Download the Report - Oliver Wyman
Download the Report - Oliver Wyman
Download the Report - Oliver Wyman
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
SPRING 2009<br />
www.cpoagenda.com<br />
THE BUSINESS REVIEW FOR PROCUREMENT LEADERS<br />
SPECIAL FOCUS:<br />
RISK &<br />
RECESSION<br />
An upside to <strong>the</strong> downturn<br />
Capturing <strong>the</strong> high ground on<br />
purchasing-related risks
RISK MANAGEMENT<br />
Anupside<br />
downturn<br />
to <strong>the</strong><br />
Current economic conditions give CPOs <strong>the</strong><br />
chance to build an organisation that not only<br />
protects against <strong>the</strong> downside of purchasingrelated<br />
risks but also captures <strong>the</strong> upside<br />
by Stephen Finch, Ashley Hubka and Grégory Kochersperger<br />
With markets and economies<br />
in turmoil, boards<br />
and top management<br />
are acutely focused on<br />
risk and risk management.<br />
For CPOs, <strong>the</strong> consequences of risk<br />
are all too clear: supplier bankruptcies<br />
leave purchasing departments scrambling<br />
to find alternative sources to avoid disruptions<br />
in production schedules; record<br />
volatility in raw material markets calls<br />
established hedging policies into question;<br />
while suppliers pressured to reduce<br />
costs fur<strong>the</strong>r may cut corners on quality<br />
standards or miss delivery dates.<br />
Today, CPOs are expected to deliver<br />
more, even as <strong>the</strong>ir resources are being<br />
scrutinised and potentially reduced. But<br />
trying times also present opportunities.<br />
While <strong>the</strong>y have a responsibility to reduce<br />
purchasing spend and manage purchasingrelated<br />
risk exposure, if <strong>the</strong>y approach<br />
risk management in <strong>the</strong> right way <strong>the</strong>y<br />
can open up new avenues for growth and<br />
build competitive advantage. For CPOs –<br />
and <strong>the</strong>ir companies – <strong>the</strong>re’s an upside to<br />
<strong>the</strong> downturn.<br />
<strong>Oliver</strong> <strong>Wyman</strong>, an international management<br />
consultancy, partnered with<br />
CPO Agenda to assess <strong>the</strong> current state of<br />
purchasing risk management, to identify<br />
concerns and best practices, and to offer<br />
guidance to CPOs charged with delivering<br />
results and developing <strong>the</strong>ir organisations’<br />
capabilities to deal with <strong>the</strong> new reality.<br />
Drawing on a study of 150 companies<br />
in late 2008 and early 2009, including<br />
over 70 hours of interviews with senior<br />
executives and procurement leaders (see<br />
Briefing box on page 56 for more information),<br />
we found:<br />
• widespread vulnerability to purchasingrelated<br />
risks – most importantly, strategic,<br />
operational and financial risks;<br />
• a belief that most types of purchasingrelated<br />
risks will increase in importance<br />
over <strong>the</strong> next five years;<br />
• significant variability in <strong>the</strong> level of<br />
organisational maturity in dealing with<br />
purchasing-related risks;<br />
• many companies struggling to build a<br />
culture of risk awareness, embed risk<br />
management in day-to-day purchasing<br />
activities, and address risk in analytically<br />
robust ways;<br />
• few world-class companies using crossfunctional<br />
and integrated approaches to<br />
manage purchasing-related risks as a core<br />
business issue.<br />
In this article, we offer a new way to look<br />
at risk; a framework to assess <strong>the</strong> maturity<br />
of your company’s risk management<br />
capability; specific steps to master <strong>the</strong><br />
fundamentals and manage <strong>the</strong> downside;<br />
and best practices to drive world-class<br />
performance and capture <strong>the</strong> upside. ↘<br />
ILLUSTRATION: JAMES FRYER<br />
www.cpoagenda.com<br />
SPRING 2009 | CPO AGENDA
FIGURE 1: PURCHASING-RELATED RISK CATEGORIES AND IMPACTS<br />
RISK CATEGORY AND DESCRIPTION<br />
Strategic<br />
Operational<br />
Financial<br />
Hazard<br />
Human<br />
capital<br />
External risks that threaten to undermine<br />
<strong>the</strong> business model (eg, competitive threats,<br />
technology shifts, new forms of competition)<br />
Ineffectiveness or breakdown in a company’s<br />
supply chain, customer service, operations or<br />
legal compliance<br />
Fluctuations in financial market prices, such<br />
as foreign exchange rates, interest rates and<br />
commodity prices<br />
Risks that arise from adverse external events<br />
(eg, major property, casualty, environmental or<br />
geopolitical incidents)<br />
Risks arising from challenges related to <strong>the</strong><br />
company’s leadership, talent and related human<br />
capital systems<br />
KEY AREAS OF RISK IMPACT<br />
Cost Revenue Viability<br />
Purchase Total cost Current Future Corporate social<br />
price of ownership sources innovation responsibility, reputation, etc<br />
✔<br />
✔<br />
✔<br />
✔<br />
✔<br />
✔<br />
✔<br />
✔<br />
✔ ✔ ✔<br />
✔<br />
✔<br />
✔<br />
✔<br />
✔<br />
% rating<br />
as top<br />
area of<br />
risk<br />
17%<br />
54%<br />
25%<br />
3%<br />
1%<br />
SOURCE: OLIVER WYMAN SURVEY AND INTERVIEWS, N=150<br />
Vulnerability/opportunity:<br />
<strong>the</strong> two faces of risk<br />
Purchasing-related risks are not new.<br />
But as companies and <strong>the</strong>ir markets have<br />
become more global and more complex,<br />
<strong>the</strong> potential impact of <strong>the</strong>se risks has<br />
increased. Purchasing-related risks can<br />
now affect <strong>the</strong> business as a whole to a<br />
much greater degree and damage <strong>the</strong> key<br />
drivers of corporate performance: costs,<br />
revenues, and even <strong>the</strong> viability of <strong>the</strong><br />
business. This broader impact stems from<br />
a number of factors.<br />
First, many companies now manage<br />
supply chains that span <strong>the</strong> globe to take<br />
advantage of low-cost country sourcing.<br />
