Download the Report - Oliver Wyman

SPRING 2009
www.cpoagenda.com
THE BUSINESS REVIEW FOR PROCUREMENT LEADERS
SPECIAL FOCUS:
RISK &
RECESSION
An upside to the downturn
Capturing the high ground on
purchasing-related risks

RISK MANAGEMENT
Anupside
downturn
to the
Current economic conditions give CPOs the
chance to build an organisation that not only
protects against the downside of purchasingrelated
risks but also captures the upside
by Stephen Finch, Ashley Hubka and Grégory Kochersperger
With markets and economies
in turmoil, boards
and top management
are acutely focused on
risk and risk management.
For CPOs, the consequences of risk
are all too clear: supplier bankruptcies
leave purchasing departments scrambling
to find alternative sources to avoid disruptions
in production schedules; record
volatility in raw material markets calls
established hedging policies into question;
while suppliers pressured to reduce
costs further may cut corners on quality
standards or miss delivery dates.
Today, CPOs are expected to deliver
more, even as their resources are being
scrutinised and potentially reduced. But
trying times also present opportunities.
While they have a responsibility to reduce
purchasing spend and manage purchasingrelated
risk exposure, if they approach
risk management in the right way they
can open up new avenues for growth and
build competitive advantage. For CPOs –
and their companies – there’s an upside to
the downturn.
Oliver Wyman, an international management
consultancy, partnered with
CPO Agenda to assess the current state of
purchasing risk management, to identify
concerns and best practices, and to offer
guidance to CPOs charged with delivering
results and developing their organisations’
capabilities to deal with the new reality.
Drawing on a study of 150 companies
in late 2008 and early 2009, including
over 70 hours of interviews with senior
executives and procurement leaders (see
Briefing box on page 56 for more information),
we found:
• widespread vulnerability to purchasingrelated
risks – most importantly, strategic,
operational and financial risks;
• a belief that most types of purchasingrelated
risks will increase in importance
over the next five years;
• significant variability in the level of
organisational maturity in dealing with
purchasing-related risks;
• many companies struggling to build a
culture of risk awareness, embed risk
management in day-to-day purchasing
activities, and address risk in analytically
robust ways;
• few world-class companies using crossfunctional
and integrated approaches to
manage purchasing-related risks as a core
business issue.
In this article, we offer a new way to look
at risk; a framework to assess the maturity
of your company’s risk management
capability; specific steps to master the
fundamentals and manage the downside;
and best practices to drive world-class
performance and capture the upside. ↘
ILLUSTRATION: JAMES FRYER
www.cpoagenda.com
SPRING 2009 | CPO AGENDA

FIGURE 1: PURCHASING-RELATED RISK CATEGORIES AND IMPACTS
RISK CATEGORY AND DESCRIPTION
Strategic
Operational
Financial
Hazard
Human
capital
External risks that threaten to undermine
the business model (eg, competitive threats,
technology shifts, new forms of competition)
Ineffectiveness or breakdown in a company’s
supply chain, customer service, operations or
legal compliance
Fluctuations in financial market prices, such
as foreign exchange rates, interest rates and
commodity prices
Risks that arise from adverse external events
(eg, major property, casualty, environmental or
geopolitical incidents)
Risks arising from challenges related to the
company’s leadership, talent and related human
capital systems
KEY AREAS OF RISK IMPACT
Cost Revenue Viability
Purchase Total cost Current Future Corporate social
price of ownership sources innovation responsibility, reputation, etc
✔
✔
✔
✔
✔
✔
✔
✔
✔ ✔ ✔
✔
✔
✔
✔
✔
% rating
as top
area of
risk
17%
54%
25%
3%
1%
SOURCE: OLIVER WYMAN SURVEY AND INTERVIEWS, N=150
Vulnerability/opportunity:
the two faces of risk
Purchasing-related risks are not new.
But as companies and their markets have
become more global and more complex,
the potential impact of these risks has
increased. Purchasing-related risks can
now affect the business as a whole to a
much greater degree and damage the key
drivers of corporate performance: costs,
revenues, and even the viability of the
business. This broader impact stems from
a number of factors.
