Risk Manager Focus
Meshing Distinct Viewpoints
Marilyn Rivers, director of risk and safety, City of Saratoga Springs
Several years ago, Whirlpool decided it could save 75 cents per unit if it outsourced the production of dishwasher water seals to a Chinese supplier. The annual savings were projected at more than $2 million.
But soon after the arrangement was made, the Chinese manufacturer changed to a different rubber supplier, causing a failure rate of nearly 10 percent, according to “Managing Risk in the Global Supply Chain,” a study by the Supply Chain Management faculty at the University of Tennessee.
By the time Whirlpool discovered the problem, more than 2 million dishwashers had been produced with the leaky seals and about two months’ worth of supply was in transit. The oversight cost the company millions — destroying the realization of projected savings for more than three years.
The study listed the example as one of the multitude of risks that can occur in supply chain management. And it’s an example of how risk management could have helped avoid the problem altogether.
In the most effective companies, risk management and procurement work together to ensure both the cost and quality of supplies and vendors, as well as proper risk transfer.
When those functions do not align, the organization suffers. That suffering may take the form of safety violations, product recalls and reputational loss, among other exposures.
But it’s not possible for procurement and risk management — organizational functions with two distinct viewpoints — to always agree. In some organizations, they rarely even communicate. It is possible, however, to build a relationship that allows the organization to prosper without undue risk.
Underlying the relationship should be a common mission of focusing on the organization’s goals as a whole, experts said.
“Risk management and procurement are partners in helping to grow the business and at the same time, growing the balance sheet,” said Brian Merkley, global director of corporate risk management at Huntsman Corp., a Salt Lake City-based global chemical manufacturer.
When he first joined Huntsman about 10 years ago, he worked with procurement and legal to develop a contractual risk transfer strategy document, which was “my first introduction to the procurement team and the processes they used. I found a good working relationship with them and it continues today.
“Cultivating a strong relationship with procurement is critical,” he said, noting that there is a constant challenge to make smart risk/reward decisions — balancing price against the potential exposure.
“Risk management and procurement are partners in helping to grow the business and at the same time, growing the balance sheet.” — Brian Merkley, global director of corporate risk management, Huntsman Corp.
Over the years, his department has provided important guidance to refine standards and strategies for procurement that include performance expectations of contractors, indemnity language, and insurance requirements, among others. It also has helped to develop a process to qualify various contractors that meet risk management and procurement’s standards so operations can run smoothly.
Contracts and insurance provisions can’t be reviewed in a vacuum, Merkley said, but have to include scope of work, indemnity, and relationships or prior experience with the parties. “We are going to insist on certain levels of protection based on the type of work,” he said.
In many organizations, risk managers are not in a position to influence procurement or supply chain decisions. They either don’t have the buy-in of the senior leaders of the organization, don’t have effective channels to collaborate on such decisions, or they don’t have sufficient understanding of the organization’s strategies and goals to provide effective input into procurement activities.
Gary Lynch, CEO and founder, The Risk Project, and a former global practice leader for Marsh, said that over the years he has been “shocked at how little the risk management community knew about the operations of their business. They knew how they made money, but they didn’t know who contributed to bringing value to the market.
“The majority of risk managers that I have worked with don’t have the opportunity, don’t have the capability and don’t have the value to really support [procurement or supply chain decisions]. Those are the three stumbling blocks,” he said.
The same can also be said for many supply chain professionals. According to the University of Tennessee study, most of them have little expertise in insurance products. Nor do they understand many of the potential claims issues — or the insurance programs that are available to protect them.
In the study, insurance ranked dead last in a list of 10 risk mitigation strategies to protect supply chains — ranking 4.5 out of 10. The top strategy was “strong suppliers,” ranking 7.5 out of 10.
“I think there is a lot of disconnect with folks between procuring and supply chain, and the risk management function,” said Mark Robinson, vice president of global operations at UPS Capital, which offers supply chain finance and insurance services. “In my mind, they don’t talk very much.”
There are some risk managers, however, who are able to add value to the procurement process. The words that keep coming up in conversations with them are “relationship” and “partnership.” Risk management and procurement work best together, they said, when both functions keep the organization’s strategic goals top of mind.
Robinson said the visibility of catastrophic events, targeted thefts and the larger size of container ships has heightened awareness of cargo, trade disruption and cyber risk insurance. From 2011 to 2013, the global cargo insurance market increased from $17.2 billion to $18.2 billion, about a 6 percent increase. And the U.S. market is increasing faster than the global market, he said.
The City of Saratoga Springs, N.Y., operates under regimented bidding processes. But even as the city is required to take the lowest bidder, it must ensure that it hires the lowest “responsible” bidder.
“Sometimes, folks give outlandishly low-priced bids,” said Marilyn Rivers, Saratoga’s director of risk and safety. “We structure it so that when we send out a request for quotes or a request for proposal, we place in the language that anyone chosen has to meet all of the requirements and has to be qualified.”
That means vendors or suppliers have to submit a certificate of insurance, execute the city’s “risk and safety agreement” and a “vendor code of conduct” as well as have sufficient prior experience and the ability to complete a project within the set time frame, among other requirements.
“We are always cognizant of the cost, but we must ask, ‘What is the benefit to the public versus the cost, because tax dollars are being used for those projects,’ ” she said.
Plus, Rivers said, the city must “look at the totality of how it impacts the community. … We can’t just slice up a roadway.”
At Sodexo Inc., which has 8,000 food suppliers and 25,000 non-food suppliers, Peter Rosiere, vice president, risk management, created a new position — supply risk analyst — to more fully bring the risk perspective to the supply chain team.
“One primary reason we created the new position was to develop that communication, linkage and a balance point between the two groups,” he said. “The groups tend to spin in different orbits. What we are trying to do is build a bridge. We have a good bridge. We want to make it even better.”
Evelyn Joe, who holds that new position, said her primary goals are communication, education and collaboration, trying to find the “best working relationship that meets the needs of the company and each team.”
It’s necessary, she said, to understand the other group’s needs and goals while sharing with them the needs of risk management “so we are not talking apples and oranges, so we understand the foundation. … We have worked extremely hard to become part of the supply management process.”
Sometimes, she said, procurement will seek approval of a supplier that does not comply with the department’s insurance requirements or standards. In such cases, procurement and risk management work together, along with legal, to research the organization and find a solution.
“That’s when I’ve been pleasantly surprised because of the constant relationship-building and education with supply management that they completely understand,” Joe said. “The supply manager understood why we couldn’t change our risk management requirements. It’s our job to help our client understand why we have the high standards we do, for both brand and customer protection.”
Opening the channels of communication is, obviously, the first step to creating or enhancing that relationship.
For Dwayne Eastwood, risk manager, McCoy’s Building Supply, it can mean walking around the office with a cup of coffee and asking, “What’s up? What’s the latest? Are you thinking about safety and risk management and contractual arrangements?
“It’s just getting in front of people for a couple of minutes and talking it up. You have to be involved early on. It’s critical.”
But it’s not just asking, he said. It’s also about following up on what is heard by “pointing out and illustrating what the risks are. …Credibility is paramount.”
Credibility matters because the ultimate decision is not within risk management’s control, he said.
“When you step into their world and you point out and illustrate what the risks are, they make the decision for the company that this risk is or is not acceptable. It’s everybody else who makes those decisions,” Eastwood said.
When he explains why a proposed plan “is not really a good idea, most of the time, they will go along with us. They don’t necessarily want to go against the grain. They take our advice most seriously,” he said. “That’s good, and I think credibility is where you get that from, and a proven track record.
“In the beginning, there were a lot of ‘a ha’ moments. It was really up to me and others to educate them that we needed to be involved on the front end. They didn’t ignore it; they just didn’t consider it. When they realized the risks and possible loss of life or big dollar amount lawsuits and what that could look like it was, ‘oh OK.’ ”
Using claims data in such conversations “speaks volumes,” he said. “I’m a huge fan of using loss history to evaluate the risk, frequency and severity, both.”
