Meshing Distinct Viewpoints
Marilyn Rivers, director of risk and safety, City of Saratoga Springs
Several years ago, Whirlpool decided it could save 75 cents per unit if it outsourced the production of dishwasher water seals to a Chinese supplier. The annual savings were projected at more than $2 million.
But soon after the arrangement was made, the Chinese manufacturer changed to a different rubber supplier, causing a failure rate of nearly 10 percent, according to “Managing Risk in the Global Supply Chain,” a study by the Supply Chain Management faculty at the University of Tennessee.
By the time Whirlpool discovered the problem, more than 2 million dishwashers had been produced with the leaky seals and about two months’ worth of supply was in transit. The oversight cost the company millions — destroying the realization of projected savings for more than three years.
The study listed the example as one of the multitude of risks that can occur in supply chain management. And it’s an example of how risk management could have helped avoid the problem altogether.
In the most effective companies, risk management and procurement work together to ensure both the cost and quality of supplies and vendors, as well as proper risk transfer.
When those functions do not align, the organization suffers. That suffering may take the form of safety violations, product recalls and reputational loss, among other exposures.
But it’s not possible for procurement and risk management — organizational functions with two distinct viewpoints — to always agree. In some organizations, they rarely even communicate. It is possible, however, to build a relationship that allows the organization to prosper without undue risk.
Underlying the relationship should be a common mission of focusing on the organization’s goals as a whole, experts said.
“Risk management and procurement are partners in helping to grow the business and at the same time, growing the balance sheet,” said Brian Merkley, global director of corporate risk management at Huntsman Corp., a Salt Lake City-based global chemical manufacturer.
When he first joined Huntsman about 10 years ago, he worked with procurement and legal to develop a contractual risk transfer strategy document, which was “my first introduction to the procurement team and the processes they used. I found a good working relationship with them and it continues today.
“Cultivating a strong relationship with procurement is critical,” he said, noting that there is a constant challenge to make smart risk/reward decisions — balancing price against the potential exposure.
“Risk management and procurement are partners in helping to grow the business and at the same time, growing the balance sheet.” — Brian Merkley, global director of corporate risk management, Huntsman Corp.
Over the years, his department has provided important guidance to refine standards and strategies for procurement that include performance expectations of contractors, indemnity language, and insurance requirements, among others. It also has helped to develop a process to qualify various contractors that meet risk management and procurement’s standards so operations can run smoothly.
Contracts and insurance provisions can’t be reviewed in a vacuum, Merkley said, but have to include scope of work, indemnity, and relationships or prior experience with the parties. “We are going to insist on certain levels of protection based on the type of work,” he said.
In many organizations, risk managers are not in a position to influence procurement or supply chain decisions. They either don’t have the buy-in of the senior leaders of the organization, don’t have effective channels to collaborate on such decisions, or they don’t have sufficient understanding of the organization’s strategies and goals to provide effective input into procurement activities.
Gary Lynch, CEO and founder, The Risk Project, and a former global practice leader for Marsh, said that over the years he has been “shocked at how little the risk management community knew about the operations of their business. They knew how they made money, but they didn’t know who contributed to bringing value to the market.
“The majority of risk managers that I have worked with don’t have the opportunity, don’t have the capability and don’t have the value to really support [procurement or supply chain decisions]. Those are the three stumbling blocks,” he said.
The same can also be said for many supply chain professionals. According to the University of Tennessee study, most of them have little expertise in insurance products. Nor do they understand many of the potential claims issues — or the insurance programs that are available to protect them.
In the study, insurance ranked dead last in a list of 10 risk mitigation strategies to protect supply chains — ranking 4.5 out of 10. The top strategy was “strong suppliers,” ranking 7.5 out of 10.
“I think there is a lot of disconnect with folks between procuring and supply chain, and the risk management function,” said Mark Robinson, vice president of global operations at UPS Capital, which offers supply chain finance and insurance services. “In my mind, they don’t talk very much.”
