellinor (RE): Are organisations could impact on reputation is rarely under- is there an assessment of what process is in yet connecting risk and reputation? stood. Some sectors understand this better place and what audit trail you have. than others and unfortunately some won’t Jean Olivier Billes (JB): Not enough. They get it until they have their own public and Nick Brazier (NB): As an investment bank, might do it through a marketing department, expensive problems. we have a keen eye on reputation, certainly or other department, in order to improve over the past few years. We have started to try their reputation, but I don’t think they use Ian Campbell (IC): Everybody makes the and turn it into something that we can track procurement much on this. Most of the time, link between reputation and risk. However, and measure and we can take action against targets cost savings and they are more short- it is about early identification – knowing those warning signs. It is becoming more of term, whereas when your reputation is where risk is going to come from and for a process, more of a governance factor. affected, it can be a problem in the long term. each category of corporate policy. Tim Astley (TA): The key thing is to RE: Do you have to educate people? Gary Hills (GH): It is a constant thought – recognise reputation as one consequence of reputation risk – in the BBC. It is always risk. Procurement clearly has a central func- Kirsty Bower (KB): It is 50-50. They do get there for slightly different reasons. It doesn’t tion in supply chain and value chain it when it affects them directly. For example, affect our share price, but being publicly evaluation, but businesses should be taking they understand we need to attract the best accountable there are plenty of organisa- an holistic view to try and evaluate the companies to come and do our construction. tions out there ready to pick up anything that risk. It is there in different guises in They don’t get the other end of it, that if happens and publish it to the public. different organisations. you breach EU Regulations that can affect reputation. Sue Ferm (SF): There is an understanding RE: Are you saying that procurement that there is a reputational risk, but is the might well have its own process to try to Dan Quinn (DQ): The role procurement can connection to the procurement and supply protect itself against risk to reputation, have in identifying and managing risks that chain made? Only when something happens but the other parts of the organisation www.cpoagenda.com AUTUMN 2012 | CPO AGENDA 49 Roundtable.48-53.1.cr.indd 49 12/09/2012 12:18
  • 3. then you can pull them in, but we can’t be the developed we then see three levels of risk: leading light for every area of the business. one is the broad environment – the generic exposures that a company might be exposed RE: Are others finding procurement is to, for example flood zones. Then it is opera- leading on this area? tional issues – what is the supplier’s performance? Then it is about looking at the NB: Yes, part of it is picked up by corporate supplier’s own environment – what are the communications to make sure. But they relationships like? don’t have an eye across the business as to what is going on every day. JB: It is even more complex now. You have to understand the supply chain of your sup- TA: The main custodians of reputation are plier, of other partners if they are in another the board of directors. Where we have seen part of the world, or another region. There traction on the importance of supply chain are different regulations, different situations risk, it has been driven from the board. to deal with. don’t have it and then there is only so much procurement can do on its own? DQ: I am sure if some of the automotive or GH: You can structure that as much as you tech companies impacted by the Japanese or like to specific areas of risk. That takes in TA: Yes. If you do take an isolated perspective, Thai disasters had predicted some of the finance, health and safety performance and you run the risk of running into operational risks of having a manufacturing cluster in an lots of other things there. You give them imperatives, like procurement – cost, qual- area that is likely to be flooded or have earth- weighted scores and have a panel to score ity, delivery – to the exclusion of some of the quakes, they would have been more responses and moderate answers. You allo- broader risks and issues that an enterprise motivated to invest in managing it. cate sections out to specific people or subject might be exposed to. It is only when you take matter experts. Then they moderate those issues together and the perspective of JB: Or it could have already been coming together later on to give an overall score. different functions that you can get a full view. from procurement, by having a back-up There might be absolute criteria that people plan, or a dual sourcing strategy where you have to meet with regard to financials NB: Once we start understanding what the have one vendor in this part of the world and and things like that. It all feeds into the risks are and start having processes, we only another one somewhere else. reputation risk. have to make sure the people we work with and our stakeholders understand we need to go through these steps, by showing them “If some of the automotive firms what the impact would be. impacted by the Japanese