right_division Green SCM Distribution
Bookmark us
SCDigest Logo

Focus: Sourcing/Procurement

Feature Article from Our Sourcing and Procurement Subject Area - See All

From SCDigest's On-Target e-Magazine

Oct. 12 , 2011

Supply Chain News: IBM Details its Total Risk Assessment Tool for Supply Management at CSCMP


New Inhouse Tool Combines Analyzes Multiple Data Sources to Come up with Composite Score, adds more Discipline to the Process


SDigest Editorial Staff 


IBM provided details on its new total risk assessment tool for supply management last week in Philadelphia as part of the innovation award track at CSCMP's annual conference.

Though IBM did not win the award (shared by Del Monte, Ahold and ES3 for a collaborative distribution program; Motorola Mobility was runner-up for its new S&OP process with suppliers), the presentation showed the interesting approach IBM has taken and the challenges of effective supplier risk management execution.

SCDigest Says:


Caplice, who has done much work on risk management, said that the challenges of creating such algorithms have led similar projects in the past to be less than successful.

What Do You Say?
Click Here to Send Us Your Comments
Click Here to See Reader Feedback

According Louis Ferretti, an executive in IBM's procurement group, the initiative started as part of an overall corporate strategy around enterprise risk management (ERM). As part of that overall effort, IBM looked more closely at the approach it was taking to risk management in supply management group, and found opportunities for improvement - especially considering the increasingly global nature of IBM's business.

"There is clearly more risk today in the supply chain than there was just five years ago," Ferretti said. He noted that as IBM makes or sells products in more countries around the globe, it usually tries to source components and materials locally where it can. That means dealing with suppliers, national and local governments, and many other parties it may have little direct familiarity with, and for which information may be hard to acquire or be dated by the time IBM receives it.

He cited, for example, the potential concern of an offshore supplier running into financial difficulties and having a local creditor seize critical tooling that IBM had paid for or provided.

Ferretti said within the supply management group, IBM needs to look risk in three areas: strategic risk, operational risk, and environmental risk.

While Ferretti said the approach IBM was taking was advanced for its time, more work was needed to deal with the changing corporate and global environment. Until recent changes, supplier risk assessment was managed by individual "commodity councils," buying teams responsible for different categories of products or services, such as memory chips or travel.

While there were guidelines and processes in place, risk assessment was largely a manual process, and at times overly subjective. What constituted "high risk" to one team might really be "medium risk" to another. The approach to data collection to support the risk assessments was manual and not especially rigorous in terms of process.

Ferretti said the approach was also not perhaps well structured to deal with newer concerns, such as environmental risk, and that further investigation identified that there were some systemic risks - risks that perhaps went across commodity council boundaries - that weren't being picked up.

Being the technology company that it is, IBM hoped to solve the problem through software, and Ferretti said its original intention was to buy a packaged tool that could pull multiple data elements together with some smart analytics to come up with risk scores based on all the data available.

Ferretti said he was surprised to find such a tool didn't really exist on the market. There were many that looked at one aspect of the problem, but none that really pulled it all together in the way IBM wanted. Not surprisingly, many of the vendors IBM met with were anxious to build out such as solution for IBM, but in the end Ferretti said he and his team decided if such an effort was required, IBM would be better off doing it by itself, using a combination of current IBM products (its Cognos analytics tool, ILOG event management capabilities, and more).

He also said he thought IBM could get the usability aspects of the tool better - key to its success - if it developed the software internally.

The tool brings in data from a number of sources: an existing IBM database that tracks supplier financial numbers and status; a third party data source that feeds info on news and events (from politics to the weather) from around the world, and inputs from its procurement managers and others as they respond to a series of structured questions (see graphic below).


IBM's Total Risk Assessment Tool Combined Multiple Data Feeds into a Composite Score


(Sourcing and Procurement Article Continues Below)




The goals were to look at risks more systematically, become more predictive, and do both in a more structured and consistent way.

The key to the tool's success is the algorithms used to calculate a total risk score from the inputs coming into the system. IBM brought in some consultants from its own Global Services business to help with that process - one which Dr. Chris Caplice of MIT noted during the presentation is key to making such a tool work.

Caplice, who has done much work on risk management, said that the challenges of creating such algorithms have led similar projects in the past to be less than successful. As just a simple example, a supplier that has low risk in some areas but very high risks in others usually should be considered the medium type of risk that could happen if the high and low scores are simply averaged together.

The session at CSCMP ended without the chance for Ferretti to explain some of the "secret sauce" behind the algorithms, or learn at what level of detail IBM would be willing to share that insight.

The tool allows IBM buyers and others in the supply chain to look at risk from a variety of perspectives: suppliers, suppliers sites, countries, regions, hubs and more.

In the end, the tool offers a number score and graphic representation of these different categories as being low, medium or high risk, meaning supply managers must develop contingency or risk management strategies appropriate to those ratings.

Ferretti also noted that just constructing the supplier database needed for the tool had an early if not really intended benefit. When the Japanese earthquake/tsunami hit earlier this year, IBM was able to identify the 70 or so suppliers sites that might be endangered from among the hundreds of suppliers it has in Asia.

Ferrati said that this data, linked to another system that is has that keeps track of on-hand inventory, allowed IBM to respond very quickly to the challenge and secure endangered supply faster than its competition, which he believes gave it a real advantage in being able to ship to customers later.

There are plans for improvement to the tool, one being to add more context or tolerance levels before sending alerts out to procurement managers.

It is not clear at this point as to whether IBM plans to commercialize the tool and to sell to other companies or not.

What do you think of IBM's total risk assessment tool? Have you built or bought anything like it? What are the challenges to created such a tool? Let us know your thoughts on the Feedback button below.

Recent Feedback

This represents an important step forward in supply chain risk management. We recently adapted a commercially-available risk analysis software system for use with defense supply chain risk management. As noted in the article, simply building the causal model of risks was enlightening to the supply chain manager. We found that the industry is hungry for more robust and sophisticated risk management tools, methodologies and processes.

Gerry Graves
Sr. Research Scientist
Advanced Technology International
Oct, 13 2011

This seems like a fantastic solution, for an IBM or Cisco sized firm, not the least as the people making risk-based purchasing decisions can be so far from the actual relationship. In this way, a medium size firm with a more linear supply chain, typically will not have the resources, to purchase or build such a system. We teach our sub-$1B members to do bottom up and top down assessments using our OLEx survey and analysis tools. These types of risk assessments systematically compile the intelligence your own team has (which is oftentimes the best intelligence out there), this kind of localized, institutional knowledge is what a multi-million dollar software system can even struggle to produce. Both work, one is excellent for a $100B company, while the other is better if you dont have hundreds of thousands of dollars to build/buy a cognos system.

Casey Mork
Operations Leadership Exchange

Casey M.
Research Director
Operations Leadership Exchange
Oct, 14 2011