Copyright © 2014 BSI. All rights reserved.
How well managed is your supply chain?
Courtney Foster – Senior Analyst, Supply Chain Solutions
2 Copyright © 2014 BSI. All rights reserved.
BSI’s Supply Chain Solutions BSI brings together a practical and economical toolkit supported by a global network of qualified auditors around the world who can be your eyes and ears and give you visibility into your supply chain. BSI’s offering is based on 3 offerings:
+ + BSI’s supply chain intelligence and risk analysis web portal
Assess, map, and manage your suppliers
BSI’s onsite supplier verification and audit service
BSI Supply Chain Solutions - Advisory Services Supply Chain Requirements and Strategy Review, Risk Mitigation Strategies, Program Implementation,
Quantitative Risk Modelling, Corporate Standards Development, Special Reports
3 Copyright © 2014 BSI. All rights reserved.
Risk Assessment Process - Complexity is Increasing
Constant Changes • Facility locations • Supplier churns rates • Legal & other requirements
Fragmentation • Price pressure • Just in time shipping • Globalization • Capital flow
Lack of Strategic Connectivity • Internal departments • Multiple initiatives • Resources to manage
Complex Networks • Intermediaries • Subcontractors • Domestic importers • Wholesalers
2014
4 Copyright © 2014 BSI. All rights reserved.
Factory 1 Factory 3
Subcontractor
Factory 1
Factory 2
Factory 3
Factory 1
Factory 2
Factory 4
Factory 3
Raw materials
Raw materials
Subcontractor Subcontractor
2014
Multiple Actors Leads to Difficulties with Visibility
Agent
5 Copyright © 2014 BSI. All rights reserved.
Why Does Supply Chain Risk Matter?
• Consumers increasingly link the actions of suppliers with corporations
• Incidents at business partner/supplier sites can reflect negatively on your brand
• Several major areas of risk • Inability to deliver to your customers on time – business continuity • Damage to your company’s reputation – sustainability • Regulatory penalties – government requirements • Direct financial damage – cargo theft
20/11/2014
Your REPUTATION is your
6 Copyright © 2014 BSI. All rights reserved.
Inability to Deliver to Your Customers on Time
20/11/2014
25% of companies reported losses greater than $1 million due to
supply chain disruption in 2013
76% reported at least one supply chain disruption
28% said they have no business continuity
arrangements for their suppliers
7 Copyright © 2014 BSI. All rights reserved.
The PA-12 Shortage and the Auto Industry • Demonstrates that insufficient supplier vetting can
undermine business continuity strategies
• A 2012 explosion at a factory in Germany led to a shortage of a key component in a resin used to make a specific plastic, which is then used in auto parts
• Suppliers for the major car companies all sourced from the factory and had no contingency plans for replacing the supplier
• The shortage threatened to severely hamper auto production in the United States and imposed indirect costs as companies thoroughly tested alternative chemicals
• SCM tool helps proactively verify suppliers for potential BCM issues which could have solved these problems
11/20/2014
8 Copyright © 2014 BSI. All rights reserved.
Damage to Your Company’s Reputation
20/11/2014
Executives say a strong corporate brand is just as important as strong product brand
company’s market value is attributable to its brand reputation
9 Copyright © 2014 BSI. All rights reserved.
Direct Financial Damage Due to Cargo Theft
20/11/2014
BSI-recorded cargo thefts in Italy
10 Copyright © 2014 BSI. All rights reserved.
CEO Stress Test?
1. How many suppliers do you have?
2. How many are direct vs. indirect?
3. Do you actively verify the living profiles of your suppliers?
4. Have you conducted risk assessments of all your suppliers?
5. How many have you physically visited?
a. What are the issues and where?
b. What improvements have you made?