disaster JB: It is more about educating at the top sometimes. For example, they will build a had predicted risks, they would reputation with the focus on quality of ser- vices, but they will not anticipate any risks have been motivated to manage it” to avoid any future issues. RE: What other processes or systems do SF: We have a supply chain knowledge centre SF: Organisations are so different in terms your organisations have in place? that we have developed in-house. It is part of of who the process owner of risk is – group our pre-qualification process; it identifies risk, director of a corporate risk, director or NB: We developed our own basic Excel- risk with that particular supplier or contrac- whoever. Theoretically someone should own based measurement assessment tool, which tor. It is a standard checklist and a very that because that is when you can get all the looks at criticality at risk on two axes. There similar panel, so we have three people who strands of the business together. are 16 questions – simple radio buttons that look through the different elements of that you pick from multiple selection answers pre-qual process. It would record any risks NB: We are starting to co-ordinate more with and it rates a vendor, plots them on a graph – red and amber risks are highlighted on the other teams that in their own way have also and tells you whether they are high, medium portal effectively. Evaluation will be done as had to start looking at this: BCM, or IT secu- or low risk. If it is high risk you might put an a subset of that. rity, for example. Because they have their action plan in place to mitigate the risk you A lot of our suppliers will have to do the own processes, we are starting to build them have identified and that is a very high level same approval process for everybody they into our central process as we are looking at view of what we have done. work for in a different guise, so we all create vendors. Where other areas of the business a different version. We have talked about a are already developed and are quite mature TA: Once the critical risks have been standard model [within the industry] that 50 CPO AGENDA | AUTUMN 2012 www.cpoagenda.com Roundtable.48-53.1.cr.indd 50 12/09/2012 12:19
  • 4. ROUNDTABLE: REPUTATION we all aim for that would give us the perspec- cases – and their consequences – that never going to find out – it is about the tive on a plate, so we are all working on the happened in the same sector and industry. private companies and trying to get the same information. financial information. Is that a key part of TA: Our actuaries like to see real data in your risk management strategies? DQ: Achilles has an approach to looking order to price the risk. We found there wasn’t across the whole sector. Suppliers collabo- any coherent data out there, so we set up our NB: Yes. Some of our vendors might be stra- rate in non-competitive areas to make the own supply chain loss event database, which tegic by nature because they are the only whole process much more efficient for both goes back 10 years, and codifies loss events provider of some software or whatever. They buyers and suppliers. In effect, they are cre- by sector, loss type and region. It covers all are a partner, whether you want them to be ating sector-wide standards and consistency, issues that give rise to a supply disruption. or not and you need to be working very which facilitates the prequalification of closely with them to make sure you are suppliers across the entire sector. NB: The other driver can be legislation, of always aligned. You can’t be surprised by course, in terms of how vendors are treated anything with some of these vendors because RE: Do you make it part of the risk analysis by large organisations. it would immediately have a serious impact of your suppliers that the onus is on them on operation. to look at the risk of their suppliers? RE: Kirsty, as a small organisation do you find it easier to be connected to all of TA: The challenge is when you have a sup- NB: Historically that is how we have done it: these other parts of the business and to plier that is strategic to you, you look at how relied on the vendor and put things in the see where the risks might occur? important you are to them, and it may be contract and SLAs, but increasingly we are very different. That is another issue that not happy with that. The onus still needs to KB: In terms of the front-end of the procure- needs to be addressed. If you know you are be on the tier one vendor, but we need to be ment process, if we are leading a new number 20 in their list of priorities then that getting more information more regularly. contract it is easy for us to pull in all the right tells you something about how they will people, to make sure we have the risk. We respond in the event of a supply shortage. GH: We have changed our approach to some struggle with the back end as the contracts contracts, whereby we demand certain areas go to the operational departments. KB: We brand ourselves as one of the top 10 are self-delivered so you have that bit more We have our audit director and the audit housing associations, but if you take it out to control over risks there and are able to audit. team measures the risk register. We have a the wider world, we are tiny. The mentality risk board. Each year our internal auditors of the staff is that they expect suppliers to fall