First, many companies now manage
supply chains that span the globe to take
advantage of low-cost country sourcing.
This introduces new sources of transportation,
security and cross-border risk,
with 57 per cent of companies surveyed
Stephen Finch (stephen.finch@
oliverwyman.com) and Ashley Hubka
(ashley.hubka@oliverwyman.com) are
partners at Oliver Wyman, an international
management consultancy, based in
London and Boston respectively. Grégory
Kochersperger (gregory.kochersperger@
oliverwyman.com) is a partner in the
firm’s Paris office and is head of its global
value sourcing-led operations practice.
The authors thank Laurent Guerry, Erica
Nielsen, Elda Simonaska and Steve Won for
their invaluable assistance in developing
this article
indicating that low-cost country sourcing
had increased their risk level. Second, suppliers
are responsible for a greater range
of products and services today than in the
past as companies have outsourced noncore
activities; 38 per cent of respondents
said outsourcing had also increased their
risk level. Third, development and execution
cycles have been compressed, leading
to more sole or single-source arrangements
to meet aggressive deadlines. One
executive wryly noted: “As we’ve reduced
the supplier base, we’ve become so reliant
on something that we cannot control that
it’s difficult to manage the business.”
Tumultuous economic conditions
exacerbate the situation and expose purchasing-related
risks that were previously
hidden. As figure 1 shows, senior executives
and purchasing leaders are most
concerned with operational, financial
and strategic risks. Moreover, companies
surveyed believe that their purchasingrelated
risk profile is likely to increase over
the next five years: 68 per cent saw the
importance of financial risks increasing;
54 per cent saw strategic risks rising; and
48 per cent saw operational risks increasing
(see figure 2).
In this context, many CPOs will empathise
with a purchasing executive from
a building materials company who said:
“Under normal business conditions I
would be fairly confident with our risk
management processes. But, given the
adverse economic conditions, I don’t have
a good feeling… only time will tell.”
Nevertheless, there is often a hidden
upside to many risks for those companies
prepared to act creatively to turn potential
adversity into advantage. Treating purchasing-related
risks as business issues, looking
across the value chain and making “front to
back” connections (R&D and manufacturing
to sales and end customers) allows the
commercial side of the business to anticipate
and adjust more rapidly to changes
in the purchasing environment – and
vice versa. The result is greater customer
responsiveness, faster revenue growth and
new sources of innovation, as well as better
downside protection and cost control.
Consider a few concrete risks:
• Strategic risk: managing external
alliances to accelerate
growth. Many companies judge the risk
of losing product formulations or intellectual
property to suppliers to be too high
to build deep, mutually beneficial strategic
partnerships. As a result, they bear the
full costs of research and development.
By contrast, Procter & Gamble has set an
aggressive target of half of its total innovation
to come from external sources. The
company is already enjoying a payoff in
terms of new product introductions and
formulations brought by, or developed
in conjunction with, suppliers, lowering
the development cost per product and
increasing the range of new ideas to test
CPO AGENDA | SPRING 2009 www.cpoagenda.com

RISK MANAGEMENT
with customers. P&G manages the inherent
risks through careful partner selection
and a business system that aligns all parties’
interests.
• Operational risk: sharing risk to
lower costs and improve supply
security. The downside associated with
operational risks is a familiar litany – late
delivery, non-delivery, poor quality – each
of which affects internal operations, resulting
in lost revenue, reduced profitability,
delayed introduction of a new product, or
damage to the brand. During the tech boom,
Hewlett-Packard faced a shortfall of memory
devices used in its highly profitable
printers, threatening to upset customers
and investors with missed shipments. To
address this supply problem, HP created its
Procurement Risk Management (PRM) programme.
This uses sophisticated analytics
to segment projected component volumes
into different tiers. HP then negotiates with
suppliers to match the component’s price to
the strength of HP’s volume commitment.
For example, for core demand, HP will
negotiate a low price and offer a guaranteed
purchase volume to the supplier. For less
certain demand, HP accepts a higher price
but does not commit to fixed volumes. For
highly uncertain demand, HP meeets its
needs on spot markets. The value of this
approach is that demand risk is shared
between HP and its suppliers, with those
bearing the risk receiving the rewards.