6. Does your supply chain adhere to your corporate values?
7. Can you tell your supply chain story?
11 Copyright © 2014 BSI. All rights reserved.
• Manual Supplier Self-Assessments
• No Geographic Risk Intelligence
• Manual Supplier Self-Assessments
• Supply Chain Geographic Risk Intelligence
• Automated Software for Supplier Self-Assessments
• Supply Chain Geographic Intelligence
• Risk Methodology for On-site Audits
• Corrective And Preventative Action Plans
SUP
PLI
ER P
ERFO
RM
AN
CE
Entry Level Layer
Layer 1
Layer 2
Layer 3
INCREASED SUPPLY CHAIN VISIBILITY AND COMPLIANCE
2014
Progression Towards Maximum Compliance
12 Copyright © 2014 BSI. All rights reserved.
Entry Level Layer
• Manual Supplier Self-Assessments
• No Geographic Risk Intelligence
2014
Entry Level Layer
13 Copyright © 2014 BSI. All rights reserved.
Objectives and Criteria Goals of Questionnaire Supply Chain Security Program Social Responsibility Business Continuity Code of Conduct
Questionnaire Functionality Needs • Attachments needed? • Additional supporting text needed? • Weight of questions o Requirements vs. Recommendations
• Question scored in risk calculation?
Questionnaire Development
14 Copyright © 2014 BSI. All rights reserved.
• Large attachments needed to be sent and received
• Digging through archives for supplier responses
• Inability to have multiple internal representatives send assessments
• Mass communication limitations
• Read receipts difficult to obtain for emails
• Tracking change requests for new supplier
email points of contact
• Follow-up emails required- reminders not
customized based on status
• Multiple points of contact for supplier
2014
Sending Assessments from Personal Email
15 Copyright © 2014 BSI. All rights reserved.
Obstacle: • You have suppliers you wish to assess in foreign countries who
may or may not speak your native language
Without an Automated Software Tool: • You send out an email with the assessment in English and they
may not understand the request • The supplier may not speak English very well, so they may
misunderstand the questions • They choose to translate the questions through Google, causing
information to be lost in translation • They choose to translate their answers through Google back to
English, which gives you a jumbled mess of words that may or may not be correctly translated
• They choose to answer the assessment all in their native language, leaving you to decipher their answers yourself
• They do not complete the assessment because they do not understand
2014
Language Barrier Between You and Your Suppliers
16 Copyright © 2014 BSI. All rights reserved.
• Inability to understand where different suppliers are in completion process • More difficult to filter suppliers based on region, division, product type, SAP number • Tagging suppliers to specific buyers/agents more difficult • Hard to track number of reminders, date sent, and the wording of the different emails
Excel Spreadsheet Tracking Completed Assessments
17 Copyright © 2014 BSI. All rights reserved.
Checklist Results: 70% Compliant
Checklist Results: 70% Compliant
• Assume suppliers are EQUAL risk based on their compliance scores from a simple checklist
• Single-focused self-assessments sent out manually from own email
• No geographic risk incorporated • No automation • Unsystematic, single-focused audits
2014
Traditional Risk Assessment Approach
19 Copyright © 2014 BSI. All rights reserved.
Layer 1
• Manual Supplier Self-Assessments
• Supply Chain Geographic Risk Intelligence
2014
Layer 1
20 Copyright © 2014 BSI. All rights reserved.
• This generic threat information gives an inaccurate assessment for issues related to cargo security
• Much of it is not applicable to supply chain threats • This information does not assess threats in context to other threats in other areas • The information is dated and does not provide active monitoring for a changing world • You cannot look at traditional Travel Security or Political Stability risk and
