High Risks in Your Supply Chain that You May be Blind To

The benefits of outsourcing production processes or services to suppliers are many: it can provide a better product or service than you would be able to produce internally; it can increase your efficiency; it can allow you to focus on core areas; and, of course, it can reduce your overall costs. Meanwhile, it also creates additional risks companies may not be factoring into their own business formula for success.

Lack of transparency

Suppliers are often reluctant to share information they may see as proprietary or confidential but it’s essential that they give reasonable assurance that they have plans in place for business continuity and that they are regularly maintaining and testing these plans. Their process may include a wide scope of operational dependencies so it’s valid for regular assurance and audits from clients.

Sufficient monitoring and alerts of operational outliers or different-from-expected production or delivery is also a basic requirement. Many clients now require automatic monitoring and timely technical reports. If your organization is not already formally requiring this from your key suppliers, introduce it into your relationship. Conjoined tests and validation exercises are valid trust builders and can improve expectations and transparency in the vendor-client relationship.

Unclear contracts

Relationships with critical partners frequently begin with a trust or “handshake” agreement on delivering a small service with little risk but develop over time into a critical dependency. When contracts are not fully formed or re-addressed as the relationship matures, both parties can end

Secondary suppliers

It’s a global market and many of your suppliers have their own suppliers – around the globe. In fact, those that are delivering value to your suppliers may be receiving value from you or someone like you. It is a small world, afterall. The key is to understand relationships that are imperative to you and their dependencies. Are several of your vendors relying on the same supplier for a raw material? Do your vendors require the same level of standards you do from their partnerships? There are many layers of business these days and it’s difficult to see the supply chain clearly across several (perhaps as many as several dozen) variables. In short, you need to know your suppliers as well as you know your customers.

Quality control

Don’t forget that because today’s global supply chains are so interdependent, the number of organizations that influence your product multiplies the complexity of product quality. Each organization carries their own process methodologies, operational policies and strategic initiatives. Each piece of these creates another layer of complexity. It’s easy for a small part to become obscure and the detail less defined, resulting in a poorer level of product. Clear service level agreements and carefully systematized audits are needed to set and maintain standards of quality.

In conclusion, many risks that come with supplier relationships can be minimized through establishing clear expectations early in the relationship and continuing to clarify those expectations throughout the working contract.

Bring Your Own Device

Image representing iPad as depicted in CrunchBase

Image via CrunchBase


Sitting in a top level Management of Information Systems conference this morning with over 60 CIOs from local corporations the panel discussion started and ran on BYOD for over 90 minutes. This is a hot topic and ambivalence, though not overt, is a clear theme. Though corporations see benefits from decreasing overhead and IT inventory to employee satisfaction the risk possibilities around data security are unrealized.
Issues that arose included:
– separation of hardware from software systems
– new data and cyber policies
– data security systems and controls like management and wiping capabilities
– distinguishing or categorizing personal vs corporate data
– policy enforcement
– user safety during equipment use
– privacy concerns for employees
– device support


It will be interesting to see how this opportunity develops and what evolutions arise to support it’s progress. What are you seeing in your organizations?


Operational Risk now OCC’s top concern

Operational risk has eclipsed credit risk as national banks’ chief safety and soundness challenge, Comptroller of Currency Thomas Curry told the Exchequer Club in Washington, D.C., last week.

Operational risk – the risk of loss due to failures of people, processes, systems and external events – is “high and increasing,” Curry said.  He cited flawed risk models, lack of adequate controls over third party vendors and anti-money laundering efficiencies as some examples of operational risk.

“[A]s banks and thrifts face greater resource constraints and higher compliance costs, they may feel greater pressure to economize on systems and processes in order to enhance their income and operating economies …,” Curry said. “All institutions … must resist the temptation to under-invest in the systems and controls they need to prevent greater risk and larger losses in the future.”

He emphasized the risk of operational failure is embedded in every activity and product – from a bank’s processing, accounting and information systems to the implementation of its credit risk management procedures.

“No issues look larger today than operational risk in all its dimensions, the manner in which all risks interact, and the importance of managing those risks in an integrated fashion across the entire enterprise,” Curry said. “These themes are a supervisory priority for us at the OCC today and they should similarly command the attention of the industry.”

reprinted from the Oklahoma Bankers Association Weekly Update, May 21, 2012

Business Value Balance

Given that you agree with the recent post on every business having the same four core values . . . let’s continue our discussion.

Here’s a diagram for visualization: Business Value Balance.  Each operational value exists in a spectrum (generally from happiest to least happy).  Depending on the current score for each value on their respective spectrum, business is probably good.  Referring to the chart, you can see the business as the core, four-pointed star.  When the staff is happy, the customers are happy, the business is generally likable and its making a profit the business is sustainable.

There’s another star, too:  a red, eight-pointed star.  The eight-pointed star is the zone of risk tolerance. If you chart the scores of the four requirements for sustainability within the level of tolerance, it’s holding steady. If the level of value isn’t meeting or exceeding the least tolerable level, then its a problem.  Simple enough.  When one or more of the scores exceeds the level of tolerance, the business will naturally look for ways to move back toward a balance.

HERE’s THE CATCH: How the business finds its way to pull one score back to center could happen at the cost of another value.  And, if no one’s managing the balancing act, it will be at the cost of another value.  They’re all interrelated so they will all be effected.

If you don’t have plans to deal with keeping the four basic core values in balance, business ends up looking chaotic.  It is constantly in flux, always pulling and pushing at itself.  Costing the happiness of staff, the happiness of clients, likability and profit.  This diminishes sustainability and resilience.

Next blog: keeping the business values at the center of your continuity program.

What do you think?  Do you agree?  Disagree?  Case studies?

Is risky the new safe?

With all the market crash and the down economy and the double dip recession is risky the new safe?  Can “knowing” your risks be tantamount to being safe from them?