Eastwood’s colleague, Kevin Shute, director of merchandising-hardlines and merchandising operations, said that the partnership between his function and risk management has over the years “moved from a reactive to a proactive situation. … We like to think that the key to our interconnectedness or connectivity is we know each other personally.”
Shute said that when his team finds a new product from one of its 1,400 vendors, such as virgin sulfuric acid, which is “powerful, powerful stuff,” his team will work with risk management to review all of the processes, packaging, paperwork and safety training and product handling issues.
In another situation, when McCoy’s recently launched a propane tank exchange, the two teams “worked from cradle to implementation” through the contracts, insurance, permitting, vendor and store compliance, employee training, and all other aspects to eliminate any potential liability issues, Shute said.
“We typically don’t look at [risk mitigation efforts] as a problem,” he said. “We look at it as that’s what we have to do to protect our assets.”
It can sometimes be difficult to clearly understand what protection is needed when a catastrophic exposure hasn’t yet occurred, said UPS Capital’s Robinson.
For example, he said, he knows one pharmaceutical company that used to ship $20 million worth of inventory from its location in one truck to an airport 30 miles away every day. From there, it would be divvied up to be transported by plane to various locations.
While the company had claims after the inventory had been brought to the airport and transported, it never had a catastrophic loss related to the 30-mile truck journey. “Can you envision the scenarios? An accident? Being hijacked? Some problem where you lose the whole load?” he asked.
The company had $1 million in coverage for that $20 million load, he said, noting that a conversation ensued with the company about the plausibility of such a loss and how it could protect itself.
A good time for risk managers to begin expanding their partnership with procurement is when contracts are annually reviewed and renewed.
Requiring suppliers or service providers to carry insurance may not adequately protect a company from substantial losses, Robinson said. A major incident could push a supplier into bankruptcy, or a policy’s terms and conditions may not be conducive to compensating the company for its loss -— at least not without a lengthy court battle.
“The groups tend to spin in different orbits. What we are trying to do is build a bridge. We have a good bridge. We want to make it even better.” — Peter Rosiere, vice president, risk management, Sodexo Inc.
It’s not just whether insurance coverage will adequately protect the company. Much of the work risk management must do deals with business continuity planning. Is there resilience in the supply chain for all tiers of suppliers, inventory, labor and transportation? Is there a worrisome geographic concentration? Is there the potential for natural disaster or political upheaval? Is there an acceptable tradeoff between risk and reward?
“The reality,” Sodexo’s Rosiere said, “is that an organization cannot operate without supplies, be it for raw materials or services. But a company cannot operate without good risk transfer. This is not the case with Sodexo, as strict supplier insurance/risk transfer requirements are in place. There has to be an understanding of where the functions rest within the priorities of the organization.
“Sodexo’s awareness of the risk and the partnership with our supply management teams is a key aspect of our growth and culture.”
A lot of it comes down to how decisions affect the company’s margins, said The Risk Project’s Lynch.
When risk managers seek to manage compliance issues or ensure additional capabilities, they are introducing cost into the equation, he said.
“It’s clear to me that these folks have to navigate risk, and not manage it. … You have to manage to the margins,” he said. “Risk management has to be done within the context of the operation’s margin.”
“It’s looking at the totality of the risk,” Saratoga Springs’ Rivers said. “It’s looking at the total risk the project entails and how that project impacts the community, the business or employees, and what an entity, whether public or private, needs to do so it can mitigate risk so it can be successful and the entity doesn’t lose money on it. … The procurement standard should be dovetailed to the project.
“The goal of all risk management is empowering people. It’s a partnership that allows that empowerment but gives the opportunity to know when to ask more questions. … It’s achieving goals cost-effectively but not endangering the health and welfare of employees or the community in the process.”
Regular education and training are crucial, Huntsman’s Merkley said.
“We are all trying to grow the business in an appropriate way and safeguard the balance sheet from making bad bets, and it’s crucial we partner together in doing that.
“The best starting place is to develop personal relationships with the procurement management team, and secondly, you have got to do a lot of work to prove yourself as a reliable subject matter expert. When they come to risk management and look for guidance around insurance language, you have got to back it up.”