Through PRM, HP has saved over $100 million
and has become a “customer of choice”
when supply markets get tight, creating a
powerful competitive advantage.
• Financial risk: using input price
volatility to increase margins
and sales. Of those companies surveyed
that indicated financial risks were the
most important, only 38 per cent systematically
passed input price increases
through to customers as a risk mitigation
strategy. Compared with hedging, contract
terms and conditions, and other technical
instruments, pricing is often an underplayed
financial risk mitigation tool.
Faced with an impending increase in
raw materials prices that, unabated, would
have more than halved its Ebitda (earnings
before interest, taxes, depreciation
and amortisation), an industrial products
manufacturer with which we have worked
FIGURE 2: EXPECTED CHANGE IN PURCHASING-RELATED RISKS
OVER THE NEXT FIVE YEARS
Strategic risks
Operational risks
Financial risks
Human capital risks
Hazard risks
26%
% of respondents
expecting a decrease
15%
16%
11%
5%
used the crisis to implement a new pricing
approach. Rather than leave the problem to
be dealt with independently by each country
and category manager, the company
rapidly built a central pricing capability.
The result, visible less than two months
later, was a set of industry-leading price
moves based on a deep understanding of
price sensitivity by country and channel,
an integrated view of costs and margins,
and a co-ordinated perspective on each
competitor’s likely pricing moves.
Not only was the cost increase more
than offset (unlike many competitors,
the company improved its margins in this
period), but the new capability served as
the catalyst for an ongoing series of highly
profitable top-line initiatives.
• Hazard risk: turning supply risk
into revenue growth. When
Hurricane Mitch devastated banana plantations
in Honduras, Nicaragua and
Guatemala in 1998, Dole and Chiquita
experienced strikingly different consequences.
Dole lost 25 per cent of its global
capacity and suffered shortages for more
than a year. In contrast, Chiquita had
already recognised the risk of being
dependent on the region and had developed
secondary sources elsewhere before
the storm hit. Unlike Dole, Chiquita quickly
moved to tap its alternative sources and
increase production in other locations.
The net result was that Dole’s revenues
decreased by 4 per cent for the year, while
Chiquita’s increased by 4 per cent. Dole’s
risk management practices did not protect
it from a costly downside, while Chiquita’s
allowed it to maintain its growth.
% of respondents
expecting an increase
19%
30%
48%
54%
68%
SOURCE: OLIVER WYMAN SURVEY, N=87
What these examples show is that
approaching purchasing-related risks
from a business, rather than functional,
perspective can generate opportunities for
value creation. But capturing the upside
requires that purchasing be tuned to a
customer and competitive perspective
and work closely with other functions
such as R&D, manufacturing and sales
– a significant shift in intent, approach
and capability. Indeed, all elements of
the purchasing function (strategy, process,
organisation, resources and systems)
must be enhanced.
Levels of maturity
Through our client work and recent
research, we have observed significant
variability in the level of organisational
maturity in dealing with purchasingrelated
risks. Based on these interactions,
we have developed a risk management
maturity framework, as shown in fi g -
ure 3. “Unstructured” companies (those
at level 1) react in an ad hoc manner to
each risk as it arises. “Reactive” (level
2) companies have predefined processes
to respond if a risk rears its head.
