DC Velocity - February 2015

QGive me a sense of the timeline of the process to make that happen. AI needed to step back. I thought that there was a supply chain risk industry, and what I would do is go find a subscription and get someone to provide me with all the information I was looking for as far as disruptions to the supply chain. After interviewing large companies and even small companies, they told us at the time that this was interesting but that nobody else was asking for it.

I figured that if they didn’t have it and would have to
build it, that we could probably do an equally good or
better job of building it for ourselves and customizing it to
our specific risk profile. We had a small core team, maybe
a half-dozen people, and we started examining how we
would put this together. It probably took us a little bit over
a year to put our concept in place, to develop the require-
ments, and actually do the coding. The end result is what’s
known as our “Total Risk Assessment Tool and Process.”
When I got this assignment, I wasn’t told to build a tool.

I was told to put a process in place that would assess supplier and supply chain risk and all these factors. Once we started examining the scope of risk and then looking at the data that we would need, we realized very quickly that this was not a spread-sheet tool, but it really had to be a much more sophisticated database and analytic tool [for] developing an algorithm that would look at this information and produce, as a result, the level of risk. But that is not where I started out.

Q Prior to developing this tool, how did you assess supply risk?

A Our procurement councils—what most companies call category management groups—would look at their suppliers, and they would make a determination of the level of risk, typically based upon one or two factors: single source and financial risk. Now, the interesting thing is that comparing council to council, there was really no definition of risk. There were no criteria. Each council—we had dozens of councils—would make, I want to say, a subjective call. They really didn’t have a benchmark in order to compare one with another.

Q Let’s go back to the development of the tool. What did it take to build and get this tool in place? A We assembled a small team from procurement, engi- neering, GBS [IBM’s Global Business Services consulting division], business integration and transformation, and the CIO’s office. We determined what risks we needed to consider, what data we would need to evaluate the risks, an algorithm to assess the impact versus likelihood of an event occurring, who the users would be, what kind of training they would need, and how often to run the tool. We had to develop thresholds and metrics as well as a management system around the process. Gathering the tool requirements, tool development, and testing took about a year.

Q Tell me a little bit about the rollout.

A Prior to the actual rollout, we built a prototype and then ran a pilot with several users. We got excellent feedback and made changes. The CPO was a very strong proponent of using the tool. And within just about a year from the initial deployment, the Fukushima earthquake and tsunami struck Japan. The teams found the tool invaluable in gaining insight as to which suppliers we had in Japan, what commodities were made there, etc. Then later that year came the Thailand floods. After those two events, all of the procurement team members were in.

Now, this is clearly extra work for the sourcing team. We did a couple of things to ease into this. We had extensive education on not just why we were doing this but also on how the tool works; the purpose of the questions; why we would look at the country, region, suppliers, supplier sites, and the commodity—and why we chose those particular things; and then how the algorithm would take that information, weigh it, and produce a result. Then, when we had a result, what we would do with it.

Q There must be some way for the tool to adjust to changing conditions? A The factors that are considered in the tool are not ones where you would typically see dramatic changes from week to week, month to month, and so forth, and we don’t run the tool that frequently, though we could. What really changes are situations, whether it be the Thailand floods, issues with Ukraine, the protests in Hong Kong. Those things are real time. To augment the tool’s calculation on the high-risk, medium-risk, low-risk slider, you rely quite heavily on the real-time alerts. So we have a system in which we collect information around the clock, and we