This introduces new sources of transportation,<br />
security and cross-border risk,<br />
with 57 per cent of companies surveyed<br />
Stephen Finch (stephen.finch@<br />
oliverwyman.com) and Ashley Hubka<br />
(ashley.hubka@oliverwyman.com) are<br />
partners at <strong>Oliver</strong> <strong>Wyman</strong>, an international<br />
management consultancy, based in<br />
London and Boston respectively. Grégory<br />
Kochersperger (gregory.kochersperger@<br />
oliverwyman.com) is a partner in <strong>the</strong><br />
firm’s Paris office and is head of its global<br />
value sourcing-led operations practice.<br />
The authors thank Laurent Guerry, Erica<br />
Nielsen, Elda Simonaska and Steve Won for<br />
<strong>the</strong>ir invaluable assistance in developing<br />
this article<br />
indicating that low-cost country sourcing<br />
had increased <strong>the</strong>ir risk level. Second, suppliers<br />
are responsible for a greater range<br />
of products and services today than in <strong>the</strong><br />
past as companies have outsourced noncore<br />
activities; 38 per cent of respondents<br />
said outsourcing had also increased <strong>the</strong>ir<br />
risk level. Third, development and execution<br />
cycles have been compressed, leading<br />
to more sole or single-source arrangements<br />
to meet aggressive deadlines. One<br />
executive wryly noted: “As we’ve reduced<br />
<strong>the</strong> supplier base, we’ve become so reliant<br />
on something that we cannot control that<br />
it’s difficult to manage <strong>the</strong> business.”<br />
Tumultuous economic conditions<br />
exacerbate <strong>the</strong> situation and expose purchasing-related<br />
risks that were previously<br />
hidden. As figure 1 shows, senior executives<br />
and purchasing leaders are most<br />
concerned with operational, financial<br />
and strategic risks. Moreover, companies<br />
surveyed believe that <strong>the</strong>ir purchasingrelated<br />
risk profile is likely to increase over<br />
<strong>the</strong> next five years: 68 per cent saw <strong>the</strong><br />
importance of financial risks increasing;<br />
54 per cent saw strategic risks rising; and<br />
48 per cent saw operational risks increasing<br />
(see figure 2).<br />
In this context, many CPOs will empathise<br />
with a purchasing executive from<br />
a building materials company who said:<br />
“Under normal business conditions I<br />
would be fairly confident with our risk<br />
management processes. But, given <strong>the</strong><br />
adverse economic conditions, I don’t have<br />
a good feeling… only time will tell.”<br />
Never<strong>the</strong>less, <strong>the</strong>re is often a hidden<br />
upside to many risks for those companies<br />
prepared to act creatively to turn potential<br />
adversity into advantage. Treating purchasing-related<br />
risks as business issues, looking<br />
across <strong>the</strong> value chain and making “front to<br />
back” connections (R&D and manufacturing<br />
to sales and end customers) allows <strong>the</strong><br />
commercial side of <strong>the</strong> business to anticipate<br />
and adjust more rapidly to changes<br />
in <strong>the</strong> purchasing environment – and<br />
vice versa. The result is greater customer<br />
responsiveness, faster revenue growth and<br />
new sources of innovation, as well as better<br />
downside protection and cost control.<br />
Consider a few concrete risks:<br />
• Strategic risk: managing external<br />
alliances to accelerate<br />
growth. Many companies judge <strong>the</strong> risk<br />
of losing product formulations or intellectual<br />
property to suppliers to be too high<br />
to build deep, mutually beneficial strategic<br />
partnerships. As a result, <strong>the</strong>y bear <strong>the</strong><br />
full costs of research and development.<br />
By contrast, Procter & Gamble has set an<br />
aggressive target of half of its total innovation<br />
to come from external sources. The<br />
company is already enjoying a payoff in<br />
terms of new product introductions and<br />
formulations brought by, or developed<br />
in conjunction with, suppliers, lowering<br />
<strong>the</strong> development cost per product and<br />
increasing <strong>the</strong> range of new ideas to test<br />
CPO AGENDA | SPRING 2009 www.cpoagenda.com
RISK MANAGEMENT<br />
with customers. P&G manages <strong>the</strong> inherent<br />
risks through careful partner selection<br />
and a business system that aligns all parties’<br />
interests.<br />
• Operational risk: sharing risk to<br />
lower costs and improve supply<br />
security. The downside associated with<br />
operational risks is a familiar litany – late<br />
delivery, non-delivery, poor quality – each<br />
of which affects internal operations, resulting<br />
in lost revenue, reduced profitability,<br />
delayed introduction of a new product, or<br />
damage to <strong>the</strong> brand. During <strong>the</strong> tech boom,<br />
Hewlett-Packard faced a shortfall of memory<br />
devices used in its highly profitable<br />
printers, threatening to upset customers<br />
and investors with missed shipments. To<br />
address this supply problem, HP created its<br />
Procurement Risk Management (PRM) programme.<br />
This uses sophisticated analytics<br />
to segment projected component volumes<br />
into different tiers. HP <strong>the</strong>n negotiates with<br />
suppliers to match <strong>the</strong> component’s price to<br />
<strong>the</strong> strength of HP’s volume commitment.<br />
For example, for core demand, HP will<br />
negotiate a low price and offer a guaranteed<br />
purchase volume to <strong>the</strong> supplier. For less<br />
certain demand, HP accepts a higher price<br />
but does not commit to fixed volumes. For<br />
highly uncertain demand, HP meeets its<br />
needs on spot markets. The value of this<br />
approach is that demand risk is shared<br />
between HP and its suppliers, with those<br />
bearing <strong>the</strong> risk receiving <strong>the</strong> rewards.<br />
Through PRM, HP has saved over $100 million<br />
and has become a “customer of choice”<br />
when supply markets get tight, creating a<br />
