By Carlos A. Alvarenga
One of the most debated topics today in procurement is the issue of risk, which takes many forms ranging from concerns about supplier financial viability to commodity volatility to conflict minerals content in purchased components. The vast majority of the articles and guidance given to Chief Procurement Officers (CPOs) on this topic focus on trying to avoid future risk costs that would be generated by, say, shutting down production because a critical supplier went out of business or being fined for using a banned substance.
Disruptions and regulatory risks are all legitimate concerns, and every CPO should have some method in place to identify, understand, and hopefully mitigate costs that would arise from unplanned events. However, to focus solely on these types of issues and costs is to miss the much greater risk costs that are present in every supply chain every day and that most Procurement organizations do not formally track or manage. This article will provide an introduction into the concepts of supply chain and procurement Cost of Risk (CoR), illustrate them with real-‐world examples, and provide a framework that CPOs can use to go beyond planning for contingency costs to a fully working CoR-‐based procurement risk management methodology and organization.
Procurement Risk: A Technical Definition
A quick glance at articles on procurement risk provides the reader with many examples of how it manifests itself, but few, if any, definitions of what exactly risk is. Yet defining a problem is a good first step to solving it, so it’s important to be clear about the definition of procurement risk. One can start by defining risk itself, which is its most basic form is the possibility of more than one outcome (of unequal value) to a given scenario. Risk exists whenever multiple outcomes are possible. This seems straightforward enough, but the follow-‐on conclusion is a little bit harder to grasp. Wherever risk is present, there exists also a cost, in the present, created by that risk. The best way to understand this concept is to think of someone buying a house.
Assuming the house is situated on a plot of land with a 0% chance of having been contaminated, the buyer is willing to pay X for the house. At some point, though, the buyer is informed that there is a 10% chance that the land on which the house lies may have been contaminated in the past. Instantly, the buyer’s offer drops by 30%. In this case, the introduction of the risk of past contamination reduces the present value of the house by 30% (to this buyer at least), and that 30% reduction in value is a real and present cost to the seller.
This same phenomenon applies to the definition of supply chain and procurement risk. Thus, rather than think of risk as a potential cost that materializes only when a disruption of some kind arrives, supply chain and procurement managers should think of risk as a cost born in the present – with or without disruptions. Furthermore, these costs can take two forms: financial and economic. The former refers to costs that are present and recorded and the latter refers to costs that are not recorded but exist nonetheless. Figure 2 below provides examples of both of these classes of risk costs.
|Financial Risk Cost Examples||Economic Risk Cost Examples|
|• Safety stock|
• Secondary and tertiary supplier costs
• Business Continuity insurance cost
• Maritime and property insurance costs
• Forecast error costs that result in write-‐ downs
• Excess and obsolescence material costs
• Cost of risk management programs/activities
|• Political disruptions|
• Supplier errors/crimes
• Weather volatility
• Resources scarcity
• Social media
• Regulatory uncertainty
• Competitor moves
• Technology cycles
• Commodity cycles
Figure 1: Supply Chain Cost of Risk Elements
While most supply chain and procurement professionals are unfamiliar with the concept of risk as a present cost, this is not a new concept to financial professionals. Finance teams are typically conversant with calculating and managing the present CoR of financial instruments such as loans, options, hedges and insurance. Even so, it’s very common to find companies that have sophisticated teams managing foreign exchange (FX) risk and yet have no resources at all dedicated to managing risk costs in Procurement that can run into the tens of billions of dollars.
Now, if one accepts the idea that risk (i.e., uncertainty) about the future creates cost in the present, the logical conclusion in the context of Procurement is that wherever there is uncertainty in a sourced value chain there will also be a risk-‐driven cost in the sourced item that value chain produces. This risk-‐driven cost percentage is the Cost of Risk (“CoR”). In other words, if a Buyer is sourcing from a non-‐zero-‐risk value chain, then the contract price is based on two distinct cost components: the physical cost of the item plus the cost of risk of the value chain. The following four examples illustrate this point.
