[In today’s post, I provide a preview of my own research into the issue of Cost of Risk in supply chain and procurement. An updated and annotated version of this post will appear in print later this year. - CA]

One of the most debated topics today in procurement is the issue of risk. The majority of the articles and guidance given to Chief Procurement Officers (CPOs) on this topic focus on trying to avoid future risk costs that would be generated by, say, shutting down production because a critical supplier went out of business or being fined for using a banned substance.

These articles present the reader with many examples of how risk manifests itself but few, if any, take a moment to consider what exactly risk is. At its most basic form, risk is simply the possibility of more than one outcome (of unequal value) to a given scenario. In other words, risk exists whenever multiple outcomes are possible. This seems straightforward enough, but the follow-on conclusion is a little bit harder to grasp: wherever risk is present, there exists also a cost, in the present, created by that risk. The best way to understand this concept is to think of someone buying a house. Assuming the house is situated on a plot of land with a 0% chance of having been contaminated, the buyer is willing to pay X for the house. At some point, though, the buyer is informed that there is a 10% chance that the land on which the house lies may have been contaminated in the past. Instantly, the buyer’s offer drops by 30%. In this case, the introduction of the risk of past contamination reduces the present value of the house by 30% (to this buyer at least), and that 30% reduction in value is a real and present cost to the seller.

This same phenomenon applies to the definition of supply chain and procurement risk. Thus, rather than think of risk as a potential cost that materializes only when a disruption of some kind arrives, supply chain and procurement managers should also think of risk as a cost born in the present — with or without disruptions. Furthermore, these costs can take two forms: financial and economic. The former refers to costs that are present and recorded and the latter refers to costs that are not recorded but exist nonetheless. Figure 1 below provides examples of both of these classes of risk costs.

Figure 1: Supply Chain Cost of Risk Elements

While most supply chain and procurement professionals are unfamiliar with the concept of risk as a present cost, this is not a new concept to financial professionals. Finance teams are typically conversant with calculating and managing the present CoR of financial instruments such as loans, options, hedges, and insurance. Even so, it is very common to find companies that have sophisticated teams managing foreign exchange (FX) risk and yet have no resources at all dedicated to managing risk costs in procurement that can run into the billions of dollars.

If one accepts the idea that risk (i.e., uncertainty) about the future creates cost in the present, the logical conclusion in the context of procurement is that wherever there is uncertainty in a sourced value chain there will also be a risk-driven cost in the sourced item that value chain produces. This risk-driven cost percentage is the Cost of Risk (“CoR”). In other words, if a buyer is sourcing from a non-zero-risk value chain, then the contract price is based on two distinct cost components: the production cost of the item plus the cost of risk of the value chain. The following three examples illustrate this point.

Procurement CoR, Example 1: Demand Risk in Consumer Products

There is a high degree of uncertainty in cosmetics product forecasts that filter down from brands to suppliers. However, when a new product is launched, packaging suppliers are asked to bid on what is typically a generally optimistic demand scenario, which creates a serious risk dilemma for them. If bidders price on a low-volume/higher-probability scenario, they will probably be undercut by the competition. If bidders price on a high-demand/low-probability scenario, they may be stuck with a lot of excess material. This demand uncertainty/risk forces suppliers to “hedge” their bets by charging a hybrid price to the brands that contains two costs: the material cost + risk cost. Just how high is the CoR component? In this one category, packaging, it can be as high as 20-30%, which means that if a box costs a brand $4, then only $3 is the actual box cost. The other $1 is the cost the supplier places on hedging the brand’s demand risk. If one extrapolates that idea across, say, a $100M new product launch, of which something like $60M might be direct material costs, then the conclusion would be that in launching that product, the brand’s direct material costs were $45M and their direct risk cost was $15M.

Procurement CoR, Example 2: Capacity Risk in Automotive

The automotive industry is a complex structure, in which Original Equipment Manufacturers (OEMs) outsource many parts of the development and production of the items that go into an automobile. As every automotive procurement specialist knows, contractual relationships are often very complicated, and quite a bit of effort is spent solving technical issues with suppliers. In many cases, OEMs ask suppliers to make substantial commitments in tooling and related technologies in order to produce the component needed for a specific vehicle. The suppliers, in this case, take on what can be a multi-­million dollar investment in technology and/or capacity to be the supplier of choice. This is a major investment that can make or break the future of a smaller supplier.

Understanding this context all too well, the suppliers often calculate a risk transfer mechanism arrangement with the OEMs, by which their own capacity risk is “hedged” out. This sounds logical, but the details of this risk- transfer are critical since these agreements are often based on some average expected outcome. What happens, then, if the demand for the vehicle that would consume the supplied components does not meet expectations by a wide margin? In this case, the risk cost that must be allocated between OEM and supplier turns out to be much higher than anyone anticipated, and time and again OEMs are forced to make significant risk-­driven payments to avoid lawsuits or even to keep a critical supplier solvent.

Indeed, these types of costs are some of the highest risk cost classes in the automotive sector, and yet most supply chain/procurement risk teams in this industry are not focused on this problem. The risk teams are focused on resiliency and recovery from unlikely events, which, again, is useful but fails to address multi-­million dollar risk costs that exist every day within the supply base.

Procurement CoR, Example 3: Composition Risk in Aerospace

The creation of the modern passenger airliner is a great engineering accomplishment that requires the precise integration of what can be millions of individual parts into a single product. Because no aircraft manufacturer actually designs or creates most of these parts, the acquisition of these elements has to be carefully managed through the procurement process. It is not hard to imagine that putting all of these sourced elements together correctly — sometimes called “composition” — is a daunting task full of risk if components do not work as expected, if software does not integrate correctly, or should materials not work as planned once they are in the aircraft. The procurement teams in this industry face serious composition risk, which means that a great deal of procurement risk cost is embedded in the possibility that components will not work together and/or as expected. In response to this risk cost, additional related costs are born in the engineering and manufacturing organizations that often must create special tests environments and prototyping cycles to minimize this cost, especially in the early stages of production. In this case, a procurement organization’s risk team should be concerned as much with the compositional risk cost across its supply base as with the admittedly serious cost that a disruption in material flow or a quality issue would cause.

Cost of Risk (CoR) at the Category Level

The point of the examples in the preceding section is to illustrate three critical concepts that should be the basis for any procurement risk management effort:

1. The largest risk impact in procurement is not the present cost of an unlikely disruptive event but the real and present costs that uncertainty in the value chains of sourced materials creates.

2. The Total Product Cost of every sourced item, both direct and indirect, is the sum of two costs: (a) the Production Cost and (b) the Risk Cost. (Put another way: TPC= PC+RC.)

3. When the RC percentage of TC is high enough, it should be valued and negotiated separately from PC.

Looking across a wide range of direct material categories, a rough estimate of the RC component (based on extensive interviews with category experts) is presented in Figure 2 below.

Figure 2: Category Risk Cost Estimates

At first glance, these CoR percentages may seem too high, but it is critical to remember that CoR in a value chain is cumulative: each agent tends to add its own CoR component on top of those added in the preceding steps of the value chain.

What is interesting is that so much effort is made in many procurement organizations to quantify and negotiate production cost elements such as material, logistics, or tooling costs, though individually these costs are often smaller percentages of total cost than the risk cost. For example, in the high-tech industry, a lot of effort is put into negotiating the manufacturing cost of an outsourced item, which is typically 6-8% for simpler items and 8-10% for more complex equipment. Yet the risk cost of the same items, which is typically much higher, most often goes uncalculated.

This same lack of understanding of CoR at the category or item level is all too often present across the entire supply chain. Indeed, for many supply chain and procurement executives, the CoR of their supply chain is what they spend on their procurement risk program, their supplier audits and any extra inventory they held in case a weather event disrupted production. This view is too narrow and should be widened by risk teams to consider all the uncertainty-related costs borne by the firm. Indeed, as shown in Figure 3 below, at a typical manufacturing company, a comprehensive, supply chain-level CoR figure would easily be >$1B, which is far beyond the typical sums cited for supply chain and procurement risk program costs.

Figure 3: CoR Elements

Managing CoR

In order to apply the CoR concept presented above, a procurement risk team needs to develop two methodologies. The first methodology is for the calculation of the risk-driven percentage (“risk cost”) of total product cost. The other methodology is for valuing the various options for dealing with unacceptably high-risk cost percentages in individual categories spend.