powerful competitive advantage.<br />
• Financial risk: using input price<br />
volatility to increase margins<br />
and sales. Of those companies surveyed<br />
that indicated financial risks were <strong>the</strong><br />
most important, only 38 per cent systematically<br />
passed input price increases<br />
through to customers as a risk mitigation<br />
strategy. Compared with hedging, contract<br />
terms and conditions, and o<strong>the</strong>r technical<br />
instruments, pricing is often an underplayed<br />
financial risk mitigation tool.<br />
Faced with an impending increase in<br />
raw materials prices that, unabated, would<br />
have more than halved its Ebitda (earnings<br />
before interest, taxes, depreciation<br />
and amortisation), an industrial products<br />
manufacturer with which we have worked<br />
FIGURE 2: EXPECTED CHANGE IN PURCHASING-RELATED RISKS<br />
OVER THE NEXT FIVE YEARS<br />
Strategic risks<br />
Operational risks<br />
Financial risks<br />
Human capital risks<br />
Hazard risks<br />
26%<br />
% of respondents<br />
expecting a decrease<br />
15%<br />
16%<br />
11%<br />
5%<br />
used <strong>the</strong> crisis to implement a new pricing<br />
approach. Ra<strong>the</strong>r than leave <strong>the</strong> problem to<br />
be dealt with independently by each country<br />
and category manager, <strong>the</strong> company<br />
rapidly built a central pricing capability.<br />
The result, visible less than two months<br />
later, was a set of industry-leading price<br />
moves based on a deep understanding of<br />
price sensitivity by country and channel,<br />
an integrated view of costs and margins,<br />
and a co-ordinated perspective on each<br />
competitor’s likely pricing moves.<br />
Not only was <strong>the</strong> cost increase more<br />
than offset (unlike many competitors,<br />
<strong>the</strong> company improved its margins in this<br />
period), but <strong>the</strong> new capability served as<br />
<strong>the</strong> catalyst for an ongoing series of highly<br />
profitable top-line initiatives.<br />
• Hazard risk: turning supply risk<br />
into revenue growth. When<br />
Hurricane Mitch devastated banana plantations<br />
in Honduras, Nicaragua and<br />
Guatemala in 1998, Dole and Chiquita<br />
experienced strikingly different consequences.<br />
Dole lost 25 per cent of its global<br />
capacity and suffered shortages for more<br />
than a year. In contrast, Chiquita had<br />
already recognised <strong>the</strong> risk of being<br />
dependent on <strong>the</strong> region and had developed<br />
secondary sources elsewhere before<br />
<strong>the</strong> storm hit. Unlike Dole, Chiquita quickly<br />
moved to tap its alternative sources and<br />
increase production in o<strong>the</strong>r locations.<br />
The net result was that Dole’s revenues<br />
decreased by 4 per cent for <strong>the</strong> year, while<br />
Chiquita’s increased by 4 per cent. Dole’s<br />
risk management practices did not protect<br />
it from a costly downside, while Chiquita’s<br />
allowed it to maintain its growth.<br />
% of respondents<br />
expecting an increase<br />
19%<br />
30%<br />
48%<br />
54%<br />
68%<br />
SOURCE: OLIVER WYMAN SURVEY, N=87<br />
What <strong>the</strong>se examples show is that<br />
approaching purchasing-related risks<br />
from a business, ra<strong>the</strong>r than functional,<br />
perspective can generate opportunities for<br />
value creation. But capturing <strong>the</strong> upside<br />
requires that purchasing be tuned to a<br />
customer and competitive perspective<br />
and work closely with o<strong>the</strong>r functions<br />
such as R&D, manufacturing and sales<br />
– a significant shift in intent, approach<br />
and capability. Indeed, all elements of<br />
<strong>the</strong> purchasing function (strategy, process,<br />
organisation, resources and systems)<br />
must be enhanced.<br />
Levels of maturity<br />
Through our client work and recent<br />
research, we have observed significant<br />
variability in <strong>the</strong> level of organisational<br />
maturity in dealing with purchasingrelated<br />
risks. Based on <strong>the</strong>se interactions,<br />
we have developed a risk management<br />
maturity framework, as shown in fi g -<br />
ure 3. “Unstructured” companies (those<br />
at level 1) react in an ad hoc manner to<br />
each risk as it arises. “Reactive” (level<br />
2) companies have predefined processes<br />
to respond if a risk rears its head.<br />
“Proactive” (level 3) companies establish<br />
approaches and contingency plans to<br />
anticipate and counter <strong>the</strong>ir highest priority<br />
risks; <strong>the</strong>y are highly competent at<br />
downside protection. “Cross-functional”<br />
(level 4) companies, meanwhile, approach<br />
risk management in a strongly integrated<br />
manner, collaborating closely both internally<br />
and with suppliers. And at level 5,<br />
“value-creating” companies systematically<br />
seek to exploit <strong>the</strong> upside and view<br />
www.cpoagenda.com<br />
SPRING 2009 | CPO AGENDA
FIGURE 3: THE DIFFERENT LEVELS OF MATURITY IN RISK MANAGEMENT<br />
PURCHASING-RELATED RISK MANAGEMENT MATURITY LEVELS<br />
1: Unstructured 2: Reactive 3: Proactive<br />
4: Cross-functional 5: Value-creating<br />
Strategy<br />
“Fire fighting” approach to<br />
risk management – ad hoc<br />
every time<br />
Reactive approach to risk<br />
management – organised<br />
to handle crises when <strong>the</strong>y<br />
occur<br />
Proactive approach to risk<br />
management – anticipates<br />
risks, creates contingencies<br />
Cross-functional approach<br />
to risk management – an<br />
integrated view across <strong>the</strong><br />
value chain<br />
Value-creating approach<br />
to risk management –<br />
systematically looks for<br />
an upside or competitive<br />
advantage<br />
Formal, well-established,<br />
standardised processes<br />
across <strong>the</strong> company<br />
ORGANISATIONAL DIMENSIONS<br />
Processes<br />
Organisation<br />
Resources<br />
No processes to identify or<br />
manage risks<br />
No risk structures<br />
