The first time I attended a conference about Supply Chain Risk Management I learned the definition of Insurance: The transfer of risk for a fee.
I had to ponder the definition for a few moments before I could digest it, but it is actually true: When you insure your car for total loss, it is the insurance company the one that runs with the risk of the car being damaged in an accident, but you pay a fee for that transfer.
But there are other ways to transfer risk. Some companies decide to push their suppliers to run with added risk just for the opportunity to have the business.
Back in 1998 I took on upgrading the ERP system of the manufacturing division of the company I worked at the time, to a Y2K compliant version. Some management levels were not comfortable with starting the project so much in advance when they had their own operational priorities. I told them I was going to put in writing that I would not take the responsibility of keeping the system operating properly on the current conditions. They asked me why I was “threatening” to do that, so I finally got the chance to explain my reasons: (a) The system operated 18 months of forecast to calculate 12 months of forecast to suppliers (after 6 months for the transformation process from placing Purchase Orders of Raw Materials to delivering Finished Goods in Distribution Centers).
Starting July 1998, the visibility to the suppliers was going to be decreased month by month. (b) Some items had a shelf life time of more than a year because the system was assuming every date was a twentieth century date, at some point these items were going to be show expired since 1900 from the moment they were received in the warehouse. Finally, I was authorized to execute this project.
After completing the tests, upgrade and training for the ERP system, our department turned to look into our supplier’s ability to keep their business operating with the upcoming Y2K bug. We identified three categories of suppliers from their technology point of view:
Small companies with operations controlled on Excel spreadsheets that used no more than a small accounting software for their invoicing (mainly small sub-assembly subcontracted type of operations), large corporations that had their own Y2K projects on-going or completed already and some mid-size companies that were struggling with their upgrades but they knew they had to be ready.
We focused on these last set of companies to monitor them, offer some guidance, although we didn’t have surplus resources to assist them, we tried to help where we could but maintaining the professional and liability boundaries uncrossed.
On the second quarter of the year 1999, when we were confident we were for practical purposes, ready for the new century, the headquarters of the company started their own Y2K project with a big announcement and I was flabbergasted when I learned that they had marked our progress on the subject as 0%.
Later in the year they were making us print liability letters for all suppliers, indicating that they would agree to paying for damages caused if they couldn’t deliver on time because of their own system’s Y2K upgrade or lack thereof. Those printouts were very large because the Legal Department wanted letter sent to every supplier, small, medium, large, regardless if they had received Purchaser Orders in the last two years from us or not. To make matters worse in those times of slow printing, the Legal Department went through several iterations of letters changing language, the use of the manufacturing unit or the use or the headquarters company or both or the parent corporation, depending on what they thought was more emphatic and/or more enforceable.
In one of the large project meetings with the steering committee team, while we were recommending building some additional safety stock from some of the companies at risk that were identified as still dealing with issues, the Legal Department was complaining instead we should have ALL the liability letters delivered, signed and returned from the suppliers. Some suppliers were not receptive to the idea of signing the letters. Especially small ones that had no large ERP systems (which represented no real risk), nor financial backup to sign up for an undisclosed liability.
At some of the meetings the company lawyer indicated that “The responsibility of the Information Systems department is ensuring that if the operation was interrupted by the Y2K bug, someone was going to pay indemnification to the company”. We were convinced that our responsibility was keeping the operation uninterrupted. We used to leave the responsibility of the liability issue to the Legal Department.
Lessons Learned
Based on this experience I learned a few more lessons:
- Making business between companies carries risk, but the larger companies like transferring risks to suppliers that need them to stay in business.
- Different departments inside the same company might have different optics about the best way of dealing with risk, depending on their internal responsibilities.
- Dealing with risk is not sexy or highly visible and for management it is very common giving higher priority to the operative goals than Risk Mitigation. It is necessary providing these entities (companies/governments) with compelling reasons to deal with an upcoming risk, especially when they know it can be postponed even if it cannot be avoided.
BIO:
Victor Granados, CC, CPIM, CSCP
President of the Ventura County Chapter of APICS
APICS IDP Master instructor for Operations Management (CPIM) and Associate Instructor for Supply Chain Management (CSCP) certifications
Sole Proprietor of Granados Systems & Processes Consulting
Victor Granados, CC, CPIM, CSCP
President
” src=”cid:image002.png@01D522C6.F968C680″ alt=”3074C2C1BDC743F9859F7268A47810F5[7334237].png” class=”Apple-web-attachment Singleton” style=”width: 2.1354in; height: 0.4375in; opacity: 1;”>