Industries impacted by recent supply chain disruptions are moving quickly to improve their ability to manage procurement risks. Oil and gas companies can learn from their experiences.
When the Japanese tsunami devastated that nation in 2011 the impact of the disaster was eventually felt around the world. Japanese manufacturing was hit hard, with many facilities shut down for months. In turn, others who rely on parts made in Japan had no choice but to suspend production when their supply chain was disrupted.
Natural disasters can have catastrophic consequences for today’s interconnected global supply network, but they are not the only risk. In the airline and aerospace industries, suppliers’ financial struggles have hampered the ability of manufacturers to get parts in a timely manner.
High-profile regulatory violations surrounding their procurement activities in foreign countries have had a negative impact on other companies. Such disruptions can damage profitability, stock price and market reputation, with significant long-lasting consequences.
Company boards are increasingly expecting more proactive efforts, and smart companies are integrating these functional efforts to develop a holistic view of supply chain risk.
This approach, which Ernst & Young calls Total Supplier Risk, is helping companies effectively manage all types of procurement-related risk across the breadth of their enterprise in a coordinated, strategic fashion.
Supplier risks in the energy industry
Many energy company procurement departments have never been asked to assess or quantify or manage risk. It is a skill set they haven’t developed and doing so alone – without proven strategies, processes and tools – is difficult.
In fact, there are substantive supplier risks that impact the oil and gas industry. A 2012 survey of chief supply chain leaders found that 70% believe their organisation needs to improve existing processes or add capabilities to improve their supplier risk management. The best way to start the improvement process is through a full understanding of the five critical risks:
o Execution: Is your company in danger of having to stop operations because you can’t get tools, supplies and necessary services on time at locations where you do business?
Do your suppliers meet all appropriate safety and environmental regulations and provide quality goods and services?
o Commercial: Do your suppliers comply with all contractual terms? Do they bill you appropriately?
o Continuity: Are your suppliers financially stable? In the event of a natural disaster or other disruption, do you have multiple suppliers with geographic diversity who can keep your operations running?
o Competitive: Do your suppliers present risk in terms of theft of intellectual property or conflicts of interest?
o Compliance: Do your suppliers comply with critical regulatory guidelines such as the Foreign Corrupt Practices Act/UK Bribery Act, employment laws, domestic government regulations, tax laws and more?
By your procurement people taking a proactive role in identifying and managing risk, procurement risks can be managed with the same level of intensity as safety or financial risks. They will, of course, need to work closely with the business, internal audit, legal, compliance and HSE to ensure complete risk coverage and the avoidance of duplicative activities.
Path to maturity
A comprehensive supplier risk programme begins with reactive activities to manage disruptive events. A path toward achieving a comprehensive supplier risk programme includes functional expertise and ownership; multifunctional assessment, planning and response; and finally, real-time/predictive continuous supplier risk management.
Along the way, the company develops an integrated program – underpinned by technology – to measure supplier performance and manage potential risks wherever they occur. All aspects of supplier risk are covered and responsibility for monitoring and management is clearly delineated.
A critical part of the process is applying tiered criteria to the company’s supplier universe to segment out by risk levels. For example, a company with 2,400 total suppliers may have 200 that trigger a “tier 1” risk assessment based on predefined criteria. Understanding which companies present the highest level of risk is critical to focusing mitigation efforts properly.
Software systems can be used to aggregate relevant data, report key risk indicators via flexible dashboard views, and enable risk impact modelling, supplier risk scoring modelling and mitigation effectiveness modelling. From there, companies can create controls and processes to mitigate avoidable risks, and develop supplier options to minimise the disruption of unavoidable ones.
This effort is typically implemented in two phases. In the first phase, suppliers are segmented into risk tiers as described above, and a failure mode and effects analysis (FMEA) is conducted on each high-risk supplier/segment. Then, mitigation options are tested and plans are implemented. The company begins its supplier monitoring activities. This serves to limit the imminent exposure.
In the second phase, the operating model for “total supplier risk” is built out as a repeatable process. The strategic direction and key policies/procedures are defined, and the governance structure is developed. Technology requirements are determined. The processes and roles/responsibilities are refined and formalised and, finally, ongoing monitoring of controls is established to verify that they are operating as intended.
The oil and gas industry relies heavily on third party suppliers and they are an integral part of the supply and value chains that they support. As such, their failure, for whatever reasons, to supply products and services in a contractual and regulatory compliant way represents a risk that can have severe operational and financial consequences.
Putting in place the appropriate “total supplier risk” framework, systems and processes can remove foreseeable risk and minimise the impact of unforeseeable risk.
Andrew Deane is a director with Ernst & Young’s advisory team, based in Aberdeen