Managing your Risks and your Supply Chains (and other white lies)!

Inefficient, unsafe, and cheap supply chains are a risk to everyone; they are only focused on short-term profits not services. In this short article, we will refer to the main Contractor as the 'Supplier', and all other Suppliers as the Supply chain.

Having spent the last 20 years in the Logistics or Transport industry, and a few decades in other Service Companies I have seen good and bad practices in Supply chains, although core procurement is not my forte. I am however disappointed, how well the big companies 'pull the wool over their customer eyes' compared to smaller outfits who recognise that suppliers have a direct impact on them and each other - has your project been delayed because of suppliers?

Is there a good way to manage Supply chains?

Customers should always ask 'How do you' and not 'Do you' manage your supply chain; avoiding the simple Yes/No encourages effort. But before you ask, make sure your procurement manager/team has sufficient experience and the authority to determine sufficiency and to seek business elsewhere. It should not be a tick-box exercise.

Experienced high-level Customers know risks exist and risks cause increased costs, stress, injuries, damages, late deliveries and delays, even pollution, all in the name of high profit (as against suitable profits).

Big organisations hide these issues and try to lead Customers with fancy processes that do not exist at a local level. To win business, they cut and paste lists of certificates and hide the fact that their local entity and team operate in a vacuum. An easy way to check is ask for the addresses on the certificates as ISO certificates list addresses that were audited.

Big organisations need high profits, to cover exuberant head offices and buildings, teams of senior manager salaries, and extended organisations; especially if they are asset heavy. Smaller outfits focus more on customers that are vital to their existence; remember bigger companies need bigger accounts than smaller less profitable accounts than smaller companies. Do you only select the cheapest contractor or the best Quality contractor with competent and motivated staff?

Today, we see so many larger organisations entering global elitist territory, gobbling up those making insufficient profit, in an effort to control the markets, manage the prices and preserve profits? When these M&A fail the desired outcome, they slice-and-dice and start cutting the cloth that suited them so well; we see it all the time and again. Are you only happy with the large monolith with fat profits and lack of interest or smaller organisations with less profits but better customer care? WHO acts to prevent it going wrong?

How effective is your supplier supply chain?

Effective checks and monitoring between small companies and their Supplier are extremely useful (active supervision, non-conformance and customer complaints systems, and focused staff) who hold performance meetings; well until they decide they cannot be bothered. Do you check your supply chain audits, or happy to watch them fail? if you are interested in being the best, then act the best and prioritise good performance and agree positive and negative metrics.

Consider Business Management Systems e.g., QMS, IMS HSMS etc., which can often ignore core operational processes, to focus on slim administrative processes. I often ask companies these questions to test their commitment; many fail to understand why:

• how many administrative processes exist in totality; if you do not know then you do you know if you are efficient or inefficient?
• do people only update processes because a word is wrong (grammar Hitlers) or look to merge and make these more effective?
• how many side processes exist alongside organisational processes; are they time-consuming or can these be centralised and done more efficiently?
• do processes identify and manage organisational risks or just explain how to do it where it never really gets done (properly)?
• can staff bring problems to the table, or are they too scared of being blamed; if they are then they will hide or ignore issues until a big failure occurs e.g., lost account, high costs
• how many people know your documented processes; if they do not know, what is the purpose of having them; how goo is your training and accept the feedback when given?
• can your Supply Chain(s) affect you? If you have not identified risk, you encourage risk (and risk losing business)?
• does the top senior managers know the effect these have on business or is QHSE ignored - this shows interest, professional understanding and commitment.

Formal ISO certification are useful second opinions to help you - unless the certification company is in cahoots to hide issues and only focused on keeping your business without bringing issues to your attention. Here are some ideas:

• The three main ISO standards have an Annexe SL that identifies common clauses through the three different standards, as described later - that will simplify it for you.
• check you identified laws in a few countries, rather than a silly list of one country because a) you do not know what you are doing or b) do not know where to look; make someone responsible to do this?
• USE self-verifications checks to identify issues (e.g., mini audits, surveys, etc.?) or only looked at right before an audit when the pressure is on to produce positive results?
• USE Non-conformity monitoring and trend analyses, or ignore these constantly and keep paying-out for your mistakes and inefficiencies?
• USE Health & Safety incidents investigations internally and externally, not just for fatal or serious accident (that could have been prevented)?
• Readers, IS there anything else you think I missed that can help you?

Management Systems can help, if you let them.

Processes and procedures help standardise teh way you operate, and assist teh flow of information. Processes for formal external certifications (e.g., 9001/14001/45001) can be simple or hard, but they do want:

• core important company processes to be documented, to prevent it going wrong
• you to look at laws and customer standards not just your own?
• they require you to manage internal risks that affect the organisation. ISO9001 focuses on Quality risks, while ISO14001 focuses on Environmental impacts (not sustainability despite what people say) and risks. What does ISO45001 focus on again?
• External risks should also be considered, look at ISO9001 clauses 8.4 & 10.2, and ISO14001 4.2 (as explained in 3.1.6 and 8.1, and Annex A), and A.6.1.2. These mean YOU MUST consider the risk and impact in/out of your organisation and to the customer whether quality, safety, environment or even security risks ? Remember what I said about Annexe SL above.

At the end of the day ISO (9001, 14001, 45001 for a start, etc.) are guidance standards to improve weak operations not laws. This is why Customers should audit to ensure gaps exist in their supply chain that can affect them.

No one wants damages or shortages (lost cargo), injuries and deaths, and cost increases unless your a sadists. Not to mention the change in preventing environmental pollution to now mitigating climate change is another risks to be considered (look up Hardin's 'The Tragedy of Commons' to understand these roles). What about consequential losses - do you have to make goodwill payments just because you know you failed. Here are some ideas.

• Where will services fail?

a) Has someone identified where likely to fail and how to recover from the service failure?

b) Are these service failures recorded e.g., non-conformances, complaints, even Incidents and Accidents to ensure an investigation is completed competently; or is it a facade?

c) Has service failures been analysed for trends and actions; how many, how often and can you improve?

• Do they employ competent people or select people based on low cost?

a) Are those responsible for checking being checked themselves e.g., they are trained, the results the produce are useful?

b) Is competency checked on service failures?

• How do they manage subcontractors?

a) What Key Performance Indicators (KPIs) are set and monitored; have you noticed that Amazon asks about the driver and delivery every delivery!

b) What lessons can be learned to make YOU better? Analytics are good if a) someone can understand and analyse these, b) someone can make use of these?

c) YOUR suppliers should be audited by a competent auditor; CUSTOMERS should get rid of you if you do not do this! This, 'when' and 'where' could it go wrong, rather than 'pray' it does not go wrong?

Main picture references:

• Website: https://techni-k.co.uk/non-conformance, downloaded 18 September 2022
• Annexe SL: http://iso22000resourcecenter.blogspot.com/2015/03/iso-90012015-dis-version-what-is-annex.html March 2015

These viewpoints shared are observational, and not attributed to any organisation or person; the focus remains on listening, reading, and learning every day every way! Your kind contributions are appreciated.