apply it to supply chain threats
2014
Analyzing the Geographic Threats to Supply Chains– The Minimum Approach
Publically-Available Government
Sources
21 Copyright © 2014 BSI. All rights reserved.
Travel Security
Political Stability
Cargo Theft
Labor Unrest
FRANCE
2014
Supply Chain Geographic Risk Intelligence
22 Copyright © 2014 BSI. All rights reserved.
• BSI combines a variety of risk factors, quantifies them, and produces threat ratings for 203 countries
• Countries are rated on a five-panel scale • Low • Guarded • Elevated • High • Severe
11/20/2014
SCREEN-Supply Chain Risk Exposure Evaluation Network
• Intelligence is gathered from a wide range of sources: • Proprietary incident database • Information from auditors around the world • In-depth analysis and synthesis of local news sources • Information from governments, NGOs, and industry
• A dedicated team of analysts is constantly updating and refining our intelligence, making sure our risk ratings reflect the situation on the ground
24 Copyright © 2014 BSI. All rights reserved.
Uses of Intelligence – Proper Policies and Procedures
• Local factors should influence mitigation policies and procedures
• China has a High threat rating for both stringency and enforcement of regulations
• Simply following local laws and regulations may not protect companies from scrutiny
• Exposes them to new risks: • Bribery and corruption • Looks like a lack of due diligence • Local practices don’t comport with international standards
• Risk information can inform policy towards their suppliers and help create a more tailored approach
11/20/2014
25 Copyright © 2014 BSI. All rights reserved.
Uses of Intelligence – Disclosure of Risks
• Supply chain risk information enhances understanding of the importance of risk for your company
• Spotlight News emails and special reports ensure your knowledge is current
• Can be a benefit for working with other companies and disclosure to regulators
• Evidence of a robust process backed by quantitative and qualitative data demonstrates to customers that you take risk assessment seriously
11/20/2014
26 Copyright © 2014 BSI. All rights reserved.
Environmental
Cargo Theft
Illicit Smuggling
Trade Interruption
Counterfeits
Supplier Name Country Compliance Score- Overall
Compliance Score- Required
Questions
Compliance Score- Recommended
Questions
Geographic Risk –
Cargo Tampering
Risk Factor – Annual Import
Volume
Overall Risk Score
Munich Machines Germany 75% 85% 45% Guarded Tier 1 3
Jakarta Parts Indonesia 70% 600% 75% Low Tier 2 2
British Electronics England 90% 100% 85% High Tier 2 2
Incorporation of Supply Chain Geographic Risk Intelligence into Assessments
27 Copyright © 2014 BSI. All rights reserved.
Many due diligence programs require “evidence of implementation” to show exactly how you approach the supplier risk assessment process. • Problems manually compiling all of
the information gathered on a single supplier
• Formatting of manual reports can be time-consuming
• Number of reports that need to be generated can be overwhelming
• May have to compile many reports on a daily basis if assessments are completed regularly
2014
Manual Generation of Supplier Risk Reports
28 Copyright © 2014 BSI. All rights reserved.
Layer 2
• Automated Software for Supplier Self-Assessments
• Supply Chain Geographic Intelligence
2014
Layer 2
29 Copyright © 2014 BSI. All rights reserved.
SCM provides a secure platform enabling you to house your supplier profiles, Manage Supplier Self Assessment & Onsite Supplier Qualification and Verification programs from onboarding, scheduling, reporting, CAPA, benchmarking and status reporting
SCM features include:
•Email communication functions with suppliers
•Checklist builder for customised checklist
•Customised suppliers risk profile calculator
•Automated Risk Assessment & Analysis
•On-demand Dashboards & Reporting
Supplier Compliance Manager (SCM) – Audit platform Identify & Manager Supplier Traceability and Risk
30 Copyright © 2014 BSI. All rights reserved. 20/11/2014
SCM Algorithm- Holistic Approach to Risk Assessments Three main components included in the BSI Proprietary Business Partner Risk Algorithm:
Business Impact Variables
(BSI Patented)
In-transit risk profile captured from Business Partners, which
incorporates information unique to business.
Risk Data Point Examples-
Trade Lanes, Export Volume, Export Revenue, Seals, Modality, Arranging of
Transportation
Geographic Risk Information
(BSI Proprietary)
Country-level intelligence generated from SCREEN
intelligence portal based on countries where business
partners are located.
