New law underscores move to ethical labor

Recently, the US senate passed a far reaching bill that targets the use of forced labor in China’s Xinjiang province. The problem of forced labor has been an issue and a proverbial black mark on some supply chains and products. With holidays around the corner, two questions are on most people’s minds: a) Will holiday gifts be stocked up on shelves?, and b) Are these gifts sourced with ethical practices?

Since the 80s, as the global economy opened to become more interconnected and supply chains spread out far and wide in the search for efficiency, we lost sight of the fact that the interconnectedness also led to a curtain being drawn upon how goods were sourced, manufactured, and supplied. Initially, we marveled at the machine that could efficiently move,  within days, from a remote factory to our doorstep at ever reducing costs.

We had no way to know that in some cases, behind the curtain, was an inconvenient truth. Some of these products we consume are sourced via supply chains that hide environmental damage and unethical labor practices. Recently, the movement to combat environmental damage, as well as eradicate unethical labor practices has accelerated. This acceleration is driven by availability of data and information, easily consumable at everyone’s fingertips.

Enhanced Supply Chain Visibility

With the passage of this bill, we are now entering a new phase. The grassroots movement is now turning into law of the land. Regulators are stepping in and recognizing the need to act and are increasingly setting the standard which is not merely aspirational, but de-facto. This bill bans all imports from China’s Xinjiang region unless companies prove they were made without forced labor. Companies will very quickly need to ensure that their supply chains are not dependent on this region, and in many cases, the most effective tool available is clearly ineffective, sending out surveys.

There is a better way to not only comply with this new regulation, but to ensure that your reputational risk is low and that you are really living the values that you and your organization aspires to. With the power of data, AI and machine learning, our customers get immediate sub-tier visibility into exactly where they are sourcing their products from.

Not only can you use Interos’s Operational Resilience cloud to identify where you are doing business, but you can see where you suppliers’ suppliers are and so on. At the top of this blog is a video of how you can use our platform to perform due diligence on your compliance with this bill and gives you that initial tool to identify your risk of exposure.

It is no longer enough to say “we did not know”. Customers, and now regulators, are drawing a line in the sand that it is not enough. Interos gives you subtier visibility, so you can sleep better knowing that you are living your values, and now, complying with the law.

Supply Beacon Vol. 3 – Cyber Disclosure Requirements are Up, a Dyson Supplier is Down, and Rare-Earth Minerals are Uncertain

The Top 5 Supply Chain News Stories You Need to Know
The Supply Beacon is your monthly resilience digest, the 5-minute supply chain and security news drop you can’t afford to miss, delivered with insights from the experts at Interos. Know what you need to – fast.

OCC Issues New Disclosure Requirements for Cyber Breaches

Starting May 1, 2022, financial institutions will have to report major cyber security incidents to federal officials within 36 hours. The final rule establishes two primary requirements:

  1. Banks must now notify Federal Regulators of any cyber incidents no later than 36 hours after the they determine that a cyber incident has occurred.
  2. The final rule requires Banks to notify customers as soon as possible when a bank service provider experiences a cyber incident that has materially disrupted or degraded (or is reasonably likely to materially disrupt or degrade) covered services for four or more hours.

Interos Insight: This ruling, called the “Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers” comes on the back of the TSA updating requirements for pipeline, rail, and air transport companies. Although the NDAA for FY 2022 failed to include mandatory reporting requirements for all critical infrastructure companies, bipartisan support for cyber security incident reporting will likely result in future legislation, as a stand-alone bill or possibly, as part of another legislative package. It’s clear that the government is looking to supply chain risk professionals in all industries to rigorously evaluate the cyber risk in their supply chain – and that the issue is only going to be taken more seriously over time.

CISA SBOM-A-RAMA

The Cybersecurity and Infrastructure Security Agency created a new Software Bill of Materials (SBOM) web page and hosted a two-day “SBOM-a-rama” focused on related education, technical issues and pulling together “the broader security and software community.” The SBOM concept “has emerged as a key building block in software security and software supply chain risk management.” Allan Friedman, who led the transparency initiative at the Commerce Department, is now at CISA to fully realize the SBOM’s potential. He said, “to operationalize SBOM means to make sure that we can integrate this into daily operation, into existing tools, and the final status of hooking it into the existing vulnerability and cyber security ecosystem.” Having already led the NTIA in its July issuance of “minimum elements of a software bill of materials,” (a step toward creating a potential federal benchmark and market standard) we can look to Mr. Friedman and the Agency as a source of information, guidance and an opportunity to partner.

Interos Insight: While a bill of materials has always been a regular part of supply chain management, this was not always the case for software. In fact, the idea really only got mainstream attention in May 2021, when the Biden administration issued an executive order citing SBOMs as a necessary measure to improve U.S. cyber security. The order requires the government’s critical software vendors to supply SBOMs for their products and employ automated tools to maintain trusted source code supply chains. The EO applies only to vendors that do business with the U.S. government; however, considering the increase in supply chain attacks, providing a compliant SBOM is likely to become a requirement for most businesses, particularly in regulated industries where a software supply chain failure could result in major consequences.