There are some risk managers, however, who are able to add value to the procurement process. The words that keep coming up in conversations with them are “relationship” and “partnership.” Risk management and procurement work best together, they said, when both functions keep the organization’s strategic goals top of mind.
Robinson said the visibility of catastrophic events, targeted thefts and the larger size of container ships has heightened awareness of cargo, trade disruption and cyber risk insurance. From 2011 to 2013, the global cargo insurance market increased from $17.2 billion to $18.2 billion, about a 6 percent increase. And the U.S. market is increasing faster than the global market, he said.
The City of Saratoga Springs, N.Y., operates under regimented bidding processes. But even as the city is required to take the lowest bidder, it must ensure that it hires the lowest “responsible” bidder.
“Sometimes, folks give outlandishly low-priced bids,” said Marilyn Rivers, Saratoga’s director of risk and safety. “We structure it so that when we send out a request for quotes or a request for proposal, we place in the language that anyone chosen has to meet all of the requirements and has to be qualified.”
That means vendors or suppliers have to submit a certificate of insurance, execute the city’s “risk and safety agreement” and a “vendor code of conduct” as well as have sufficient prior experience and the ability to complete a project within the set time frame, among other requirements.
“We are always cognizant of the cost, but we must ask, ‘What is the benefit to the public versus the cost, because tax dollars are being used for those projects,’ ” she said.
Plus, Rivers said, the city must “look at the totality of how it impacts the community. … We can’t just slice up a roadway.”
At Sodexo Inc., which has 8,000 food suppliers and 25,000 non-food suppliers, Peter Rosiere, vice president, risk management, created a new position — supply risk analyst — to more fully bring the risk perspective to the supply chain team.
“One primary reason we created the new position was to develop that communication, linkage and a balance point between the two groups,” he said. “The groups tend to spin in different orbits. What we are trying to do is build a bridge. We have a good bridge. We want to make it even better.”
Evelyn Joe, who holds that new position, said her primary goals are communication, education and collaboration, trying to find the “best working relationship that meets the needs of the company and each team.”
It’s necessary, she said, to understand the other group’s needs and goals while sharing with them the needs of risk management “so we are not talking apples and oranges, so we understand the foundation. … We have worked extremely hard to become part of the supply management process.”
Sometimes, she said, procurement will seek approval of a supplier that does not comply with the department’s insurance requirements or standards. In such cases, procurement and risk management work together, along with legal, to research the organization and find a solution.
“That’s when I’ve been pleasantly surprised because of the constant relationship-building and education with supply management that they completely understand,” Joe said. “The supply manager understood why we couldn’t change our risk management requirements. It’s our job to help our client understand why we have the high standards we do, for both brand and customer protection.”
Opening the channels of communication is, obviously, the first step to creating or enhancing that relationship.
For Dwayne Eastwood, risk manager, McCoy’s Building Supply, it can mean walking around the office with a cup of coffee and asking, “What’s up? What’s the latest? Are you thinking about safety and risk management and contractual arrangements?
“It’s just getting in front of people for a couple of minutes and talking it up. You have to be involved early on. It’s critical.”
But it’s not just asking, he said. It’s also about following up on what is heard by “pointing out and illustrating what the risks are. …Credibility is paramount.”
Credibility matters because the ultimate decision is not within risk management’s control, he said.
“When you step into their world and you point out and illustrate what the risks are, they make the decision for the company that this risk is or is not acceptable. It’s everybody else who makes those decisions,” Eastwood said.
When he explains why a proposed plan “is not really a good idea, most of the time, they will go along with us. They don’t necessarily want to go against the grain. They take our advice most seriously,” he said. “That’s good, and I think credibility is where you get that from, and a proven track record.
“In the beginning, there were a lot of ‘a ha’ moments. It was really up to me and others to educate them that we needed to be involved on the front end. They didn’t ignore it; they just didn’t consider it. When they realized the risks and possible loss of life or big dollar amount lawsuits and what that could look like it was, ‘oh OK.’ ”
Using claims data in such conversations “speaks volumes,” he said. “I’m a huge fan of using loss history to evaluate the risk, frequency and severity, both.”
