Disney, Depp and the cyber supply chain risk management problem

One field-tested security strategy for information systems and digital content is to address the problem through processes, people and technology. On the process front, all companies involved in the production of digital IP should, by now, be adhering to a proven information security framework that fully addresses supply chain risks. That includes making sure your digital IP is protected at all times, even during post-production (or maybe we should say especially during post-production, given recent incidents).

Fortunately, there is a ready-made cybersecurity framework that companies can use, at no charge, thanks to the US federal government, which has done some sterling work in this area, namely the NIST Cybersecurity Framework.

The current version is a great way to get a handle on your organization’s cybersecurity, and the next version, currently in draft, goes even deeper into the need to maintain cybersecurity throughout the supply chain. For that reason, the draft is worth quoting at length:

“The practice of communicating and verifying cybersecurity requirements among stakeholders is one aspect of cyber supply chain risk management (SCRM). A primary objective of cyber SCRM is to identify, assess and mitigate “products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the cyber supply chain.”

Read more at Disney, Depp and the cyber supply chain risk management problem

Leave your comments below or contact us for discussions.

Share on FacebookShare on Google+Share on LinkedInTweet about this on TwitterEmail this to someone

6 in 10 businesses experienced at least one supply chain disruption in Asia Pacific in 2016

One in four businesses exceed ‎US$1 million in losses, but almost half of survey respondents in Asia Pacific did not insure their losses.

Zurich Insurance has revealed the key Asia Pacific findings of the Business Continuity Institute (BCI) “Supply Chain Resilience Report 2016”. Despite six out of ten organisations experiencing at least one supply chain disruption during the past year, with one in four exceeding ‎US$1 million in losses, the report found that almost half of survey respondents in Asia Pacific did not insure their losses.

Partnering with BCI for the eighth year, the annual report is regarded as one of the most authoritative benchmark reports in this business area. The key findings for Asia Pacific (APAC) this year are:

  1. IT/Telecom outages was named as the number one cause of supply chain disruption
  2. One in four organisations experienced cumulative losses of over ‎US$1 million
  3. 46% of organisations do not insure their losses, meaning they bore the full brunt of the cost
  4. Only 30% of disruptions occur with an immediate supplier
  5. 48% responded that top management have made commitments to supply chain resilience

Read more 6 in 10 businesses experienced at least one supply chain disruption in Asia Pacific in 2016

Subscribe us to get updates in your inbox. If you have any opinions, please share it at the comment box below.

Share on FacebookShare on Google+Share on LinkedInTweet about this on TwitterEmail this to someone

Commentary: Managing risk in the global supply chain

The World Economic Forum defines global risk as an uncertain event that, if it occurs, can cause significant negative impact for several countries or industries within the next 10 years.
Global supply chains create both opportunity and risk. Some of the macro issues we face both in day-to-day operations and future planning include cybersecurity, terrorism, climate change, economic instability, and political discord.
More specific to executives who manage global supply chains, risk is more apparent, and on a micro-basis potentially more consequential in the short term, in areas such as but not limited to reducing spend, leveraging sourcing options, creating sustainability, political and currency instability, government regulations in the U.S. and abroad, trade compliance management, free trade agreements, energy costs, and what the incoming Trump administration will mean for global trade.
Since the recession in 2008-2009, we have witnessed a serious uptick in companies worldwide reviewing their operational exposure and then creating risk strategies in managing these vulnerabilities. Risk exposure can negatively impact margin, profits, growth strategies, operational stability and personnel maintenance.
For companies operating in global supply chains the risks are vast, convoluted and often unanticipated. As a result, we tend to be unprepared for the impacts.

Read more at Commentary: Managing risk in the global supply chain

We welcome any kinds of opinions, share it at the comment box below. Subscribe us to get updates in your inbox.

Share on FacebookShare on Google+Share on LinkedInTweet about this on TwitterEmail this to someone

Top 25 Risk Factors for Manufacturing Supply Chains

According to a recent report from BDO USA, an accounting and consulting organization, manufacturers’ intellectual property, supply chain data and products have become prime targets for cyber criminals.