Procurement CoR, Example 1: Demand Risk in Consumer Products
The cosmetics industry is a fascinating combination of science and glamour. While some cosmetics products are staples that appeal to generations of customers, most products in this industry have volatile demand, short life-‐cycles, and do not succeed in the marketplace. Consequently, there is a high degree of uncertainty in cosmetics products forecasts that filter down from brands to suppliers. However, when a new product is launched, packaging suppliers are asked to bid on what is typically a generally optimistic demand scenario, which creates a serious risk dilemma for them. If they price on a low-‐volume/higher-‐probability scenario, they will probably be undercut by the competition. If they price on a high-‐demand/low-‐probability scenario, they may be stuck with a lot of excess material. This demand uncertainty/risk forces suppliers to “hedge” their bets by charging a hybrid price to the brands that contains two costs: the material cost + risk cost. Just how high is the CoR component? In this one category, packaging, it can be as high as 20-‐30%, which means that if a box costs a brand $4, then only $3 is the actual box cost. The other $1 is the cost the supplier places on hedging the brand’s demand risk. If one extrapolates that idea across, say, a $100M new product launch, of which something like $60M might be direct material costs, then the conclusion would be that in launching that product the brand’s direct material costs were $45M and their direct risk cost was $15M.
Procurement CoR, Example 2: Capacity Risk in Automotive
The automotive industry is a complex structure, in which Original Equipment Manufacturers (OEMs) outsource a great majority of the development and production of the items that go into an automobile. As every automotive procurement specialists knows, contractual relationships are often very complicated, and quite a bit of effort is spent solving technical issues with suppliers. In many cases OEMs ask suppliers to make substantial commitments in tooling and related technologies in order to produce the component needed for a specific vehicle. The suppliers, in this case, take on what is can be a multi-‐million dollar investment in technology and/or capacity to be the supplier of choice. This is a major investment that can make or break the future of a smaller supplier.
Understanding this context all too well, the suppliers often calculate a risk transfer mechanism arrangement with the OEMs, by which their own capacity risk is “hedged” out. This sounds logical, but the details of this risk-‐transfer are critical, since these agreements are often based on some “average” expected outcome. What happens, then, if the demand for the vehicle that would consume the supplied components does not meet expectations by a wide margin? In this case, the risk cost that must be allocated between OEM and supplier turns out to be much higher than anyone anticipated, and time and again OEMs are forced to make significant risk-‐ driven payments to avoid lawsuits or even to keep a critical supplier solvent.
Indeed, these types of costs are one of the highest risk cost class in the automotive sector (the highest being stranded finished goods inventory), and yet most supply chain/procurement risk teams in this industry are not focused on this problem. The risk teams are focused on resiliency and recovery from unlikely events, which, again, is useful but fails to address multi-‐million dollar risk-‐based cost that are occurring every day within the supply base.
Procurement CoR, Example 3: Composition Risk in Aerospace
The creation of the modern passenger airliner is a great engineering accomplishment that requires the precise integration of what can be millions of individual parts into a single product. Because no aircraft manufacturer actually designs or creates most of these parts, the acquisition of these elements has to be carefully managed though the procurement process. It’s not hard to imagine that putting all of these sourced elements together correctly – sometimes called “composition” – is a daunting task full of risk, should components not fit exactly right, should software not integrated correctly, or should materials not work as planned once they are in the aircraft. The Procurement teams in this industry face serious composition risk, which means that a great deal of procurement risk cost is embedded in the possibility that components will not work together and/or as expected. In response to this risk cost, additional related costs are born in the engineering and manufacturing organizations that often must create special tests environments and prototyping cycles to minimize this cost, especially in the early stages of production. In this case, a Procurement organization’s risk team should be concerned as much with the compositional risk cost across its supply base as with the admittedly serious cost that a disruption in material flow or a quality issue would cause.