If you don’t already create SBOMs for your software, there’s never been a better time to start. Not only does knowing what entities are in your software supply chain help secure against vulnerabilities, but it also uncovers hidden licensing risks used in third party software or code. Interos can help partners establish automated mapping, enabling customers to invest in the right, trusted technology and catalogue the use of open source and third-party software to deliver a complete and accurate SBOM.

 

Dyson Dumps Malaysian Supplier ATA Over Labour Concerns

High-tech home appliance maker Dyson told Reuters it had cut ties with supplier ATA IMS following an audit of the Malaysian company’s labor practices and allegations by a whistleblower, sending ATA shares plunging.

ATA, which is already being investigated by the United States over forced labor allegations, confirmed Dyson has terminated its contracts and that it has been in talks with the customer over the audit findings. It had previously denied allegations of labor abuse.

Interos Insight: ESG risks as well as violations of other country-specific restricted lists are not always easy to determine. Companies sometimes look to obfuscate their practices and procuring from such organizations can leave you at risk to penalties, loss of business, and reputational damage. Interos’ database and ML algorithms helps to inform clients before they engage with an industry leading relationship map that continues to update relationships in your supply chain so you can focus on your business’ success.

New Plans to Boost Cyber Security of UK’s Digital Supply Chains

Several reports were released as part of the UK Government’s effort to protect the UK’s digital infrastructure and improve the cyber resilience of organization’s supply chains across the economy and society. These plans include new procurement rules to ensure the public sector buys services from firms with good cyber security. The plans also call for improved advice and guidance campaigns to help businesses manage security risks.

The move follows a consultation by the Department for Digital, Culture, Media, and Sport (DCMS) to enhance the security of digital supply chains and third-party IT services, which are used by firms for things such as data processing and running software.

The reports show that the majority of CEOs and directors of Britain’s top companies (91%, up from 84% in 2020) see cyber threats as a high or very high risk to their business, but nearly a third of leading firms are not acting on supply chain cyber security, with only 69% saying their organization actively manages supply chain cyber risks.

Interos Insight: The British Government is ahead of many NATO peers in enforcing cyber security measures. While there are already procedures to encourage firms across the UK to follow the advice and guidance from the National Cyber Security Centre to secure their businesses’ digital footprint and protect sensitive data, stricter legislation is almost assuredly soon to arrive. The poll also showed that 82% of respondents agreed legislation could be an effective solution. Although regulatory requirements differ across countries and industries, the trend toward greater disclosure and transparency is clear, and is generally bipartisan. Supply chain risk practitioners and industry leaders can use Interos’ AI driven software to assist in getting ahead of the curve and ensuring they are constantly in compliance and continually monitoring their supply chain with updated analytics.

 

China Set to Create New State-Owned Rare-Earths Giant

China has merged several rare-earth assets to create a mammoth state-owned rare-earths company to maintain its dominance in the global supply chain of the strategic metals as tensions deepen with the U.S. The new firm will be called China Rare-earth Group and will be based in resource-rich Jiangxi province in southern China. The combined group is designed to further strengthen Beijing’s pricing power and avoid infighting among Chinese firms, and to use that clout to undercut Western efforts to dominate critical technologies.

Interos Insight: China has long dominated the rare-earth industry. It is estimated that the country will soon account for approximately 70% of total global production of medium and heavy rare-earths and 40% of the total global rare-earth market. The nation also has an overwhelming monopoly on processing these minerals. Medium and heavy rare-earths such as dysprosium and terbium, are considered essential for the production of high-performance magnets, which are used in motors and other components of electric vehicles. The US has taken some steps to encourage more rare-earth production in Australia (the US Defense Department signed a technology investment agreement with Australia’s Lynas Rare Earths company which the Pentagon called “the largest rare-earth element mining and processing company outside of China”).

President Biden has also issued an executive order naming rare-earth minerals as one of four key areas in need of more robust policy options to reduce supply chain risks. Companies with any component in their supply chain that requires rare-earth materials will want to monitor developments here closely since the Chinese government’s restructuring gives them a clear and solid control over much of the supply chain – from production to exports. Additionally, since the previously “private” Chinese mining companies are now “civil-military” fusion contributors to the Chinese defense industrial base, it would not be impossible to imagine them and other companies in China’s critical mineral ecosystem winding up on Section 1260H of the NDAA2021.

That’s this month’s Supply Beacon. Looking to learn more about supply chain risk and operational resilience? Check out interos.ai. Got a suggestion for next month’s newsletter? Send us the scoop at [email protected] or tweet us at @InterosInc!

Uncovering the Hidden Risks in Your Supply Chain

Supply chain disruptions and the risks posed to your business from external parties have become board-level priorities. Slowdowns, delays, and supply shortages have squeezed revenue growth, product availability, and consumer shopping habits. Failures have led to shaky shareholder confidence, hits against brand reputation, and even regulatory non-compliance.  In the most visible cases, the fallout from unforeseen disruptions has become headlines on the evening news and even dinner table discussions.

For the better part of the last two years, Procurement and Supply Chain organizations have been working overtime to gain control over an increasingly stressed supply chain.  Many of the fire drills currently run behind the scenes have averted business crises and kept businesses running as close to full speed as possible in these challenging times. But the work isn’t done yet.

Supply risk has come to the forefront, with more resources, eyeballs, and planning cycles devoted to gaining an early warning of future disruptions.  The big question on everyone’s priority list: What elements of risk can’t we see, and how do we gain the visibility necessary to mitigate those risks?