Resources outside purchasing<br />
address risks<br />
Formal processes at supplier<br />
selection/negotiation only<br />
Purchasing management<br />
risk committee<br />
Ad hoc purchasing resources<br />
No risk-specific expertise<br />
Formal, proactive processes<br />
– mainly for operational and<br />
financial risks<br />
Purchasing management<br />
risk committee reporting<br />
to top management<br />
Part-time purchasing<br />
resources<br />
Limited risk-specific expertise<br />
Formal, proactive processes<br />
for all major risks<br />
Cross-functional risk<br />
committee involving top<br />
management<br />
Dedicated purchasing<br />
resources plus crossfunctional<br />
input<br />
Risk-specific expertise<br />
Cross-functional risk<br />
committee involving top<br />
management and suppliers<br />
Network of risk specialists<br />
inside and outside company<br />
Highly trained experts<br />
Systems<br />
No risk systems<br />
Mostly manual systems<br />
No risk KPIs<br />
Basic IT systems using<br />
purchasing data<br />
Qualitative risk KPIs<br />
Specialised IT systems<br />
leveraging cross-functional<br />
data<br />
Qualitative and quantitative<br />
risk KPIs<br />
Automated IT systems<br />
leveraging cross-functional<br />
and supplier data<br />
Qualitative and quantitative<br />
risk KPIs<br />
SOURCE: OLIVER WYMAN<br />
purchasing as a full partner in addressing<br />
strategic issues, driving growth and creating<br />
new value, not just as a contributor to<br />
cost competitiveness.<br />
As figure 4 shows (see page 58), nearly all<br />
of <strong>the</strong> companies in our recent research fell<br />
between levels 1 and 3. Attaining a solid level<br />
3 proactive capability is, we suggest, <strong>the</strong><br />
minimum performance standard required<br />
to control <strong>the</strong> costs of purchasing-related<br />
risks, and has become a critical organisational<br />
competency. Levels 4 and 5 represent<br />
an opportunity for fur<strong>the</strong>r improvement<br />
for businesses that have mastered <strong>the</strong> fundamentals<br />
of risk management.<br />
Comparing <strong>the</strong> two ends of <strong>the</strong> spectrum<br />
on five organisational dimensions<br />
provides a clear understanding of <strong>the</strong> differences<br />
between companies still working<br />
to control <strong>the</strong> downside and those beginning<br />
to capitalise on <strong>the</strong> upside.<br />
• Strategy. Level 1 companies accept<br />
risk as a cost of doing business and lack<br />
even <strong>the</strong> most basic risk management<br />
approaches. Level 2 and 3 companies focus<br />
on implementing adequate risk management<br />
structures and processes to control<br />
costs. A marked shift in mindset and capabilities<br />
takes place after level 3, with levels<br />
4 and 5 representing an emerging frontier<br />
of performance where <strong>the</strong> goal is to use<br />
tightly integrated processes to create value<br />
and build competitive advantage. Less<br />
mature risk managers tend to focus on a<br />
small number of well-understood operational<br />
and financial risks, such as quality,<br />
on-time delivery and bankruptcy. More<br />
mature risk managers address a broader<br />
set of business-specific risks and, importantly,<br />
devote more attention to strategic<br />
risks. Among companies that indicated<br />
strategic risks were a high priority but that<br />
those risks were not formally managed, 37<br />
per cent said it was because <strong>the</strong>y were<br />
uncertain how best to handle <strong>the</strong>m.<br />
• Processes. An adequate risk management<br />
process links four steps:<br />
1. Risk identification. Identify which risks<br />
are likely to affect <strong>the</strong> business and document<br />
<strong>the</strong>ir key drivers and characteristics.<br />
2. Risk qualification and quantification.<br />
Assess <strong>the</strong> probability and likely impact of<br />
identified risks on key performance metrics<br />
(eg, earnings or cash flow at risk).<br />
3. Risk response. Develop strategies to<br />
respond (avoid, transfer, mitigate, accept)<br />
consistent with <strong>the</strong> company’s overall risk<br />
appetite, <strong>the</strong> portfolio of risks to be<br />
addressed, and <strong>the</strong> need to deploy<br />
resources efficiently and effectively.<br />
4. Risk monitoring and measurement.<br />
Monitor <strong>the</strong> risk environment on an ongoing<br />
basis and evaluate <strong>the</strong> performance of<br />
current risk response strategies.<br />
Most companies fail to complete all<br />
four steps. They typically identify risks,<br />
but fail to qualify or quantify those risks<br />
rigorously. Similarly, <strong>the</strong>y determine ways<br />
to respond but don’t <strong>the</strong>n measure <strong>the</strong><br />
efficacy of <strong>the</strong>ir responses. Some 60 per<br />
cent of companies surveyed used informal<br />
approaches to determine <strong>the</strong> probability<br />
and impact of risks, and fewer than onethird<br />
had sophisticated measurement<br />
processes in place to evaluate <strong>the</strong> performance<br />
of <strong>the</strong>ir risk management strategies.<br />
Moreover, less mature companies tend<br />
to work in silos and have one-time or<br />
periodic approaches. For example, <strong>the</strong><br />
risk mentioned most frequently by our<br />
interviewees was supplier bankruptcy.<br />
But although many companies use criteria<br />
related to financial health in <strong>the</strong>ir initial<br />
supplier selection, <strong>the</strong>y lack defined processes<br />
for regularly reassessing suppliers<br />
and are only now taking action in response<br />
to <strong>the</strong> economic downturn. As an executive<br />
at a consumer durables company said: “We<br />
have become sloppy about re-evaluating<br />
our suppliers on a formal basis… but we’re<br />
CPO AGENDA | SPRING 2009 www.cpoagenda.com
RISK MANAGEMENT<br />
planning to do a surprise audit programme<br />
in 2009.”<br />
This is a business imperative now<br />