“Proactive” (level 3) companies establish
approaches and contingency plans to
anticipate and counter their highest priority
risks; they are highly competent at
downside protection. “Cross-functional”
(level 4) companies, meanwhile, approach
risk management in a strongly integrated
manner, collaborating closely both internally
and with suppliers. And at level 5,
“value-creating” companies systematically
seek to exploit the upside and view
www.cpoagenda.com
SPRING 2009 | CPO AGENDA

FIGURE 3: THE DIFFERENT LEVELS OF MATURITY IN RISK MANAGEMENT
PURCHASING-RELATED RISK MANAGEMENT MATURITY LEVELS
1: Unstructured 2: Reactive 3: Proactive
4: Cross-functional 5: Value-creating
Strategy
“Fire fighting” approach to
risk management – ad hoc
every time
Reactive approach to risk
management – organised
to handle crises when they
occur
Proactive approach to risk
management – anticipates
risks, creates contingencies
Cross-functional approach
to risk management – an
integrated view across the
value chain
Value-creating approach
to risk management –
systematically looks for
an upside or competitive
advantage
Formal, well-established,
standardised processes
across the company
ORGANISATIONAL DIMENSIONS
Processes
Organisation
Resources
No processes to identify or
manage risks
No risk structures
Resources outside purchasing
address risks
Formal processes at supplier
selection/negotiation only
Purchasing management
risk committee
Ad hoc purchasing resources
No risk-specific expertise
Formal, proactive processes
– mainly for operational and
financial risks
Purchasing management
risk committee reporting
to top management
Part-time purchasing
resources
Limited risk-specific expertise
Formal, proactive processes
for all major risks
Cross-functional risk
committee involving top
management
Dedicated purchasing
resources plus crossfunctional
input
Risk-specific expertise
Cross-functional risk
committee involving top
management and suppliers
Network of risk specialists
inside and outside company
Highly trained experts
Systems
No risk systems
Mostly manual systems
No risk KPIs
Basic IT systems using
purchasing data
Qualitative risk KPIs
Specialised IT systems
leveraging cross-functional
data
Qualitative and quantitative
risk KPIs
Automated IT systems
leveraging cross-functional
and supplier data
Qualitative and quantitative
risk KPIs
SOURCE: OLIVER WYMAN
purchasing as a full partner in addressing
strategic issues, driving growth and creating
new value, not just as a contributor to
cost competitiveness.
As figure 4 shows (see page 58), nearly all
of the companies in our recent research fell
between levels 1 and 3. Attaining a solid level
3 proactive capability is, we suggest, the
minimum performance standard required
to control the costs of purchasing-related
risks, and has become a critical organisational
competency. Levels 4 and 5 represent
an opportunity for further improvement
for businesses that have mastered the fundamentals
of risk management.
Comparing the two ends of the spectrum
on five organisational dimensions
provides a clear understanding of the differences
between companies still working
to control the downside and those beginning
to capitalise on the upside.
• Strategy. Level 1 companies accept
risk as a cost of doing business and lack
even the most basic risk management
approaches. Level 2 and 3 companies focus
on implementing adequate risk management
structures and processes to control
costs. A marked shift in mindset and capabilities
takes place after level 3, with levels
4 and 5 representing an emerging frontier
of performance where the goal is to use
tightly integrated processes to create value
and build competitive advantage. Less
mature risk managers tend to focus on a
small number of well-understood operational
and financial risks, such as quality,
on-time delivery and bankruptcy. More
mature risk managers address a broader
set of business-specific risks and, importantly,
devote more attention to strategic
risks. Among companies that indicated
strategic risks were a high priority but that
those risks were not formally managed, 37
per cent said it was because they were
uncertain how best to handle them.
• Processes. An adequate risk management
process links four steps:
1. Risk identification. Identify which risks
are likely to affect the business and document
their key drivers and characteristics.
2. Risk qualification and quantification.
Assess the probability and likely impact of
identified risks on key performance metrics
(eg, earnings or cash flow at risk).
3. Risk response. Develop strategies to
respond (avoid, transfer, mitigate, accept)
consistent with the company’s overall risk
appetite, the portfolio of risks to be
addressed, and the need to deploy
resources efficiently and effectively.
4. Risk monitoring and measurement.
Monitor the risk environment on an ongoing
basis and evaluate the performance of
current risk response strategies.
Most companies fail to complete all
four steps. They typically identify risks,
but fail to qualify or quantify those risks
rigorously. Similarly, they determine ways
to respond but don’t then measure the
efficacy of their responses. Some 60 per
cent of companies surveyed used informal
approaches to determine the probability
and impact of risks, and fewer than onethird
had sophisticated measurement
processes in place to evaluate the performance
of their risk management strategies.