Eastwood’s colleague, Kevin Shute, director of merchandising-hardlines and merchandising operations, said that the partnership between his function and risk management has over the years “moved from a reactive to a proactive situation. … We like to think that the key to our interconnectedness or connectivity is we know each other personally.”
Shute said that when his team finds a new product from one of its 1,400 vendors, such as virgin sulfuric acid, which is “powerful, powerful stuff,” his team will work with risk management to review all of the processes, packaging, paperwork and safety training and product handling issues.
In another situation, when McCoy’s recently launched a propane tank exchange, the two teams “worked from cradle to implementation” through the contracts, insurance, permitting, vendor and store compliance, employee training, and all other aspects to eliminate any potential liability issues, Shute said.
“We typically don’t look at [risk mitigation efforts] as a problem,” he said. “We look at it as that’s what we have to do to protect our assets.”
It can sometimes be difficult to clearly understand what protection is needed when a catastrophic exposure hasn’t yet occurred, said UPS Capital’s Robinson.
For example, he said, he knows one pharmaceutical company that used to ship $20 million worth of inventory from its location in one truck to an airport 30 miles away every day. From there, it would be divvied up to be transported by plane to various locations.
While the company had claims after the inventory had been brought to the airport and transported, it never had a catastrophic loss related to the 30-mile truck journey. “Can you envision the scenarios? An accident? Being hijacked? Some problem where you lose the whole load?” he asked.
The company had $1 million in coverage for that $20 million load, he said, noting that a conversation ensued with the company about the plausibility of such a loss and how it could protect itself.
A good time for risk managers to begin expanding their partnership with procurement is when contracts are annually reviewed and renewed.
Requiring suppliers or service providers to carry insurance may not adequately protect a company from substantial losses, Robinson said. A major incident could push a supplier into bankruptcy, or a policy’s terms and conditions may not be conducive to compensating the company for its loss -— at least not without a lengthy court battle.
“The groups tend to spin in different orbits. What we are trying to do is build a bridge. We have a good bridge. We want to make it even better.” — Peter Rosiere, vice president, risk management, Sodexo Inc.
It’s not just whether insurance coverage will adequately protect the company. Much of the work risk management must do deals with business continuity planning. Is there resilience in the supply chain for all tiers of suppliers, inventory, labor and transportation? Is there a worrisome geographic concentration? Is there the potential for natural disaster or political upheaval? Is there an acceptable tradeoff between risk and reward?
“The reality,” Sodexo’s Rosiere said, “is that an organization cannot operate without supplies, be it for raw materials or services. But a company cannot operate without good risk transfer. This is not the case with Sodexo, as strict supplier insurance/risk transfer requirements are in place. There has to be an understanding of where the functions rest within the priorities of the organization.
“Sodexo’s awareness of the risk and the partnership with our supply management teams is a key aspect of our growth and culture.”
A lot of it comes down to how decisions affect the company’s margins, said The Risk Project’s Lynch.
When risk managers seek to manage compliance issues or ensure additional capabilities, they are introducing cost into the equation, he said.
“It’s clear to me that these folks have to navigate risk, and not manage it. … You have to manage to the margins,” he said. “Risk management has to be done within the context of the operation’s margin.”
“It’s looking at the totality of the risk,” Saratoga Springs’ Rivers said. “It’s looking at the total risk the project entails and how that project impacts the community, the business or employees, and what an entity, whether public or private, needs to do so it can mitigate risk so it can be successful and the entity doesn’t lose money on it. … The procurement standard should be dovetailed to the project.
“The goal of all risk management is empowering people. It’s a partnership that allows that empowerment but gives the opportunity to know when to ask more questions. … It’s achieving goals cost-effectively but not endangering the health and welfare of employees or the community in the process.”