Procurement CoR, Example 4: Social Risk in Fashion
Unlike the auto and aerospace industries, the fashion industry is a relatively simple structure. Designers and brands define a garment’s form, color, material, etc., and then source the raw materials (cloth, thread, fasteners, etc.) from suppliers. These materials are assembled by manufacturers, typically in low cost areas, and then distributed through retail and web channels. Because the manufacturers typically compete on price, there is little financial incentive for them to maintain state-of-the-art equipment or exemplary labor practices; in fact, CEOs of clothing manufacturers in Asia often note they would make such improvements, were it not that it’s almost impossible to pass those costs back to the brands unless all of their competitors made the same investments. The result of this economic stalemate is that workers in many of these factories bear huge safety risks, which in turn create major economic risk costs for the industry. Sadly, these economic risk costs can turn into financial risk costs with devastating consequences in the loss of human life. All the agents in the fashion value chain carry this social risk cost today. This is unfortunate, since a coordinated effort could eliminate it almost completely. Until such time, however, procuring garments from low-‐cost sources carries a major (and present) risk cost for fashion brands. A fire in an Asian factory does not create those costs; it only moves them from one present cost category (economic) into another (financial).
Procurement CoR, Example 5: Solvency Risk in Tires
One of the more interesting aspects of CoR is that the sum total of risk cost of a given industry cannot be decreased by the actions of any single agent. Like matter, so to speak, CoR can only be changed not destroyed. Consequently, if any one agent in a value chain lowers its CoR, it necessarily produces an increase in CoR elsewhere in the industry. An interesting example of this phenomenon can be found in the tire industry and the steel cord suppliers that service it. When the economy turned for the worst in 2008, the tire producers for the most part selected a small group of steel cord suppliers and guaranteed a specific demand in return for price reductions. The reduced price, of course, was simply the CoR reduction that the steel cord suppliers would enjoy as a result of the contractual guarantees. One tire manufacturer, for example, guaranteed demand for about 80% of its required steel cord and received price reductions in return.
One would think that spot prices for the remaining 20% of demand would be higher than the guaranteed price, since the providers of that spot steel cord supply would have to price in their still-‐elevated CoR into their sell-‐side calculation. Yet the reverse actually happened, and in many cases spot prices for steel cord were lower than the guaranteed prices. While this may seem prima facie to undercut the CoR arguments in this article, a deeper analysis shows that there was serious overcapacity in the steel cord industry pre-‐recession, and it was this overcapacity that prevented key suppliers from raising prices in the spot market. The result was that these suppliers had a double hit: first, the CoR of the suppliers with guaranteed demand was passed onto them and, second, financial asset pressure led them on a race to capture any remaining demand from the tire manufacturers. This absorption of external CoR, along with vastly reduced profit, has driven suppliers into such financial distress that it’s possible some will fail or exit the industry. What this may mean is that when the recovery starts, the tire majors will probably find a reduced steel cord supplier base that will no doubt result in an increase in CoR for the tire manufacturers as well as increased steel cord prices. If that turns out to be the case, then it’s likely that the tire manufacturers over-‐guaranteed demand and may find some unexpected consequences as the economy continues to recover.
Cost of Risk (CoR) in Procurement
The point of the examples in the preceding section is, again, to illustrate two critical concepts that should be the basis for any Procurement Risk Management effort:
1) The largest risk impact in Procurement is not the present cost of an unlikely disruptive event but the real and present costs that uncertainty in the value chains of sourced materials creates.
2) The Total Product Cost of every sourced item, both Direct and Indirect, is the sum of two costs: (a) the Physical Cost and (b) the Risk Cost. (Put another way: TPC= PC+RC.)
3) When the RC percentage of TC is high enough, it should be valued and negotiated separately from PC.
Looking across a wide range of direct material categories, a rough estimate of the RC component is presented in Figure 2 below.
Figure 2: Category Risk Cost Estimates
At first glance, these CoR percentages may seem too high, but it is critical to remember that CoR in a value chain is cumulative: each agent tends to add its own CoR component on top of those added in the preceding steps of the value chain.