Moreover, less mature companies tend
to work in silos and have one-time or
periodic approaches. For example, the
risk mentioned most frequently by our
interviewees was supplier bankruptcy.
But although many companies use criteria
related to financial health in their initial
supplier selection, they lack defined processes
for regularly reassessing suppliers
and are only now taking action in response
to the economic downturn. As an executive
at a consumer durables company said: “We
have become sloppy about re-evaluating
our suppliers on a formal basis… but we’re
CPO AGENDA | SPRING 2009 www.cpoagenda.com

RISK MANAGEMENT
planning to do a surprise audit programme
in 2009.”
This is a business imperative now
because the number of businesses filing
for bankruptcy is expected to rise sharply.
According to US statistics, bankruptcies
rose by 42 per cent between 2007 and
2008 – the highest percentage change for
20 years, and before the current downturn
really gathered pace.
Top performers, on the other hand, not
only identify and respond to risks but also
explicitly qualify and quantify them and
regularly measure the efficacy of their
response strategies. They use continuous,
cross-functional processes that provide
early warning signals. In many cases, these
early warnings come from superior supplier
monitoring or scorecard approaches
that provide insight into how suppliers’
businesses are performing, such as understanding
how new developments from
other major customers may be affecting
their business. This can supplement traditional
measures such as tracking on-time
order fulfilment and credit agency ratings.
• Organisation, resources and
systems. Many companies lack people
with enough experience in risk management.
They also lack the systems and
cross-functional linkages – including riskrelated
key performance indicators (KPIs),
organisational reporting and relevant
forums to discuss risk – required to identify
and manage risks across the company.
By contrast, mature purchasing risk managers
engage with other functions as well
as with suppliers. They have designated
risk management resources as well as IT
systems that capture relevant risk-related
data. They also have established riskrelated
KPIs and visible roles on
enterprise-level risk bodies.
Our maturity model illustrates the
evolution of the strategy, processes, organisation,
resources and systems required
to move from one level of risk management
performance to another. Companies
toward the right-hand side of the maturity
framework make more money (lower total
cost of ownership, fewer incidents resulting
in lost revenue), have fewer surprises
(early warning signals) and enjoy more
options for value growth (collaboration
with strategic suppliers). Using figure 3,
CPOs can position their functions and
companies against each of the organisational
elements to assess the current level
of performance, set risk management
goals and identify the gaps to be filled.
Protecting against
the downside
Whereas ad hoc responses and rough
and ready approaches to risk management
may have been enough in the past,
increased uncertainty, frequency of incidence
and severity of impact have all
raised the value of having a disciplined
and systematic approach to deal with
purchasing-related risks. CPOs must
ensure they are providing adequate protection
against the downside; only then
can they aspire to position their companies
to benefit from the upside.
Fully protecting against the downside
requires achieving a solid level 3 performance.
This entails building disciplined risk
management (identification, qualification
and quantification, response, monitoring
and measurement) into the core work of
purchasing staff and developing the rest
of the organisational system to support
the improvements in the process area. To
start, we suggest the following steps:
• Prioritise the most important
risks – and do it early. A clear requirement
for all CPOs is to identify the full
range of purchasing-related risks and then
prioritise those with the greatest potential
impact for the company. This effort should
be comprehensive and pragmatic (concentrating
limited resources on the most
important risks), systematic and analytical,
and co-ordinated with existing
enterprise-level risk management.
Focusing at the level of the purchasing
category is an appropriate starting
point because existing teams, processes
and data are typically structured around
purchasing categories, and categorylevel
purchasing strategies can easily be
expanded to formally incorporate risk
metrics alongside existing targets. Ideally,
risk identification should start early in the
product or service lifecycle.
However, among our surveyed companies,
only about half had even informal
processes to identify risks during product
or service design and engineering. For
BRIEFING
ABOUT THE
RESEARCH
From October 2008 to January 2009,
Oliver Wyman examined the purchasingrelated
risk management practices of
150 companies through interviews with
63 senior executives and purchasing
leaders, and an online survey of 87
companies.