The 2016 BDO Manufacturing RiskFactor Report examines the risk factors in the most recent 10-K filings of the largest 100 publicly traded U.S. manufacturers across five sectors including fabricated metal, food processing, machinery, plastics and rubber, and transportation equipment.

The factors were analyzed and ranked by order of frequency cited.

Manufacturing Industry Serves Up New Risks

The manufacturing industry is getting mixed reviews.

The Institute for Supply Management (ISM) Index reported that activity was up in April after five straight months of declines.

Then, in late May, the Purchasing Manager’s Index reported the first reduction in output since September 2009.

In the trenches, manufacturers say domestic demand has been solid, while global business has been more challenging. And the end customer matters: in a recent earnings call, Caterpillar’s CEO noted, “Just about any market that’s away from oil is doing pretty good.”

“Pretty good” is a modest but realistic goal for manufacturers this year, and their top concerns echo this cautious optimism. The annual analysis of the most frequently cited risk factors found the supply chain remains at the top of the list – cited by 100 percent of manufacturers we analyzed – while emerging and growing risks in cybersecurity, competition, labor, pricing, regulations and international operations are also keeping manufacturers up at night.

Read more at Top 25 Risk Factors for Manufacturing Supply Chains

Share your opinions about Risk Factors for Manufacturing Supply Chains with us in the comment box and subscribe us for updates.

Share on FacebookShare on Google+Share on LinkedInTweet about this on TwitterEmail this to someone

New Risks Jolt Commodities Supply Chain

The challenges facing the commodities sector have multiplied as corporations worry much more about compliance and reputational risks. Checking suppliers and, in turn their own suppliers, require new mechanisms and collaboration. Historically, large purchasers of raw materials worried foremost about price volatility and diversity of suppliers, either to meet financial projections or to avoid business interruptions.

Today, corporations must also worry that they are not unwitting participants in violating economic sanctions or tax fraud, or whether their goods are identified as coming from undesirable suppliers. Given the already complex nature of products, the impenetrable thickets of regulation and the threat from activists ready to lay siege via lawsuit or social media, these compliance and reputational risks add to a vastly increased burden faced by commodities firms.

“Clearly companies have a handle on financial risks, but if they’re operating in emerging markets they’re dealing with multiple issues,” says Mr Talib Dhanji, a partner at EY and leader of the firm’s commodities practice. “The key is to be on top of the different ways that people can commit fraud.”

Quality controls

Trading firms have a somewhat different set of risks from their industrial customers, because many firms do not take physical possession of the goods in question; they only trade futures and hedging instruments with other firms or customers. The frauds they might encounter, then, are more about unreliable promises than contaminated goods.

“Just because you get a nicely published document, that doesn’t mean it’s appropriate,” Mr Dhanji says. “You’ve got to have the right quality controls in place.” Trading firms are better positioned to put those controls in place, both because they face heavy oversight from the US and European regulators, and because the thin profit margins in commodities can mean severe financial pain if they fall victim to unscrupulous dealers.

A delivery that turns out not to meet specifications on quality, place of origin, or volume, for example, might mean a hedging instrument based on that shipment is invalid or insurers would not cover the loss. That threat tends to focus the trader’s mind.

Public scrutiny

Corporations that consume raw materials are in a more difficult spot. They are facing more public scrutiny and regulatory oversight than ever before, and many still do not have the right processes or structures to manage these new commodity risks effectively.

Compliance and reputation risks in the supply chain are different. Instead of a company looking horizontally to find more suppliers of materials, the company must look vertically down to its suppliers, and then their suppliers, and their suppliers, and so forth — all to be sure that no unwanted goods have infiltrated the supply chain at any point.

That requires new mechanisms to confirm the source of commodity goods, as well as new collaboration among treasury, risk, procurement, and compliance departments to do the task well.

