State of Cargo Security: Higher stakes in the risk vs. reward scenario
June 01, 2013 - LM Editorial
Industry analysts agree that it’s important to make risk assessment an ongoing process, allowing for frequent planning updates as political conditions, fuel prices, tariffs, currency exchange rates, labor costs, and other supply chain security threats arise. But are logistics and supply chain professionals paying proper attention to their supplier’s solvency?
“Solvency is the degree to which current assets exceed liabilities,” explains Rose Kelly-Falls, senior vice president of supply chain risk management at Rapid Ratings International, in Indianapolis, Ind. “If shippers miss any ‘red flags’ in this area, they do so at their own peril.”
Kelly-Falls likes to tell a story about a small private machining company that was a second-tier supplier of clutch gears for a major U.S. auto manufacturer. It was located in a remote community, and was quietly purchased by a toy manufacturer without much fanfare. “So when the auto maker needed a crucial piece of equipment for a new product launch, it was suddenly unavailable,” she recalls. “Why? Because this big multinational corporation didn’t bother keeping track of what it perceived to be a minor business partner.”
The result, she recalls, was a missed deadline and the loss of millions of dollars in revenue. Had the relationship not been underestimated, the risk could have been mitigated. Today, more than ever before, says Kelly-Falls, logistics managers need to understand their private suppliers, and carefully monitor their financial condition.
“This is crucial for a number of reasons,” says Kelly-Falls. “Typically, the lower tier suppliers comprise 70 percent to 80 percent of a manufacturer’s company’s supply base. Many of their issues are not uncovered or realized until they’re out of control.”
Furthermore, she says, sub-tier private suppliers often don’t have the resources to develop and implement a risk management strategy of their own. “Smaller, private companies may have loose governance and have less access to capital to invest in programs or projects. In fact, many tend to lean on their customer to provide financial support,” she says.
Many logistics managers often assume that private companies are always small and medium-sized with fewer than 500 employees. But this, too, is a dangerous misconception, says Kelly-Falls. For there are some very large private companies, representing “household names” in manufacturing.
“Take Bechtel,” for example,” says Kelly-Falls. “A construction powerhouse, employing over 50,000 world wide; or Cargill, a producer of food, beverage and tobacco products with more than 140,000 workers on their payroll. Pricewaterhouse Coopers, Mars, and Koch Industries are other corporate giants that remain private.”
According to the U.S. Department of Commerce, private companies paid about 44 percent of the total U.S. non-public sector payroll and generated more than 50 percent of the nonfarm private GDP. They hired over 40 percent of high-tech workers (scientists, engineers, and computer programmers), representing over 99 percent of all employer firms.
“In aggregate,” says Kelly-Falls, “we’re talking about an economic powerhouse.” Furthermore, say analysts, this “powerhouse” is a dynamic job creator. In fact, firms with less than 20 employees have surpassed the employment peak reached in 2008, and 39 percent of the increase was accounted for by small businesses employing fewer than 50 workers.
But these small shippers are worried, says Bill Dunkelberg, chief economist with the National Federation of Independent Business, based in Nashville, Tenn. “The Optimism Index barely budged in January,” he notes. “If small businesses were publicly traded companies, the stock market would be in shambles.”
Analysts with Trading Economics, an independent investment tracking firm in New York City, add that while the business bankruptcy trend is down, the long run annual average business bankruptcy rate over the period 1994 to 2012 is 42,700.
Kelly-Falls finds this number alarming. “Given the stagnation of the U.S. economyin the final quarter of 2012, we should be cautious about 2013,” she says. “The small business survival rate for the first decade of this century was not promising. Almost 70 percent of new employer firms survive for at least two years, but only 44 percent last for four years and 31 percent last for seven years. How many do you think last 15 years or more? A mere 25 percent.”
And for that reason alone shippers should consider what impact those statistics will have on their supply chains. The weakest link could well be hidden or disguised in a sub-supplier’s financial records.
Analysts advise shippers to take inventory of existing and potential risks as a way to determine immediate and future threats posed by suppliers. But experts insist that there’s a “private-company conundrum” that keeps shippers from conducting a thorough financial analysis.
“Logistics managers often don’t understand the information provided, and are afraid to ask for help,” says Kelly-Falls. “If the manager decides to rely on his finance team to examine the details of a new contract, the deal may fall through because time has run out.”