Where are risks hiding?

Vulnerabilities across your supply network are everywhere, and surprisingly, many of them are hiding in plain sight. The risk factors that tell you about these risks get overlooked thanks to a lack of data and visibility. In most cases, organizations can easily find them with the right tools.

Think about the typical supplier risk assessment process. It’s anything but typical.

Suppliers undergo reviews for financial health, the ability to meet restrictions and regulations, and do not appear on any sanctioned lists. Some suppliers are reviewed for ESG scores.  Surveys are sent and responses are reviewed.  Internal evaluations may highlight previous performance issues.  Critical direct material suppliers get a closer look, including site visits, samples, and prototypes.

But the consistent factor is the inconsistency even within the same procurement organization.

Of course, we have to prioritize, especially when global procurement reams are assessing and onboarding potentially hundreds of suppliers each year.  Data is hard to come by, and time is a scarce resource.  So, we prioritize which suppliers get a cursory review and which get a thorough look across multiple risk indicators.

One of the primary supplier risk ‘wish list’ items I hear from procurement teams is their desire to deliver a more consistent and thorough approach to assessing suppliers across different risk factors.  Gaining instant access to multi-factor risk assessments would enable them to make better decisions while reducing the time and effort of identifying hidden risks to their businesses.  They could evaluate each new supplier more thoroughly without slowing down the onboarding process or reducing their overall throughput with such visibility.

Layers upon layers of shadows

The next ‘wish list’ I often hear is to shine a light on the suppliers that are in play across the extended supply network.  Sub-tier suppliers carry the same vulnerabilities from financial, operational, cyber, ESG, and geopolitical risks, but the shadows are darker and deeper because of their indirect relationship.

A study from the Business Continuity Institute* reported that “40% of COVID-19 related supply disruptions occurred beyond tier 1” suppliers.  Our 2021 Annual Global Supply Chain Report found that visibility into extended supply chains and sub-tier suppliers is becoming critical for procurement organizations.

But across the board, accurately identifying sub-tier suppliers has been one of the biggest challenges for procurement and supplier risk management professionals.  Think about the time and resources required to assess your first-tier suppliers adequately.  Now, extend that to multiple tiers of suppliers with whom you don’t have any organizational or contractual relationship to leverage.  Ugh.

Yet disruptions within the sub-tier supplier network can cause ripple effects across multiple nodes within your supply chain.  Even with multi-source strategies in place, an unknown sub-tier supplier supporting your primary and alternate suppliers creates a single point of failure that may be completely hidden from view.

Illuminating your entire supply network

Developing a more consistent approach to identifying potential supplier risks and vulnerabilities can help protect your business from supply disruptions, unnecessary costs, and reputational harm.

Start with developing a single view into supplier risk across multiple risk factors for all suppliers.  Build upon that to identify the relationships and interdependencies across the extended network of sub-tier suppliers that support your business.  Assess those sub-tier suppliers against the risks that can cause ripple effects up and down your supply chain.

Use fresh, external data to supplement self-reported survey responses and data collected during last year’s annual reviews.  Keep this data fresh, and systematically monitor it in a way that enables you to identify material changes that increase the risk of supply disruptions or events that need quick reaction to stem the impact to your organization.

Map, Monitor and Model; that’s what we call this at Interos.  The Interos Operational Resilience Cloud can help you uncover the hidden risks across your extended supply network and shine a light on the vulnerabilities and potential disruptions before they cause harm to your business.

Go deeper on this topic to explore the hidden risks that lie within and across your extended supply network, how you can uncover those risks, and ultimately reduce your exposure to the unknown.

*Supply Chain Resilience Report 2021, Business Continuity Institute, www.thebci.org, February 2021

Supply Beacon Vol. 2 – Chips, China, and Cyber

The Top 5 Supply Chain News Stories You Need to Know

The Supply Beacon is your monthly resilience digest, the 5-minute supply chain and security news drop you can’t afford to miss, delivered with insights from the experts at Interos. Know what you need to – fast.

What We’re Reading

House Homeland Committee Scrutinizes Cyber Security Directives on Transportation Sector  – Industrial Cyber Pandemic Preparedness
Story summary: A House Joint Subcommittee on Homeland Security met in late October to consider industry-wide cyber security directives for the transportation sector. Subcommittee Chairman Rep. Bennie Thompson (D-Miss.) called on the Transportation Security Administration to work in close collaboration with the Cybersecurity and Infrastructure Security Agency to craft requirements to achieve security industry-wide benefits. If successful, Thompson argued these potential requirements could position the transportation sectors as a model for mandating cybersecurity measures.
Interos Insight: Private entities own and operate more than 86% of the critical infrastructure in the United States. As the US government looks to build requirements for reporting and regulations for industry, transportation leaders are again reminded that cyber security is a national security concern. Transportation companies need visibility into their own companies, but also those in their extended supply chains to avoid potential devastating ripple effects.