Read more at New Risks Jolt Commodities Supply Chain

Subscribe us to get new articles in your inbox, and share your opinions in the comment box.

Share on FacebookShare on Google+Share on LinkedInTweet about this on TwitterEmail this to someone

Why Supply Chain Risk Management is Key to Supplier Management

While brand damage can be quite costly to the businesses whose sales rely strongly on the customer loyalty they generate from their brand strength, cost volatility and supply disruption is very costly to all manufacturers. In fact, in the latest 2015 study by the Business Continuity Institute, supply chain disruption is double in priority relative to other enterprise disruptions and over three-fourths of respondents cited that they had at least one recent (significant) disruption. The same percentage didn’t have full visibility of their supply chains.

While category management can address and even reduce supply chain risk by ensuring a chosen strategy has the right level of resiliency, prevention and agility, it cannot prevent risk or do much to eliminate the source of risk once something has happened. That can only be done by each party in the supply chain doing everything they can to eliminate the risk. In particular, a supplier needs to do all they can to minimize the risk on their end.

However, not all suppliers are as advanced in supply chain management, and in particular, risk management as the buying organization. That’s why good supplier management combined with SCRM is key. Good risk management is a combination of risk prevention and risk mitigation when a risk is detected. Risk prevention involves selecting suppliers, products and services that are low risk and risk mitigation involves taking action as soon as an indicator is detected.

A supplier is not always good at mitigating or even detecting risk in its supply chain, or may overlook an obvious sign that an observant buyer would not, which is why proper supplier management is key. This begins even when qualifying suppliers. Including risk criteria related to the supplier and supplier location gives a good indication of a supplier’s the risk level. Besides the supplier qualification criteria, supply location-related risks provide an overview on potential threats like natural disasters, political situation, sanctions or economic risk. This gives buyers the chance to take preventive actions.

Read more at Why Supply Chain Risk Management is Key to Supplier Management

If you have any questions or opinions, write it at the comment box and subscribe to get updates from us.

Share on FacebookShare on Google+Share on LinkedInTweet about this on TwitterEmail this to someone

Supply Chain Resiliency: Developing a Strong Posture

“Typhoon Halong in Western Japan not only devastated regional economics and residents, it also had a significant impact on regional supply chains with an estimated loss of $10 billion in revenue. It impacted 446 production sites and took 41 weeks to fully recover.”

“The severe coastal flooding in NYC, America’s largest city, had an estimated revenue loss of $4 billion, impacted two production sites with a 38 week time of recovery.”

“Chemical spill at an Intel plant located in Phoenix, Arizona resulted in loss of production at two sites taking 10 weeks to fully recover. The technology company and its supply chain partners lost more than $900 million in revenues.”

Too often the latest headlines highlight disasters impacting geographical regions and more specifically supply chain networks. In the past year we have witnessed global disasters related to extreme weather patterns, global terrorist attacks, rising cybercrime, and slowing global economies.

Once again, managers are reminded that our supply chain organizations are increasingly operating in dynamic, uncertain environments exposing these networks to unprecedented risk. According to the British Standard Institute’s 2016 study on supply chain risk, global supply chains have incurred $56 billion in extra costs related to disruptive events. To be competitive in today’s marketplace, our supply chains must stretch across the globe in new and unfamiliar regions which are highly susceptible to disruptive events. These can negatively impact supply chain operations from an operational and profitability perspective.

Operationally, the effects of a supply chain disruption negatively impact service levels as consumers are unable to get the products they demand. A Proctor & Gamble study on inventory availability found that supply chain disruptions resulting in product unavailability results in higher customer dissatisfaction, lower brand/retailer loyalty, and, more importantly, an immediate sales loss of four percent.

In addition to customer service and sales revenue impacts, supply chain disruptions increase overall logistics costs from eight percent to 11 percent due to increases in product handling, storage, and transportation. On the inventory side, supply disruptions require companies to increase inventory investments by 14 percent to offset product non-availability in the affected area, region, or site.