Regular education and training are crucial, Huntsman’s Merkley said.
“We are all trying to grow the business in an appropriate way and safeguard the balance sheet from making bad bets, and it’s crucial we partner together in doing that.
“The best starting place is to develop personal relationships with the procurement management team, and secondly, you have got to do a lot of work to prove yourself as a reliable subject matter expert. When they come to risk management and look for guidance around insurance language, you have got to back it up.”
R&I: What was your first job?
I was in high school and taught baton twirling at a dance studio.
R&I: How did you come to work in risk management?
My story is “right place/right time.” An employment agency sent me on the interview. LaSalle Partners was looking for someone who would grow into a risk management position and I wanted a defined career path. I was not familiar with risk management and didn’t have any special interest in it at the time.
[Risk managers are] looking at risk in a more holistic manner not just in terms of policy silos. They feel more empowered to reach upward in their organizations, and to participate in management discussions about the business of their businesses. Also, more individuals have advanced degrees in risk management so they are entering organizations at a more senior level.
R&I: What could the risk management community be doing a better job of?
Risk managers could be more strategic in their approach and more confident in the impact that sound risk management — not insurance purchasing — decisions have on the success of their organizations. As a discipline we could do better at self-promotion — speaking out about the work we do and its criticality to our businesses. Risk managers often tout the experience of their brokers and insurers, leaving an image in their organization that they just coordinate rather than add value.
R&I: What’s been the biggest change in the risk management and insurance industry since you’ve been in it?
I’ve lived the evolution of the discipline from insurance buying to true risk management. The sophistication of risk managers has increased, there are more known and quantifiable risks facing organizations, and regulatory agencies are asking about how risk is managed and demanding transparency of risk evaluations. All of this has led to the C-suite and corporate board or organizational trustees being much more interested in the risk management process. And that’s a huge change.
R&I: What emerging commercial risk most concerns you?
Cyber is one. I think there are internal processes and firewalls you can impose but they are not absolute in covering expenses, and there are insurance policies to buy but they don’t cover the entirety of the exposure.
R&I: What insurance carrier do you have the highest opinion of?
The best way for me to answer that is to describe the ideal insurer: It’s a company that takes the time to understand the risk and differentiates it from the class into which it is grouped, with premium reflecting credit for risk mitigation efforts. It has efficient management of administrative matters such as documentation of insurance, invoicing and policy issuance. In the event of a claim there is prompt and thorough investigation with timely resolution. Through each phase, there is excellent communication with the client. The true differentiator among companies is a willingness to help solve a business problem, which may mean creating a unique insurance solution.
R&I: Do you feel that the contingent commission controversy is overblown?
No I don’t. I think at its essence the controversy was about transparency and about the openness between the broker and the client regarding what compensation the broker was earning from a transaction and whether there was a proper alignment of interest. Because of the controversy there can now be an open dialogue on the issue.
R&I: Are you optimistic about the US economy or pessimistic and why?
I’m a glass half full person so I’m optimistic. The economic reports being issued by the government and industry associations indicate that we are recovering but there is a way to go for full recovery.
R&I: Who is your mentor and why?
I’ve been fortunate to have many mentors throughout my life. My parents always encouraged me to follow my dreams, and gave me their unconditional support, for instance. At Cardinal Stritch University, I was encouraged to try new things and to think of myself as a leader, which I had never done before. My managers at JLL as well as fellow risk managers have helped me to work through difficult issues as well. At each stage of my life I’ve been fortunate to have at least one person to guide me.
R&I: What have you accomplished that you are proudest of?
I’m very proud of the way risk management is regarded within JLL. We are regarded as part of the business process, not an afterthought.
R&I: What’s the best restaurant you’ve ever eaten at?
One of the most memorable meals I’ve had was a champagne brunch at Domaine De Chandon in Napa, Calif. Unfortunately, it’s now closed.
R&I: What is the most unusual or interesting place you have ever visited?