 

 

Biden Signs Legislation to Tighten U.S. Restrictions on Huawei, ZTE 
Story summary: President Joe Biden signed The Secure Equipment Act earlier this month that prevents technology companies believed to be security threats like Huawei and ZTE from receiving new equipment licenses from US regulators. The new law is the latest federal effort to crack down on Chinese telecom and tech companies that may pose a cybersecurity threat.
Interos Insight: While the 2019 National Defense Authorization Act (NDAA) banned these companies from selling to Federal agencies, their products are still available for consumers, enterprises, and were – sometimes unknowingly – in the supply chain of other buyers. While the law’s current “Covered Equipment and Services” list only names five foreign companies, Interos’ mapping has identified more than 900 foreign companies that could be of concern with more likely still to be discovered. Interos’ methodology team goes through an ongoing rigorous, manual and automated process to make sure that all related entities are discovered and tracked. With such strong bipartisan support, it is clear that compliance will be required and enforced. Companies with any related parts in their supply chain are encouraged to ensure they have the analytical tools necessary for discovery.
Commerce Adds NSO Group to Entity List for Malicious Cyber Activities
Story summary: The US Commerce Department’s Bureau of Industry and Security (BIS) has added four foreign companies to its Entity List, essentially blacklisting them from trade with US companies. The decision comes as these companies – two from Israel, and one each from Russia and Singapore – were deemed to act in a way that went against the national security or foreign policy interests of the United States. NSO Group and Candiru, the two companies from Israel, reported supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.
Interos Insight: The move is a little surprising as the two Israeli firms operate in an Allied country. Following this announcement, Isaac Benbenisti, a telecommunications executive who joined NSO in August and was recently named to succeed NSO founder and CEO Shalev Hulio, abruptly resigned. These additions to prohibited and restricted entities lists (which are increasingly frequent and unpredictable) illustrate just how quickly the notion of who is safe or unsafe to do business with can change. It also highlights the importance of investing in real-time monitoring solutions that can discover hidden connections to these entities, who often act through seemingly legitimate middlemen that conceal nefarious state and non-state-backed activity.
U.S. Chipmaker Micron Unveils $150bn Global Expansion Plan
Story summary: Micron Technology said it will invest $150 billion in chip manufacturing and research and development over the next decade as governments around the world vie to bring vital semiconductor production on shore.
Interos Insight: As the semiconductor shortage goes on, companies like Micron are evaluating their business model, including the physical locations where their products are made. Countries like the United States have begun creating location-based tax incentives, an about-face after ignoring on-shoring semiconductor production for decades due the high cost. However, Micron notes they expect that production costs in the United States will be 35% to 45% higher than elsewhere. While geographic location is important, Interos’ data connections suggest that most, if not all, semiconductor supply chains are connected to each other. This indicates that although capacity is expanding within industry, it will take more than one company’s investment in capacity to solve the supply and demand problem.
That’s this month’s Supply Beacon. Looking to learn more about supply chain risk and operational resilience? Check out interos.ai. Got a suggestion for next month’s newsletter? Send us the scoop at [email protected] or tweet us at @InterosInc!

Toshiba, GE, and J&J – What Big Corporate Breakups Mean for the Supply Chain

The notion of ‘too big to fail’ gained prominence during the 2008 financial crisis, shifting entrenched perspectives toward landmark corporations. Since then, a very much still-ongoing pandemic has upended the global economy (and the supply chain it depends on) to an even greater degree. Massive technological and geopolitical shifts, coupled with shifting consumer behavior and attitudes, are further prompting renewed introspection as firms rethink resilience in a post-pandemic global economy. Based on recent trends, corporations are again assessing their size, with corporate spin-offs a growing – and potentially defining – feature of the shifting landscape toward greater resilience.

The End of the Conglomerate Era?

For instance, within weeks corporate titans Toshiba, GE, and Johnson & Johnson all announced intentions to spin-off parts of their enterprise. Earlier this year, Dell Technologies made a similar calculation with the spin-off of VMWare, while Siemens and Honeywell also similarly pared down over the last year. In each case, a more efficient business model, optimizing the more profitable product lines, and streamlining business operations have been the driving factors behind the conglomerate breakups.

These recent breakups have been dubbed ‘the end to the era of the conglomerate’. However, they may also be a sign of greater confidence in the global economy. While spinoffs declined during the pandemic, these recent breakups might be an indicator of greater confidence in an economic recovery. Over the last decade, many conglomerates built specialized business lines that were quite distinct from other parts of the company. The pandemic has accelerated these distinctions across business lines, while also amplifying differences in financial performance. The timing may be right for many corporations to build upon economic growth and seek spin-offs to optimize market and investment value as well as growth driven by innovation.

Moreover, the massive economic shocks during 2020 also revealed the fragility and insecurity of hyperspecialized global supply chains. While much attention has been on the efficiencies gained within business lines, discussions of the potential negative outcomes of supply chain efficiencies and of resilience in general are remarkably absent in talk about the impact of corporate break-ups. However, a quick analysis of their supply chains illustrates that these decisions have global implications and ripple throughout large, medium, and small businesses alike.

The Global Impact of Break-Ups

A quick assessment of the supply chains of recent conglomerate break-ups illustrates the global impact of these spin-offs. They are not contained to one single country or industry, but rather ripple across the globe and across sectors. Across Toshiba, GE, and Johnson & Johnson, thousands of tier 1 suppliers are impacted. When extending out to the second and third tiers of those respective supply chains, the numbers jump into the hundreds of thousands of businesses that may be affected. This does not necessarily imply a negative effect, but rather uncertainty that may be introduced into supply chains that continue to feel extended shocks as the global economy realigns and rebounds.