From a profitability perspective, supply chain disruptions have a near and long term effect. Corporate profitability is impacted drastically at the time of a supply chain disruption with the effect extending into a three year period.

Companies who have experienced a disruption event will likely encounter the following impacts immediately: over a 100-percent drop in operating income, seven percent lower sales growth, and 11 percent growth in operational cost. In the three year period after the disruption, companies continue to experience the effects on their profitability with 30 percent to 40 percent lower stock returns resulting in average shareholder losses ranging from $129 million to $145 million per disruptive event.

Understanding the ramifications that supply chain disruptions can have, managers have moved supply chain risk management and resiliency strategies from tactical to strategic level in the company when discussing corporate goals related to consumer satisfaction/service, competitive advantage, market expansion, operational efficiencies, and profitability. The shift in supply chain priority within the company is evident as we have seen the inclusion of c-level supply chain positions, such as chief supply chain officer, included with other corporate executives (e.g. chief executive officer, chief operations officer, etc.) along with board members and shareholders to determine the company’s course of business.

To ensure supply chains continue to keep consumers, suppliers, and the company connected to each other, these networks must be protected from unnecessary exposure to risk and failure due to faulty risk mitigation and resiliency strategies. Companies seek to incorporate use of these strategies to build higher levels of supply chain resiliency which can lessen the impacts of a disruption when it occurs as well as quickly returning the network to normal state. In order to achieve this level and type of supply chain resiliency, companies must proactively review their supply chain risk exposure using an external and internal perspective.

Externally, companies need to review their supply chain area of operations to understand their susceptibility to risks associated with economic market factors; acts of terrorism/war, changing consumer behavior and demand patterns, economic uncertainty, natural disasters, political upheaval, work stoppage, or other types of events which can lead to supply chain disruptions, delays, and inventory loss.

Internally, companies need to review their supply chain network structure to determine how well its resiliency posture can withstand a disruption and quickly return the network to a normal state. This review should include an in-depth examination of company risk associated with its network of assets, policies, people, processes, products, and systems. To conceptually understand how this external and internal review process is conducted, figure 1 below outlines the impacts and interactions these factors have on the success or failure of a company’s supply chain resiliency posture and its ability to return the organization to optimal operational performance.

Read more at Supply Chain Resiliency: Developing a Strong Posture

Please share your opinions about this article with us in the comment box. If you wish to get the latest updates in your inbox, please subscribe us.

Share on FacebookShare on Google+Share on LinkedInTweet about this on TwitterEmail this to someone

Managing the Risks of Multinational Supply Chains

Managing supply chain risks is critical to the success of any business.

Although, the importance of supply chain risk management is perhaps most clear in Asia Pacific with its high growth rate, shifting industry trends, increasingly sophisticated consumers and expanding businesses.

An Overview

With these marketplace dynamics comes greater interconnectivity of multinational risks. According to the World Trade Organisation (WTO), Asia Pacific includes nine of the world’s top 15 countries importing and exporting intermediate goods.

Companies in the region depend upon goods and services from companies in other countries in order to successfully operate their businesses, and vice versa. As the region becomes more interconnected and trade flows continue to increase, protecting valuable supply chains from both existing and new risks becomes critical to the success of companies based there.

However, managing these risks can be challenging. Today’s supply chains are becoming deeper and spread over more countries. Knowing exactly what, where and how connections can impact a company’s business can be difficult.

It is not uncommon for companies to have supply chains that go down several layers, beginning with one supplier or distributor which is dependent upon a second, which in turn depends upon a third and so on. A problem at any of these levels has the potential to disrupt a company’s business operations.

As a colleague of mine once explained: “You are only as good as your weakest link.” So it is important to have clear line of sight to all of the links in a company’s supply chain. Typically, issues such as quality control and incomplete or late delivery are top of mind when considering problems with the potential to disrupt a supply chain. There is another risk that is often underestimated, but can be equally as damaging – financial failure.