Risk Indicator Examples- *Business Continuity, *Social Responsibility, *Environmental,
*Security
Compliance with SCM Assessment
(Commonly Used)
Business Partner responses are scored according to the
designated question weighting
31 Copyright © 2014 BSI. All rights reserved.
Transportation Modality
Chain of Custody
Gaps
Compliance
Assessment Compliance
Annual Volume
= Automated and Holistic
Risk Calculation for Global Suppliers
Risk Output
Risk Intelligence
Industry-Specific risks
2014
Automation of Supplier Risk Assessment Process
33 Copyright © 2014 BSI. All rights reserved.
Email functionality in a software tool allows for: • Tracking and viewing full historical record of email communication • Send tailored assessment invitations and reminders according to where
supplier is in completion process • Send emails to multiple points of contacts and users
2014
Automation of Email Communication
34 Copyright © 2014 BSI. All rights reserved.
Layer 3
• Risk Methodology for On-site Audits
• Corrective And Preventative Action Plans
2014
Layer 3
35 Copyright © 2014 BSI. All rights reserved.
Pre-Qualification of Supplier Relationships
Vietnam Specialty Components Beijing Metal Parts
“Beijing Metal Parts” Business Risk = Country Location - China Annual Volume - 75 Shipments Annual Revenue - $450,000 Number of Years in Business: >10 years Number of Employees- 500-1,000
“Vietnam Specialty Components” Business Risk = Country Location – Vietnam Annual Volume - 200 Shipments Annual Revenue - $1.2 million Number of Years in Business: 5-10 years Number of Employees- 151-200
64% Compliant with Questionnaire 82% Compliant with Questionnaire
When entering into the tender process for selecting a new vendor, a risk-based methodology is essential
36 Copyright © 2014 BSI. All rights reserved.
Obstacles • Tracking and effectively reviewing Business Partner assessments • Ensuring Business Partner receive to CAPA emails- read receipts necessary • Business Partners who feel that corrective action follow-up is unnecessary • Sending out CAPAs on a one-to-one basis can be overwhelming
Macro-level views of vulnerabilities will allow you to send CAPAs to groups of suppliers
• Going through the CAPA process multiple times, exhausting Business Partner Automated CAPA Process Manual CAPA Process
Benefit: You can choose which questions are most important, and if they are answered incorrectly, your pre-determined response will automatically be sent to the Business Partner with no action on your part
Obstacle: It takes time to review each and every Business Partner’s assessment responses in order to determine whether or not they need a corrective action plan
Benefit: If you don’t have time to review every assessment immediately, the automated CAPA will send out your likely response in a timely manner so that your Business Partner can work on creating a suitable plan of action quickly
Obstacle: You may not have time to review each Business Partner’s assessment thoroughly in a timely manner. If you do not review your Business Partner’s assessment until months after they submit it, the CAPAs that you send may not be relevant
Corrective And Preventative Actions (CAPAs)
37 Copyright © 2014 BSI. All rights reserved.
Historical Tracking and Change Over Time Views
11/20/2014
Current Response
Previous Response
CAPA
Su
bmitt
ed
Year over Year Tracking
Tracking Versions with CAPA submissions
38 Copyright © 2014 BSI. All rights reserved.
Supplier Verification Service (VerifEye®) • On-site verifications based on Client specific or BSI specific standards or checklist
• Global network in all key manufacturing countries
• Auditors professionally trained , specialized and qualified
• Centralized program management, Reporting and Customer Care • Hong Kong for Asia Pacific
• US for Americas
• UK for Europe, Middle East, Africa
On Site Supplier Qualification or Verification
39 Copyright © 2014 BSI. All rights reserved.
A Risk-Based Process Will Decrease Audit Costs
Financial spend
Copyright © 2012 BSI. All rights reserved. V1 040513
Contact Us For More Information
Courtney Foster
Senior Analyst [email protected]
+971 4 336 4917