While a third of their tier 1 suppliers are located in the United States, countries across the globe –  including China, the United Kingdom, Brazil, Australia, Egypt, and India – may be impacted by the breakups across these three companies. In addition, the software, machinery, and semiconductor industries are the most prominent in the first tier of these companies, but the impact is much more expansive. From media to IT services to life sciences, companies across the globe and across industries may experience a jolt as these major conglomerates realign their business units and corporate structure.

Supply Chain Ripple Effects in the New Normal

Is it truly the end of the conglomerate era or simply a sign of growing confidence in a transformed global economy? It could reflect a little of both, as new innovations, emerging technologies, shifting consumer demands, and a transition from ‘just in time’ to ‘just in case’ production alter strategic plans. As corporations continue to assess the best path toward resilience in a time of global disruptions, spin-offs likely will continue to emerge as a profitable and efficient part of this calculus.

Over the course of the pandemic, major corporations that lacked visibility into their supply chains learned the hard way of the downstream concentration and geographic risks at far corners of their supply chain. With corporate spin-offs, firms that lack upstream visibility similarly may be surprised to learn that a distant spin-off may impact them. While spin-offs may be a path toward stability for those conglomerates, it could introduce uncertainty for their partners across their immediate and extended supply chains.

The latest breakups are yet another indicator of the new normal, and a range of uncertainty corresponding with dramatic shifts in the global economy, emerging technologies, and geopolitical upheavals. Will the need for renewed ‘focus’ that is driving many of the spin-offs also include a new focus on resilience across supply chains? Is this part of a broader ‘end of the era of the conglomerate’ and if so, will certain sectors be more impacted than others?

At Interos, we will continuously monitor how these breakups propagate across supply chains, including the downstream effects on suppliers across a range of industries and how they may impact risk across the supply chain ecosystem as companies continue to grapple with improving resilience in the new normal.

When 1+1+1 = 5 – The Power of Partners & the Supply Chain

At Interos, our business centers on the ability to provide customers with deep visibility into their complex global supply chains and the web of supplier partners that comprise them.

We provide a technology-based, real-time diagnostic of our customers’ supply chains, alerting them to potential issues and providing the intelligence to make agile course corrections when necessary.

Two important concepts lie at the heart of our business model — trust and transparency.  Companies and organizations today have never been in more need for trusted partners and relationships built on full transparency.

Indeed trust and transparency are fast becoming the new currencies for business and for all business partnerships. That’s because the challenges organizations face today are so demanding and complex that no one can afford to go it alone.

We believe in the power of partnerships and the interdependencies and synergies that make ‘the whole greater than the sum of its parts.”

Bringing Together Three Industry Disrupters

And that’s why I’m thrilled that earlier today, Interos announced new strategic partnerships with Accenture Ventures’ Project Spotlight program and Coupa Ventures, the world’s leading technology platform for managing business transactions across procurement, payments, and supply chain.

These two agenda-setting companies have joined our $100 million Series-C funding round as we continue to grow our Operational Resilience Cloud, which combines the power of our proprietary AI algorithm with the world’s largest repository of supplier-relationship data.  All of which helps businesses monitor supplier compliance for labor, financial and environmental regulations, pending natural disaster issues, trade disputes and potential geopolitical conflicts, among others.

Accenture and Coupa join an already robust group of investors and partners at Interos, including Kleiner Perkins, Venrock and NightDragon, who led our Series C funding round. They also join a host of other industry partners that provide the resources and capabilites that have enabled us to become first-to-market in the burgeoning operational resilience industry.

The Power of Partnership

Like all businesses, the strength of Interos comes from our partnerships and the increased combined value we can bring customers. It’s truly a case of “1+1 +1=5”.

With Accenture onboard as a partner, they provide us with extraordinary strategic counsel capabilities across the supply chain and operational resilience landscapes. At the same time, their customers now gain access to a real-time feed of supply chain risk and operational resilience information trusted by Accenture.

Coupa brings world-class transaction management capabilities which will help businesses further identify and mitigate risks to their supply chains and business spend operations.

Both partners will also be integral in supporting new innovations.  We will work closely with them to indentify and bring to market new products and solutions that will further help our customers gain operational resilience and a stronger footing for continued growth.

I could not be more exciting about this latest development.  We’re bringing together partners who share similar cultures and values, bring to bear complementary capabilities, and are passionate about the power of global supply chain innovations in saving businesses and the planet in our rapidly approaching post-pandemic world.

These types of partnerships don’t happen overnight. It takes hard work, substantial due diligence, extended negotiations, clear, consistent and authentic communication and a candid assessment of each other’s strengths and weaknesses.

And, of course, it requires a healthy dose of self awareness.  All market-leading organizations understands when to buy, build, and partner. For instance, you  can be the strongest product creator in your market and just not be equipped to handle the services side of things or vice-versa.

The Road Ahead

As we continue to bring to market the world’s strongest supply-chain visibility and diagnostic platforms, we will continue to work with incredible partners that share our commitment of providing the highest levels of trust and transparency across all business relationships.