Read more at Managing the Risks of Multinational Supply Chains

What do you think about this article? Post your opinion below in the comment box and subscribe us to get updates in your inbox.

Share on FacebookShare on Google+Share on LinkedInTweet about this on TwitterEmail this to someone

5 Critical Supply Risk Mitigation Principles for Your Sourcing Process

Supply chain risk management (SCRM) is becoming a top priority in procurement, as organizations lose millions because of cost volatility, supply disruption, non-compliance fines and incidents that cause damage to the organizational brand and reputation.
Bribes to shady government officials, salmonella in the spinach and forced labor in the supply chain can all result in brand-damaging headlines that can cost an organization tens of millions in sales and hundred of millions in brand damage. And while reputation may only be important for name brands, cost volatility and supply disruption affect all manufacturers.

In fact, in the latest 2015 study by the Business Continuity Institute, supply chain disruption doubled in priority relative to other enterprise disruptions (48% of firms are concerned or extremely concerned). Roughly three-quarters of respondents said they had at least one disruption, and the same amount lack full visibility of their supply chains.

In the same study, 14% had losses from supply chain disruptions (e.g., natural hazards, labor strikes, fires, etc.) that cost over €1 million, and these disruptions can easily go up to nine figures. For example, Toyota estimates the costs for the recent Kumamoto earthquakes to be nearly $300 million. Imagine being out of stock on a product line that does $12 million in annual sales for two months. That’s $2 million in immediate lost sales and longer-term brand damage.

Risk management, and what is necessary for ongoing risk management, never gets operationalized, and as new suppliers get added, supply shifts and supply chains change, new risk enters the picture — risks that go undetected unless risk management is embedded in all key procurement activities, including sourcing. It is important to remember that:

1. When You are Sourcing, You are Really Changing Your Supply Chain Network

2. Supplier Risk is Only One Aspect of Supply Chain Risk

3. Your Sourcing Criteria Must Be ‘Protected’ and Risk Must Be Factored In

4. You Need to Cost the Risk” and Also Get It in the Contract

5. You Must Design a Monitoring System That is Part of Onboarding

Read more at 5 Critical Supply Risk Mitigation Principles for Your Sourcing Process

Share your opinions with us in the comment box and subscribe to get updates in your inbox.

Share on FacebookShare on Google+Share on LinkedInTweet about this on TwitterEmail this to someone

Managing risk in the digital supply chain

You may be aware of risks and problems in your own business, but increasingly it’s possible to be exposed to issues by other organizations that you deal with, particularly if you’re buying in IT services.

How can enterprises deal with these threats and ensure that their data and that of their customers is kept safe at all stages of the supply chain? We spoke to Dean Coleman, head of service delivery at service management and support specialist Sunrise Software, to find out.

BN: How difficult is it for larger organizations to manage problems that might occur further down the supply chain?

DC: It can be quite difficult, historically most organizations have a handle on risk in terms of what’s going on in the business, financial targets and so on. But when it comes to IT risks and the supply chain providing IT they don’t have the same visibility. These days IT is everywhere and businesses depend on it so IT problems have a larger impact. The understanding of risk needs to be something that key decision makers are more aware of.

BN: Is this a particular problem when dealing with smaller companies who might not have resources in house?

DC: Yes, from the supplier side of the fence we see that smaller organizations often don’t have the skills in house to deal with security, infrastructure, and so on. They rely heavily on these services but don’t see them as a core part of their business. Because they don’t have the skills and resources they will often turn to third parties to manage these things for them. However, in some cases the third parties also don’t do a very good job, they’ll be providing reactive services rather than the proactive ones that are really needed to predict problems based on risk.

Read more at Managing risk in the digital supply chain [Q&A]

Should you have any questions, please post it in the comment box. Subscribe us to get updates in your inbox.

Share on FacebookShare on Google+Share on LinkedInTweet about this on TwitterEmail this to someone