because <strong>the</strong> number of businesses filing<br />
for bankruptcy is expected to rise sharply.<br />
According to US statistics, bankruptcies<br />
rose by 42 per cent between 2007 and<br />
2008 – <strong>the</strong> highest percentage change for<br />
20 years, and before <strong>the</strong> current downturn<br />
really ga<strong>the</strong>red pace.<br />
Top performers, on <strong>the</strong> o<strong>the</strong>r hand, not<br />
only identify and respond to risks but also<br />
explicitly qualify and quantify <strong>the</strong>m and<br />
regularly measure <strong>the</strong> efficacy of <strong>the</strong>ir<br />
response strategies. They use continuous,<br />
cross-functional processes that provide<br />
early warning signals. In many cases, <strong>the</strong>se<br />
early warnings come from superior supplier<br />
monitoring or scorecard approaches<br />
that provide insight into how suppliers’<br />
businesses are performing, such as understanding<br />
how new developments from<br />
o<strong>the</strong>r major customers may be affecting<br />
<strong>the</strong>ir business. This can supplement traditional<br />
measures such as tracking on-time<br />
order fulfilment and credit agency ratings.<br />
• Organisation, resources and<br />
systems. Many companies lack people<br />
with enough experience in risk management.<br />
They also lack <strong>the</strong> systems and<br />
cross-functional linkages – including riskrelated<br />
key performance indicators (KPIs),<br />
organisational reporting and relevant<br />
forums to discuss risk – required to identify<br />
and manage risks across <strong>the</strong> company.<br />
By contrast, mature purchasing risk managers<br />
engage with o<strong>the</strong>r functions as well<br />
as with suppliers. They have designated<br />
risk management resources as well as IT<br />
systems that capture relevant risk-related<br />
data. They also have established riskrelated<br />
KPIs and visible roles on<br />
enterprise-level risk bodies.<br />
Our maturity model illustrates <strong>the</strong><br />
evolution of <strong>the</strong> strategy, processes, organisation,<br />
resources and systems required<br />
to move from one level of risk management<br />
performance to ano<strong>the</strong>r. Companies<br />
toward <strong>the</strong> right-hand side of <strong>the</strong> maturity<br />
framework make more money (lower total<br />
cost of ownership, fewer incidents resulting<br />
in lost revenue), have fewer surprises<br />
(early warning signals) and enjoy more<br />
options for value growth (collaboration<br />
with strategic suppliers). Using figure 3,<br />
CPOs can position <strong>the</strong>ir functions and<br />
companies against each of <strong>the</strong> organisational<br />
elements to assess <strong>the</strong> current level<br />
of performance, set risk management<br />
goals and identify <strong>the</strong> gaps to be filled.<br />
Protecting against<br />
<strong>the</strong> downside<br />
Whereas ad hoc responses and rough<br />
and ready approaches to risk management<br />
may have been enough in <strong>the</strong> past,<br />
increased uncertainty, frequency of incidence<br />
and severity of impact have all<br />
raised <strong>the</strong> value of having a disciplined<br />
and systematic approach to deal with<br />
purchasing-related risks. CPOs must<br />
ensure <strong>the</strong>y are providing adequate protection<br />
against <strong>the</strong> downside; only <strong>the</strong>n<br />
can <strong>the</strong>y aspire to position <strong>the</strong>ir companies<br />
to benefit from <strong>the</strong> upside.<br />
Fully protecting against <strong>the</strong> downside<br />
requires achieving a solid level 3 performance.<br />
This entails building disciplined risk<br />
management (identification, qualification<br />
and quantification, response, monitoring<br />
and measurement) into <strong>the</strong> core work of<br />
purchasing staff and developing <strong>the</strong> rest<br />
of <strong>the</strong> organisational system to support<br />
<strong>the</strong> improvements in <strong>the</strong> process area. To<br />
start, we suggest <strong>the</strong> following steps:<br />
• Prioritise <strong>the</strong> most important<br />
risks – and do it early. A clear requirement<br />
for all CPOs is to identify <strong>the</strong> full<br />
range of purchasing-related risks and <strong>the</strong>n<br />
prioritise those with <strong>the</strong> greatest potential<br />
impact for <strong>the</strong> company. This effort should<br />
be comprehensive and pragmatic (concentrating<br />
limited resources on <strong>the</strong> most<br />
important risks), systematic and analytical,<br />
and co-ordinated with existing<br />
enterprise-level risk management.<br />
Focusing at <strong>the</strong> level of <strong>the</strong> purchasing<br />
category is an appropriate starting<br />
point because existing teams, processes<br />
and data are typically structured around<br />
purchasing categories, and categorylevel<br />
purchasing strategies can easily be<br />
expanded to formally incorporate risk<br />
metrics alongside existing targets. Ideally,<br />
risk identification should start early in <strong>the</strong><br />
product or service lifecycle.<br />
However, among our surveyed companies,<br />
only about half had even informal<br />
processes to identify risks during product<br />
or service design and engineering. For<br />
BRIEFING<br />
ABOUT THE<br />
RESEARCH<br />
From October 2008 to January 2009,<br />
<strong>Oliver</strong> <strong>Wyman</strong> examined <strong>the</strong> purchasingrelated<br />
risk management practices of<br />
150 companies through interviews with<br />
63 senior executives and purchasing<br />
leaders, and an online survey of 87<br />
companies.<br />
Respondent companies represented a<br />
wide range of geographies, industries<br />
and sales volumes:<br />
• Geographies: North America (43%),<br />
continental Europe (30%), UK (26%),<br />
o<strong>the</strong>r (1%)<br />
• Industries: Industrial products (45%),<br />
services, leisure and hospitality (26%),<br />