Respondent companies represented a
wide range of geographies, industries
and sales volumes:
• Geographies: North America (43%),
continental Europe (30%), UK (26%),
other (1%)
• Industries: Industrial products (45%),
services, leisure and hospitality (26%),
consumer products (24%), other (5%)
Annual sales:
• Less than $1bn (14%),
$1bn-$5bn (32%), $5bn-$10bn (27%),
$10bn or more (27%)
all companies, risk identification must
become a routine part of core purchasing
activities: supply market assessment, supplier
selection, supplier monitoring and
relationship management.
Prioritisation should take place on two
levels. First, prioritise purchasing categories
through a rapid diagnosis across the entire
purchasing portfolio, using a classic Kraljic
matrix as a first step, followed by more
detailed analysis of those categories in the
“bottleneck” and “strategic” quadrants 1 .
Once the high-priority purchasing categories
have been determined, CPOs must
further identify and prioritise specific risks
within these categories. The key areas of
potential impact in figure 1 provide a structured
basis for developing an extensive list
of the risks that may exist within a highpriority
purchasing category.
Consider risks that could have any of the
following consequences:
• Price: risks affecting the cost of inputs to
products and services.
• Total cost of ownership: risks affecting
the costs surrounding the product or service,
including transportation, logistics,
www.cpoagenda.com
SPRING 2009 | CPO AGENDA

FIGURE 4: HOW COMPANIES STACK UP ON PURCHASING-RELATED RISKS
Unstructured
DISTRIBUTION OF COMPANIES BY RISK MANAGEMENT MATURITY RATINGS
Reactive
inventory levels and other elements of
working capital.
• Current revenue sources: risks affecting
revenue, through product unavailability,
reduced product quality, and so on.
• Future innovation value: risks to new
product development owing to misguided
development partner selection, poor strategic
supplier relationship management,
loss of intellectual property, and so on.
• Overall viability: risks to corporate viability
based on, for example, social
responsibility issues or reputational harm.
The next step is to qualify and quantify
each risk. The assessment of probability
and impact can then be used to create
a final list of the most important risks
requiring attention. Companies toward
the left-hand side of the maturity framework
will likely use mostly qualitative
approaches, while their more advanced
counterparts will develop quantitative
metrics in a broad range of cases. In any
case, across purchasing categories, risks
and buyers, there should be a consistently
rigorous approach to assessing probability
and impact.
• Create a playbook of response
strategies. With prioritisation of risks
complete, the challenge is to select the
most effective responses for the company.
Response strategies will vary greatly
according to the specific risk, magnitude
of purchasing spend, characteristics of
the supply market, earnings or cash flow
at risk, full portfolio of risks being managed,
and company risk appetite.
Formulating a response should be
Proactive
Cross-functional
Value-creating
= One company
SOURCE: OLIVER WYMAN SURVEY AND INTERVIEWS, N=149
considered at two levels: at the individual
risk level and for the portfolio of risks as
a whole. Resource constraints will often
not allow every risk to be fully mitigated
or sometimes even mitigated at all. The
key will be to select a set of responses that
provides the optimal trade-off in terms of
risk versus impact.
More mature organisations will have a
broader repertoire of responses enabled
by greater cross-functional collaboration,
deeper supplier relationships and
integrated decision-making that permits
more sophisticated ways of managing risk.
For all companies, though, it is important
to develop a “playbook” for the most likely
or most powerful risks. This will often take
the form of contingency planning, and
needs to be undertaken in conjunction
with suppliers.
• Develop a real-time system. The
last tactical step is to develop simple but
effective risk monitoring systems, rather
than observe impacts in a rear-view mirror.
It is critical to monitor risk exposure
at the right frequency. For some stable
risks, such as contractual terms and conditions,
this could be annually; for suppliers’
financial health, it may be monthly; for
commodity prices, daily intelligence is the
likely need. In some cases, developing the
real-time system will require building or
enhancing analytic capabilities, but generally
the intent is to leverage existing
processes and tools.
• Build the organisational infrastructure.