Accenture and Coupa fit that bill for us, and we do the same for them.

That’s the true power of partnership. And we can’t wait to get started.

Big things ahead. Stay tuned.

Supply Chain Risk – Procurement to the Rescue!

Lay people often see the procurement organization as a back-office function whose role in managing the supply chain is to deliver consistency and control over spending processes.

Those who encounter procurement infrequently, such as making a one-off purchase request, may view procurement as a necessary evil.  “Of course we need to manage our spend, but why can’t I just buy what I need when I need it?”

Those who are in the know recognize procurement as something else entirely: buyers, planners, category leaders, contract negotiators, developers of strategic suppliers, financial stewards, and risk managers.

For many organizations, procurement has become the humble hero who has kept the wheels of industry turning during these challenging times. They’ve identified weak spots in the supply chain, alerting stakeholders to impending challenges. They’ve aided the CFO in managing cash and improving working capital. They’ve driven corporate ESG initiatives into a broad base of suppliers, and they’ve responded quickly and with agility to ensure supply when sources slowed down or dried up completely.

Becoming a Supply Chain hero

Procurement’s visibility within the executive board room may be at an all-time high, and their contributions have led to even higher expectations. Many procurement teams are embracing this momentum to deliver much-needed initiatives to improve operational resilience across their supply chains.

I recently participated in a fireside chat during the America’s Procurement Congress with James Westgarth, Senior Director of Procurement Performance, Systems & Excellence at Lufthansa. He was too modest to claim the “hero” title, but what he shared with the audience regarding Lufthansa’s procurement team’s response to the COVID-19 pandemic is genuinely remarkable. For an organization that was essentially spending one million Euro per hour, they stepped up to support cash management initiatives while pivoting buying programs to identify new sources and cost savings. James is one of many procurement practitioners I’ve spoken to recently that have embraced agility to keep their businesses running.

Check out the recording of this fireside chat to hear James’ thoughts on resilience, agility, procurement’s role in ESG, and the skill sets required for procurement teams of the future!

Wear that cape with pride

The multi-faceted aspects of supply chain risks have become abundantly clear over the last few months. Organizations must become more aware of their supply chain partners and the sub-tier suppliers that make up their extended supply network. And procurement is taking the lead on gaining visibility across risk factors from financials, governance, and location-based risks to environmental impacts, labor practices, and geopolitical issues.

“We didn’t see that coming” isn’t an acceptable answer anymore. In a post-pandemic world (assuming we’ll get there someday), digitalization and the use of data and analysis in planning and risk management have taken on renewed importance. The whole organization, especially procurement teams, must uncover the hidden risks that could cause ripple effects up and down the extended supply network.

During our conversation, James and I agreed that operational resilience requires agility, and agility requires visibility. Detecting an impending disruption further upstream in the supply chain provides more time to analyze, plan and execute a response.  Organizations with deeper and broader visibility of risks across their extended supply networks will be more agile and the most resilient.  And they can thank their procurement teams for the heroic work that happens behind the scenes.

Join us! James and I will dive deep into this topic during an online panel on November 18. Click here to learn more and sign up!

In the meantime, for more information on how AI and machine learning can help tackle supply chain risk and build operational resilience, check out interos.ai.

 

 

Interos CISO Insight Series: 6 Vital Findings into Supply Chain Security

Interos recently hosted a roundtable for financial services industry (FSI) security professionals to discuss supply chain challenges. The event included 30 FSI participants and several of Interos’ supply chain security experts. The six most important findings of the event are below:

1: Only 10% of participants monitor their supply chain past the first level.

We see this all the time: most organizations have little or no visibility past their direct, first-tier suppliers. This lack of awareness can be challenging when dealing with a cyber breach such as Kaseya. The chief information security officer (CISO) has no idea how such an event could impact their organization. The CISO must wait for a vendor to notify them of a breach or detect an attack in progress. Which forces them to be reactive in a potentially catastrophic situation.

2: Most do not continuously monitor first-tier suppliers or only use third-party risk software for annual reviews.

This feedback was disappointing but expected. Many participants said they employed third-party risk software but had not actively used it to make changes. If the organization is not actively mapping and monitoring the supply chain, it can be challenging to understand the bigger picture and anticipate future risks.

3: Many don’t know what to do with the information they receive from third-party risk tools.

More information does not necessarily help the CISO if they cannot use it to make proactive decisions to improve security posture. Much of the risk scoring uses past events or surveys. While third-party risk scoring solutions can be helpful, they often don’t provide real insight into the bigger picture of the risks in an organization’s supply chain. A CISO trying to be proactive and remediate issues will need an awareness of the entire supply chain to understand potential weaknesses.

4: Very little supplier vetting is done during onboarding, which takes 4-6 weeks on average.

This area was the most crucial topic for attendees. All agreed vetting of new or existing suppliers is the most common supply chain task given to a CISO organization, and the most frustrating. The cyber team may have no onboarding requests this week and five next week. This variance is disruptive to planning and staffing efforts. Vetting is usually done by sending and correlating surveys. The challenge is getting surveys back quickly and completely. At Interos we use public sources of information to build the risk score of a potential supplier which dramatically reduces the workload on cyber teams.

5: Many feel pressure to speed up onboard checking, especially for critical suppliers.