consumer products (24%), o<strong>the</strong>r (5%)<br />
Annual sales:<br />
• Less than $1bn (14%),<br />
$1bn-$5bn (32%), $5bn-$10bn (27%),<br />
$10bn or more (27%)<br />
all companies, risk identification must<br />
become a routine part of core purchasing<br />
activities: supply market assessment, supplier<br />
selection, supplier monitoring and<br />
relationship management.<br />
Prioritisation should take place on two<br />
levels. First, prioritise purchasing categories<br />
through a rapid diagnosis across <strong>the</strong> entire<br />
purchasing portfolio, using a classic Kraljic<br />
matrix as a first step, followed by more<br />
detailed analysis of those categories in <strong>the</strong><br />
“bottleneck” and “strategic” quadrants 1 .<br />
Once <strong>the</strong> high-priority purchasing categories<br />
have been determined, CPOs must<br />
fur<strong>the</strong>r identify and prioritise specific risks<br />
within <strong>the</strong>se categories. The key areas of<br />
potential impact in figure 1 provide a structured<br />
basis for developing an extensive list<br />
of <strong>the</strong> risks that may exist within a highpriority<br />
purchasing category.<br />
Consider risks that could have any of <strong>the</strong><br />
following consequences:<br />
• Price: risks affecting <strong>the</strong> cost of inputs to<br />
products and services.<br />
• Total cost of ownership: risks affecting<br />
<strong>the</strong> costs surrounding <strong>the</strong> product or service,<br />
including transportation, logistics,<br />
www.cpoagenda.com<br />
SPRING 2009 | CPO AGENDA
FIGURE 4: HOW COMPANIES STACK UP ON PURCHASING-RELATED RISKS<br />
Unstructured<br />
DISTRIBUTION OF COMPANIES BY RISK MANAGEMENT MATURITY RATINGS<br />
Reactive<br />
inventory levels and o<strong>the</strong>r elements of<br />
working capital.<br />
• Current revenue sources: risks affecting<br />
revenue, through product unavailability,<br />
reduced product quality, and so on.<br />
• Future innovation value: risks to new<br />
product development owing to misguided<br />
development partner selection, poor strategic<br />
supplier relationship management,<br />
loss of intellectual property, and so on.<br />
• Overall viability: risks to corporate viability<br />
based on, for example, social<br />
responsibility issues or reputational harm.<br />
The next step is to qualify and quantify<br />
each risk. The assessment of probability<br />
and impact can <strong>the</strong>n be used to create<br />
a final list of <strong>the</strong> most important risks<br />
requiring attention. Companies toward<br />
<strong>the</strong> left-hand side of <strong>the</strong> maturity framework<br />
will likely use mostly qualitative<br />
approaches, while <strong>the</strong>ir more advanced<br />
counterparts will develop quantitative<br />
metrics in a broad range of cases. In any<br />
case, across purchasing categories, risks<br />
and buyers, <strong>the</strong>re should be a consistently<br />
rigorous approach to assessing probability<br />
and impact.<br />
• Create a playbook of response<br />
strategies. With prioritisation of risks<br />
complete, <strong>the</strong> challenge is to select <strong>the</strong><br />
most effective responses for <strong>the</strong> company.<br />
Response strategies will vary greatly<br />
according to <strong>the</strong> specific risk, magnitude<br />
of purchasing spend, characteristics of<br />
<strong>the</strong> supply market, earnings or cash flow<br />
at risk, full portfolio of risks being managed,<br />
and company risk appetite.<br />
Formulating a response should be<br />
Proactive<br />
Cross-functional<br />
Value-creating<br />
= One company<br />
SOURCE: OLIVER WYMAN SURVEY AND INTERVIEWS, N=149<br />
considered at two levels: at <strong>the</strong> individual<br />
risk level and for <strong>the</strong> portfolio of risks as<br />
a whole. Resource constraints will often<br />
not allow every risk to be fully mitigated<br />
or sometimes even mitigated at all. The<br />
key will be to select a set of responses that<br />
provides <strong>the</strong> optimal trade-off in terms of<br />
risk versus impact.<br />
More mature organisations will have a<br />
broader repertoire of responses enabled<br />
by greater cross-functional collaboration,<br />
deeper supplier relationships and<br />
integrated decision-making that permits<br />
more sophisticated ways of managing risk.<br />
For all companies, though, it is important<br />
to develop a “playbook” for <strong>the</strong> most likely<br />
or most powerful risks. This will often take<br />
<strong>the</strong> form of contingency planning, and<br />
needs to be undertaken in conjunction<br />
with suppliers.<br />
• Develop a real-time system. The<br />
last tactical step is to develop simple but<br />
effective risk monitoring systems, ra<strong>the</strong>r<br />
than observe impacts in a rear-view mirror.<br />
It is critical to monitor risk exposure<br />
at <strong>the</strong> right frequency. For some stable<br />
risks, such as contractual terms and conditions,<br />
this could be annually; for suppliers’<br />
financial health, it may be monthly; for<br />
commodity prices, daily intelligence is <strong>the</strong><br />
likely need. In some cases, developing <strong>the</strong><br />
real-time system will require building or<br />
enhancing analytic capabilities, but generally<br />
<strong>the</strong> intent is to leverage existing<br />
processes and tools.<br />
• Build <strong>the</strong> organisational infrastructure.<br />
In parallel with implementing<br />
<strong>the</strong> process improvements noted above,<br />
CPOs should focus on two high-value<br />
organisational elements: defining a small<br />
number of risk-related KPIs to supplement<br />
existing cost-focused KPIs, and integrating<br />
risk metrics into organisational<br />
reporting structures. Given <strong>the</strong> truism<br />
that what gets measured gets managed,<br />
creating risk-related KPIs is particularly<br />
important. These can be measures from<br />
operating activities, supplier scorecards<br />
or day-to-day interactions between internal<br />
