This is the first in a regular series we’ll be doing called ProcureTalk. We’ll be interviewing some of the key figures behind procurement technology companies. Today’s interview is Geraint John. He heads up the resilience lab at Interos, an enterprise risk management software solution.
Managing risk in complex supply chains: Geraint John from Interos
We’re going to be talking a little bit about supply chain risk and resilience, especially with some of the geopolitical challenges that we’re currently facing.
So, Geraint, just give us a quick introduction and then we can dive in.
I’m in charge of research and using our databases to give rapid responses to topical events and disruptions to supply chains that are happening around the world. I also do semantic research around thought leadership.
I’m not a software engineer or even a product manager. I’m there to contextualise what supply chain leaders care about. What worries them from a supply chain risk management perspective, and how they can use technology and data. Not just as part of a proactive response to risk, but also in terms of developing greater operational resilience.
So, how is Interos different from the more niche best-of-breed solutions such as Prewave, IntegrityNext, or Riskmethods?
A lot of supply chain risk is about big data. It’s about a big data problem. And therefore, we’re trying to harness a big data solution to give people information, insight and analytics. We give people visibility of what’s going on, across not just their immediate supply chains or their first tier supplier relationships, but also N tier.
I very much saw this when I was a supply chain analyst. Even for big companies with the resources that they can marshal. When you’ve got complex extended supply chains, it’s very difficult to track all the moving parts.
Whether that’s in terms of different entities, companies that you’re either directly or indirectly doing business with, or different types of risk across that broader supply base. Or whether it’s just being able to monitor and keep up to date with things that are going on that you should be aware of. These could ultimately escalate into an impactful problem for your business.
So, the goal is to automate as much of this data and information as possible. Only then can the fairly limited number of people that are employed to manage risk – whether it’s in procurement or supply chain – use that information to make the right business decisions to get ahead of potential issues, disruptions and events.
I think where we try to differentiate is by saying: “Look, we can use the latest artificial intelligence and machine learning technologies to actually create a global map of your multi-tier supply chain”.
So that’s step one.
Then, step two is how we can also show you where you should be most focused from a risk identification and supply chain management perspective. We do this by saying, for every company in that extended supply chain, here’s a risk scorecard, here’s a supplier risk profile.
With multiple factors, whether it’s geopolitical, cyber, financial stability, ESG, or others, we create models that will automatically feed those scorecards on a constantly updating basis. You no longer need to do this manually in spreadsheets.
When you easily have that information at your fingertips, you can then ask the important questions: Where should we be focusing our attention? Where should we be concerned? Where do we need to mitigate?
Is it like triage then? Interos takes your whole supply base, maps it, then gives you prompts around where you feel the highest risk is.
Surely that’s going to be dependent on industry sector to a certain extent, isn’t it? For example, a microelectronics producer is probably going to be quite concerned about origin of rare earth metals and child labour. Whereas a cryptocurrency platform is probably going to be most concerned about cybersecurity.
Yes, that’s true. My focus has been in manufacturing supply chains for the last ten years or so. But in many industry sectors, as you say, they’re super complex or super extended. They’re super multi-tier, going right back to the raw material level.
So you have operational risk, in terms of getting those materials and the different levels and partners within the supply chain. But also you’ve got the reputational side in there, in terms of where are these products or materials and components coming from? Do we have a reputational risk associated with that? Are they being produced by companies that are polluting their local river system, or emitting unacceptable levels of carbon dioxide into the atmosphere? Is there slavery involved?
Would Interos interrogate that? What type of technology or mechanism would it use?
We call them computational risk models. We have a whole range of different attributes and sub attributes, covering six major risk factors. ESG is one, and operational issues is another. We have a variety of different data sources that we’re using to try to provide that living scorecard.
So, one question – let’s say, from our aerospace defence customers – could be “do we have any entities that have Russian or Chinese heritage in our extended supply chain?” Because, obviously, the sanctions and export controls levelled against those countries from governments here in Europe or in the US are growing all the time now.
So we want to make sure that, from a compliance standpoint, you’re not exposed further down the tiers in your supply chain.
I’ve been doing some data analysis for some of our customers recently that’s uncovered, for example, that there are four or five Chinese suppliers at level three of their supply chain. And that’s probably the first that this client has heard of it. They simply don’t have that visibility without using a platform like ours.
So I think compliance is one part of it. But even if that’s not an issue, there’s the question of how best to focus our efforts. Because we can only mitigate and manage so much risk, and we can only build in resilience in certain areas. What’s key here, is the need to be very, very selective.
And that’s not static. We might be worried about something this month, but next month the focus is going to change. If we only have manual sources of data, we can’t keep up with too many different events happening. It’s too dynamic.
So that’s why we try to provide this living ecosystem. You can look at it every day of the week, see what’s changing, and see if we’re focusing our very limited resources and time in the right areas.
Every large procurement organisation has a big long tail of spend. It’s just not possible to manage several thousand suppliers at that level of detail. So, how does Interos pragmatically approach this?
In big complex supply chains there’s always this problem of “where do we start? Where do we spend our time this week, or this month?”. Not just to ensure compliance, but to get ahead of potential problems.
On the manufacturing side, with that long tail, there’s always a danger of missing something that’s actually quite important. When we did some research in the beginning of the year, we found only just over half of direct suppliers are actually being assessed from a risk standpoint. And a lot of that, of course, is during the due diligence onboarding stage rather than on a continuous dynamic basis.
One of the reasons we have this automated scorecard and dashboard is to say yes, you might not be able to manage all these thousands of suppliers in your long tail, but at least you’re going to want someone to assess where there may be higher levels of risk lurking.
That’s where you can at least say okay, I have a supplier that we’re spending a few thousand euros a year with, in another part of Europe. The main area of risk might be cybersecurity. How worried are we about it? Do they have access to our network status? If they do, that’ll be flashing red on our dashboard, and so maybe we need to pick up the phone.
Otherwise, if we’ve eliminated that, we can park it and not worry about it. But it gives you a sense of which specific risk factors, or which particular entities, are of concern – just using our red/ amber/green scoring visualisation.
We think this has to be very visual and has to be very simple, even though we’re dealing with a very complex area. So when a user looks at the screen, they can see visually where their focus is needed, both in terms of the mapping of the supply base, and also in terms of the risk profile for each company. And then there’s monitoring of events associated with those companies or entities, too.
Supply chain risk: it’s all about priorities, zooming in, but also zooming out
In conclusion, it’s a dynamic, ever changing picture. And without that targeted view of what’s potentially important, it’s just too wide to take meaningful action on.
Big companies are very good at generally segmenting and targeting. They can focus on their big strategic or critical suppliers. But once you get to tier two and three, there may be absolutely key dependencies and levels of risk exposure that they just aren’t aware of, or haven’t thought about. And we don’t find out about those until there’s a problem.
So really, what we’re doing is enabling procurement and supply chain teams to be more proactive. We want to allow people to get ahead of some of these issues rather than just constantly having to react and respond when it may be too late to actually do anything meaningful about it.