If suppliers don’t complete or bother to return the survey, it can cause issues for the CISO. With the recent supply chain disruptions caused by trade disputes, COVID-19, the Suez Canal, etc., the need to onboard suppliers quickly and correctly has never been more critical. A CEO telling the CISO that the company is shut down until they complete the risk report is an all too uncommon experience. There is unrelenting pressure to pass suppliers regardless of holistic vetting. 

6: Little or no ability to remove a supplier for cyber reasons if they were in good standing otherwise.

The importance of properly screening new suppliers is often only realized months later. Interos gives cyber teams more time to analyze the situation. For example, Interos checks U.S. federal and EU sanctions lists automatically in the risk profile to detect if the new supplier is using a sanctioned entity. With this extra time, a CISO would guide the purchasing team to include language in the contract that this forbidden entity cannot be used in products. Therefore, a CISO would avoid a future problem instead of telling the factory to scrap the entire production line.

Conclusion: Visibility, automation, and better insights help everyone 

The stress on cyber teams to onboard and monitor suppliers will worsen as supply chain disruptions continue. CISO and cyber teams need to get it right, in the beginning, to avoid future disruption and breaches. Interos empowers the CISO to correctly score the risk promptly, reducing the stress on them and their teams. In turn, benefiting the organization and its customers.

Interos Operational Resilience solution can provide the CISO a vital advantage in dealing with supply chain issues. Please see it in action at https://www.interos.ai/resources/interos-product-overview/

Help Procurement Teams See Total Supplier Value

It’s time to assess suppliers through a risk and resilience framework

Procurement teams are acutely aware of how their sourcing and spending decisions impact operational resilience. For instance, those who work in financial services recognize the necessity of meeting regulatory and compliance requirements. Within consumer goods organizations, procurement professionals have to ensure that products are available, and that their brand image is well represented. While in industrial manufacturing, they know all too well what happens within the supply chain when a supplier’s reliability or quality degrades. In many ways, supplier selection is the most important task for a procurement team given the potential for positive or negative business impact.

Given that, procurement and sourcing professionals have gone to great lengths to ensure that they evaluate suppliers according to the total value they bring to the table. But what is supplier value and how is it measured? Do those considerations only apply to the primary supplier, or to the extended supplier network?

What determines supplier value to a procurement team?

Measuring supplier value is part science and part art. Depending on the category of spend, the criticality of what is being sourced, and your overall objectives, value determinations can vary greatly. And so can the methods for arriving at that value.

For commonplace goods and supplies (say, wire hangers or office supplies), a supplier’s value may be primarily measured by unit price and speed to fulfill. But for more complex or hard-to-source goods or services, things like warrantees, add-on services, and customization can increase value. The more critical the supply is to the business, the higher the value of supplier reliability, quality, positive relationships, and stakeholder preferences.

Similarly, methods of evaluating the value attributes can vary as the complexity and criticality of the purchase increases. A simple Request for Information (RFI) to tick off pre-requisites may suffice before holding a reverse auction for basic goods. More extensive RFI and profile questions, with weighting and scoring of responses within a Request for Proposal (RFP)/Request for Quote (RFQ), may take procurement deeper into a value assessment.  In some cases, external data augmenting extensive RFIs and constraint-based scenario analysis may provide a more detailed evaluation of supplier value. Site visits, prototypes, references, in-depth research, and background checks may also come into play.

But these are somewhat narrowly focused evaluations of what value the supplier can bring to the table and where they can add value in the course of supplying a specified good or service. What about the negative aspects of value, the risks the supplier may bring along as well?

The increasing relevance of supplier risk

It’s now all too clear that businesses are increasingly interconnected and dependent upon extended and often specialized supply chains. There are innumerable examples of supplier failures, supply disruptions, and other business challenges stemming from extended supply chains.  It’s not just manufacturers suffering from disruptions within the critical supply chains that serve as the lifeblood of their operations. Businesses across all industries and of all sizes have been cast in these stories.

When a key supplier fails to deliver, your entire business could come to screeching halt. If a sub-tier supplier is using forced labor, or is damaging the environment, your brand reputation could take a major hit. A data breach at an outsourced service provider could expose you to embarrassment, fines, and even lawsuits.

Unfortunately, these aren’t hypotheticals or even rare occurrences anymore, as shown by the results of a recent Interos survey. A full 94% of 900 organizational supply chain decision makers reported they had suffered a supply chain disruption over the last two years, amounting to an average of $184 million in lost revenue. On top of that impact, 83% also suffered reputational damage because of issues that arose in their extended supply chains.

The list of supply chain threats is long. Supplier financial instability. Global health pandemics and rising case counts. Natural or man-made disasters. ESG and reputational impacts. Cyber attacks, ransomware, and data breaches. Shifting geopolitical and trade policy winds. Regulatory changes, sanctions, and restricted lists. All of these are having an increasingly visible impact on local and global, physical and digital, primary suppliers and extended supply networks.

Procurement’s expanding view of supplier value and risk

Executive teams and their boards are now meeting monthly, on average, to discuss supply chain risk and disruptions, per the responses received in our global survey. And the discussions are leading procurement towards a broader assessment of supplier risk and operational resilience, and at deeper levels within the supply network. Procurement teams that haven’t taken the initiative to apply new approaches to supply risk are being asked to get onboard quickly.