and external stakeholders (such as<br />
supplier facility visits), and with increasing<br />
maturity should become increasingly<br />
quantitative. For example, one measure<br />
could be <strong>the</strong> percentage of single-source<br />
suppliers for which contingency plans<br />
are in place. Among <strong>the</strong> executives we<br />
interviewed, only a small minority had<br />
implemented risk-related KPIs.<br />
Once <strong>the</strong> indicators are defined, CPOs<br />
should make <strong>the</strong>m visible to top management<br />
and ensure that senior executives<br />
grasp <strong>the</strong> cost/risk trade-offs embedded<br />
in purchasing activities. In our survey, a<br />
surprisingly high proportion of senior<br />
managers and company executives lacked<br />
visibility into purchasing-related risks.<br />
CPOs should lobby to become integral<br />
members of any existing enterprise-level<br />
risk bodies; in organisations that have<br />
such bodies today, purchasing is formally<br />
involved just over half <strong>the</strong> time. As one<br />
purchasing executive noted: “We have a<br />
corporate risk management committee,<br />
but very few things in procurement go to<br />
this committee.”<br />
CPOs must ensure that “risk thinking” is<br />
incorporated into <strong>the</strong>ir purchasing teams’<br />
day-to-day activities, and that all elements<br />
of <strong>the</strong> organisational system support a culture<br />
of risk awareness and management.<br />
Capturing <strong>the</strong> upside<br />
Once purchasing has achieved excellence<br />
in protecting against <strong>the</strong> downside, CPOs<br />
can begin to think about capturing <strong>the</strong><br />
upside. The most important differentiator<br />
between organisations that solely<br />
manage <strong>the</strong> downside and those that also<br />
seek an upside is <strong>the</strong> time spent connecting<br />
risk with its impact on revenue growth<br />
and innovation. Purchasing departments<br />
with an upside mindset act as full partners<br />
in tackling company-level strategic<br />
CPO AGENDA | SPRING 2009 www.cpoagenda.com
RISK MANAGEMENT<br />
challenges by using <strong>the</strong>ir activities and<br />
relationships with suppliers to contribute<br />
meaningfully to <strong>the</strong> total value delivered to<br />
customers today and in <strong>the</strong> future.<br />
With an upside mandate, purchasing<br />
must manage risks linked to selecting<br />
strategic partners with which to collaborate;<br />
structuring and overseeing<br />
relationships with those partners; creating<br />
win-win compensation models for<br />
fruitful collaboration; sharing product<br />
formulations and intellectual property;<br />
and upgrading supplier capabilities<br />
through joint initiatives. As a purchasing<br />
executive at a consumer durables firm<br />
told us: “We’ve already identified our<br />
core capabilities, so that from a strategic<br />
standpoint we are able to engage suppliers<br />
early in <strong>the</strong> new product development<br />
process, defining <strong>the</strong>ir value-add and<br />
using carefully crafted contracts to govern<br />
intellectual property issues.”<br />
Fulfilling <strong>the</strong>se new responsibilities<br />
represents a major shift in mindset, capabilities<br />
and organisation compared with<br />
those required to manage <strong>the</strong> downside.<br />
Making this shift requires purchasing<br />
leaders to have a thorough understanding<br />
of <strong>the</strong>ir company’s strategy, customers<br />
and operations. As purchasing streng<strong>the</strong>ns<br />
working relationships with o<strong>the</strong>r<br />
internal actors, <strong>the</strong> function will need to<br />
build formal mechanisms to gain crossfunctional<br />
consensus on key decisions<br />
involving purchasing-related risks.<br />
Our survey indicates that nearly<br />
one-third of manufacturing and R&D/engineering<br />
functions, and around 45 per cent<br />
of marketing, sales and customer service<br />
functions, play no role in managing<br />
key purchasing-related risks. Similarly,<br />
working on growth and innovation will<br />
require new types of suppliers, such as<br />
original equipment manufacturers or patent<br />
holders, and new modes of interaction<br />
with suppliers, such as joint development<br />
FURTHER READING<br />
¹ Peter Kraljic, “Purchasing must become supply<br />
management”, Harvard Business Review,<br />
September-October 1983 (reprinted in CPO<br />
Agenda, autumn 2008, pp 34-41)<br />
For o<strong>the</strong>r articles on risk management, visit<br />
www.cpoagenda.com/risk<br />
CASE STUDY<br />
STABILISING A VOLATILE SITUATION<br />
In <strong>the</strong> chemicals industry, reaction vessels – where chemical reactions occur – play a<br />
critical role in <strong>the</strong> manufacturing process. Any problems with <strong>the</strong>se vessels can disrupt<br />
production by lowering yields or causing unplanned stoppages. Because of <strong>the</strong>ir<br />
importance, vessels must meet regulatory requirements and stringent specifications, and<br />
are custom manufactured, requiring long lead times of up to one year.<br />
A leading European specialist chemicals company faced a number of operational risks<br />
related to this key purchasing category. In <strong>the</strong> early part of this decade, a combination of<br />
severe pricing pressure and lack of capital affected its vessel suppliers. Several went out<br />
of business, many switched <strong>the</strong>ir focus to different markets, and o<strong>the</strong>rs were forced to<br />
downsize, leading to a significant reduction in technical capabilities.<br />
As a result, <strong>the</strong> quality of supplied vessels declined, causing major operational<br />
problems for its chemicals production. This led to an alarming rise in repair costs and<br />
production delays for <strong>the</strong> company, with one incident alone resulting in nearly €6 million<br />
of lost profit from unexpected service costs and forgone sales.<br />