Moreover, says Kelly-Falls, some suppliers will stop supporting current products or service if financial due diligence is employed. She says that this isn’t uncommon for suppliers to negotiate disclosure “out of the contract” and offer a price incentive to avoid submission of the information.
“Managers often tell me that they would just prefer not to have this confrontation,” says Kelly-Falls. “And if they do have the courage to start one, they may not follow through if the supplier begins to stall.”
Rapid Ratings International is trying to address these concerns by providing logistics managers with a financial analytics “checklist,” containing the following questions:
- How many of your suppliers are private? Has this even been reviewed?
How many have had financials assessments completed in the last
year? Last three years, or even the last 5 years?
- Is there a systematic process for financial analysis or is it triage?
- Do your procedures require you to conduct financial assessments?
- What method is used in order to measure financial risk?
- How many suppliers are in the U.S.? How many are international?
- What is the revenue impact that critical components have on the business?
- What other operational issues (warning signs) trigger a financial review?
Do you analyze tier I,II and III suppliers? Do you know who their tier II
and tier III suppliers are?
By taking these steps, says Kelly-Falls, shippers can create an opportunity to build a strategic and collaborative relationship. She cautions, however, against using the information as a “cost reduction” initiative.
“You should share the analysis with the supplier so they’re aware of the results,” Kelly-Falls adds. “This allows for an open dialogue, and demonstrates that you respect the supplier’s request for limited access to the data.”
But if the supplier still says “no,” it may be time to go to a third-party for a final evaluation of the relationship. Suppliers with inconsistent financial issues, says Kelly-Jones, tend to become unreliable and eventually will be your full time job. “Financial health isn’t just about default/failure, its also about having the ability to make better business decisions,” she adds.
Supply chain cyber security concerns
While digital progress has enriched the lives of many logistics and supply chain managers and the companies they serve, industry analysts warn that there’s a dark side to their reliance on complex computer systems.
Indeed, some experts contend that product pipelines have never been more vulnerable to disruption. Stealth and malicious code deeply embedded in global networks can shut them down in an instant. Chillingly, the IT reaction will probably be too late to repair the damage or even restore the service.
Two recent reports may serve as “wake up calls” for logistics managers.
The current quality of information on cyber security threats is suspect, says the latest KPMG survey of Audit Committee Institute (ACI) members – most of whom advise and shape multinational supply chain strategies.
More than 1,800 ACI members across 21 countries responded to the survey, answering questions that reflect on supply chain security. The clear majority do not think that they are currently receiving enough information about online and social media threats and the risk mitigation programs to stop them. In fact, only 26 percent of the respondents say that they were “satisfied.” This compares to satisfaction levels of over 70 percent on legal and trade regulatory compliance issues.
A desire for a broader range of skills on audit committees including logistics, IT, or risk expertise, is also evident from the report, says KPMG.
As the report’s author, Malcolm Marshall, a partner in KPMG’s risk consulting practice says, the survey shows “there are too many examples of complacency and defending an organization cannot be left to IT, alone.” Nearly half of the survey respondents globally (45 percent) said their company’s risk management program generally, including supply chain cyber security, required “substantial work.”
Logistics managers should heed the findings of another new research study focusing on cyber security in the supply chain.
Michael de Crespigny, chief executive officer for the information Security Forum (ISF), says 40 percent of the data-security breaches experienced by organizations arise from attacks on their suppliers. Criminals are increasingly realizing that “this is a channel they can attack.”
In its new report, Securing the Supply Chain, ISF notes that sharing information with suppliers is essential; however, the paradox is that it increases the risk of that information being compromised.
ISF has developed a Supply Chain Information Risk Assurance Process designed to help companies assess tens of thousands of suppliers, with a focus on identifying the riskiest contracts. Here, too, shippers are advised to keep asking the “right questions” of their sub-tier suppliers.
“It’s very similar to a good internal review,” says de Crespigny. “What’s the potential fallout from a data-security breach, and what kind of processes and controls are in place? The integration of existing processes is fundamental, and shippers must work with existing procurement teams—not lay something on top from a distance.”
Subscribe to Logistics Management magazine
entire logistics operation. Start your FREE subscription today!