There is ample evidence of procurement’s expanding view of supplier risk. Initiatives to include more multi-source options, alternates, and backups in case of a disruption. Diversifying geographical concentration to ward off the threat of supply problems caused by weather events, infrastructure constraints, labor issues, or political strife. Deeper financial analysis, ESG alignment, and contractual obligations have been used to protect the business from surprises. Contingency planning and scenario analysis can provide much needed agility and reduce negative impacts to the business.

As supply networks grow and become more complicated, so too do the risks that are hidden from casual evaluations. Supplier self-reported survey responses, point-in-time assessments, and a shallow review of primary suppliers just don’t cut it anymore. Claiming a lack of visibility into sub-tier supplier risks or an inability to anticipate problems across the supply network are poor excuses, and ones CEOs will not tolerate any longer.

Incorporating risk and resilience into supplier value

An overnight shift to reign in extended supply networks isn’t in the cards. Businesses and their supply chains have evolved over decades to focus on core competencies, strengths, and specializations. Today’s (often global) extended supply networks have created nested dependencies across multiple tiers of suppliers. As such, a shortage, quality issue, or even a reputational hazard in a lower-tier supply node has the potential to cause a debilitating ripple effect.

Multi-sourcing strategies, safety stocks, and other contingency plans are in place to ward off the immediate impacts of a failure somewhere within the supply network. But there is only so much “what if?” analysis that can be done when there are risks hidden within your supply chain.

Uncovering the hidden risks and identifying and assessing their potential impact to the business, can help procurement organizations build resilience into their supply networks proactively. Deeper visibility into your supplier’s suppliers, down to the original sources, can help identify sole-source situations in lower tiers, unseen geographic concentrations, and financial problems that could undercut a healthy primary supplier’s ability to support your business.

“When you can see everything, you can do anything” is Interos’ motto, because visibility into hidden risks is a key factor in building resilience into your business. A deeper view of multi-tier relationships and dependencies, and a broad view of multiple risk factors, can show you more about the value, or the risk, a supplier brings to the table.

The value lies in that supplier’s resilience—a state that includes not only their own resilience, but resilience at their sub-tier suppliers as well. And with that information at hand, procurement teams can evaluate suppliers more holistically, with a keen eye towards the potential risks of one supplier over the other, to make better decisions.

Get more actionable insights for procurement teams

Watch this in-depth and revealing discussion on how procurement and sourcing professionals can:

  • Gain insight into how existing supplier evaluation approaches are falling short
  • Leverage technology to avoid risk and build resilience
  • Improve what they bring to the table as organizations look for ways to see and avoid risks

 

 

 

Supply Chain Risk Management Methods Lag Behind New Risks—and Costs are Rising

Monitoring Frequency

Supply chain shocks are causing debilitating effects on large organizations, especially financially. This impact alone is enough to cause significant damage. With so much on the line, businesses need to know if their current supply chain risk management (SCRM) tools and processes are up to the challenge.

Our new whitepaper, “Supply Chain Disruptions and the High Cost of the Status Quo,” based on a survey of 900 enterprise decision makers about their risk management practices, found:

  • Only 34% assess their global supply chain on a continuous basis.
  • The remaining 66% do so every month or less.

That means the majority or organizations are operating with large gaps in their supplier visibility and risk mitigation solutions. As discussed in a previous post, that vulnerability is costly:

  • On average, global supply chain disruptions cost enterprise-level organizations $184 million in lost revenue per year.

Assessment Methods

The frequency of measurement depends on the type of SCRM methods an organization uses —manual or automated. The former measures supply chains on an irregular basis and at one point in time, while the latter provides feedback in real time on a continuous basis. Nearly three quarters (74%) of organizations use manual methods at least some of the time, with only just over a quarter (26%) solely using automated methods.

There is a current reliance for infrequent monitoring in all sectors. The enormous financial impact many suffer proves current methods are ineffectual, and organizations need to focus on switching to more automated methods because they are still blind to many of the shocks occurring in their supply chain.

Therefore, it’s not surprising that the majority of decision makers (63%) admit that they need to make improvements to their ability to continuously monitor their supply chains.

 

Visibility is currently a critical weakness among many organizations, especially the ability to see in-depth across sub-tiers in the supply chain. Automatic methods can alleviate this deficit in organizations’ supply chain risk management systems. In fact, when asked to name the benefits of using a fully automated method would be, 64% rank supply chain visibility (ecosystem awareness) as the greatest benefit.

Automatic methods may help to reduce the financial burden brought about by disruptions, with two other benefits which rank highly including cost avoidance (56%) and cost reduction (56%). What is clear is that all supply chain decision makers (100%) believe there are benefits to using automatic methods.

Organizations should view an effective and robust monitoring system as essential. Current methods are likely inadequate at preventing large-scale financial damage as a result of supply chains shocks. Those who employ the most efficient methods are likely to be in the best position to protect themselves going forward.

Get More Data on SCRM/TPRM Practices and Improving Risk Mitigation

Our paper goes into more detail on the importance of visibility and supply chain risk management needs, as well as what current practices are helping organizations mitigate risk and which are not up to the task. Get all the insights here.