RE: Is it easier to get firms to make a will look at all the contracts they have, and at our feet. We have put a simply policy in change when something goes wrong? each time we hand the contract over, we place and said nobody in the business can make sure that we not just train the contract meet a supplier unless they have gone NB: Over the past few years in procurement manager, but anyone else who that contract through a commercial awareness training, we have been honing our skills and processes will have an impact on during its life. so at least they know what they can say and to at least start to take more of a governance- A lot of the risk management comes out what they can’t say. based approach to risk. When something about the day-to-day relationship you have happens, you get a sudden step change and with the guy on the other side of the table. GH: We have the strategic relations board you leap forward a couple of years’ worth of (STAR) for the major contracts. You have the organic development in a few months. RE: If you don’t have that relationship with main board, driven by procurement, but you those suppliers there are things you are have to produce an annual report on the GH: Sometimes you do have to wait for an incident. If we put proposals forward that are not accepted by the board, you have to highlight the risk and then it is a decision on the likelihood which may then be out of your hands as to whether the business accepts it. TA: A risk manager will try to get them to do things to stop things happening in the future, rather than waiting for them to happen. RE: Any tips on how you make that argu- ment to the board, to get them to invest? JB: One solution could be to present some www.cpoagenda.com AUTUMN 2012 | CPO AGENDA 51 Roundtable.48-53.1.cr.indd 51 12/09/2012 12:19
  • 5. ROUNDTABLE: REPUTATION and it was a massive inconvenience, these customers remembered that this company had handed out mobiles and dealt with it. DQ: High impact, low probability, “black swan” events will occur. Catastrophes will occur. Do you think organisations can still get away with the excuse of “It is a low probability so we didn’t manage it”? GH: If you recognise it. As long as you have an audited trail of the decisions made and why. suppliers that are within the STAR contracts. GH: We are looking at the contracts now TA: It’s a good point about the planning There is also a six-month health check, so saying: “Shall we deliver this in-house issue and how far down the probability you have to report on the risks that you think because we are not transferring the risk, but curve you go; it is like trying to second guess exist and report up. we are paying a premium for it?” Just look- every event that is going to happen. We were ing at whether risk transfer is really asked after the Iceland volcano: “Does that NB: If we have a high risk we will put an achievable. I definitely don’t think it is mean I now have to study all of the action plan in place, but rather than just with reputation. Northwest European volcanoes to under- every two years, we might go through every stand where the next volcanic threat is?” quarter. Then we hand the contract over. SF: We do a tiering based on spend and con- Those disrupted were dependent on The person you are handing it to is not going tract so it is about opportunity more than Northwest European airspace to transport to have the time to do what you think they risk. It drives how we manage the money goods. It is trying to pull away from really are going to do, so you have to have terms and frequency reviews, and so on. specific triggers and think about generics. structure in the contract. Otherwise you would never get it done. RE: So how do you deal with problems RE: How do you work out who your when disaster strikes? Have you dealt IC: What about every day risks that are very critical suppliers are? with it swiftly or had a back-up plan? transactional, for instance, consultants coming onsite – they are handling your data. NB: We have done it two ways: by spend, but NB: That is where the value of your relation- also looked across main categories and ships comes in, how close you have managed NB: For consultants, we have a very strin- identified the vendors that are strategically to be with your vendor. gent on-boarding policy for coming into the critical to us. business, having IT access, have access to TA: It is not just about managing upstream, confidential information, IP related issues, TA: We try and look at it from a value view- the impact of whatever difficulty has been confidentiality issues. In a way, because that point – what is the impact on the output of had, but to the extent that it might impact is a tangible thing, we find it easier to con- an organisation, whether it is reputation, the customers and the sales and marketing trol. One thing I see a lot more of which has market share or profit – and try and work people in the organisation, having them a big reputational risk attached to it is data: backwards from there and map the various engaged and integrating them into the pro- everything we do now takes an extra month’s connections from a value perspective rather cess so they can be communicating with negotiation on data protection. That is a real than an expense perspective. their customers if there are supply prob- developing area that no one has nice handy lems to be addressed or to be