I traveled to Egypt in 2010, rode a camel, visited mosques and pyramids, cruised the Nile, had dinner with a family in their Cairo home, and it was absolutely fascinating. I was so fortunate to be there before so many of the artifacts and tourist areas were destroyed.
R&I: What is the riskiest activity you ever engaged in?
I’m a risk manager. I avoid risks.
R&I: If the world has a modern hero, who is it and why?
Our society is so cynical now that we look for flaws rather than accomplishments. We’re more interested in the “gotcha” moments than examples of brilliance. So sadly, world-accepted heroes are hard to find. I think we’ve moved away from the grand names; today we look for our heroes among our peers and neighbors. We celebrate the individuals who are making a small but measurable difference in our neighborhoods and towns.
R&I: What about this work do you find the most fulfilling or rewarding?
The creativity of risk management is what I think is the most rewarding. Many people think there isn’t creativity in our discipline, but if you do it right there can be. Finding a unique way to avoid or manage a risk that allows the business to move forward is very rewarding.
R&I: What do your friends and family think you do?
That’s a great question, because of course, most of them have no idea. They do know I’m involved in RIMS but they think it’s an annual trip to a conference, and more recently to Washington where I have been doing lobbying for TRIA [Terrorism Risk Insurance Act]. My relatives think I sell insurance, because they don’t understand how someone could have a full time job and staff to just buy insurance.
Pathogens, Allergens and Globalization – Oh My!
In 2014, a particular brand of cumin was used by dozens of food manufacturers to produce everything from spice mixes, hummus and bread crumbs to seasoned beef, poultry and pork products.
Yet, unbeknownst to these manufacturers, a potentially deadly contaminant was lurking…
What followed was the largest allergy-related recall since the U.S. Food Allergen Labeling and Consumer Protection Act became law in 2006. Retailers pulled 600,000 pounds of meat off the market, as well as hundreds of other products. As of May 2015, reports of peanut contaminated cumin were still being posted by FDA.
Food manufacturing executives have long known that a product contamination event is a looming risk to their business. While pathogens remain a threat, the dramatic increase in food allergen recalls coupled with distant, global supply chains creates an even more unpredictable and perilous exposure.
Recently peanut, an allergen in cumin, has joined the increasing list of unlikely contaminants, taking its place among a growing list that includes melamine, mineral oil, Sudan red and others.
“I have seen bacterial contaminations that are more damaging to a company’s finances than if a fire burnt down the entire plant.”
— Nicky Alexandru, global head of Crisis Management at AIG
“An event such as the cumin contamination has a domino effect in the supply chain,” said Nicky Alexandru, global head of Crisis Management at AIG, which was the first company to provide contaminated product coverage almost 30 years ago. “With an ingredient like the cumin being used in hundreds of products, the third party damages add up quickly and may bankrupt the supplier. This leaves manufacturers with no ability to recoup their losses.”
“The result is that a single contaminated ingredient may cause damage on a global scale,” added Robert Nevin, vice president at Lexington Insurance Company, an AIG company.
Quality and food safety professionals are able to drive product safety in their own manufacturing operations utilizing processes like kill steps and foreign material detection. But such measures are ineffective against an unexpected contaminant. “Food and beverage manufacturers are constantly challenged to anticipate and foresee unlikely sources of potential contamination leading to product recall,” said Alexandru. “They understandably have more control over their own manufacturing environment but can’t always predict a distant supply chain failure.”
And while companies of various sizes are impacted by a contamination, small to medium size manufacturers are at particular risk. With less of a capital cushion, many of these companies could be forced out of business.
Historically, manufacturing executives were hindered in their risk mitigation efforts by a perceived inability to quantify the exposure. After all, one can’t manage what one can’t measure. But AIG has developed a new approach to calculate the monetary exposure for the individual analysis of the three major elements of a product contamination event: product recall and replacement, restoring a safe manufacturing environment and loss of market. With this more precise cost calculation in hand, risk managers and brokers can pursue more successful risk mitigation and management strategies.
Product Recall and Replacement
Whether the contamination is a microorganism or an allergen, the immediate steps are always the same. The affected products are identified, recalled and destroyed. New product has to be manufactured and shipped to fill the void created by the recall.
The recall and replacement element can be estimated using company data or models, such as NOVI. Most companies can estimate the maximum amount of product available in the stream of commerce at any point in time. NOVI, a free online tool provided by AIG, estimates the recall exposures associated with a contamination event.
Restore a Safe Manufacturing Environment
Once the recall is underway, concurrent resources are focused on removing the contamination from the manufacturing process, and restarting production.
“Unfortunately, this phase often results in shell-shocked managers,” said Nevin. “Most contingency planning focuses on the costs associated with the recall but fail to adequately plan for cleanup and downtime.”
“The losses associated with this phase can be similar to a fire or other property loss that causes the operation to shut down. The consequential financial loss is the same whether the plant is shut down due to a fire or a pathogen contamination.” added Alexandru. “And then you have to factor in the clean-up costs.”
Locating the source of pathogen contamination can make disinfecting a plant after a contamination event more difficult. A single microorganism living in a pipe or in a crevice can create an ongoing contamination.
“I have seen microbial contaminations that are more damaging to a company’s finances than if a fire burnt down the entire plant,” observed Alexandru.
Handling an allergen contamination can be more straightforward because it may be restricted to a single batch. That is, unless there is ingredient used across multiple batches and products that contains an unknown allergen, like peanut residual in cumin.
Supply chain investigation and testing associated with identifying a cross-contaminated ingredient is complicated, costly and time consuming. Again, the supplier can be rendered bankrupt leaving them unable to provide financial reimbursement to client manufacturers.
“Until companies recognize the true magnitude of the financial risk and account for each of three components of a contamination, they can’t effectively protect their balance sheet. Businesses can end up buying too little or no coverage at all, and before they know it, their business is gone.”
— Robert Nevin, vice president at Lexington Insurance, an AIG company
Loss of Market
While the manufacturer is focused on recall and cleanup, the world of commerce continues without them. Customers shift to new suppliers or brands, often resulting in permanent damage to the manufacturer’s market share.
For manufacturers providing private label products to large retailers or grocers, the loss of a single client can be catastrophic.
“Often the customer will deem continuing the relationship as too risky and will switch to another supplier, or redistribute the business to existing suppliers” said Alexandru. “The manufacturer simply cannot find a replacement client; after all, there are a limited number of national retailers.”
On the consumer front, buyers may decide to switch brands based on the negative publicity or simply shift allegiance to another product. Given the competitiveness of the food business, it’s very difficult and costly to get consumers to come back.
“It’s a sad fact that by the time a manufacturer completes a recall, cleans up the plant and gets the product back on the shelf, some people may be hesitant to buy it.” said Nevin.
A complicating factor not always planned for by small and mid-sized companies, is publicity.
The recent incident surrounding a serious ice cream contamination forced both regulatory agencies and the manufacturer to be aggressive in remedial actions. The details of this incident and other contamination events were swiftly and highly publicized. This can be as damaging as the contamination itself and may exacerbate any or all of the three elements discussed above.
Estimating the Financial Risk May Save Your Company
“In our experience, most companies retain product contamination losses within their own balance sheet.” Nevin said. “But in reality, they rarely do a thorough evaluation of the financial risk and sometimes the company simply cannot absorb the financial consequences of a contamination. Potential for loss is much greater when factoring in all three components of a contamination event.”
This brief video provides a concise overview of the three elements of the product contamination event and the NOVI tool and benefits:
“Until companies recognize the true magnitude of the financial risk and account for each of three components of a contamination, they can’t effectively protect their balance sheet,” he said. “Businesses can end up buying too little or no coverage at all, and before they know it, their business is gone.”
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Lexington Insurance. The editorial staff of Risk & Insurance had no role in its preparation.