In parallel with implementing
the process improvements noted above,
CPOs should focus on two high-value
organisational elements: defining a small
number of risk-related KPIs to supplement
existing cost-focused KPIs, and integrating
risk metrics into organisational
reporting structures. Given the truism
that what gets measured gets managed,
creating risk-related KPIs is particularly
important. These can be measures from
operating activities, supplier scorecards
or day-to-day interactions between internal
and external stakeholders (such as
supplier facility visits), and with increasing
maturity should become increasingly
quantitative. For example, one measure
could be the percentage of single-source
suppliers for which contingency plans
are in place. Among the executives we
interviewed, only a small minority had
implemented risk-related KPIs.
Once the indicators are defined, CPOs
should make them visible to top management
and ensure that senior executives
grasp the cost/risk trade-offs embedded
in purchasing activities. In our survey, a
surprisingly high proportion of senior
managers and company executives lacked
visibility into purchasing-related risks.
CPOs should lobby to become integral
members of any existing enterprise-level
risk bodies; in organisations that have
such bodies today, purchasing is formally
involved just over half the time. As one
purchasing executive noted: “We have a
corporate risk management committee,
but very few things in procurement go to
this committee.”
CPOs must ensure that “risk thinking” is
incorporated into their purchasing teams’
day-to-day activities, and that all elements
of the organisational system support a culture
of risk awareness and management.
Capturing the upside
Once purchasing has achieved excellence
in protecting against the downside, CPOs
can begin to think about capturing the
upside. The most important differentiator
between organisations that solely
manage the downside and those that also
seek an upside is the time spent connecting
risk with its impact on revenue growth
and innovation. Purchasing departments
with an upside mindset act as full partners
in tackling company-level strategic
CPO AGENDA | SPRING 2009 www.cpoagenda.com

RISK MANAGEMENT
challenges by using their activities and
relationships with suppliers to contribute
meaningfully to the total value delivered to
customers today and in the future.
With an upside mandate, purchasing
must manage risks linked to selecting
strategic partners with which to collaborate;
structuring and overseeing
relationships with those partners; creating
win-win compensation models for
fruitful collaboration; sharing product
formulations and intellectual property;
and upgrading supplier capabilities
through joint initiatives. As a purchasing
executive at a consumer durables firm
told us: “We’ve already identified our
core capabilities, so that from a strategic
standpoint we are able to engage suppliers
early in the new product development
process, defining their value-add and
using carefully crafted contracts to govern
intellectual property issues.”
Fulfilling these new responsibilities
represents a major shift in mindset, capabilities
and organisation compared with
those required to manage the downside.
Making this shift requires purchasing
leaders to have a thorough understanding
of their company’s strategy, customers
and operations. As purchasing strengthens
working relationships with other
internal actors, the function will need to
build formal mechanisms to gain crossfunctional
consensus on key decisions
involving purchasing-related risks.
Our survey indicates that nearly
one-third of manufacturing and R&D/engineering
functions, and around 45 per cent
of marketing, sales and customer service
functions, play no role in managing
key purchasing-related risks. Similarly,
working on growth and innovation will
require new types of suppliers, such as
original equipment manufacturers or patent
holders, and new modes of interaction
with suppliers, such as joint development
FURTHER READING
¹ Peter Kraljic, “Purchasing must become supply
management”, Harvard Business Review,
September-October 1983 (reprinted in CPO
Agenda, autumn 2008, pp 34-41)
For other articles on risk management, visit
www.cpoagenda.com/risk
CASE STUDY
STABILISING A VOLATILE SITUATION
In the chemicals industry, reaction vessels – where chemical reactions occur – play a
critical role in the manufacturing process. Any problems with these vessels can disrupt
production by lowering yields or causing unplanned stoppages. Because of their
importance, vessels must meet regulatory requirements and stringent specifications, and
are custom manufactured, requiring long lead times of up to one year.
A leading European specialist chemicals company faced a number of operational risks
related to this key purchasing category. In the early part of this decade, a combination of
severe pricing pressure and lack of capital affected its vessel suppliers. Several went out
of business, many switched their focus to different markets, and others were forced to
downsize, leading to a significant reduction in technical capabilities.
As a result, the quality of supplied vessels declined, causing major operational
problems for its chemicals production. This led to an alarming rise in repair costs and
production delays for the company, with one incident alone resulting in nearly €6 million
of lost profit from unexpected service costs and forgone sales.
