A few weeks back, I spent an extremely informative hour on the phone with Bill Michaels of ADR International, a consultancy and training provider. Usually, the discussions I have with consultants end up trailing off into war stories and vendor selection happenings, but this discussion was different from the start -- I was in complete sponge mode, absorbing as much as I could and saying as little as possible. Bill and his team wanted to share a highly specific supply risk methodology they applied in tandem with a major supply risk insurance underwriter in the bio / pharma space (though the lessons from the discussion are quite universal across industries). In a series of posts highlighting ADR's supply risk programmatic model based on this discussion, I hope to share an overall approach to supply risk analysis and mitigation that will change the way your organization thinks about the subject.
To set the stage in this particular client engagement, the industry dynamics strongly favored taking a proactive supply risk management stance. Given the relatively high growth environment (and strong profit margins), the most important thing for the client organization was to reduce potential profit risk versus reducing spend and costs. The process ADR took the client through involved eight different steps -- not all of which are individually remarkable on the surface, but collectively present a holistic and proactive risk management operating model. These eight steps were:
- Risk identification (creating a list of projects and strategies to evaluate)
- Risk predication (establishing a base case for projections for each project)
- Risk modeling (static financial modeling development based on the risk cases)
- Risk analysis (dynamic monte carlo simulation)
- Risk mitigation (framing real options)
- Risk hedging (options, analytics, simulation and optimization)
- Risk diversification (optimization and asset allocation)
- Risk management (ongoing management, reporting, analysis, etc.)
You can probably tell already from this list that a supply risk geek like me perked up at hearing a process like this (versus the more common "buy supply risk enrichment and call it a day" approach that is more typical). Clearly, ADR was working with an organization that had the werewithal, budget, executive support and time to consider an extremely wide variety of risk factors and put in place a comprehensive financial and operations management program to deal with them.
This organization's primary focus areas from a supply risk standpoint were evaluating two specific scenarios and their impact based on their overall ingredient/component/part list: sole source (single plant) and dual-source (single plant) across their spend operating profile. To kick off their evaluation, the company constructed an extensive RFI that it sent to suppliers to begin building individual risk profiles.
But even preceding this stage, the organization followed a number of supply risk best practices we can all learn from. First, they created a cross-functional team of stakeholders, evaluating members from the following groups: strategic sourcing / supply management, product research and development, manufacturing process engineering, regulatory, QA, risk management and supply chain. At the same time, they also focused on identifying senior management sponsorship and stewardship for the program and overall management team support. They then set out to identify the functional expertise they would require on the team tasked with targeting supply risk.
With this initial approach complete, the next step was to identify suppliers that were in the scope of the project. They began this effort by leveraging the above-mentioned RFI process to conduct an entire cut of their direct materials supply base. They then "applied the first cut supplier segmentation as the baseline for ranking supplier risk," which included indentifying sole / single sources with only one approved manufacturing site (which increased risk). Using this data, they were able to pareto order priorities and avoid expending additional effort on suppliers and materials that presented lesser or no risk.
The outcome of this approach was a risk disruption matrix built on two axis: number of potential suppliers and number of approved manufacturing sites. In the upper right quadrant were "low risk" suppliers, where multiple sources and multiple sites existed. The upper left quadrant consisted of "high/medium" risk suppliers, with supply chains built upon a sole source (supplier) and multiple sites. Both the lower left and lower right quadrants were "high risk" because they represented sole source/single site situations and single source/single scenarios respectively.
Stay tuned for additional explanation and analysis behind ADR's supply risk management process.