recognised. clause they can just throw at a contract; eve- RE: Are there certain things people don’t Then customers can view issues sympa- rything seems to need to be tailored around consider a risk – because they are too thetically which can go a long way to different services and different scenarios. often just looking at where the spend is? enhance a reputation. We were involved with a European tele- TA: Clearly, the data issues are similar across DQ: Undoubtedly, in many cases they are coms company that lost a network as a all sectors. Cyber risk is not a new issue, and focusing on the core of the business to result of a fire. The first thing it did was I doubt whether it is restricted to supply understand where things are likely to go communicate with key customers and chains. Cyber exposure – whether it is data, wrong. But inevitably when something does handed out mobile phones because this was virus attack or systems’ interconnectedness goes wrong it is because they are blindsided part of its plan. This was what it anticipated. – there is so much dependence upon that by something unexpected. Even though the network was out for a week whole area of technology and connections. 52 CPO AGENDA | AUTUMN 2012 www.cpoagenda.com Roundtable.48-53.1.cr.indd 52 12/09/2012 12:20
  • 6. GH: It can be restrictive as well – our infor- SF: We did have a debate as to whether we GH: If we deliver projects on time and mation security restricts possible changes should extend our process. We decided we in budget and without any disruption, that would improve processes. There are would just test they have a process in place then the business looks to you much areas that I have highlighted where the and go with that. It was a decision point that quicker than it would to do somebody business has responded negatively – they said our resource is better used over here. else and it tries and carries out its own won’t take that risk. You are preventing procurement. Make it easy and efficient business improvement in some cases. RE: What about putting opportunity for your internal customers for them to and risk together? Does anybody have follow your own preferred procurement TA: This issue of inter-connectedness is examples of that, where you can attract route. Avoiding any of those risks you now at the top of a lot of people’s agendas. better suppliers, or more customers? can then advance your own standing in Different entities have information on sup- an organisation. pliers at different levels of a particular JB: If you are compliant in terms of soft- value chain, if you like, and it is just joining ware and you sell software solutions NB: If you have a good reputation as an these dots together that, in time, will start packages, then it is good for your image, organisation, you can probably get to give more visibility. You do come across confidentiality issues and the ability to share data. “If you have a good reputation as RE: How do you go about identifying your suppliers’ suppliers? an organisation you can probably SF: We ask them who they are and what get your hands on innovative was their process for managing their sup- ply chain. Again, as we get further down products before others” the supply chain, that becomes less and less in terms of documented processes. your customers and your reputation. It is your hands on innovative products You just have to assess the risk based indirect – I am not sure you can measure before others. on the limited knowledge, or limited this – but in the long term you build a information you are given. ‘brandable’ company. TA: Apple recently has gone out and listed its key suppliers so they are public informa- NB: For us, if it is a sensitive process being KB: When we do the business case for any tion. I am sure one reason it has done that outsourced, then we will want to validate. new contract we are going to procure, we is now there is a whole list of people who Beyond that, certainly at the start of the try to understand who might be interested can freely talk about how good Apple is contract we would validate the proposed in it, why and what type of customer we as a customer, which will enhance – lower down the chain, the subcontrac- might be to them. Then you can start to Apple’s reputation. tors. On some that aren’t very sensitive we understand the best way to put the con- would put the onus on them and it would tract out there to attract the right people SF: Clients are very interested in how our be down to them to manage and deliver and discourage the people it is not going supply chain views us. In the bid process the service as they see fit, within the to fit with. It is almost like a reverse that we go through it is a key question that parameters we set. contract; what are we to them? says: “How do you measure this? How do you get feedback? What are they saying about you?” NB: You can’t always mitigate risk when it is there anyway – sometimes you just have to live with it and you have to appreciate that sometimes. If you need something and your business has one source of supply and they happen to not be very solvent, you have to live with it. You can’t have a black and white tick box: “if you can’t tick that box you are not coming on to the RFP” approach. GH: Sometimes things that are that rigid will be losing out in certain areas. www.cpoagenda.com AUTUMN 2012 | CPO AGENDA 53 Roundtable.48-53.1.cr.indd 53 12/09/2012 12:20