Returning to the cosmetics example above, the procurement risk team calculates that the company is spending $20M on packaging materials every year and that the CoR of this category is 25%, or $5M. In this case, the team finds it has four risk management options, illustrated in Figure 4 below:

Figure 4: Category-Level CoR Management Options

Space does not permit a detailed discussion of the quantitative methods for CoR calculation and the valuation of risk transfer options. That said, the former are based on three basic approaches:

• Differential Valuation: In this approach, a buyer defines a risk-free version of the value chain of the sourced item, removing CoR elements in the process. Once this analysis is complete, the difference in price between the zero-risk and actual value chains is the CoR. This generally qualitative approach is useful for getting started with CoR analysis and for “quick-hit” valuation needs.

• Driver-Based Valuation: In this approach, the buyer creates a generic quantitative model of value chain CoR drivers and applies that model to the value chain of the sourced item. This quantitative application creates an approximate “CoR ratio” for that category, which is then used as the starting point for negotiations. This approach covers the widest possible set of categories and allows for a calculation of “CoR ratios” across all spend that can be shared by all buyers in the procurement organization.

• Statistical Valuation: In this approach, a purely mathematical CoR model is created based on historical category pricing/costing data to generate a historical CoR percentage. This approach is especially useful for categories that are exchange-traded and have extensive quantitative histories, e.g., commodities.

Adoption of these techniques and their compliments for risk mitigation or transfer means that sophisticated buyers will need to know not just the dynamics of their various RC elements but also how to price their transfer correctly. These skills will probably need to be imported from the Finance organization, as is already happening in some companies with commodity and energy hedging.

Supplier/Supply Resiliency and CoR

At this point, it would be natural for a CPO to ask how CoR analysis fits in with the more common efforts that focus on supply chain/supply “resiliency.” The answer is that they are completely complementary and often mutually beneficial. Understanding the sources of volatility in a supplier or category source, which is often part of resiliency analyses, is useful in CoR analysis. Even better, though, a thorough CoR effort will dramatically improve the focus and efficacy of resiliency plans. The point of this post is not that business continuity planning, supply chain resiliency strategies, supplier risk analysis, or early disruption identification are not useful tools — quite the contrary. The point is that these methods typically take too narrow a view of procurement risk because they fail to take into account the wide variety of present risk costs in every supply chain.

The only caveat to the preceding paragraph is that it is important for CPOs to be especially careful when using so-called “heat maps” to understand supply/supplier risk. This is because heat maps can give a misleading view of which categories/suppliers should be the focus of the procurement risk team. Consider, for example, a supplier that has completed a CoR calculation of its own and has effectively transferred its CoR to its customers (i.e., the CPO’s own organization). This supplier, financially stable and with high performance, would normally be ranked as “safe/green” on any heat map. Yet this is precisely the kind of supplier that should be analyzed thoroughly by buyers and procurement risk specialists. It is quite possible that this supplier is not just passing an unfair amount of CoR to its customers but also, and this is quite common, using a sophisticated CoR allocation to cross-­subsidize low RC to “bad/high risk” customers through higher RC to “good/low risk” ones.

Conclusions for CPOs

There is hardly a CPO today, in companies of all sizes, who does not think procurement risk is a major concern. They are correct, in many cases for more reasons than may at first appear. It is important to minimize or even avoid supply disruptions and regulatory violations, but this is not the whole story. CPOs need to push for the creation of dedicated procurement risk teams whose primary mission is to calculate, monitor and efficiently manage the CoR across all direct and indirect spend.

The benefits of this approach are many. Separating RC from PC, for example, may indicate that the buyer is in the best position to hold RC, which immediately results in a reduction of TPC. Indeed, when one considers that many companies have a total RC across all direct and indirect spend in the billions of dollars, it raises the intriguing possibility that a very sophisticated procurement organization would try to zero-­out RC in its contracts, “repatriate” that CoR, and manage it as a kind of internal captive “procurement hedge fund.” Such an idea is possible today and would have the benefits of making all CoR visible to the Procurement organization and would allow for more efficient procurement risk-­transfer pricing. This last point is critical since if, as is the case at most large companies today, CoR payments are allocated across tens of thousands of suppliers and contracts, it stands to reason that most procurement organizations are over-paying for risk. A pooled CoR investment pool, managed and hedged optimally with the help of third parties, is a novel idea but one that might become real in the not too distant future.

In the meantime, as the RC percentage of spend has dramatically increased over the last decade because of globalization, political risk, financial market instability, and, lastly COVID-19, the time has come for CPOs and their teams to move beyond passive risk management and adopt the quantitative CoR approach presented above. Their teams should be as good at valuing and negotiating risk as they typically are with the other important dimensions of complex global sourcing.