In fact, the company calculated that a purchasing category with annual spend of less
than €30 million placed nearly €10 million of profit at risk per year. Faced with this
persistent and costly risk, the company implemented a two-part response strategy.
First, it modified its supplier selection criteria to factor in the risks of poor quality by
incorporating feedback from day-to-day users, requiring greater disclosure of suppliers’
manufacturing and testing processes, and applying a total cost of ownership evaluation
to compare suppliers. Second, it implemented a continuous monitoring programme to
audit suppliers and their quality controls.
Since these processes have been implemented, there have been no major incidents
and the costs avoided have already repaid most of the investment in new risk
management processes and tools.
agreements or revenue-sharing arrangements.
While these changes will enable
new opportunities for the company, they
will also introduce new types of risks. The
purchasing organisation must evolve to
manage both.
――• ❖ •――
As purchasing moves to take a greater role
in company-level or enterprise risk management,
the CPO and top management
agendas will increasingly converge. CPOs
must shift the nature of their relationships
with the most senior executives to reflect
this change. One effective way to do this is
to craft a detailed plan for strengthening
purchasing-related risk management that
articulates a vision, highlights the financial
benefits, and identifies the actions and
investments required to implement this
new model and broader role focusing on
cost, risk and growth.
To be clear, this is not a casual conversation
with the CEO, but a formal business
case built around real issues facing the
company and a structured return on
investment-based argument for change.
Making the transition to both protecting
the downside and delivering the upside
will not be easy, but current economic conditions
provide a unique opening. As one
purchasing executive pointed out: “Unless
there is a real crisis, there are no drivers of
change for our purchasing organisation.”
CPOs will face greater scrutiny and pressure
to deliver as economic conditions
worsen. With many companies now facing
a prolonged period of increased risk
and declining revenues, purchasing and
purchasing-related risks have top management’s
attention.
The premium on low-risk cost reductions
and new growth opportunities has
never been greater. Purchasing should
embrace the opportunity created by this
turmoil to lead the development of an
integrated view of purchasing-related
risks and a co-ordinated set of actions to
protect against the downside and create a
tangible financial upside.
www.cpoagenda.com
SPRING 2009 | CPO AGENDA

About the Authors
Stephen Finch
Based in London, head of the UK and Northwest Europe Value Sourcing team,
with over 20 years of experience in consulting
Has advised numerous clients on operational excellence, commercial effectiveness,
business strategy, and organizational development
Industries covered include process industries, industrial products and services,
transportation, retail, health care, and the public sector
Ashley Hubka
Based in Boston, head of the North American Value Sourcing team, with over
9 years of experience in consulting
Has advised numerous clients on operational performance improvement, new market
entry, new business model development and launch, and portfolio strategy
Industries covered include industrial manufacturing, aerospace and defense, chemicals,
building materials, apparel, and consumer packaged goods
Gregory Kochersperger
Based in Paris, head of Oliver Wyman Global Value Sourcing-led Operations practice,
with over 10 years of experience in consulting
Has advised clients on sourcing optimization across different industry segments and
types of purchasing cost-reduction programs
Industries covered include building materials, consumer durables, electrical components,
and industrial services

About Oliver Wyman
With more than 2,900 professionals in over 40 cities around the globe, Oliver Wyman is
an international management consulting firm that combines deep industry knowledge with
specialized expertise in strategy, operations, risk management, organizational transformation,
and leadership development. The firm helps clients optimize their businesses, improve their
operations and risk profile, and accelerate their organizational performance to seize the most
attractive opportunities. Oliver Wyman is part of Marsh & McLennan Companies [NYSE: MMC].
For more information please contact
United Kingdom
Stephen Finch, London
stephen.finch@oliverwyman.com
+44 20 7852 7455
United States
Ashley Hubka, Boston
ashley.hubka@oliverwyman.com
+1 617 424 3354
France
Gregory Kochersperger, Paris
gregory.kochersperger@oliverwyman.com
+33 1 45023 359
www.oliverwyman.com