Returning to the steel cord case noted earlier, there are three steps in the value chain prior to steel reaching the tire majors. Each agent adds at least 4-‐5%2 CoR to its PC, and so the tire majors are paying somewhere around 12-‐15% CoR on steel cord. (1)
What’s interesting is that so much effort is made in many Procurement organizations to quantify and negotiate physical cost elements such as material, logistics, or tooling costs, though individually these costs are often smaller percentages of total cost than the risk cost. For example, in the high-‐tech industry a lot of effort is put into negotiating the manufacturing cost of an outsourced item, which is typically 6-‐8% for simpler items and 8-‐10% for more complex equipment. Yet the risk cost of the same items, which is typically much higher, most often goes un-calculated.
This same lack of understanding of CoR at the category or item level is all too often present across the entire supply chain. Indeed, for many supply chain and procurement executives, the CoR of their supply chain is what they spend on their procurement risk program, their supplier audits and any extra inventory they held in case a weather event disrupted production. This view is too narrow, and should be widened by risk teams to consider all the uncertainty-‐related costs borne by the firm. Indeed, at a typical manufacturing company, a comprehensive, supply chain-‐ level CoR analysis would look something like Figure 3 below.
Figure 3: Supply Chain Cost of Risk Analysis
As this graphic illustrates, the true total CoR of this supply chain is much higher than the limited view that takes into account only mitigation costs. The same is true with Procurement, of course. The true CoR a CPO should consider is not just what is spent doing supplier audits or in responding to disruptions. CoR is those costs plus the much larger total RC component across all the company’s Direct and Indirect spend.
Calculating and Managing CoR in Procurement
In order to apply the CoR concept presented above, a Procurement risk team needs to develop two methodologies. The first methodology is for the calculation of the RC component of TPC. The other methodology is for valuing the various options for dealing with unacceptably high RC percentages in individual categories spend.
The best way to think about how to calculate RC in any given sourced item is to understand what the cost of that item would be in a zero-‐risk value chain, since in a value chain where RC=$0, TPC=PC. Thus, the difference between the zero-‐risk TPC and the actual TPC is the CoR of the item in question. In other words, if by whatever means all risk could be eliminated from the chain of activities that create the purchased item, the resulting cost deducted from the contract cost is the CoR.
In other to make this calculation a Buyer should examine the sources of uncertainty and calculate the risk cost that each uncertainty pool adds to the total RC of the item. This is easier than it may sound, and it gets easier with practice. Moreover, also with practice, a standard set of CoR element can be developed by the Buyer, which will speed up the CoR analysis in the future. Figure 4 below presents a generic procurement CoR elements table that Buyers can use as a starting point.
|CoR Element||Element Drivers||CoR Modeling Data Sources|
|Supply Uncertainty||• Commodity volatility cost|
• Commodity hedging/predicting cost
• Cost to develop/maintain Business Continuity Plan (people, process, and technology)
• Cost to develop/maintain a remote real-‐time disaster recovery site (i.e., replication of business-‐critical data
• Suppliers insurance cost (solvency, performance, etc.)
|• Summary of inventory carrying costs for finished goods inventory by location|
• Policy costs as well as organization chart, fully loaded FTE costs, and roles / responsibilities for groups involved with:
• Commodity hedging, include breakout for time spent monitoring and forecasting
• Commodity hedging
• Business continuity planning
• Managing disaster
|Manufacturing Uncertainty/Risk||• Cost of inventory surplus|
• Cost of additional manufacturing to build inventory surplus
• Yield volatility costs (certain industries)
• Manufacturing volatility costs (certain industries)
|• Summary of raw material and finished goods inventory surplus costs by product and/or by location.|
• Summary of costs for redundant manufacturing facilities to build inventory surplus
|Demand Uncertainty/Risk||• Forecast error cost|
• Cost to serve of volatile demand
• Demand collaboration cost
|• Organization chart, fully loaded FTE costs, and roles / responsibilities for supply and demand planning, including non-‐ procurement personnel|
• Technology costs associated with supply and demand planning
|Financial Uncertainty/Risk||• FX risk cost|
• Supply financing risk cost
• Customer financing risk cost
|• Organization chart, fully loaded FTE costs, and roles / responsibilities for financing activities, include FX hedging|
• Summary of budget overrun costs due FX changes, purchasing excess inventory, etc.
