DE

NV

ER FALL

SU MMIT

2014

Why Third Party Management Matters

Risky Business:

Cardinal Health

Patrick EckhertDirector of Procurement

Xchanging

Dan RoehrsSenior Vice President

www.sig.org/eval

DE

NV

ER FALL

SU MMIT

2014

Evaluation How-to:

Your feedback drives

SIG Event content

By signing and

submitting your

evaluation, you are

automatically entered

into a prize drawing

Why?

Option 1: App

1. Select Schedule2. Select Schedule by Day3. Select Day4. Select Session5. Scroll to Description 6. Click on the Evaluation link

Option 2: Browser

1. Go to www.sig.org/eval2. Select Session (#11)

How?

Supplier Risk Management

Fall Summit 2014, Denver CO

Vendor Relationship Risk Management – what if……..?

! What would the impact be to YOU (personally AND organizationally) if a

strategic / critical vendor failed?

! How confident are we that one or more of our critical vendors are not in

financial difficulty?

! How would our stakeholders react to the failure of a critical vendor?

! What would the impact be to your reputation if one of our vendors

causes a major security breach?

! How do we effectively assess and monitor current and potential vendors’

financial and operational health?

! What actions would we take if a vendor were to face difficulties, or

causes difficulties for / to you?

Vendor Risk Management – today’s realities

• As the economic climate continues to stagnate or deteriorate, you should be concerned

about the viability of critical or strategic vendors

• The impact of vendor failure could prove to be significant, including:

• Disruption of service and product delivery

• Reputational damage

• Business continuity

• Loss of revenue

• Threat to competitive advantage

• Significant use of management time sourcing alternative vendors

• Potential business failure

• VRM maintains an up-to-date view of the operational and financial position of strategic

critical vendors

• Vendor risk issues are increasingly board-level concerns due to the severe financial,

operational and strategic consequences disruption can cause. This is coupled with greater

shareholder scrutiny, who want confirmation that you are robustly managing vendors to

limit vendor risk

Vendor Risk Management – benefits

Through an effective supplier risk management program, you will be

responding faster to the increased volatility and pressures stemming from

globalization, outsourcing, the current economic environment. An effective

Supplier Risk Management framework will:

Ensure or improve the

continuity of services

through early

warning systems

and enhanced vendor

information

Proactively address

critical concerns by

facilitating better

communication and

relationships with

vendors

Increase control over

potential disruptions

in our supply chain

and increase our

ability to proactively

mitigate risk

Minimize or eliminate

unplanned reactive

costs such as finding

alternative vendors

at short notice

Embed the improved

vendor risk

management

framework across

all aspects of vendor /

Sourcing and LOB

activity

Provide stakeholders

with reassurance

about the control

corporate services

has over the risks

in the supply chain

Performance

CAUSES

(Categories of

Predictive Measures)

DISRUPTION

EVENTS

CONSEQUENCES

(Impacts)

Human Resources

Supply Chain Disruption

Financial Health

Environmental

Relationship

Quality, Delivery, Service Problems

Supplier Union Strike,Ownership Change, Workforce Disruption

Supplier LockedTier II Stoppage

Supplier Bankruptcy (or financial distress)

Disasters (Weather, Earthquake, Terrorists)

Misalignment of Interests

Finished Goods Shipments Stopped

Locate and Ramp Up Back up Supplier

Emergency Buy and Shipments

Brand / Reputation

Market Share Loss

EFFECTS

Revenue

Losses

and

Recovery

Expenses

OTHER

IMPACTS

Foregone

Income

Emergency Rework / Rushed FG Shipments

Recall for Quality Issues

Sudden Loss of Supplier

Supplier

Attributes

Situational

Factors

Elements of Supplier Risk and Consequences of Failure

GEO - Political

Nobody is safe….

Sample Risk and Criticality Segmentation Questions

Risk Question 1: Has the supplier been involved in a supply disruption for our

business in the last 12 months?

Objective: Assess historical continuity of supply abilities

3) More than Once: There was more than one supply disruption in the last 12 months

2) Once: There was one supply disruption in the last 12 months

1) No: No supply disruptions

Sample Risk and Criticality Segmentation Questions

Risk Question 2: How likely is there to be a significant dip in the supplier’s financial

viability or solvency in the coming 12 months?