In fact, <strong>the</strong> company calculated that a purchasing category with annual spend of less<br />
than €30 million placed nearly €10 million of profit at risk per year. Faced with this<br />
persistent and costly risk, <strong>the</strong> company implemented a two-part response strategy.<br />
First, it modified its supplier selection criteria to factor in <strong>the</strong> risks of poor quality by<br />
incorporating feedback from day-to-day users, requiring greater disclosure of suppliers’<br />
manufacturing and testing processes, and applying a total cost of ownership evaluation<br />
to compare suppliers. Second, it implemented a continuous monitoring programme to<br />
audit suppliers and <strong>the</strong>ir quality controls.<br />
Since <strong>the</strong>se processes have been implemented, <strong>the</strong>re have been no major incidents<br />
and <strong>the</strong> costs avoided have already repaid most of <strong>the</strong> investment in new risk<br />
management processes and tools.<br />
agreements or revenue-sharing arrangements.<br />
While <strong>the</strong>se changes will enable<br />
new opportunities for <strong>the</strong> company, <strong>the</strong>y<br />
will also introduce new types of risks. The<br />
purchasing organisation must evolve to<br />
manage both.<br />
――• ❖ •――<br />
As purchasing moves to take a greater role<br />
in company-level or enterprise risk management,<br />
<strong>the</strong> CPO and top management<br />
agendas will increasingly converge. CPOs<br />
must shift <strong>the</strong> nature of <strong>the</strong>ir relationships<br />
with <strong>the</strong> most senior executives to reflect<br />
this change. One effective way to do this is<br />
to craft a detailed plan for streng<strong>the</strong>ning<br />
purchasing-related risk management that<br />
articulates a vision, highlights <strong>the</strong> financial<br />
benefits, and identifies <strong>the</strong> actions and<br />
investments required to implement this<br />
new model and broader role focusing on<br />
cost, risk and growth.<br />
To be clear, this is not a casual conversation<br />
with <strong>the</strong> CEO, but a formal business<br />
case built around real issues facing <strong>the</strong><br />
company and a structured return on<br />
investment-based argument for change.<br />
Making <strong>the</strong> transition to both protecting<br />
<strong>the</strong> downside and delivering <strong>the</strong> upside<br />
will not be easy, but current economic conditions<br />
provide a unique opening. As one<br />
purchasing executive pointed out: “Unless<br />
<strong>the</strong>re is a real crisis, <strong>the</strong>re are no drivers of<br />
change for our purchasing organisation.”<br />
CPOs will face greater scrutiny and pressure<br />
to deliver as economic conditions<br />
worsen. With many companies now facing<br />
a prolonged period of increased risk<br />
and declining revenues, purchasing and<br />
purchasing-related risks have top management’s<br />
attention.<br />
The premium on low-risk cost reductions<br />
and new growth opportunities has<br />
never been greater. Purchasing should<br />
embrace <strong>the</strong> opportunity created by this<br />
turmoil to lead <strong>the</strong> development of an<br />
integrated view of purchasing-related<br />
risks and a co-ordinated set of actions to<br />
protect against <strong>the</strong> downside and create a<br />
tangible financial upside.<br />
www.cpoagenda.com<br />
SPRING 2009 | CPO AGENDA
About <strong>the</strong> Authors<br />
Stephen Finch<br />
<br />
<br />
<br />
Based in London, head of <strong>the</strong> UK and Northwest Europe Value Sourcing team,<br />
with over 20 years of experience in consulting<br />
Has advised numerous clients on operational excellence, commercial effectiveness,<br />
business strategy, and organizational development<br />
Industries covered include process industries, industrial products and services,<br />
transportation, retail, health care, and <strong>the</strong> public sector<br />
Ashley Hubka<br />
<br />
<br />
<br />
Based in Boston, head of <strong>the</strong> North American Value Sourcing team, with over<br />
9 years of experience in consulting<br />
Has advised numerous clients on operational performance improvement, new market<br />
entry, new business model development and launch, and portfolio strategy<br />
Industries covered include industrial manufacturing, aerospace and defense, chemicals,<br />
building materials, apparel, and consumer packaged goods<br />
Gregory Kochersperger<br />
<br />
<br />
<br />
Based in Paris, head of <strong>Oliver</strong> <strong>Wyman</strong> Global Value Sourcing-led Operations practice,<br />
with over 10 years of experience in consulting<br />
Has advised clients on sourcing optimization across different industry segments and<br />
types of purchasing cost-reduction programs<br />
Industries covered include building materials, consumer durables, electrical components,<br />
and industrial services
About <strong>Oliver</strong> <strong>Wyman</strong><br />
With more than 2,900 professionals in over 40 cities around <strong>the</strong> globe, <strong>Oliver</strong> <strong>Wyman</strong> is<br />
an international management consulting firm that combines deep industry knowledge with<br />
specialized expertise in strategy, operations, risk management, organizational transformation,<br />
and leadership development. The firm helps clients optimize <strong>the</strong>ir businesses, improve <strong>the</strong>ir<br />
operations and risk profile, and accelerate <strong>the</strong>ir organizational performance to seize <strong>the</strong> most<br />
attractive opportunities. <strong>Oliver</strong> <strong>Wyman</strong> is part of Marsh & McLennan Companies [NYSE: MMC].<br />
For more information please contact<br />
United Kingdom<br />
Stephen Finch, London<br />
stephen.finch@oliverwyman.com<br />
+44 20 7852 7455<br />
United States<br />
Ashley Hubka, Boston<br />
ashley.hubka@oliverwyman.com<br />
+1 617 424 3354<br />
France<br />
Gregory Kochersperger, Paris<br />
gregory.kochersperger@oliverwyman.com<br />
+33 1 45023 359<br />
www.oliverwyman.com