• Technology costs associated with financing and FX activities
|Regulatory Uncertainty/Risk||• Compliance risk cost|
• Lobbying cost
|• Summary of current and planned lobbying efforts and costs, include duration and fully loaded FTE costs|
• Technology costs utilized to ensure regulatory and contractual compliance
|Quality Uncertainty/Risk||• Supplier inspections|
• Quality management
|• Summary of SRM and SPM programs, include organization chart and Supplier quality inspection at supplier sites|
• Organization chart, fully loaded FTE costs, and roles / responsibilities involved in managing product quality and returns
• Technology costs
associated with managing product quality and supplier performance
Figure 4: Procurement Cost of Risk Elements
Once the CoR is established across the company’s total spend and in those categories where the RC is a sufficiently high percentage, then the Procurement Risk team must turn its attention to managing CoR, which involves two mathematical functions: (a) minimizing CoR across all spend in and of itself and (b) optimizing CoR allocation among three supply chain agents where CoR can be allocated: buyer, supplier, and/or third parties. This last statement may raise some eyebrows, but the best procurement teams already think in this way intuitively. There are CoR elements that the Buying organization must accept; there are some the Seller must accept; and there are some that should be transferred out to third parties such as insurance agents, financial markets, risk investors, etc. Indeed, as this article is being written several insurance brokers and underwriters are working on new risk transfer products aimed specifically at procurement-‐related risk. These products did not exist a few years ago, and, if they prove successful, soon it will be possible for CPO’s to transfer a wide range of specific risks out of the supply chain via insurance or insurance-‐like transactions.
Applying CoR at the Category Level
Returning to the cosmetics example above, the procurement risk team calculates that the company is spending $20M on packaging materials every year and that the CoR of this category is 25%, or $5M. In this case the team finds it has four risk management options, illustrated in Figure 5 below:
|CoR Management Option||Description|
|CoR Borne by Supplier||Keep paying packaging supplier $25 per year as kind of “demand insurance”|
|CoR Borne by Buyer||Freeze forecasts to the suppliers (in other words, guarantee the buy within a very narrow range), thus transferring all demand risk back to the buying organization in return for a 25% reduction in cost|
|CoR Transferred to Third-Party||Transfer some of the CoR to channel partners such as retailers|
|Hybrid Strategy||A hybrid of fixed and variable demand plus risk transfer, all of which reduce CoR to an acceptable target, say <10%|
Figure 5: Category-‐Level CoR Management Options
Space does not permit a detailed discussion of the quantitative methods for CoR calculation and the valuation of risk transfer options. That said, the former are based on three core approaches:
• Differential Valuation: In this approach, a Buyer defines a risk-‐free version of the value chain of the sourced item, removing CoR elements in the process. Once this analysis is complete, the difference in price between the zero-‐risk and actual value chains is the CoR. This generally qualitative approach is useful for getting started with CoR analysis and for “quick-‐hit” valuation needs.
• Driver-‐Based Valuation: In this approach, the Buyer creates a generic quantitative model of value chain CoR drivers and applies that model to the value chain of the sourced item. This quantitative application creates an approximate “CoR ratio” for that category, which is then used as the starting point for negotiations. This approach covers the widest possible set of categories and allows for a calculation of “CoR ratios” across all spend that can be shared by all Buyers in the Procurement organization.
• Statistical Valuation: In this approach, a purely mathematical CoR model is created based on historical category pricing/costing data to generate a historical CoR percentage. This approach is especially useful for categories which are exchange-‐traded and have extensive quantitative histories, e.g., physical commodities.
Clearly, adoption of these techniques, and their complements on the mitigation/risk-‐transfer side, means that sophisticated Buyers will need to know not just the dynamics of their various RC elements but also how to price their transfer correctly. These skills will probably need to be imported from the Finance organization, as is already happening in some companies with commodity and energy hedging.
Supplier/Supply “Resiliency” and CoR
At this point, it’s natural for a CPO to ask how CoR analysis fits in with the more common efforts that focus on supply chain/supply “resiliency.” The answer is that they are completely complementary and often mutually beneficial. Understanding the sources of volatility in a supplier or category source, which is often part of resiliency analyses, is useful in CoR analysis. Even better, though, a thorough CoR effort will dramatically improve the focus and efficacy of resiliency plans. The point of this article is not that business continuity planning, supply chain resiliency strategies, supplier risk analysis or early disruption identification or wrong in any way – quite the contrary. The point is that these methods typically take too narrow a view of procurement risk because they fail to take into account the wide variety of present risk costs in every supply chain.
The only caveat to the preceding paragraph is that it is important for CPOs to be especially careful when using so-‐called “heat maps” to understand supply/supplier risk. This is because heat maps can give a misleading view of which categories/suppliers should be the focus of the Procurement risk team. Consider for example, a supplier that has completed a CoR calculation of its own and has effectively transferred its CoR to its customers (i.e., the CPO’s own organization). This supplier, financially stable and with high performance, would normally be ranked as “safe/green” on any heat map. Yet this is precisely the kind of supplier that should be analyzed thoroughly by Buyers and Procurement risk specialists. It is quite possible that this supplier is not just passing an unfair amount of CoR to its customers but also, and this is quite common, using a sophisticated CoR allocation to cross-‐subsidize low RC to “bad/high risk” customers through higher RC to “good/low risk” ones.
Conclusions for CPOs
There is hardly a CPO today, in companies of all sizes, who does not think Procurement risk is a major concern. They are correct, in many cases for more reasons than may at first appear. It is important to minimize or even avoid supply disruptions and regulatory violations, but this is not the whole story. CPOs need to push for the creation of dedicated Procurement risk teams whose primary mission is to calculate, monitor and efficiently manage the CoR across all Direct and Indirect spend. (3)
The benefits of this approach are many. Separating RC from PC, for example, may indicate that the buyer is in the best position to hold RC, which immediately results in a reduction of TPC. Indeed, when one considers that many companies have a total RC across all Direct and Indirect spend in the billions of dollars, it raises the intriguing possibility that a very sophisticated procurement organization would try to zero-‐out RC in its contracts, “repatriate” that CoR, and manage it as a kind of internal captive Procurement Hedge Fund. Such an idea is possible today and would have the benefits of making all CoR visible to the Procurement organization and would allow for more efficient Procurement risk-‐transfer pricing. This last point is critical since if, as is the case at most large companies today, CoR payments are allocated across tens of thousands of supplier and contracts, it stands to reason that most Procurement organizations are over-‐paying for risk. A pooled CoR investment pool, managed and hedged optimally with the help of third parties, is a novel idea but one that might become real in the not too distant future.
In the meantime, as the RC percentage of spend has dramatically increased over the last decade because of globalization, political risk, financial market instability, etc., the time has come for CPOs and their teams to: (a) move beyond passive Procurement risk management, (b) adopt the quantitative CoR approach presented above, and (c) become as good at valuing and negotiating risk as they typically are with the other important aspects of what is probably the most complex supply chain function today.
(1) Percentages based on interviews with industry executives.
(2) For more on this topic, see the first piece in this series: “The Operations-‐ Centered CFO: Reinventing the Role of Finance in Supply Chain Management,” Corporate Finance Review, 2013.
(3) This is especially true of Indirect categories such as BPO and managed services spend that have large organic CoR components that can exceed 15%.