Objective: Assess near-term supplier solvency risk

3) Very Likely: Multiple areas of concern (e.g. significant weakening of supplier

financial ratios, difficult macro economic conditions for industry, etc.)

2) Somewhat Likely: Some concern in one area (e.g., some weakening of

certain financial ratios)

1) Unlikely: All risk indicators are positive (e.g. solid financial ratios, no major

employee/legal/regulatory issues, etc.)

Sample Risk and Criticality Segmentation Questions

Criticality Question 1: As a customer, what level of access (compared to our

competitors) do we have to unique solutions provided by the supplier?

Objective: Identify unique supplier capabilities that positively impact our

profitability

3) Preferred: Preferred access to supplier’s unique products/services which

positively impact our revenue/cost structure

2) Equal: Equal access to supplier’s unique products/services which positively

impact our revenue cost/structure

1) None: Supplier doesn’t have a unique product/service that positively impact

our revenue cost/structure

Sample Risk and Criticality Segmentation Questions

Criticality Question 2: How likely is this supplier to develop a breakthrough

Technology or process in the next three years that will give us competitive

advantage?

Objective: Assess supplier’s future capabilities

3) Very Likely: In process of negotiating access to new products which will give us

an advantage

2) Somewhat Likely: Known to be developing products which will give us an

advantage

1) Unlikely: Nothing known about new products which are relevant to us

Sample Risk and Criticality Segmentation Questions

Criticality Question 3: What is the level of sharing of business critical data (e.g.,

customer data) and intellectual property with this supplier?

Objective: Determine level of integration with supplier

3) Significant: Open-book policy; effective joint ventures

2) Moderate: Sharing restricted to selected projects/areas

1) Little: Arms-length relationship

Sample Risk and Criticality Segmentation Questions

Criticality Question 4: For the primary product obtained from this supplier, what is the

level of difficulty in switching to another supplier or bringing in-house within 12 months

Objective: Assess dependency and switching costs

3) Significant: Switching would require developing a new supplier’s capabilities and

would create significant business disruption

2) Moderate: Alternate suppliers available; switching would just require careful

coordination

1) Little: Could readily switch to another supplier

Sample Risk and Criticality Segmentation Questions

Criticality Question 5: How much impact does this supplier have on our critical

regulatory compliance, safety obligations or product quality?

Objective: Assess our exposure to supplier relationship

3) Significant: Supplier’s product/service can easily create liabilities and

reputation risk for us

2) Moderate: Supplier’s product/service can create liabilities and reputation risk

for one portion of our organization

1) Little: Supplier’s product/service does not pose unusual risk

Sample Risk and Criticality Segmentation Questions

Criticality Question 6: How much impact does this supplier have on customer

retention or service?

Objective: Assess the supplier’s impact on our store customer retention/service

3) Significant: Supplier’s product/service is critical to our customer’s experience

2) Moderate: Supplier’s product/service is indirectly related to our customer’s

experience

1) Little: Supplier’s product/service is far removed from our store experience

Risk Model –Risk Response

Awareness Prevention Remediation Knowledge

• Probability and

Impact

• Recognition of

effects of risk on:

- service levels

- brand and reputation

- service levels

- consumer perception

- vendor viability

• Awareness on internal,

external and regulatory

environment

• Goal is to recognize,

reduce or mitigate the

likelihood of service

disruptions, brand and

reputation tarnishment

and comply with

regulatory issues

• Key processes include:

- risk assessment

- risk identification

- risk segmentation

- risk management

- risk monitoring

- change management

- score carding

- on boarding

• Goal is to identify

procedures for

managing 4 stages of

disruption

- interruption

- response

- recovery

- restoration of service

• minimize or eliminate

impact on:

- services

- brand

- reputation

- business impact

- time

- cost / revenue

- resources

• Determine most

appropriate focus level

• Goal is to learn from

experience and to

hold vendors

accountable for the

consequences of their

actions

• Modify standard

procedures resultant

from lessons learned

• Establish a basis of

vendor interaction

• Formalized activity

•

Thank You

DE

NV

ER FALL

SU MMIT

2014

Session #11

Risky Business: Why Third Party Management Matters

Patrick Eckhert

Cardinal Healthpatrick.eckhert@cardinalhealth.com

Dan Roehrs

Xchanging864-384-7122

dan.roehrs@marketmaker4.com

Speakers: